recog 2.3.17 → 2.3.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/bin/recog_standardize +6 -0
- data/cpe-remap.yaml +342 -200
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_family.txt +11 -0
- data/identifiers/hw_product.txt +71 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +36 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +78 -2
- data/identifiers/vendor.txt +55 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +18 -5
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +1 -1
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +122 -3
- data/xml/ftp_banners.xml +62 -51
- data/xml/html_title.xml +553 -41
- data/xml/http_cookies.xml +262 -61
- data/xml/http_servers.xml +478 -108
- data/xml/http_wwwauth.xml +36 -9
- data/xml/imap_banners.xml +5 -5
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +340 -10
- data/xml/mysql_banners.xml +2 -1
- data/xml/nntp_banners.xml +1 -1
- data/xml/ntp_banners.xml +16 -2
- data/xml/operating_system.xml +4 -4
- data/xml/pop_banners.xml +4 -4
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +347 -9
- data/xml/sip_user_agents.xml +323 -4
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +167 -128
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +205 -36
- data/xml/ssh_banners.xml +139 -25
- data/xml/telnet_banners.xml +92 -48
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +201 -2
- data/xml/x509_subjects.xml +251 -32
- metadata +5 -2
data/update_cpes.py
CHANGED
@@ -16,8 +16,17 @@ def parse_cpe_vp_map(file):
|
|
16
16
|
parser = etree.XMLParser(remove_comments=False)
|
17
17
|
doc = etree.parse(file, parser)
|
18
18
|
namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
|
19
|
-
for
|
19
|
+
for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
|
20
|
+
cpe_name = entry.get("name")
|
21
|
+
if not cpe_name:
|
22
|
+
continue
|
23
|
+
|
24
|
+
# If the entry is deprecated then don't add it to our list of valid CPEs.
|
25
|
+
if entry.get("deprecated"):
|
26
|
+
continue
|
27
|
+
|
20
28
|
cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
|
29
|
+
|
21
30
|
if cpe_match:
|
22
31
|
cpe_type, vendor, product = cpe_match.group(1, 2, 3)
|
23
32
|
if cpe_type not in vp_map:
|
@@ -86,7 +95,11 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
86
95
|
|
87
96
|
# Everything else depends on a remap of some sort.
|
88
97
|
# get the remappings for this one vendor string.
|
89
|
-
vendor_remap =
|
98
|
+
vendor_remap = None
|
99
|
+
|
100
|
+
remap_type = remap.get(cpe_type, None)
|
101
|
+
if remap_type:
|
102
|
+
vendor_remap = remap_type.get(vendor, None)
|
90
103
|
|
91
104
|
if vendor_remap:
|
92
105
|
# If we have product remappings, work that angle next
|
@@ -190,7 +203,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
190
203
|
continue
|
191
204
|
|
192
205
|
vendor = vendor.lower().replace(' ', '_').replace(',', '')
|
193
|
-
product = product.lower().replace(' ', '_').replace(',', '')
|
206
|
+
product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
|
194
207
|
if 'unknown' in [vendor, product]:
|
195
208
|
continue
|
196
209
|
|
@@ -209,8 +222,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
209
222
|
continue
|
210
223
|
|
211
224
|
# building the CPE string
|
212
|
-
# Last minute escaping of '/'
|
213
|
-
product = product.replace('/', '\/')
|
225
|
+
# Last minute escaping of '/' and `!`
|
226
|
+
product = product.replace('/', '\/').replace('%21', '\!')
|
214
227
|
cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
|
215
228
|
|
216
229
|
if version:
|
data/xml/apache_modules.xml
CHANGED
@@ -220,6 +220,36 @@
|
|
220
220
|
<param pos="0" name="service.component.product" value="mod_auth_ldap"/>
|
221
221
|
</fingerprint>
|
222
222
|
|
223
|
+
<fingerprint pattern="mod_auth_oracle/(\S+)$">
|
224
|
+
<description>mod_auth_oracle with version</description>
|
225
|
+
<example service.component.version="1.2.3">mod_auth_oracle/1.2.3</example>
|
226
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
227
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
228
|
+
<param pos="1" name="service.component.version"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<fingerprint pattern="mod_auth_oracle/?$">
|
232
|
+
<description>mod_auth_oracle without version</description>
|
233
|
+
<example>mod_auth_oracle/</example>
|
234
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
235
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
236
|
+
</fingerprint>
|
237
|
+
|
238
|
+
<fingerprint pattern="mod_auth_pgsql/(\S+)$">
|
239
|
+
<description>mod_auth_pgsql with version</description>
|
240
|
+
<example service.component.version="1.2.3">mod_auth_pgsql/1.2.3</example>
|
241
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
242
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
243
|
+
<param pos="1" name="service.component.version"/>
|
244
|
+
</fingerprint>
|
245
|
+
|
246
|
+
<fingerprint pattern="mod_auth_pgsql/?$">
|
247
|
+
<description>mod_auth_pgsql without version</description>
|
248
|
+
<example>mod_auth_pgsql/</example>
|
249
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
250
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
251
|
+
</fingerprint>
|
252
|
+
|
223
253
|
<fingerprint pattern="mod_auth_radius/(\S+)$">
|
224
254
|
<description>mod_auth_radius with version</description>
|
225
255
|
<example service.component.version="1.2.3">mod_auth_radius/1.2.3</example>
|
@@ -978,6 +1008,36 @@
|
|
978
1008
|
<param pos="0" name="service.component.product" value="mod_filter"/>
|
979
1009
|
</fingerprint>
|
980
1010
|
|
1011
|
+
<fingerprint pattern="mod_frontpage/(\S+)$">
|
1012
|
+
<description>mod_frontpage with version</description>
