recog 2.3.17 → 2.3.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
data/update_cpes.py CHANGED
@@ -16,8 +16,17 @@ def parse_cpe_vp_map(file):
16
16
  parser = etree.XMLParser(remove_comments=False)
17
17
  doc = etree.parse(file, parser)
18
18
  namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
19
- for cpe_name in doc.xpath("//ns:cpe-list/ns:cpe-item/@name", namespaces=namespaces):
19
+ for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
20
+ cpe_name = entry.get("name")
21
+ if not cpe_name:
22
+ continue
23
+
24
+ # If the entry is deprecated then don't add it to our list of valid CPEs.
25
+ if entry.get("deprecated"):
26
+ continue
27
+
20
28
  cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
29
+
21
30
  if cpe_match:
22
31
  cpe_type, vendor, product = cpe_match.group(1, 2, 3)
23
32
  if cpe_type not in vp_map:
@@ -86,7 +95,11 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
86
95
 
87
96
  # Everything else depends on a remap of some sort.
88
97
  # get the remappings for this one vendor string.
89
- vendor_remap = remap.get(vendor, None)
98
+ vendor_remap = None
99
+
100
+ remap_type = remap.get(cpe_type, None)
101
+ if remap_type:
102
+ vendor_remap = remap_type.get(vendor, None)
90
103
 
91
104
  if vendor_remap:
92
105
  # If we have product remappings, work that angle next
@@ -190,7 +203,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
190
203
  continue
191
204
 
192
205
  vendor = vendor.lower().replace(' ', '_').replace(',', '')
193
- product = product.lower().replace(' ', '_').replace(',', '')
206
+ product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
194
207
  if 'unknown' in [vendor, product]:
195
208
  continue
196
209
 
@@ -209,8 +222,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
209
222
  continue
210
223
 
211
224
  # building the CPE string
212
- # Last minute escaping of '/'
213
- product = product.replace('/', '\/')
225
+ # Last minute escaping of '/' and `!`
226
+ product = product.replace('/', '\/').replace('%21', '\!')
214
227
  cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
215
228
 
216
229
  if version:
@@ -220,6 +220,36 @@
220
220
  <param pos="0" name="service.component.product" value="mod_auth_ldap"/>
221
221
  </fingerprint>
222
222
 
223
+ <fingerprint pattern="mod_auth_oracle/(\S+)$">
224
+ <description>mod_auth_oracle with version</description>
225
+ <example service.component.version="1.2.3">mod_auth_oracle/1.2.3</example>
226
+ <param pos="0" name="service.component.vendor" value="Apache"/>
227
+ <param pos="0" name="service.component.product" value="mod_auth_oracle"/>
228
+ <param pos="1" name="service.component.version"/>
229
+ </fingerprint>
230
+
231
+ <fingerprint pattern="mod_auth_oracle/?$">
232
+ <description>mod_auth_oracle without version</description>
233
+ <example>mod_auth_oracle/</example>
234
+ <param pos="0" name="service.component.vendor" value="Apache"/>
235
+ <param pos="0" name="service.component.product" value="mod_auth_oracle"/>
236
+ </fingerprint>
237
+
238
+ <fingerprint pattern="mod_auth_pgsql/(\S+)$">
239
+ <description>mod_auth_pgsql with version</description>
240
+ <example service.component.version="1.2.3">mod_auth_pgsql/1.2.3</example>
241
+ <param pos="0" name="service.component.vendor" value="Apache"/>
242
+ <param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
243
+ <param pos="1" name="service.component.version"/>
244
+ </fingerprint>
245
+
246
+ <fingerprint pattern="mod_auth_pgsql/?$">
247
+ <description>mod_auth_pgsql without version</description>
248
+ <example>mod_auth_pgsql/</example>
249
+ <param pos="0" name="service.component.vendor" value="Apache"/>
250
+ <param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
251
+ </fingerprint>
252
+
223
253
  <fingerprint pattern="mod_auth_radius/(\S+)$">
224
254
  <description>mod_auth_radius with version</description>
225
255
  <example service.component.version="1.2.3">mod_auth_radius/1.2.3</example>
@@ -978,6 +1008,36 @@
978
1008
  <param pos="0" name="service.component.product" value="mod_filter"/>
979
1009
  </fingerprint>
980
1010
 
