recog 2.3.17 → 2.3.21

data/update_cpes.py

@@ -16,8 +16,17 @@ def parse_cpe_vp_map(file):
     parser = etree.XMLParser(remove_comments=False)
     doc = etree.parse(file, parser)
     namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
-    for cpe_name in doc.xpath("//ns:cpe-list/ns:cpe-item/@name", namespaces=namespaces):
+    for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
+        cpe_name = entry.get("name")
+        if not cpe_name:
+            continue
+
+        # If the entry is deprecated then don't add it to our list of valid CPEs.
+        if entry.get("deprecated"):
+            continue
+
         cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
+
         if cpe_match:
             cpe_type, vendor, product = cpe_match.group(1, 2, 3)
             if cpe_type not in vp_map:
@@ -86,7 +95,11 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
 
     # Everything else depends on a remap of some sort.
     # get the remappings for this one vendor string.
-    vendor_remap = remap.get(vendor, None)
+    vendor_remap = None
+
+    remap_type = remap.get(cpe_type, None)
+    if remap_type:
+        vendor_remap = remap_type.get(vendor, None)
 
     if vendor_remap:
         # If we have product remappings, work that angle next
@@ -190,7 +203,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                     continue
 
                 vendor = vendor.lower().replace(' ', '_').replace(',', '')
-                product = product.lower().replace(' ', '_').replace(',', '')
+                product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
                 if 'unknown' in [vendor, product]:
                     continue
 
@@ -209,8 +222,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                     continue
 
                 # building the CPE string
-                # Last minute escaping of '/'
-                product = product.replace('/', '\/')
+                # Last minute escaping of '/' and `!`
+                product = product.replace('/', '\/').replace('%21', '\!')
                 cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
 
                 if version:

data/xml/apache_modules.xml

@@ -220,6 +220,36 @@
     <param pos="0" name="service.component.product" value="mod_auth_ldap"/>
   </fingerprint>
 
+  <fingerprint pattern="mod_auth_oracle/(\S+)$">
+    <description>mod_auth_oracle with version</description>
+    <example service.component.version="1.2.3">mod_auth_oracle/1.2.3</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_auth_oracle"/>
+    <param pos="1" name="service.component.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="mod_auth_oracle/?$">
+    <description>mod_auth_oracle without version</description>
+    <example>mod_auth_oracle/</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_auth_oracle"/>
+  </fingerprint>
+
+  <fingerprint pattern="mod_auth_pgsql/(\S+)$">
+    <description>mod_auth_pgsql with version</description>
+    <example service.component.version="1.2.3">mod_auth_pgsql/1.2.3</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
+    <param pos="1" name="service.component.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="mod_auth_pgsql/?$">
+    <description>mod_auth_pgsql without version</description>
+    <example>mod_auth_pgsql/</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
+  </fingerprint>
+
   <fingerprint pattern="mod_auth_radius/(\S+)$">
     <description>mod_auth_radius with version</description>
     <example service.component.version="1.2.3">mod_auth_radius/1.2.3</example>
@@ -978,6 +1008,36 @@
     <param pos="0" name="service.component.product" value="mod_filter"/>
   </fingerprint>
 
+  <fingerprint pattern="mod_frontpage/(\S+)$">
+    <description>mod_frontpage with version</description>
+    <example service.component.version="1.2.3">mod_frontpage/1.2.3</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_frontpage"/>
+    <param pos="1" name="service.component.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="mod_frontpage/?$">
+    <description>mod_frontpage without version</description>
+    <example>mod_frontpage/</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_frontpage"/>
+  </fingerprint>
+
+  <fingerprint pattern="mod_gzip/(\S+)$">
+    <description>mod_gzip with version</description>
+    <example service.component.version="1.2.3">mod_gzip/1.2.3</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_gzip"/>
+    <param pos="1" name="service.component.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="mod_gzip/?$">
+    <description>mod_gzip without version</description>
+    <example>mod_gzip/</example>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="mod_gzip"/>
+  </fingerprint>
+
   <fingerprint pattern="mod_headers/(\S+)$">
     <description>mod_headers with version</description>
     <example service.component.version="1.2.3">mod_headers/1.2.3</example>

data/xml/apache_os.xml

@@ -82,7 +82,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
 
-  <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
+  <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?.*">
     <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Linux"/>