|
1013
|
+
<example service.component.version="1.2.3">mod_frontpage/1.2.3</example>
|
1014
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1015
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1016
|
+
<param pos="1" name="service.component.version"/>
|
1017
|
+
</fingerprint>
|
1018
|
+
|
1019
|
+
<fingerprint pattern="mod_frontpage/?$">
|
1020
|
+
<description>mod_frontpage without version</description>
|
1021
|
+
<example>mod_frontpage/</example>
|
1022
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1023
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1024
|
+
</fingerprint>
|
1025
|
+
|
1026
|
+
<fingerprint pattern="mod_gzip/(\S+)$">
|
1027
|
+
<description>mod_gzip with version</description>
|
1028
|
+
<example service.component.version="1.2.3">mod_gzip/1.2.3</example>
|
1029
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1030
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1031
|
+
<param pos="1" name="service.component.version"/>
|
1032
|
+
</fingerprint>
|
1033
|
+
|
1034
|
+
<fingerprint pattern="mod_gzip/?$">
|
1035
|
+
<description>mod_gzip without version</description>
|
1036
|
+
<example>mod_gzip/</example>
|
1037
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1038
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1039
|
+
</fingerprint>
|
1040
|
+
|
981
1041
|
<fingerprint pattern="mod_headers/(\S+)$">
|
982
1042
|
<description>mod_headers with version</description>
|
983
1043
|
<example service.component.version="1.2.3">mod_headers/1.2.3</example>
|
data/xml/apache_os.xml
CHANGED
@@ -82,7 +82,7 @@
|
|
82
82
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
83
83
|
</fingerprint>
|
84
84
|
|
85
|
-
<fingerprint pattern="
|
85
|
+
<fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?.*">
|
86
86
|
<description>Sun Cobalt RaQ (Red Hat based Linux)</description>
|
87
87
|
<param pos="0" name="os.vendor" value="Sun"/>
|
88
88
|
<param pos="0" name="os.family" value="Linux"/>
|
data/xml/dns_versionbind.xml
CHANGED
@@ -17,30 +17,40 @@
|
|
17
17
|
<fingerprint pattern="^$">
|
18
18
|
<description>empty string -- assert nothing.</description>
|
19
19
|
<example/>
|
20
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
21
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
20
22
|
<param pos="0" name="service.certainty" value="0.0"/>
|
21
23
|
</fingerprint>
|
22
24
|
|
23
25
|
<fingerprint pattern="^none$">
|
24
26
|
<description>bare 'none' -- assert nothing.</description>
|
25
27
|
<example>none</example>
|
28
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
29
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
26
30
|
<param pos="0" name="service.certainty" value="0.0"/>
|
27
31
|
</fingerprint>
|
28
32
|
|
29
33
|
<fingerprint pattern="^null$">
|
30
34
|
<description>bare 'null' -- assert nothing.</description>
|
31
35
|
<example>null</example>
|
36
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
37
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
32
38
|
<param pos="0" name="service.certainty" value="0.0"/>
|
33
39
|
</fingerprint>
|
34
40
|
|
35
41
|
<fingerprint pattern="(?i)^unknown$">
|
36
42
|
<description>bare 'unknown' -- assert nothing.</description>
|
37
43
|
<example>unknown</example>
|
44
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
45
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
38
46
|
<param pos="0" name="service.certainty" value="0.0"/>
|
39
47
|
</fingerprint>
|
40
48
|
|
41
49
|
<fingerprint pattern="^no version$">
|
42
50
|
<description>bare 'no version' -- assert nothing.</description>
|
43
51
|
<example>no version</example>
|
52
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
53
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
44
54
|
<param pos="0" name="service.certainty" value="0.0"/>
|
45
55
|
</fingerprint>
|
46
56
|
|
@@ -427,7 +437,7 @@
|
|
427
437
|
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
428
438
|
</fingerprint>
|
429
439
|
|
430
|
-
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w
|
440
|
+
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.:-]*\)$">
|
431
441
|
<description>PowerDNS Authoritative Server: format 2</description>
|
432
442
|
<example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
|
433
443
|
<example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul 4 2016 15:44:39 by root@foo-bar.baz)</example>
|
data/xml/favicons.xml
CHANGED
@@ -6,6 +6,30 @@
|
|
6
6
|
|
7
7
|
<!-- Services -->
|
8
8
|
|
9
|
+
<fingerprint pattern="^4297c114f263c206ed12aaff4b0c7a50|e5af3b68e837498a85b25ef2c36a0825$">
|
10
|
+
<description>Metabase</description>
|
11
|
+
<example>4297c114f263c206ed12aaff4b0c7a50</example>
|
12
|
+
<example>e5af3b68e837498a85b25ef2c36a0825</example>
|
13
|
+
<param pos="0" name="service.product" value="Metabase"/>
|
14
|
+
<param pos="0" name="service.vendor" value="Metabase"/>
|
15
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
|
16
|
+
</fingerprint>
|
17
|
+
|
18
|
+
<fingerprint pattern="^14bd519881ea49a75353572cfb458dec$">
|
19
|
+
<description>Calibre-Web Project</description>
|
20
|
+
<example>14bd519881ea49a75353572cfb458dec</example>
|
21
|
+
<param pos="0" name="service.vendor" value="Calibre-Web Project"/>
|
22
|
+
<param pos="0" name="service.product" value="Calibre-Web"/>
|
23
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:calibre-web_project:calibre-web:-"/>
|
24
|
+
</fingerprint>
|
25
|
+
|
26
|
+
<fingerprint pattern="^d2cef6047a604012455f5c9a1cd4d960$">
|
27
|
+
<description>Jellyfin Media Server</description>
|
28
|
+
<example>d2cef6047a604012455f5c9a1cd4d960</example>
|
29
|
+
<param pos="0" name="service.vendor" value="Jellyfin"/>