1011
+ <fingerprint pattern="mod_frontpage/(\S+)$">
1012
+ <description>mod_frontpage with version</description>
1013
+ <example service.component.version="1.2.3">mod_frontpage/1.2.3</example>
1014
+ <param pos="0" name="service.component.vendor" value="Apache"/>
1015
+ <param pos="0" name="service.component.product" value="mod_frontpage"/>
1016
+ <param pos="1" name="service.component.version"/>
1017
+ </fingerprint>
1018
+
1019
+ <fingerprint pattern="mod_frontpage/?$">
1020
+ <description>mod_frontpage without version</description>
1021
+ <example>mod_frontpage/</example>
1022
+ <param pos="0" name="service.component.vendor" value="Apache"/>
1023
+ <param pos="0" name="service.component.product" value="mod_frontpage"/>
1024
+ </fingerprint>
1025
+
1026
+ <fingerprint pattern="mod_gzip/(\S+)$">
1027
+ <description>mod_gzip with version</description>
1028
+ <example service.component.version="1.2.3">mod_gzip/1.2.3</example>
1029
+ <param pos="0" name="service.component.vendor" value="Apache"/>
1030
+ <param pos="0" name="service.component.product" value="mod_gzip"/>
1031
+ <param pos="1" name="service.component.version"/>
1032
+ </fingerprint>
1033
+
1034
+ <fingerprint pattern="mod_gzip/?$">
1035
+ <description>mod_gzip without version</description>
1036
+ <example>mod_gzip/</example>
1037
+ <param pos="0" name="service.component.vendor" value="Apache"/>
1038
+ <param pos="0" name="service.component.product" value="mod_gzip"/>
1039
+ </fingerprint>
1040
+
981
1041
  <fingerprint pattern="mod_headers/(\S+)$">
982
1042
  <description>mod_headers with version</description>
983
1043
  <example service.component.version="1.2.3">mod_headers/1.2.3</example>
data/xml/apache_os.xml CHANGED
@@ -82,7 +82,7 @@
82
82
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
83
83
  </fingerprint>
84
84
 
85
- <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
85
+ <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?.*">
86
86
  <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
87
87
  <param pos="0" name="os.vendor" value="Sun"/>
88
88
  <param pos="0" name="os.family" value="Linux"/>
@@ -17,30 +17,40 @@
17
17
  <fingerprint pattern="^$">
18
18
  <description>empty string -- assert nothing.</description>
19
19
  <example/>
20
+ <param pos="0" name="hw.certainty" value="0.0"/>
21
+ <param pos="0" name="os.certainty" value="0.0"/>
20
22
  <param pos="0" name="service.certainty" value="0.0"/>
21
23
  </fingerprint>
22
24
 
23
25
  <fingerprint pattern="^none$">
24
26
  <description>bare 'none' -- assert nothing.</description>
25
27
  <example>none</example>
28
+ <param pos="0" name="hw.certainty" value="0.0"/>
29
+ <param pos="0" name="os.certainty" value="0.0"/>
26
30
  <param pos="0" name="service.certainty" value="0.0"/>
27
31
  </fingerprint>
28
32
 
29
33
  <fingerprint pattern="^null$">
30
34
  <description>bare 'null' -- assert nothing.</description>
31
35
  <example>null</example>
36
+ <param pos="0" name="hw.certainty" value="0.0"/>
37
+ <param pos="0" name="os.certainty" value="0.0"/>
32
38
  <param pos="0" name="service.certainty" value="0.0"/>
33
39
  </fingerprint>
34
40
 
35
41
  <fingerprint pattern="(?i)^unknown$">
36
42
  <description>bare 'unknown' -- assert nothing.</description>
37
43
  <example>unknown</example>
44
+ <param pos="0" name="hw.certainty" value="0.0"/>
45
+ <param pos="0" name="os.certainty" value="0.0"/>
38
46
  <param pos="0" name="service.certainty" value="0.0"/>
39
47
  </fingerprint>
40
48
 
41
49
  <fingerprint pattern="^no version$">
42
50
  <description>bare 'no version' -- assert nothing.</description>
43
51
  <example>no version</example>
52
+ <param pos="0" name="hw.certainty" value="0.0"/>
53
+ <param pos="0" name="os.certainty" value="0.0"/>
44
54
  <param pos="0" name="service.certainty" value="0.0"/>
45
55
  </fingerprint>
46
56
 
@@ -427,7 +437,7 @@
427
437
  <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
428
438
  </fingerprint>
429
439
 
430
- <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
440
+ <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.:-]*\)$">
431
441
  <description>PowerDNS Authoritative Server: format 2</description>
432
442
  <example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
433
443
  <example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul 4 2016 15:44:39 by root@foo-bar.baz)</example>
data/xml/favicons.xml CHANGED
@@ -6,6 +6,30 @@
6
6
 
7
7
  <!-- Services -->
8
8
 
9
+ <fingerprint pattern="^4297c114f263c206ed12aaff4b0c7a50|e5af3b68e837498a85b25ef2c36a0825$">
10
+ <description>Metabase</description>
11
+ <example>4297c114f263c206ed12aaff4b0c7a50</example>
12
+ <example>e5af3b68e837498a85b25ef2c36a0825</example>
13
+ <param pos="0" name="service.product" value="Metabase"/>
14
+ <param pos="0" name="service.vendor" value="Metabase"/>
15
+ <param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
16
+ </fingerprint>
17
+
18
+ <fingerprint pattern="^14bd519881ea49a75353572cfb458dec$">
19
+ <description>Calibre-Web Project</description>
20
+ <example>14bd519881ea49a75353572cfb458dec</example>
21
+ <param pos="0" name="service.vendor" value="Calibre-Web Project"/>
22
+ <param pos="0" name="service.product" value="Calibre-Web"/>
23
+ <param pos="0" name="service.cpe23" value="cpe:/a:calibre-web_project:calibre-web:-"/>
24
+ </fingerprint>
25
+
26
+ <fingerprint pattern="^d2cef6047a604012455f5c9a1cd4d960$">
27
+ <description>Jellyfin Media Server</description>
28
+ <example>d2cef6047a604012455f5c9a1cd4d960</example>
29
+ <param pos="0" name="service.vendor" value="Jellyfin"/>
30
+ <param pos="0" name="service.product" value="Media Server"/>
31
+ </fingerprint>
32
+
9
33
  <fingerprint pattern="^0f584138aacfb79aaba7e2539fc4e642$">
10
34
  <description>Plex Media Server</description>
11
35
  <example>0f584138aacfb79aaba7e2539fc4e642</example>
@@ -125,6 +149,7 @@
125
149
  <param pos="0" name="service.vendor" value="RStudio"/>
126
150
  <param pos="0" name="service.product" value="Connect"/>
127
151
  <param pos="0" name="service.certainty" value="0.5"/>
152
+ <param pos="0" name="service.cpe23" value="cpe:/a:rstudio:connect:-"/>
128
153
  </fingerprint>
129
154
 