data/xml/dns_versionbind.xml

@@ -17,30 +17,40 @@
   <fingerprint pattern="^$">
     <description>empty string -- assert nothing.</description>
     <example/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^none$">
     <description>bare 'none' -- assert nothing.</description>
     <example>none</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^null$">
     <description>bare 'null' -- assert nothing.</description>
     <example>null</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^unknown$">
     <description>bare 'unknown' -- assert nothing.</description>
     <example>unknown</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^no version$">
     <description>bare 'no version' -- assert nothing.</description>
     <example>no version</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
@@ -427,7 +437,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
+  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.:-]*\)$">
     <description>PowerDNS Authoritative Server: format 2</description>
     <example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
     <example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul  4 2016 15:44:39 by root@foo-bar.baz)</example>

data/xml/favicons.xml

@@ -6,6 +6,30 @@
 
   <!-- Services -->
 
+  <fingerprint pattern="^4297c114f263c206ed12aaff4b0c7a50|e5af3b68e837498a85b25ef2c36a0825$">
+    <description>Metabase</description>
+    <example>4297c114f263c206ed12aaff4b0c7a50</example>
+    <example>e5af3b68e837498a85b25ef2c36a0825</example>
+    <param pos="0" name="service.product" value="Metabase"/>
+    <param pos="0" name="service.vendor" value="Metabase"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^14bd519881ea49a75353572cfb458dec$">
+    <description>Calibre-Web Project</description>
+    <example>14bd519881ea49a75353572cfb458dec</example>
+    <param pos="0" name="service.vendor" value="Calibre-Web Project"/>
+    <param pos="0" name="service.product" value="Calibre-Web"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:calibre-web_project:calibre-web:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^d2cef6047a604012455f5c9a1cd4d960$">
+    <description>Jellyfin Media Server</description>
+    <example>d2cef6047a604012455f5c9a1cd4d960</example>
+    <param pos="0" name="service.vendor" value="Jellyfin"/>
+    <param pos="0" name="service.product" value="Media Server"/>
+  </fingerprint>
+
   <fingerprint pattern="^0f584138aacfb79aaba7e2539fc4e642$">
     <description>Plex Media Server</description>
     <example>0f584138aacfb79aaba7e2539fc4e642</example>
@@ -125,6 +149,7 @@
     <param pos="0" name="service.vendor" value="RStudio"/>
     <param pos="0" name="service.product" value="Connect"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:rstudio:connect:-"/>
   </fingerprint>
 
   <fingerprint pattern="^84b0fc44f58bfee1a303ee3398a86670$">
@@ -194,6 +219,16 @@
     <param pos="0" name="service.vendor" value="SolarWinds"/>
     <param pos="0" name="service.product" value="Virtualization Manager"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^53317933c27890ae9218697ecc0e97d9$">
+    <description>SolarWinds Orion</description>
+    <example>53317933c27890ae9218697ecc0e97d9</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Orion Platform"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
   </fingerprint>
 
   <fingerprint pattern="^ee20526df4d69f7b02ee107458d8d679$">
@@ -202,6 +237,7 @@
     <param pos="0" name="service.vendor" value="ManageEngine"/>
     <param pos="0" name="service.product" value="ADAudit Plus"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
   </fingerprint>
 
   <fingerprint pattern="^e9d6d23a961ea23a3e961266876e0ffd$">
@@ -813,6 +849,14 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^ad4de5c717c886a99c4cf0e066e9b461$">
+    <description>MicroStrategy Collaboration Server</description>
+    <example>ad4de5c717c886a99c4cf0e066e9b461</example>
+    <param pos="0" name="service.vendor" value="MicroStrategy"/>
+    <param pos="0" name="service.product" value="Collaboration Server"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
+
   <!-- Devices -->
 
   <fingerprint pattern="^2fd26da3d6b790a86038f440d5b37eea$">
@@ -1022,7 +1066,9 @@
     <param pos="0" name="os.vendor" value="SonicWall"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.family" value="SonicOS"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
   </fingerprint>
 
   <fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">
@@ -1059,6 +1105,7 @@
     <param pos="0" name="os.family" value="ILOM"/>
     <param pos="0" name="os.product" value="ILOM"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^665f96fcdcc9da0ab89312acc02fa815$">
@@ -1144,7 +1191,7 @@
     <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.certainty" value="0.5"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -1328,6 +1375,7 @@
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
@@ -1344,6 +1392,7 @@
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler Gateway"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
@@ -1430,9 +1479,11 @@
     <param pos="0" name="hw.device" value="Firewall"/>
     <param pos="0" name="hw.certainty" value="0.5"/>
     <param pos="0" name="os.vendor" value="Palo Alto Networks"/>
-    <param pos="0" name="os.product" value="PANOS"/>
+    <param pos="0" name="os.product" value="PAN-OS"/>
+    <param pos="0" name="os.family" value="PAN-OS"/>
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
   </fingerprint>
 