|
30
|
+
<param pos="0" name="service.product" value="Media Server"/>
|
31
|
+
</fingerprint>
|
32
|
+
|
9
33
|
<fingerprint pattern="^0f584138aacfb79aaba7e2539fc4e642$">
|
10
34
|
<description>Plex Media Server</description>
|
11
35
|
<example>0f584138aacfb79aaba7e2539fc4e642</example>
|
@@ -125,6 +149,7 @@
|
|
125
149
|
<param pos="0" name="service.vendor" value="RStudio"/>
|
126
150
|
<param pos="0" name="service.product" value="Connect"/>
|
127
151
|
<param pos="0" name="service.certainty" value="0.5"/>
|
152
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:rstudio:connect:-"/>
|
128
153
|
</fingerprint>
|
129
154
|
|
130
155
|
<fingerprint pattern="^84b0fc44f58bfee1a303ee3398a86670$">
|
@@ -194,6 +219,16 @@
|
|
194
219
|
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
195
220
|
<param pos="0" name="service.product" value="Virtualization Manager"/>
|
196
221
|
<param pos="0" name="service.certainty" value="0.5"/>
|
222
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
|
223
|
+
</fingerprint>
|
224
|
+
|
225
|
+
<fingerprint pattern="^53317933c27890ae9218697ecc0e97d9$">
|
226
|
+
<description>SolarWinds Orion</description>
|
227
|
+
<example>53317933c27890ae9218697ecc0e97d9</example>
|
228
|
+
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
229
|
+
<param pos="0" name="service.product" value="Orion Platform"/>
|
230
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
231
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
|
197
232
|
</fingerprint>
|
198
233
|
|
199
234
|
<fingerprint pattern="^ee20526df4d69f7b02ee107458d8d679$">
|
@@ -202,6 +237,7 @@
|
|
202
237
|
<param pos="0" name="service.vendor" value="ManageEngine"/>
|
203
238
|
<param pos="0" name="service.product" value="ADAudit Plus"/>
|
204
239
|
<param pos="0" name="service.certainty" value="0.5"/>
|
240
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
|
205
241
|
</fingerprint>
|
206
242
|
|
207
243
|
<fingerprint pattern="^e9d6d23a961ea23a3e961266876e0ffd$">
|
@@ -813,6 +849,14 @@
|
|
813
849
|
<param pos="0" name="service.certainty" value="0.5"/>
|
814
850
|
</fingerprint>
|
815
851
|
|
852
|
+
<fingerprint pattern="^ad4de5c717c886a99c4cf0e066e9b461$">
|
853
|
+
<description>MicroStrategy Collaboration Server</description>
|
854
|
+
<example>ad4de5c717c886a99c4cf0e066e9b461</example>
|
855
|
+
<param pos="0" name="service.vendor" value="MicroStrategy"/>
|
856
|
+
<param pos="0" name="service.product" value="Collaboration Server"/>
|
857
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
858
|
+
</fingerprint>
|
859
|
+
|
816
860
|
<!-- Devices -->
|
817
861
|
|
818
862
|
<fingerprint pattern="^2fd26da3d6b790a86038f440d5b37eea$">
|
@@ -1022,7 +1066,9 @@
|
|
1022
1066
|
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1023
1067
|
<param pos="0" name="os.device" value="Firewall"/>
|
1024
1068
|
<param pos="0" name="os.family" value="SonicOS"/>
|
1069
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1025
1070
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1071
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1026
1072
|
</fingerprint>
|
1027
1073
|
|
1028
1074
|
<fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">
|
@@ -1059,6 +1105,7 @@
|
|
1059
1105
|
<param pos="0" name="os.family" value="ILOM"/>
|
1060
1106
|
<param pos="0" name="os.product" value="ILOM"/>
|
1061
1107
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1108
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
|
1062
1109
|
</fingerprint>
|
1063
1110
|
|
1064
1111
|
<fingerprint pattern="^665f96fcdcc9da0ab89312acc02fa815$">
|
@@ -1144,7 +1191,7 @@
|
|
1144
1191
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
1145
1192
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
1146
1193
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1147
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
1194
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
1148
1195
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
1149
1196
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
1150
1197
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -1328,6 +1375,7 @@
|
|
1328
1375
|
<param pos="0" name="os.device" value="Network Management Device"/>
|
1329
1376
|
<param pos="0" name="os.product" value="NetScaler"/>
|
1330
1377
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1378
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
|
1331
1379
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
1332
1380
|
<param pos="0" name="service.family" value="NetScaler"/>
|
1333
1381
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
@@ -1344,6 +1392,7 @@
|
|
1344
1392
|
<param pos="0" name="os.device" value="Network Management Device"/>
|
1345
1393
|
<param pos="0" name="os.product" value="NetScaler Gateway"/>
|
1346
1394
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1395
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
1347
1396
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
1348
1397
|
<param pos="0" name="service.family" value="NetScaler"/>
|
1349
1398
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
@@ -1430,9 +1479,11 @@
|
|
1430
1479
|
<param pos="0" name="hw.device" value="Firewall"/>
|
1431
1480
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
1432
1481
|
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
|
1433
|
-
<param pos="0" name="os.product" value="
|
1482
|
+
<param pos="0" name="os.product" value="PAN-OS"/>
|
1483
|
+
<param pos="0" name="os.family" value="PAN-OS"/>
|
1434
1484
|
<param pos="0" name="os.device" value="Firewall"/>
|
1435
1485
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1486