130
155
  <fingerprint pattern="^84b0fc44f58bfee1a303ee3398a86670$">
@@ -194,6 +219,16 @@
194
219
  <param pos="0" name="service.vendor" value="SolarWinds"/>
195
220
  <param pos="0" name="service.product" value="Virtualization Manager"/>
196
221
  <param pos="0" name="service.certainty" value="0.5"/>
222
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
223
+ </fingerprint>
224
+
225
+ <fingerprint pattern="^53317933c27890ae9218697ecc0e97d9$">
226
+ <description>SolarWinds Orion</description>
227
+ <example>53317933c27890ae9218697ecc0e97d9</example>
228
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
229
+ <param pos="0" name="service.product" value="Orion Platform"/>
230
+ <param pos="0" name="service.certainty" value="0.5"/>
231
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
197
232
  </fingerprint>
198
233
 
199
234
  <fingerprint pattern="^ee20526df4d69f7b02ee107458d8d679$">
@@ -202,6 +237,7 @@
202
237
  <param pos="0" name="service.vendor" value="ManageEngine"/>
203
238
  <param pos="0" name="service.product" value="ADAudit Plus"/>
204
239
  <param pos="0" name="service.certainty" value="0.5"/>
240
+ <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
205
241
  </fingerprint>
206
242
 
207
243
  <fingerprint pattern="^e9d6d23a961ea23a3e961266876e0ffd$">
@@ -813,6 +849,14 @@
813
849
  <param pos="0" name="service.certainty" value="0.5"/>
814
850
  </fingerprint>
815
851
 
852
+ <fingerprint pattern="^ad4de5c717c886a99c4cf0e066e9b461$">
853
+ <description>MicroStrategy Collaboration Server</description>
854
+ <example>ad4de5c717c886a99c4cf0e066e9b461</example>
855
+ <param pos="0" name="service.vendor" value="MicroStrategy"/>
856
+ <param pos="0" name="service.product" value="Collaboration Server"/>
857
+ <param pos="0" name="service.certainty" value="0.5"/>
858
+ </fingerprint>
859
+
816
860
  <!-- Devices -->
817
861
 
818
862
  <fingerprint pattern="^2fd26da3d6b790a86038f440d5b37eea$">
@@ -1022,7 +1066,9 @@
1022
1066
  <param pos="0" name="os.vendor" value="SonicWall"/>
1023
1067
  <param pos="0" name="os.device" value="Firewall"/>
1024
1068
  <param pos="0" name="os.family" value="SonicOS"/>
1069
+ <param pos="0" name="os.product" value="SonicOS"/>
1025
1070
  <param pos="0" name="os.certainty" value="0.5"/>
1071
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1026
1072
  </fingerprint>
1027
1073
 
1028
1074
  <fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">
@@ -1059,6 +1105,7 @@
1059
1105
  <param pos="0" name="os.family" value="ILOM"/>
1060
1106
  <param pos="0" name="os.product" value="ILOM"/>
1061
1107
  <param pos="0" name="os.certainty" value="0.5"/>
1108
+ <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
1062
1109
  </fingerprint>
1063
1110
 
1064
1111
  <fingerprint pattern="^665f96fcdcc9da0ab89312acc02fa815$">
@@ -1144,7 +1191,7 @@
1144
1191
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
1145
1192
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
1146
1193
  <param pos="0" name="os.certainty" value="0.5"/>
1147
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
1194
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
1148
1195
  <param pos="0" name="hw.vendor" value="Cisco"/>
1149
1196
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
1150
1197
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -1328,6 +1375,7 @@
1328
1375
  <param pos="0" name="os.device" value="Network Management Device"/>
1329
1376
  <param pos="0" name="os.product" value="NetScaler"/>
1330
1377
  <param pos="0" name="os.certainty" value="0.5"/>
1378
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
1331
1379
  <param pos="0" name="service.vendor" value="Citrix"/>
1332
1380
  <param pos="0" name="service.family" value="NetScaler"/>
1333
1381
  <param pos="0" name="service.device" value="Network Management Device"/>
@@ -1344,6 +1392,7 @@
1344
1392
  <param pos="0" name="os.device" value="Network Management Device"/>
1345
1393
  <param pos="0" name="os.product" value="NetScaler Gateway"/>
1346
1394
  <param pos="0" name="os.certainty" value="0.5"/>
1395
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
1347
1396
  <param pos="0" name="service.vendor" value="Citrix"/>
1348
1397
  <param pos="0" name="service.family" value="NetScaler"/>
1349
1398
  <param pos="0" name="service.device" value="Network Management Device"/>
@@ -1430,9 +1479,11 @@
1430
1479
  <param pos="0" name="hw.device" value="Firewall"/>
1431
1480
  <param pos="0" name="hw.certainty" value="0.5"/>
1432
1481
  <param pos="0" name="os.vendor" value="Palo Alto Networks"/>
1433
- <param pos="0" name="os.product" value="PANOS"/>
1482
+ <param pos="0" name="os.product" value="PAN-OS"/>
1483
+ <param pos="0" name="os.family" value="PAN-OS"/>
1434
1484
  <param pos="0" name="os.device" value="Firewall"/>
1435
1485
  <param pos="0" name="os.certainty" value="0.5"/>
1486
+ <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
1436
1487
  </fingerprint>
1437
1488
 