   <fingerprint pattern="^efe29d50711d9b093d8187e97cc0e593$">
@@ -1534,6 +1585,7 @@
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.product" value="iLO 3"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_3_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:ad93b3973782b03ea62a43bd6602ba8b|d521487f45fa7657450edfd6c16e4a63)$">
@@ -1544,12 +1596,13 @@
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="0" name="hw.product" value="iLO"/>
     <param pos="0" name="hw.certainty" value="0.5"/>
-    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.product" value="iLO"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^d11917dc7e651b21f0f75cd0dc309e8a$">
@@ -1714,6 +1767,64 @@
     <param pos="0" name="os.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^ed61e4c9e9a176e82734aa42c6a00ce4|0dc6bff9bdabf1184c157d75ac73c22a$">
+    <description>Lifesize TelePresence</description>
+    <example>ed61e4c9e9a176e82734aa42c6a00ce4</example>
+    <example>0dc6bff9bdabf1184c157d75ac73c22a</example>
+    <param pos="0" name="hw.vendor" value="Lifesize"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="TelePresence"/>
+    <param pos="0" name="os.vendor" value="Lifesize"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="TelePresence"/>
+    <param pos="0" name="os.device" value="Video Conferencing"/>
+  </fingerprint>
+
+  <fingerprint pattern="^45e72b45613ba6ec2a1ded251a31f201$">
+    <description>Symantec PGP Key Management Server</description>
+    <example>45e72b45613ba6ec2a1ded251a31f201</example>
+    <param pos="0" name="hw.vendor" value="Symantec"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Key Management Server"/>
+  </fingerprint>
+
+  <fingerprint pattern="^302fe34dc0e9515e2d0509ff5f3217e5|8565497731f799fdd25ae59286807055$">
+    <description>Riverbed Steelhead Appliance</description>
+    <example>302fe34dc0e9515e2d0509ff5f3217e5</example>
+    <example>8565497731f799fdd25ae59286807055</example>
+    <param pos="0" name="hw.vendor" value="Riverbed"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Steelhead"/>
+    <param pos="0" name="os.product" value="RiOS"/>
+    <param pos="0" name="os.vendor" value="Riverbed"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^d29a1ef8a3d0011504f5d076600ce16d$">
+    <description>Silver Peak Appliance</description>
+    <example>d29a1ef8a3d0011504f5d076600ce16d</example>
+    <param pos="0" name="hw.vendor" value="Silver Peak"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.product" value="SD-WAN"/>
+  </fingerprint>
+
+  <fingerprint pattern="^425515e283192a3a686c04e1c50620aa$">
+    <description>Cisco Meraki Appliance</description>
+    <example>425515e283192a3a686c04e1c50620aa</example>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="Meraki Device"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.certainty" value="0.40"/>
+  </fingerprint>
+
+  <fingerprint pattern="^f5c62ea4c4e9f9a8606400becc01375e$">
+    <description>PBX in a Flash</description>
+    <example>f5c62ea4c4e9f9a8606400becc01375e</example>
+    <param pos="0" name="hw.vendor" value="PIAF"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
+  </fingerprint>
+
   <fingerprint pattern="^7b73744799150c888a172daf3d7093bf$">
     <description>Pure Storage Appliance</description>
     <example>7b73744799150c888a172daf3d7093bf</example>
@@ -1723,4 +1834,12 @@
     <param pos="0" name="hw.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^1b786be7a46bd96a503a81b7faf86263$">
+    <description>AdGuard Home</description>
+    <example>1b786be7a46bd96a503a81b7faf86263</example>
+    <param pos="0" name="service.vendor" value="AdGuard"/>
+    <param pos="0" name="service.product" value="AdGuard Home"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/ftp_banners.xml