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
|
1436
1487
|
</fingerprint>
|
1437
1488
|
|
1438
1489
|
<fingerprint pattern="^efe29d50711d9b093d8187e97cc0e593$">
|
@@ -1534,6 +1585,7 @@
|
|
1534
1585
|
<param pos="0" name="os.family" value="iLO"/>
|
1535
1586
|
<param pos="0" name="os.product" value="iLO 3"/>
|
1536
1587
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1588
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_3_firmware:-"/>
|
1537
1589
|
</fingerprint>
|
1538
1590
|
|
1539
1591
|
<fingerprint pattern="^(?:ad93b3973782b03ea62a43bd6602ba8b|d521487f45fa7657450edfd6c16e4a63)$">
|
@@ -1544,12 +1596,13 @@
|
|
1544
1596
|
<param pos="0" name="hw.vendor" value="HP"/>
|
1545
1597
|
<param pos="0" name="hw.product" value="iLO"/>
|
1546
1598
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
1547
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
1599
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
1548
1600
|
<param pos="0" name="os.vendor" value="HP"/>
|
1549
1601
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
1550
1602
|
<param pos="0" name="os.family" value="iLO"/>
|
1551
1603
|
<param pos="0" name="os.product" value="iLO"/>
|
1552
1604
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1605
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
1553
1606
|
</fingerprint>
|
1554
1607
|
|
1555
1608
|
<fingerprint pattern="^d11917dc7e651b21f0f75cd0dc309e8a$">
|
@@ -1714,6 +1767,64 @@
|
|
1714
1767
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1715
1768
|
</fingerprint>
|
1716
1769
|
|
1770
|
+
<fingerprint pattern="^ed61e4c9e9a176e82734aa42c6a00ce4|0dc6bff9bdabf1184c157d75ac73c22a$">
|
1771
|
+
<description>Lifesize TelePresence</description>
|
1772
|
+
<example>ed61e4c9e9a176e82734aa42c6a00ce4</example>
|
1773
|
+
<example>0dc6bff9bdabf1184c157d75ac73c22a</example>
|
1774
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
1775
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
1776
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
1777
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
1778
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1779
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
1780
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
1781
|
+
</fingerprint>
|
1782
|
+
|
1783
|
+
<fingerprint pattern="^45e72b45613ba6ec2a1ded251a31f201$">
|
1784
|
+
<description>Symantec PGP Key Management Server</description>
|
1785
|
+
<example>45e72b45613ba6ec2a1ded251a31f201</example>
|
1786
|
+
<param pos="0" name="hw.vendor" value="Symantec"/>
|
1787
|
+
<param pos="0" name="hw.device" value="Security Appliance"/>
|
1788
|
+
<param pos="0" name="hw.product" value="Key Management Server"/>
|
1789
|
+
</fingerprint>
|
1790
|
+
|
1791
|
+
<fingerprint pattern="^302fe34dc0e9515e2d0509ff5f3217e5|8565497731f799fdd25ae59286807055$">
|
1792
|
+
<description>Riverbed Steelhead Appliance</description>
|
1793
|
+
<example>302fe34dc0e9515e2d0509ff5f3217e5</example>
|
1794
|
+
<example>8565497731f799fdd25ae59286807055</example>
|
1795
|
+
<param pos="0" name="hw.vendor" value="Riverbed"/>
|
1796
|
+
<param pos="0" name="hw.device" value="Security Appliance"/>
|
1797
|
+
<param pos="0" name="hw.product" value="Steelhead"/>
|
1798
|
+
<param pos="0" name="os.product" value="RiOS"/>
|
1799
|
+
<param pos="0" name="os.vendor" value="Riverbed"/>
|
1800
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
|
1801
|
+
</fingerprint>
|
1802
|
+
|
1803
|
+
<fingerprint pattern="^d29a1ef8a3d0011504f5d076600ce16d$">
|
1804
|
+
<description>Silver Peak Appliance</description>
|
1805
|
+
<example>d29a1ef8a3d0011504f5d076600ce16d</example>
|
1806
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
1807
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1808
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
1809
|
+
</fingerprint>
|
1810
|
+
|
1811
|
+
<fingerprint pattern="^425515e283192a3a686c04e1c50620aa$">
|
1812
|
+
<description>Cisco Meraki Appliance</description>
|
1813
|
+
<example>425515e283192a3a686c04e1c50620aa</example>
|
1814
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
1815
|
+
<param pos="0" name="hw.product" value="Meraki Device"/>
|
1816
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1817
|
+
<param pos="0" name="hw.certainty" value="0.40"/>
|
1818
|
+
</fingerprint>
|
1819
|
+
|
1820
|
+
<fingerprint pattern="^f5c62ea4c4e9f9a8606400becc01375e$">
|
1821
|
+
<description>PBX in a Flash</description>
|
1822
|
+
<example>f5c62ea4c4e9f9a8606400becc01375e</example>
|
1823
|
+
<param pos="0" name="hw.vendor" value="PIAF"/>
|
1824
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
1825
|
+
<param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
|
1826
|
+
</fingerprint>
|
1827
|
+
|
1717
1828
|
<fingerprint pattern="^7b73744799150c888a172daf3d7093bf$">
|
1718
1829
|
<description>Pure Storage Appliance</description>
|
1719
1830
|
<example>7b73744799150c888a172daf3d7093bf</example>
|
@@ -1723,4 +1834,12 @@
|
|
1723
1834
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
1724
1835
|
</fingerprint>
|
1725
1836
|
|
1837
|
+
<fingerprint pattern="^1b786be7a46bd96a503a81b7faf86263$">
|
1838
|
+
<description>AdGuard Home</description>
|
1839
|
+
<example>1b786be7a46bd96a503a81b7faf86263</example>
|
1840
|
+
<param pos="0" name="service.vendor" value="AdGuard"/>
|
1841
|
+
<param pos="0" name="service.product" value="AdGuard Home"/>
|
1842
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
1843
|
+
</fingerprint>
|
1844
|
+
|
1726
1845
|
</fingerprints>
|
data/xml/ftp_banners.xml
CHANGED
@@ -5,9 +5,9 @@
|
|
5
5
|
against these patterns to fingerprint FTP servers.