1438
1489
  <fingerprint pattern="^efe29d50711d9b093d8187e97cc0e593$">
@@ -1534,6 +1585,7 @@
1534
1585
  <param pos="0" name="os.family" value="iLO"/>
1535
1586
  <param pos="0" name="os.product" value="iLO 3"/>
1536
1587
  <param pos="0" name="os.certainty" value="0.5"/>
1588
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_3_firmware:-"/>
1537
1589
  </fingerprint>
1538
1590
 
1539
1591
  <fingerprint pattern="^(?:ad93b3973782b03ea62a43bd6602ba8b|d521487f45fa7657450edfd6c16e4a63)$">
@@ -1544,12 +1596,13 @@
1544
1596
  <param pos="0" name="hw.vendor" value="HP"/>
1545
1597
  <param pos="0" name="hw.product" value="iLO"/>
1546
1598
  <param pos="0" name="hw.certainty" value="0.5"/>
1547
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
1599
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
1548
1600
  <param pos="0" name="os.vendor" value="HP"/>
1549
1601
  <param pos="0" name="os.device" value="Lights Out Management"/>
1550
1602
  <param pos="0" name="os.family" value="iLO"/>
1551
1603
  <param pos="0" name="os.product" value="iLO"/>
1552
1604
  <param pos="0" name="os.certainty" value="0.5"/>
1605
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
1553
1606
  </fingerprint>
1554
1607
 
1555
1608
  <fingerprint pattern="^d11917dc7e651b21f0f75cd0dc309e8a$">
@@ -1714,6 +1767,64 @@
1714
1767
  <param pos="0" name="os.certainty" value="0.5"/>
1715
1768
  </fingerprint>
1716
1769
 
1770
+ <fingerprint pattern="^ed61e4c9e9a176e82734aa42c6a00ce4|0dc6bff9bdabf1184c157d75ac73c22a$">
1771
+ <description>Lifesize TelePresence</description>
1772
+ <example>ed61e4c9e9a176e82734aa42c6a00ce4</example>
1773
+ <example>0dc6bff9bdabf1184c157d75ac73c22a</example>
1774
+ <param pos="0" name="hw.vendor" value="Lifesize"/>
1775
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
1776
+ <param pos="0" name="hw.product" value="TelePresence"/>
1777
+ <param pos="0" name="os.vendor" value="Lifesize"/>
1778
+ <param pos="0" name="os.family" value="Linux"/>
1779
+ <param pos="0" name="os.product" value="TelePresence"/>
1780
+ <param pos="0" name="os.device" value="Video Conferencing"/>
1781
+ </fingerprint>
1782
+
1783
+ <fingerprint pattern="^45e72b45613ba6ec2a1ded251a31f201$">
1784
+ <description>Symantec PGP Key Management Server</description>
1785
+ <example>45e72b45613ba6ec2a1ded251a31f201</example>
1786
+ <param pos="0" name="hw.vendor" value="Symantec"/>
1787
+ <param pos="0" name="hw.device" value="Security Appliance"/>
1788
+ <param pos="0" name="hw.product" value="Key Management Server"/>
1789
+ </fingerprint>
1790
+
1791
+ <fingerprint pattern="^302fe34dc0e9515e2d0509ff5f3217e5|8565497731f799fdd25ae59286807055$">
1792
+ <description>Riverbed Steelhead Appliance</description>
1793
+ <example>302fe34dc0e9515e2d0509ff5f3217e5</example>
1794
+ <example>8565497731f799fdd25ae59286807055</example>
1795
+ <param pos="0" name="hw.vendor" value="Riverbed"/>
1796
+ <param pos="0" name="hw.device" value="Security Appliance"/>
1797
+ <param pos="0" name="hw.product" value="Steelhead"/>
1798
+ <param pos="0" name="os.product" value="RiOS"/>
1799
+ <param pos="0" name="os.vendor" value="Riverbed"/>
1800
+ <param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
1801
+ </fingerprint>
1802
+
1803
+ <fingerprint pattern="^d29a1ef8a3d0011504f5d076600ce16d$">
1804
+ <description>Silver Peak Appliance</description>
1805
+ <example>d29a1ef8a3d0011504f5d076600ce16d</example>
1806
+ <param pos="0" name="hw.vendor" value="Silver Peak"/>
1807
+ <param pos="0" name="hw.device" value="Network Appliance"/>
1808
+ <param pos="0" name="hw.product" value="SD-WAN"/>
1809
+ </fingerprint>
1810
+
1811
+ <fingerprint pattern="^425515e283192a3a686c04e1c50620aa$">
1812
+ <description>Cisco Meraki Appliance</description>
1813
+ <example>425515e283192a3a686c04e1c50620aa</example>
1814
+ <param pos="0" name="hw.vendor" value="Cisco"/>
1815
+ <param pos="0" name="hw.product" value="Meraki Device"/>
1816
+ <param pos="0" name="hw.device" value="Network Appliance"/>
1817
+ <param pos="0" name="hw.certainty" value="0.40"/>
1818
+ </fingerprint>
1819
+
1820
+ <fingerprint pattern="^f5c62ea4c4e9f9a8606400becc01375e$">
1821
+ <description>PBX in a Flash</description>
1822
+ <example>f5c62ea4c4e9f9a8606400becc01375e</example>
1823
+ <param pos="0" name="hw.vendor" value="PIAF"/>
1824
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
1825
+ <param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
1826
+ </fingerprint>
1827
+
1717
1828
  <fingerprint pattern="^7b73744799150c888a172daf3d7093bf$">
1718
1829
  <description>Pure Storage Appliance</description>
1719
1830
  <example>7b73744799150c888a172daf3d7093bf</example>
@@ -1723,4 +1834,12 @@
1723
1834
  <param pos="0" name="hw.certainty" value="0.5"/>
1724
1835
  </fingerprint>
1725
1836
 