@@ -5,9 +5,9 @@
   against these patterns to fingerprint FTP servers.
   -->
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
     <description>Microsoft FTP Server on Windows NT</description>
-    <example>xx Microsoft FTP Service (Version 3.0).</example>
+    <example host.name="foo.bar" service.version="3.0">foo.bar Microsoft FTP Service (Version 3.0).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -20,9 +20,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.0\)\.$">
     <description>Microsoft FTP Server on Windows 2000</description>
-    <example>xxx Microsoft FTP Service (Version 5.0).</example>
+    <example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.0).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -35,9 +35,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.1\)\.$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
-    <example>xxx Microsoft FTP Service (Version 5.1).</example>
+    <example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.1).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -49,9 +49,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
-    <example>hostname Microsoft FTP Service</example>
+    <example host.name="foo.bar">foo.bar Microsoft FTP Service</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -76,7 +76,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
     <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
     <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
     <param pos="0" name="service.vendor" value="HP"/>
@@ -89,7 +89,7 @@
     <param pos="2" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
     <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
     <param pos="0" name="service.vendor" value="Washington University"/>
@@ -102,7 +102,7 @@
     <param pos="2" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512})(?: \S{1,512})? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on various OS</description>
     <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
     <example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
@@ -114,7 +114,7 @@
     <param pos="2" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server with a version</description>
     <example host.name="example.com" os.version="10.3">example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
     <example host.name="example.com" os.version="10.3">this is a banner.  change it.&#13;
@@ -129,7 +129,7 @@ example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server without a version</description>
     <example host.name="example.com">example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example host.name="example.com">this is a banner.  change it.&#13;
@@ -143,7 +143,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
     <description>Simple tnftpd banner with a version</description>
     <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
     <param pos="0" name="service.product" value="tnftpd"/>
@@ -151,7 +151,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris</description>
     <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
     <param pos="0" name="os.vendor" value="Oracle"/>
@@ -162,7 +162,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris 5.7-5.10</description>
     <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
     <example host.name="example.com" os.version="10">example.com FTP server (SunOS 5.10) ready.</example>
@@ -174,7 +174,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
     <description>SunOS 5.6 (Solaris 2.6)</description>
     <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
     <param pos="0" name="os.vendor" value="Sun"/>
@@ -320,7 +320,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
+  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S{1,512}) proftpd\[\d+\]: error: no valid servers configured">
     <description>ProFTPD no valid servers configured</description>
     <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
     <example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
@@ -360,10 +360,11 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
 more stuff</example>
-    <param pos="0" name="service.fvendor" value="PureFTPd"/>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
@@ -403,8 +404,6 @@ more text</example>
     <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
-  <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
-
   <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
     <description>SolarWinds Serv-U with version </description>
     <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
@@ -420,10 +419,10 @@ more text</example>
     <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
     <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
     <param pos="0" name="service.vendor" value="Serv-U"/>
-    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
@@ -435,15 +434,18 @@ more text</example>
     <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
     <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
     <param pos="0" name="service.vendor" value="Serv-U"/>
-    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^Welcom to Serv-U FTP Server$">
     <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
     <example>Welcom to Serv-U FTP Server</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
@@ -516,7 +518,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^\s*APC FTP server ready\.$">
+  <fingerprint pattern="^\s{0,1024}APC FTP server ready\.$">
     <description>APC device</description>
     <example>APC FTP server ready.</example>
     <param pos="0" name="service.vendor" value="APC"/>
@@ -527,7 +529,7 @@ more text</example>
     <param pos="0" name="hw.device" value="Power Device"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
+  <fingerprint pattern="^(\S{1,64}) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
     <description>APC power/cooling device</description>
     <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
     <example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
@@ -544,7 +546,7 @@ more text</example>
     <param pos="0" name="hw.device" value="Power Device"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
     <description>EMC Celerra</description>
     <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
     <example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
@@ -613,7 +615,7 @@ more text</example>
     <param pos="0" name="service.product" value="Nepenthes"/>
   </fingerprint>
 