|
6
6
|
-->
|
7
7
|
|
8
|
-
<fingerprint pattern="^([^ ]
|
8
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
|
9
9
|
<description>Microsoft FTP Server on Windows NT</description>
|
10
|
-
<example>
|
10
|
+
<example host.name="foo.bar" service.version="3.0">foo.bar Microsoft FTP Service (Version 3.0).</example>
|
11
11
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
12
12
|
<param pos="0" name="service.product" value="IIS"/>
|
13
13
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -20,9 +20,9 @@
|
|
20
20
|
<param pos="1" name="host.name"/>
|
21
21
|
</fingerprint>
|
22
22
|
|
23
|
-
<fingerprint pattern="^([^ ]
|
23
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.0\)\.$">
|
24
24
|
<description>Microsoft FTP Server on Windows 2000</description>
|
25
|
-
<example>
|
25
|
+
<example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.0).</example>
|
26
26
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
27
27
|
<param pos="0" name="service.product" value="IIS"/>
|
28
28
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -35,9 +35,9 @@
|
|
35
35
|
<param pos="1" name="host.name"/>
|
36
36
|
</fingerprint>
|
37
37
|
|
38
|
-
<fingerprint pattern="^([^ ]
|
38
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.1\)\.$">
|
39
39
|
<description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
|
40
|
-
<example>
|
40
|
+
<example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.1).</example>
|
41
41
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
42
42
|
<param pos="0" name="service.product" value="IIS"/>
|
43
43
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -49,9 +49,9 @@
|
|
49
49
|
<param pos="1" name="host.name"/>
|
50
50
|
</fingerprint>
|
51
51
|
|
52
|
-
<fingerprint pattern="^([^ ]
|
52
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service$">
|
53
53
|
<description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
|
54
|
-
<example>
|
54
|
+
<example host.name="foo.bar">foo.bar Microsoft FTP Service</example>
|
55
55
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
56
56
|
<param pos="0" name="service.product" value="IIS"/>
|
57
57
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -76,7 +76,7 @@
|
|
76
76
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
77
77
|
</fingerprint>
|
78
78
|
|
79
|
-
<fingerprint pattern="^([^ ]
|
79
|
+
<fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
80
80
|
<description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
|
81
81
|
<example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
|
82
82
|
<param pos="0" name="service.vendor" value="HP"/>
|
@@ -89,7 +89,7 @@
|
|
89
89
|
<param pos="2" name="service.version"/>
|
90
90
|
</fingerprint>
|
91
91
|
|
92
|
-
<fingerprint pattern="^([^ ]
|
92
|
+
<fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
93
93
|
<description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
|
94
94
|
<example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
|
95
95
|
<param pos="0" name="service.vendor" value="Washington University"/>
|
@@ -102,7 +102,7 @@
|
|
102
102
|
<param pos="2" name="service.version"/>
|
103
103
|
</fingerprint>
|
104
104
|
|
105
|
-
<fingerprint pattern="^(\S
|
105
|
+
<fingerprint pattern="^(\S{1,512})(?: \S{1,512})? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
|
106
106
|
<description>WU-FTPD on various OS</description>
|
107
107
|
<example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
|
108
108
|
<example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
|
@@ -114,7 +114,7 @@
|
|
114
114
|
<param pos="2" name="service.version"/>
|
115
115
|
</fingerprint>
|
116
116
|
|
117
|
-
<fingerprint pattern="^(\S
|
117
|
+
<fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
118
118
|
<description>FTPD on Mac OS X Server with a version</description>
|
119
119
|
<example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
|
120
120
|
<example host.name="example.com" os.version="10.3">this is a banner. change it.
|
@@ -129,7 +129,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
|
|
129
129
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
|
130
130
|
</fingerprint>
|
131
131
|
|
132
|
-
<fingerprint pattern="^(\S
|
132
|
+
<fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
133
133
|
<description>FTPD on Mac OS X Server without a version</description>
|
134
134
|
<example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
|
135
135
|
<example host.name="example.com">this is a banner. change it.