1837
+ <fingerprint pattern="^1b786be7a46bd96a503a81b7faf86263$">
1838
+ <description>AdGuard Home</description>
1839
+ <example>1b786be7a46bd96a503a81b7faf86263</example>
1840
+ <param pos="0" name="service.vendor" value="AdGuard"/>
1841
+ <param pos="0" name="service.product" value="AdGuard Home"/>
1842
+ <param pos="0" name="service.certainty" value="0.5"/>
1843
+ </fingerprint>
1844
+
1726
1845
  </fingerprints>
data/xml/ftp_banners.xml CHANGED
@@ -5,9 +5,9 @@
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
7
 
8
- <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
9
9
  <description>Microsoft FTP Server on Windows NT</description>
10
- <example>xx Microsoft FTP Service (Version 3.0).</example>
10
+ <example host.name="foo.bar" service.version="3.0">foo.bar Microsoft FTP Service (Version 3.0).</example>
11
11
  <param pos="0" name="service.vendor" value="Microsoft"/>
12
12
  <param pos="0" name="service.product" value="IIS"/>
13
13
  <param pos="0" name="service.family" value="IIS"/>
@@ -20,9 +20,9 @@
20
20
  <param pos="1" name="host.name"/>
21
21
  </fingerprint>
22
22
 
23
- <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
23
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.0\)\.$">
24
24
  <description>Microsoft FTP Server on Windows 2000</description>
25
- <example>xxx Microsoft FTP Service (Version 5.0).</example>
25
+ <example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.0).</example>
26
26
  <param pos="0" name="service.vendor" value="Microsoft"/>
27
27
  <param pos="0" name="service.product" value="IIS"/>
28
28
  <param pos="0" name="service.family" value="IIS"/>
@@ -35,9 +35,9 @@
35
35
  <param pos="1" name="host.name"/>
36
36
  </fingerprint>
37
37
 
38
- <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
38
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.1\)\.$">
39
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
40
- <example>xxx Microsoft FTP Service (Version 5.1).</example>
40
+ <example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.1).</example>
41
41
  <param pos="0" name="service.vendor" value="Microsoft"/>
42
42
  <param pos="0" name="service.product" value="IIS"/>
43
43
  <param pos="0" name="service.family" value="IIS"/>
@@ -49,9 +49,9 @@
49
49
  <param pos="1" name="host.name"/>
50
50
  </fingerprint>
51
51
 
52
- <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
52
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service$">
53
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
54
- <example>hostname Microsoft FTP Service</example>
54
+ <example host.name="foo.bar">foo.bar Microsoft FTP Service</example>
55
55
  <param pos="0" name="service.vendor" value="Microsoft"/>
56
56
  <param pos="0" name="service.product" value="IIS"/>
57
57
  <param pos="0" name="service.family" value="IIS"/>
@@ -76,7 +76,7 @@
76
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
77
77
  </fingerprint>
78
78
 
79
- <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
79
+ <fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
80
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
81
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
82
82
  <param pos="0" name="service.vendor" value="HP"/>
@@ -89,7 +89,7 @@
89
89
  <param pos="2" name="service.version"/>
90
90
  </fingerprint>
91
91
 
92
- <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
92
+ <fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
93
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
94
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
95
95
  <param pos="0" name="service.vendor" value="Washington University"/>
@@ -102,7 +102,7 @@
102
102
  <param pos="2" name="service.version"/>
103
103
  </fingerprint>
104
104
 
105
- <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
105
+ <fingerprint pattern="^(\S{1,512})(?: \S{1,512})? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
106
106
  <description>WU-FTPD on various OS</description>
107
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
108
108
  <example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
@@ -114,7 +114,7 @@
114
114
  <param pos="2" name="service.version"/>
115
115
  </fingerprint>
116
116
 