-  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
+  <fingerprint pattern="^[^ ]{1,512} IBM FTP CS (V1R\d+) at ([^,]*),.*">
     <description>IBM z/OS FTP Service</description>
     <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
     <param pos="0" name="service.vendor" value="IBM"/>
@@ -638,7 +640,7 @@ more text</example>
     <param pos="0" name="os.device" value="Point of Sale"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
+  <fingerprint pattern="^([^ ]{1,512}) NcFTPd Server \(licensed copy\) ready\.$">
     <description>NcFTPd Server
       http://www.ncftp.com/ncftpd/</description>
     <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
@@ -647,7 +649,7 @@ more text</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
+  <fingerprint pattern="^(\S{1,512}) DCS-2100 FTP server ready\.$">
     <description>D-Link DCS-2100 wireless internet camera</description>
     <example>hostname DCS-2100 FTP server ready.</example>
     <param pos="0" name="os.vendor" value="D-Link"/>
@@ -889,7 +891,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
+  <fingerprint pattern="^[\w\-\.]{0,128} FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
     <description>VxWorks 6 with version information</description>
     <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
     <example os.version="6.4">BVS-MR-BSC2 FTP server (VxWorks 6.4) ready.</example>
@@ -899,7 +901,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
+  <fingerprint pattern="^[\w&lt;&gt;]{1,32}\s{1,8}Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
     <description>VxWorks on Tenor MultiPath with version information</description>
     <example os.version="5.4.2">&lt;38785ca0&gt;  Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
@@ -1045,7 +1047,7 @@ more text</example>
     <param pos="2" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
+  <fingerprint pattern="^ET(\S{1,12}) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
     <description>Source Technologies ST9600 Series Secure Printer</description>
     <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
     <example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
@@ -1058,7 +1060,7 @@ more text</example>
     <param pos="3" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
+  <fingerprint pattern="^ET(\S{1,12}) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
     <description>Lexmark ProXXX Series of Printers</description>
     <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
     <param pos="0" name="os.vendor" value="Lexmark"/>
@@ -1071,7 +1073,7 @@ more text</example>
     <param pos="2" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
+  <fingerprint pattern="^ET(\S{1,12}) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Lexmark Forms Printer</description>
     <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
     <param pos="0" name="os.vendor" value="Lexmark"/>
@@ -1086,7 +1088,7 @@ more text</example>
     <param pos="2" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
+  <fingerprint pattern="^ET(\S{1,12}) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Toshiba e-STUDIO Printer with MAC address</description>
     <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
     <example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -1100,7 +1102,7 @@ more text</example>
     <param pos="0" name="hw.product" value="e-STUDIO"/>
   </fingerprint>
 
-  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
+  <fingerprint pattern="^\S{1,16} TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Toshiba e-STUDIO Printer</description>
     <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
     <param pos="0" name="os.vendor" value="Toshiba"/>
@@ -1298,7 +1300,7 @@ more text</example>
     <param pos="1" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
+  <fingerprint pattern="^(ET(\S{1,32})) Dell (\S+ Laser Printer) FTP Server">
     <description>Dell Laser Printer</description>
     <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
     <param pos="0" name="os.vendor" value="Dell"/>
@@ -1310,11 +1312,14 @@ more text</example>
     <param pos="3" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
     <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
     <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
     <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
     <param pos="1" name="host.name"/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
@@ -1333,7 +1338,7 @@ more text</example>
     <param pos="3" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -1344,7 +1349,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -1354,7 +1359,7 @@ more text</example>
     <param pos="2" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
     <description>MikroTik</description>
     <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
     <param pos="0" name="os.vendor" value="MikroTik"/>
@@ -1364,7 +1369,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
+  <fingerprint pattern="^.{0,1024} FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
     <description>MikroTik with description</description>
     <example os.version="6.43.16">Super Thing_Place-  FTP server (MikroTik 6.43.16) ready</example>
     <example os.version="6.43.16beta2">Super Thing_Place-  FTP server (MikroTik 6.43.16beta2) ready</example>
@@ -1542,7 +1547,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
+  <fingerprint pattern="^([\w.-]{1,512}) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
     <description>WS_FTP FTP Server on Windows - X2 variant</description>
     <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
     <example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
@@ -1625,11 +1630,11 @@ more text</example>
 
   <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+)  ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
     <description>Sofrel Remote Terminal Unit</description>
-    <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427  ready. Time is 00:11:39 01/11/16.</example>
+    <example hw.product="S500" hw.serial_number="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427  ready. Time is 00:11:39 01/11/16.</example>
     <param pos="0" name="hw.vendor" value="Sofrel"/>
     <param pos="0" name="hw.family" value="S500 Range"/>
     <param pos="1" name="hw.product"/>
-    <param pos="2" name="host.id"/>
+    <param pos="2" name="hw.serial_number"/>
     <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
@@ -1645,13 +1650,16 @@ more text</example>
     <param pos="2" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP server ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname</description>
     <example host.name="example.com">example.com FTP server ready.</example>
     <param pos="1" name="host.name"/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
     <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
     <example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
@@ -1667,6 +1675,9 @@ more text</example>
     <example>FTP-Server</example>
     <example>FTP Server</example>
     <example>FTP service ready.</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Welcom to ProRat Ftp Server$">
@@ -1676,7 +1687,7 @@ more text</example>
     <param pos="0" name="service.product" value="ProRat"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
+  <fingerprint pattern="^(?:(\S{1,512}) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
     <description>Vermillion FTP Daemon</description>
     <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
     <example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
@@ -1690,7 +1701,7 @@ more text</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
+  <fingerprint pattern="^(?:(\S{1,512}) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
     <description>QVT/Net FTP Server</description>
     <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
     <example host.name="qpc-qvtnet" service.version="4.1">qpc-qvtnet FTP server (QVT/Net 4.1) ready.</example>