|
@@ -143,7 +143,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
143
143
|
<param pos="1" name="host.name"/>
|
144
144
|
</fingerprint>
|
145
145
|
|
146
|
-
<fingerprint pattern="^(\S
|
146
|
+
<fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
|
147
147
|
<description>Simple tnftpd banner with a version</description>
|
148
148
|
<example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
|
149
149
|
<param pos="0" name="service.product" value="tnftpd"/>
|
@@ -151,7 +151,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
151
151
|
<param pos="1" name="host.name"/>
|
152
152
|
</fingerprint>
|
153
153
|
|
154
|
-
<fingerprint pattern="^(\S
|
154
|
+
<fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
|
155
155
|
<description>SunOS/Solaris</description>
|
156
156
|
<example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
|
157
157
|
<param pos="0" name="os.vendor" value="Oracle"/>
|
@@ -162,7 +162,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
162
162
|
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
|
163
163
|
</fingerprint>
|
164
164
|
|
165
|
-
<fingerprint pattern="^(\S
|
165
|
+
<fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
|
166
166
|
<description>SunOS/Solaris 5.7-5.10</description>
|
167
167
|
<example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
|
168
168
|
<example host.name="example.com" os.version="10">example.com FTP server (SunOS 5.10) ready.</example>
|
@@ -174,7 +174,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
174
174
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
175
175
|
</fingerprint>
|
176
176
|
|
177
|
-
<fingerprint pattern="^(\S
|
177
|
+
<fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
|
178
178
|
<description>SunOS 5.6 (Solaris 2.6)</description>
|
179
179
|
<example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
|
180
180
|
<param pos="0" name="os.vendor" value="Sun"/>
|
@@ -320,7 +320,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
320
320
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
321
321
|
</fingerprint>
|
322
322
|
|
323
|
-
<fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S
|
323
|
+
<fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S{1,512}) proftpd\[\d+\]: error: no valid servers configured">
|
324
324
|
<description>ProFTPD no valid servers configured</description>
|
325
325
|
<example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
|
326
326
|
<example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
|
@@ -360,10 +360,11 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
360
360
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-</example>
|
361
361
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-
|
362
362
|
more stuff</example>
|
363
|
-
<param pos="0" name="service.
|
363
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
364
364
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
365
365
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
366
366
|
<param pos="1" name="service.version"/>
|
367
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
367
368
|
</fingerprint>
|
368
369
|
|
369
370
|
<fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
|
@@ -403,8 +404,6 @@ more text</example>
|
|
403
404
|
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
404
405
|
</fingerprint>
|
405
406
|
|
406
|
-
<!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
|
407
|
-
|
408
407
|
<fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
|
409
408
|
<description>SolarWinds Serv-U with version </description>
|
410
409
|
<example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
|
@@ -420,10 +419,10 @@ more text</example>
|
|
420
419
|
<example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
|
421
420
|
<example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
|
422
421
|
<param pos="0" name="service.vendor" value="Serv-U"/>
|
423
|
-
<param pos="0" name="service.product" value="Serv-U"/>
|
422
|
+
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
|
424
423
|
<param pos="0" name="service.family" value="Serv-U"/>
|
425
424
|
<param pos="1" name="service.version"/>
|
426
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
425
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
|
427
426
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
428
427
|
<param pos="0" name="os.family" value="Windows"/>
|
429
428
|
<param pos="0" name="os.product" value="Windows"/>
|
@@ -435,15 +434,18 @@ more text</example>
|
|
435
434
|
<example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
|
436
435
|
<example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
|
437
436
|
<param pos="0" name="service.vendor" value="Serv-U"/>
|
438
|
-
<param pos="0" name="service.product" value="Serv-U"/>
|
437
|
+
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
|
439
438
|
<param pos="0" name="service.family" value="Serv-U"/>
|
440
439
|
<param pos="1" name="service.version"/>
|
441
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
440
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
|
442
441
|
</fingerprint>
|
443
442
|
|
444
443
|
<fingerprint pattern="^Welcom to Serv-U FTP Server$">
|
445
444
|
<description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
|
446
445
|
<example>Welcom to Serv-U FTP Server</example>
|
446
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
447
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
448
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
447
449
|
</fingerprint>
|
448
450
|
|
449
451
|
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
@@ -516,7 +518,7 @@ more text</example>
|
|
516
518
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
517
519
|
</fingerprint>
|
518
520
|
|
519
|
-
<fingerprint pattern="^\s
|
521
|
+
<fingerprint pattern="^\s{0,1024}APC FTP server ready\.$">
|
520
522
|
<description>APC device</description>
|
521
523
|
<example>APC FTP server ready.</example>
|
522
524
|
<param pos="0" name="service.vendor" value="APC"/>
|
@@ -527,7 +529,7 @@ more text</example>
|
|
527
529
|
<param pos="0" name="hw.device" value="Power Device"/>
|
528
530
|
</fingerprint>
|
529
531
|
|
530
|
-
<fingerprint pattern="^(\S
|
532
|
+
<fingerprint pattern="^(\S{1,64}) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
|
531
533
|
<description>APC power/cooling device</description>
|
532
534
|
<example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
|
533
535
|
<example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
|
@@ -544,7 +546,7 @@ more text</example>
|
|
544
546
|
<param pos="0" name="hw.device" value="Power Device"/>
|
545
547
|
</fingerprint>
|
546
548
|
|
547
|
-
<fingerprint pattern="^(\S
|
549
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
|
548
550
|
<description>EMC Celerra</description>
|
549
551
|
<example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
|
550
552
|
<example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
|
@@ -613,7 +615,7 @@ more text</example>
|
|
613
615
|
<param pos="0" name="service.product" value="Nepenthes"/>
|
614
616
|
</fingerprint>
|
615
617
|
|
616
|
-
<fingerprint pattern="^[^ ]
|
618
|
+
<fingerprint pattern="^[^ ]{1,512} IBM FTP CS (V1R\d+) at ([^,]*),.*">
|
617
619
|
<description>IBM z/OS FTP Service</description>
|
618
620
|
<example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
|
619
621
|
<param pos="0" name="service.vendor" value="IBM"/>
|
@@ -638,7 +640,7 @@ more text</example>
|
|
638
640
|
<param pos="0" name="os.device" value="Point of Sale"/>
|
639
641
|
</fingerprint>
|
640
642
|
|
641
|
-
<fingerprint pattern="^([^ ]
|
643
|
+
<fingerprint pattern="^([^ ]{1,512}) NcFTPd Server \(licensed copy\) ready\.$">
|
642
644
|
<description>NcFTPd Server
|
643
645
|
http://www.ncftp.com/ncftpd/</description>
|
644
646
|
<example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
|
@@ -647,7 +649,7 @@ more text</example>
|
|
647
649
|
<param pos="1" name="host.name"/>
|
648
650
|
</fingerprint>
|
649
651
|
|
650
|
-
<fingerprint pattern="^(\S
|
652
|
+
<fingerprint pattern="^(\S{1,512}) DCS-2100 FTP server ready\.$">
|
651
653
|
<description>D-Link DCS-2100 wireless internet camera</description>
|
652
654
|
<example>hostname DCS-2100 FTP server ready.</example>
|
653
655
|
<param pos="0" name="os.vendor" value="D-Link"/>
|
@@ -889,7 +891,7 @@ more text</example>
|
|
889
891
|
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
|
890
892
|
</fingerprint>
|
891
893
|
|
892
|
-
<fingerprint pattern="^[\w\-\.]