117
- <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
117
+ <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
118
118
  <description>FTPD on Mac OS X Server with a version</description>
119
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
120
120
  <example host.name="example.com" os.version="10.3">this is a banner. change it.&#13;
@@ -129,7 +129,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
129
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
130
130
  </fingerprint>
131
131
 
132
- <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
132
+ <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
133
133
  <description>FTPD on Mac OS X Server without a version</description>
134
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
135
135
  <example host.name="example.com">this is a banner. change it.&#13;
@@ -143,7 +143,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
143
143
  <param pos="1" name="host.name"/>
144
144
  </fingerprint>
145
145
 
146
- <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
146
+ <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
147
147
  <description>Simple tnftpd banner with a version</description>
148
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
149
149
  <param pos="0" name="service.product" value="tnftpd"/>
@@ -151,7 +151,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
151
151
  <param pos="1" name="host.name"/>
152
152
  </fingerprint>
153
153
 
154
- <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
154
+ <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
155
155
  <description>SunOS/Solaris</description>
156
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
157
157
  <param pos="0" name="os.vendor" value="Oracle"/>
@@ -162,7 +162,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
162
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
163
163
  </fingerprint>
164
164
 
165
- <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
165
+ <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
166
166
  <description>SunOS/Solaris 5.7-5.10</description>
167
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
168
168
  <example host.name="example.com" os.version="10">example.com FTP server (SunOS 5.10) ready.</example>
@@ -174,7 +174,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
174
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
175
175
  </fingerprint>
176
176
 
177
- <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
177
+ <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
178
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
179
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
180
180
  <param pos="0" name="os.vendor" value="Sun"/>
@@ -320,7 +320,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
320
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
321
321
  </fingerprint>
322
322
 
323
- <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
323
+ <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S{1,512}) proftpd\[\d+\]: error: no valid servers configured">
324
324
  <description>ProFTPD no valid servers configured</description>
325
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
326
326
  <example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
@@ -360,10 +360,11 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
360
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
361
361
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
362
362
  more stuff</example>
363
- <param pos="0" name="service.fvendor" value="PureFTPd"/>
363
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
364
364
  <param pos="0" name="service.family" value="Pure-FTPd"/>
365
365
  <param pos="0" name="service.product" value="Pure-FTPd"/>
366
366
  <param pos="1" name="service.version"/>
367
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
367
368
  </fingerprint>
368
369
 
369
370
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
@@ -403,8 +404,6 @@ more text</example>
403
404
  <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
404
405
  </fingerprint>
405
406
 
406
- <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
407
-
408
407
  <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
409
408
  <description>SolarWinds Serv-U with version </description>
410
409
  <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
@@ -420,10 +419,10 @@ more text</example>
420
419
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
421
420
  <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
422
421
  <param pos="0" name="service.vendor" value="Serv-U"/>
423
- <param pos="0" name="service.product" value="Serv-U"/>
422
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
424
423
  <param pos="0" name="service.family" value="Serv-U"/>
425
424
  <param pos="1" name="service.version"/>
426
- <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
425
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
427
426
  <param pos="0" name="os.vendor" value="Microsoft"/>
428
427
  <param pos="0" name="os.family" value="Windows"/>
429
428
  <param pos="0" name="os.product" value="Windows"/>
@@ -435,15 +434,18 @@ more text</example>
435
434
  <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
436
435
  <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
437
436
  <param pos="0" name="service.vendor" value="Serv-U"/>
438
- <param pos="0" name="service.product" value="Serv-U"/>
437
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
439
438
  <param pos="0" name="service.family" value="Serv-U"/>
440
439
  <param pos="1" name="service.version"/>
441
- <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
440
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
442
441
  </fingerprint>
443
442
 
444
443
  <fingerprint pattern="^Welcom to Serv-U FTP Server$">
445
444
  <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
446
445
  <example>Welcom to Serv-U FTP Server</example>
446
+ <param pos="0" name="hw.certainty" value="0.0"/>
447
+ <param pos="0" name="os.certainty" value="0.0"/>
448
+ <param pos="0" name="service.certainty" value="0.0"/>
447
449
  </fingerprint>
448
450
 
449
451
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
@@ -516,7 +518,7 @@ more text</example>
516
518
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
517
519
  </fingerprint>
518
520
 
519
- <fingerprint pattern="^\s*APC FTP server ready\.$">
521
+ <fingerprint pattern="^\s{0,1024}APC FTP server ready\.$">
520
522
  <description>APC device</description>
521
523
  <example>APC FTP server ready.</example>
522
524
  <param pos="0" name="service.vendor" value="APC"/>
@@ -527,7 +529,7 @@ more text</example>
527
529
  <param pos="0" name="hw.device" value="Power Device"/>
528
530
  </fingerprint>
529
531
 
530
- <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
532
+ <fingerprint pattern="^(\S{1,64}) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
531
533
  <description>APC power/cooling device</description>
532
534
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
533
535
  <example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
@@ -544,7 +546,7 @@ more text</example>
544
546
  <param pos="0" name="hw.device" value="Power Device"/>
545
547
  </fingerprint>
546
548
 
547
- <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
549
+ <fingerprint pattern="^(\S{1,512}) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
548
550
  <description>EMC Celerra</description>
549
551
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
550
552
  <example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
@@ -613,7 +615,7 @@ more text</example>
613
615
  <param pos="0" name="service.product" value="Nepenthes"/>
614
616
  </fingerprint>
615
617
 
616
- <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
618
+ <fingerprint pattern="^[^ ]{1,512} IBM FTP CS (V1R\d+) at ([^,]*),.*">
617
619
  <description>IBM z/OS FTP Service</description>
618
620
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
619
621
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -638,7 +640,7 @@ more text</example>
638
640
  <param pos="0" name="os.device" value="Point of Sale"/>
639
641
  </fingerprint>
640
642
 
641
- <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
643
+ <fingerprint pattern="^([^ ]{1,512}) NcFTPd Server \(licensed copy\) ready\.$">
642
644
  <description>NcFTPd Server
643
645
  http://www.ncftp.com/ncftpd/</description>
644
646
  <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
@@ -647,7 +649,7 @@ more text</example>
647
649
  <param pos="1" name="host.name"/>
648
650
  </fingerprint>
649
651
 
650
- <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
652
+ <fingerprint pattern="^(\S{1,512}) DCS-2100 FTP server ready\.$">
651
653
  <description>D-Link DCS-2100 wireless internet camera</description>
652
654
  <example>hostname DCS-2100 FTP server ready.</example>
653
655
  <param pos="0" name="os.vendor" value="D-Link"/>
@@ -889,7 +891,7 @@ more text</example>
889
891
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
890
892
  </fingerprint>
891
893
 
892
- <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
894
+ <fingerprint pattern="^[\w\-\.]{0,128} FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
893
895
  <description>VxWorks 6 with version information</description>
894
896
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
895
897
  <example os.version="6.4">BVS-MR-BSC2 FTP server (VxWorks 6.4) ready.</example>
@@ -899,7 +901,7 @@ more text</example>
899
901
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
900
902
  </fingerprint>
901
903
 
902
- <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
904
+ <fingerprint pattern="^[\w&lt;&gt;]{1,32}\s{1,8}Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
903
905
  <description>VxWorks on Tenor MultiPath with version information</description>
904
906
  <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
905
907
  <param pos="0" name="os.vendor" value="Wind River"/>
@@ -1045,7 +1047,7 @@ more text</example>
1045
1047
  <param pos="2" name="os.version"/>
1046
1048
  </fingerprint>
1047
1049
 
1048
- <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
1050
+ <fingerprint pattern="^ET(\S{1,12}) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
1049
1051
  <description>Source Technologies ST9600 Series Secure Printer</description>
1050
1052
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
1051
1053
  <example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
@@ -1058,7 +1060,7 @@ more text</example>
1058
1060
  <param pos="3" name="os.version"/>
1059
1061
  </fingerprint>
1060
1062
 
1061
- <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
1063
+ <fingerprint pattern="^ET(\S{1,12}) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
1062
1064
  <description>Lexmark ProXXX Series of Printers</description>
1063
1065
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
1064
1066
  <param pos="0" name="os.vendor" value="Lexmark"/>
@@ -1071,7 +1073,7 @@ more text</example>
1071
1073
  <param pos="2" name="hw.product"/>
1072
1074
  </fingerprint>
1073
1075
 
1074
- <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
1076
+ <fingerprint pattern="^ET(\S{1,12}) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
1075
1077
  <description>Lexmark Forms Printer</description>
1076
1078
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
1077
1079
  <param pos="0" name="os.vendor" value="Lexmark"/>
@@ -1086,7 +1088,7 @@ more text</example>
1086
1088
  <param pos="2" name="hw.product"/>
1087
1089
  </fingerprint>
1088
1090
 
1089
- <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
1091
+ <fingerprint pattern="^ET(\S{1,12}) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
1090
1092
  <description>Toshiba e-STUDIO Printer with MAC address</description>
1091
1093
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
1092
1094
  <example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -1100,7 +1102,7 @@ more text</example>
1100
1102
  <param pos="0" name="hw.product" value="e-STUDIO"/>
1101
1103
  </fingerprint>
1102
1104
 
1103
- <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
1105
+ <fingerprint pattern="^\S{1,16} TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
1104
1106
  <description>Toshiba e-STUDIO Printer</description>
1105
1107
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
1106
1108
  <param pos="0" name="os.vendor" value="Toshiba"/>
@@ -1298,7 +1300,7 @@ more text</example>
1298
1300
  <param pos="1" name="hw.product"/>
1299
1301
  </fingerprint>
1300
1302
 
1301
- <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1303
+ <fingerprint pattern="^(ET(\S{1,32})) Dell (\S+ Laser Printer) FTP Server">
1302
1304
  <description>Dell Laser Printer</description>
1303
1305
  <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
1304
1306
  <param pos="0" name="os.vendor" value="Dell"/>
@@ -1310,11 +1312,14 @@ more text</example>
1310
1312
  <param pos="3" name="hw.product"/>
1311
1313
  </fingerprint>
1312
1314
 