|
894
|
+
<fingerprint pattern="^[\w\-\.]{0,128} FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
|
893
895
|
<description>VxWorks 6 with version information</description>
|
894
896
|
<example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
|
895
897
|
<example os.version="6.4">BVS-MR-BSC2 FTP server (VxWorks 6.4) ready.</example>
|
@@ -899,7 +901,7 @@ more text</example>
|
|
899
901
|
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
900
902
|
</fingerprint>
|
901
903
|
|
902
|
-
<fingerprint pattern="^[\w<>]
|
904
|
+
<fingerprint pattern="^[\w<>]{1,32}\s{1,8}Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
|
903
905
|
<description>VxWorks on Tenor MultiPath with version information</description>
|
904
906
|
<example os.version="5.4.2"><38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
|
905
907
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
@@ -1045,7 +1047,7 @@ more text</example>
|
|
1045
1047
|
<param pos="2" name="os.version"/>
|
1046
1048
|
</fingerprint>
|
1047
1049
|
|
1048
|
-
<fingerprint pattern="^ET(\S
|
1050
|
+
<fingerprint pattern="^ET(\S{1,12}) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
|
1049
1051
|
<description>Source Technologies ST9600 Series Secure Printer</description>
|
1050
1052
|
<example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
|
1051
1053
|
<example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
|
@@ -1058,7 +1060,7 @@ more text</example>
|
|
1058
1060
|
<param pos="3" name="os.version"/>
|
1059
1061
|
</fingerprint>
|
1060
1062
|
|
1061
|
-
<fingerprint pattern="^ET(\S
|
1063
|
+
<fingerprint pattern="^ET(\S{1,12}) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
|
1062
1064
|
<description>Lexmark ProXXX Series of Printers</description>
|
1063
1065
|
<example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
1064
1066
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
@@ -1071,7 +1073,7 @@ more text</example>
|
|
1071
1073
|
<param pos="2" name="hw.product"/>
|
1072
1074
|
</fingerprint>
|
1073
1075
|
|
1074
|
-
<fingerprint pattern="^ET(\S
|
1076
|
+
<fingerprint pattern="^ET(\S{1,12}) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
|
1075
1077
|
<description>Lexmark Forms Printer</description>
|
1076
1078
|
<example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
|
1077
1079
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
@@ -1086,7 +1088,7 @@ more text</example>
|
|
1086
1088
|
<param pos="2" name="hw.product"/>
|
1087
1089
|
</fingerprint>
|
1088
1090
|
|
1089
|
-
<fingerprint pattern="^ET(\S
|
1091
|
+
<fingerprint pattern="^ET(\S{1,12}) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
1090
1092
|
<description>Toshiba e-STUDIO Printer with MAC address</description>
|
1091
1093
|
<example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
|
1092
1094
|
<example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
@@ -1100,7 +1102,7 @@ more text</example>
|
|
1100
1102
|
<param pos="0" name="hw.product" value="e-STUDIO"/>
|
1101
1103
|
</fingerprint>
|
1102
1104
|
|
1103
|
-
<fingerprint pattern="^\S
|
1105
|
+
<fingerprint pattern="^\S{1,16} TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
1104
1106
|
<description>Toshiba e-STUDIO Printer</description>
|
1105
1107
|
<example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
1106
1108
|
<param pos="0" name="os.vendor" value="Toshiba"/>
|
@@ -1298,7 +1300,7 @@ more text</example>
|
|
1298
1300
|
<param pos="1" name="hw.product"/>
|
1299
1301
|
</fingerprint>
|
1300
1302
|
|
1301
|
-
<fingerprint pattern="^(ET(\S
|
1303
|
+
<fingerprint pattern="^(ET(\S{1,32})) Dell (\S+ Laser Printer) FTP Server">
|
1302
1304
|
<description>Dell Laser Printer</description>
|
1303
1305
|
<example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
|
1304
1306
|
<param pos="0" name="os.vendor" value="Dell"/>
|
@@ -1310,11 +1312,14 @@ more text</example>
|
|
1310
1312
|
<param pos="3" name="hw.product"/>
|
1311
1313
|
</fingerprint>
|
1312
1314
|
|
1313
|
-
<fingerprint pattern="^(\S
|
1315
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
|
1314
1316
|
<description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
|
1315
1317
|
<example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
|
1316
1318
|
<example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
|
1317
1319
|
<param pos="1" name="host.name"/>
|
1320
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
1321
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
1322
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
1318
1323
|
</fingerprint>
|
1319
1324
|
|
1320
1325
|
<fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
|
@@ -1333,7 +1338,7 @@ more text</example>
|
|
1333
1338
|
<param pos="3" name="os.version"/>
|
1334
1339
|
</fingerprint>
|
1335
1340
|
|
1336
|
-
<fingerprint pattern="^(\S
|
1341
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
|
1337
1342
|
<description>Digital/Compaq/HP Tru64 Unix</description>
|
1338
1343
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
|
1339
1344
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1344,7 +1349,7 @@ more text</example>
|
|
1344
1349