1313
- <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1315
+ <fingerprint pattern="^(\S{1,512}) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1314
1316
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1315
1317
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1316
1318
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1317
1319
  <param pos="1" name="host.name"/>
1320
+ <param pos="0" name="hw.certainty" value="0.0"/>
1321
+ <param pos="0" name="os.certainty" value="0.0"/>
1322
+ <param pos="0" name="service.certainty" value="0.0"/>
1318
1323
  </fingerprint>
1319
1324
 
1320
1325
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
@@ -1333,7 +1338,7 @@ more text</example>
1333
1338
  <param pos="3" name="os.version"/>
1334
1339
  </fingerprint>
1335
1340
 
1336
- <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1341
+ <fingerprint pattern="^(\S{1,512}) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1337
1342
  <description>Digital/Compaq/HP Tru64 Unix</description>
1338
1343
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
1339
1344
  <param pos="0" name="os.vendor" value="HP"/>
@@ -1344,7 +1349,7 @@ more text</example>
1344
1349
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
1345
1350
  </fingerprint>
1346
1351
 
1347
- <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1352
+ <fingerprint pattern="^(\S{1,512}) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1348
1353
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1349
1354
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
1350
1355
  <param pos="0" name="os.vendor" value="HP"/>
@@ -1354,7 +1359,7 @@ more text</example>
1354
1359
  <param pos="2" name="os.version"/>
1355
1360
  </fingerprint>
1356
1361
 
1357
- <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1362
+ <fingerprint pattern="^(\S{1,512}) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1358
1363
  <description>MikroTik</description>
1359
1364
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
1360
1365
  <param pos="0" name="os.vendor" value="MikroTik"/>
@@ -1364,7 +1369,7 @@ more text</example>
1364
1369
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1365
1370
  </fingerprint>
1366
1371
 
1367
- <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
1372
+ <fingerprint pattern="^.{0,1024} FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
1368
1373
  <description>MikroTik with description</description>
1369
1374
  <example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
1370
1375
  <example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
@@ -1542,7 +1547,7 @@ more text</example>
1542
1547
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1543
1548
  </fingerprint>
1544
1549
 
1545
- <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1550
+ <fingerprint pattern="^([\w.-]{1,512}) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1546
1551
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1547
1552
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
1548
1553
  <example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
@@ -1625,11 +1630,11 @@ more text</example>
1625
1630
 
1626
1631
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1627
1632
  <description>Sofrel Remote Terminal Unit</description>
1628
- <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
1633
+ <example hw.product="S500" hw.serial_number="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
1629
1634
  <param pos="0" name="hw.vendor" value="Sofrel"/>
1630
1635
  <param pos="0" name="hw.family" value="S500 Range"/>
1631
1636
  <param pos="1" name="hw.product"/>
1632
- <param pos="2" name="host.id"/>
1637
+ <param pos="2" name="hw.serial_number"/>
1633
1638
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1634
1639
  <param pos="3" name="system.time"/>
1635
1640
  </fingerprint>
@@ -1645,13 +1650,16 @@ more text</example>
1645
1650
  <param pos="2" name="hw.product"/>
1646
1651
  </fingerprint>
1647
1652
 
1648
- <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1653
+ <fingerprint pattern="^(\S{1,512}) FTP server ready\.?$" flags="REG_ICASE">
1649
1654
  <description>Generic FTP fingerprint with a hostname</description>
1650
1655
  <example host.name="example.com">example.com FTP server ready.</example>
1651
1656
  <param pos="1" name="host.name"/>
1657
+ <param pos="0" name="hw.certainty" value="0.0"/>
1658
+ <param pos="0" name="os.certainty" value="0.0"/>
1659
+ <param pos="0" name="service.certainty" value="0.0"/>
1652
1660
  </fingerprint>
1653
1661
 
1654
- <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1662
+ <fingerprint pattern="^(\S{1,512}) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1655
1663
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1656
1664
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
1657
1665
  <example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
@@ -1667,6 +1675,9 @@ more text</example>
1667
1675
  <example>FTP-Server</example>
1668
1676
  <example>FTP Server</example>
1669
1677
  <example>FTP service ready.</example>
1678
+ <param pos="0" name="hw.certainty" value="0.0"/>
1679
+ <param pos="0" name="os.certainty" value="0.0"/>
1680
+ <param pos="0" name="service.certainty" value="0.0"/>
1670
1681
  </fingerprint>
1671
1682
 
1672
1683
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
@@ -1676,7 +1687,7 @@ more text</example>
1676
1687
  <param pos="0" name="service.product" value="ProRat"/>
1677
1688
  </fingerprint>
1678
1689
 
1679
- <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1690
+ <fingerprint pattern="^(?:(\S{1,512}) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1680
1691
  <description>Vermillion FTP Daemon</description>
1681
1692
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
1682
1693
  <example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
@@ -1690,7 +1701,7 @@ more text</example>
1690
1701
  <param pos="1" name="host.name"/>
1691
1702
  </fingerprint>
1692
1703
 
1693
- <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1704
+ <fingerprint pattern="^(?:(\S{1,512}) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1694
1705
  <description>QVT/Net FTP Server</description>
1695
1706
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
1696
1707
  <example host.name="qpc-qvtnet" service.version="4.1">qpc-qvtnet FTP server (QVT/Net 4.1) ready.</example>