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
|
1345
1350
|
</fingerprint>
|
1346
1351
|
|
1347
|
-
<fingerprint pattern="^(\S
|
1352
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
1348
1353
|
<description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
|
1349
1354
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
|
1350
1355
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1354,7 +1359,7 @@ more text</example>
|
|
1354
1359
|
<param pos="2" name="os.version"/>
|
1355
1360
|
</fingerprint>
|
1356
1361
|
|
1357
|
-
<fingerprint pattern="^(\S
|
1362
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
|
1358
1363
|
<description>MikroTik</description>
|
1359
1364
|
<example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
|
1360
1365
|
<param pos="0" name="os.vendor" value="MikroTik"/>
|
@@ -1364,7 +1369,7 @@ more text</example>
|
|
1364
1369
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
1365
1370
|
</fingerprint>
|
1366
1371
|
|
1367
|
-
<fingerprint pattern="
|
1372
|
+
<fingerprint pattern="^.{0,1024} FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
|
1368
1373
|
<description>MikroTik with description</description>
|
1369
1374
|
<example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
|
1370
1375
|
<example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
|
@@ -1542,7 +1547,7 @@ more text</example>
|
|
1542
1547
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1543
1548
|
</fingerprint>
|
1544
1549
|
|
1545
|
-
<fingerprint pattern="^([\w.-]
|
1550
|
+
<fingerprint pattern="^([\w.-]{1,512}) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
|
1546
1551
|
<description>WS_FTP FTP Server on Windows - X2 variant</description>
|
1547
1552
|
<example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
|
1548
1553
|
<example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
|
@@ -1625,11 +1630,11 @@ more text</example>
|
|
1625
1630
|
|
1626
1631
|
<fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
|
1627
1632
|
<description>Sofrel Remote Terminal Unit</description>
|
1628
|
-
<example hw.product="S500"
|
1633
|
+
<example hw.product="S500" hw.serial_number="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
|
1629
1634
|
<param pos="0" name="hw.vendor" value="Sofrel"/>
|
1630
1635
|
<param pos="0" name="hw.family" value="S500 Range"/>
|
1631
1636
|
<param pos="1" name="hw.product"/>
|
1632
|
-
<param pos="2" name="
|
1637
|
+
<param pos="2" name="hw.serial_number"/>
|
1633
1638
|
<param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
|
1634
1639
|
<param pos="3" name="system.time"/>
|
1635
1640
|
</fingerprint>
|
@@ -1645,13 +1650,16 @@ more text</example>
|
|
1645
1650
|
<param pos="2" name="hw.product"/>
|
1646
1651
|
</fingerprint>
|
1647
1652
|
|
1648
|
-
<fingerprint pattern="^(\S
|
1653
|
+
<fingerprint pattern="^(\S{1,512}) FTP server ready\.?$" flags="REG_ICASE">
|
1649
1654
|
<description>Generic FTP fingerprint with a hostname</description>
|
1650
1655
|
<example host.name="example.com">example.com FTP server ready.</example>
|
1651
1656
|
<param pos="1" name="host.name"/>
|
1657
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
1658
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
1659
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
1652
1660
|
</fingerprint>
|
1653
1661
|
|
1654
|
-
<fingerprint pattern="^(\S
|
1662
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
|
1655
1663
|
<description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
|
1656
1664
|
<example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
|
1657
1665
|
<example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
|
@@ -1667,6 +1675,9 @@ more text</example>
|
|
1667
1675
|
<example>FTP-Server</example>
|
1668
1676
|
<example>FTP Server</example>
|
1669
1677
|
<example>FTP service ready.</example>
|
1678
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
1679
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
1680
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
1670
1681
|
</fingerprint>
|
1671
1682
|
|
1672
1683
|
<fingerprint pattern="^Welcom to ProRat Ftp Server$">
|
@@ -1676,7 +1687,7 @@ more text</example>
|
|
1676
1687
|
<param pos="0" name="service.product" value="ProRat"/>
|
1677
1688
|
</fingerprint>
|
1678
1689
|
|
1679
|
-
<fingerprint pattern="^(?:(\S
|
1690
|
+
<fingerprint pattern="^(?:(\S{1,512}) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
|
1680
1691
|
<description>Vermillion FTP Daemon</description>
|
1681
1692
|
<example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
|
1682
1693
|
<example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
|
@@ -1690,7 +1701,7 @@ more text</example>
|
|
1690
1701
|
<param pos="1" name="host.name"/>
|
1691
1702
|
</fingerprint>
|
1692
1703
|
|
1693
|
-
<fingerprint pattern="^(?:(\S
|
1704
|
+
<fingerprint pattern="^(?:(\S{1,512}) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
|
1694
1705
|
<description>QVT/Net FTP Server</description>
|
1695
1706
|
<example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
|
1696
1707
|
<example host.name="qpc-qvtnet" service.version="4.1">qpc-qvtnet FTP server (QVT/Net 4.1) ready.</example>
|