RubyGems - recog - Versions diffs - 2.3.17 → 2.3.21 - Mend

recog 2.3.17 → 2.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +26 -0
data/bin/recog_standardize +6 -0
data/cpe-remap.yaml +342 -200
data/identifiers/README.md +24 -10
data/identifiers/fields.txt +104 -0
data/identifiers/hw_device.txt +2 -0
data/identifiers/hw_family.txt +11 -0
data/identifiers/hw_product.txt +71 -0
data/identifiers/os_device.txt +2 -1
data/identifiers/os_family.txt +2 -0
data/identifiers/os_product.txt +36 -8
data/identifiers/service_family.txt +10 -1
data/identifiers/service_product.txt +78 -2
data/identifiers/vendor.txt +55 -0
data/lib/recog/nizer.rb +1 -82
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/update_cpes.py +18 -5
data/xml/apache_modules.xml +60 -0
data/xml/apache_os.xml +1 -1
data/xml/dns_versionbind.xml +11 -1
data/xml/favicons.xml +122 -3
data/xml/ftp_banners.xml +62 -51
data/xml/html_title.xml +553 -41
data/xml/http_cookies.xml +262 -61
data/xml/http_servers.xml +478 -108
data/xml/http_wwwauth.xml +36 -9
data/xml/imap_banners.xml +5 -5
data/xml/ldap_searchresult.xml +1 -0
data/xml/mdns_device-info_txt.xml +340 -10
data/xml/mysql_banners.xml +2 -1
data/xml/nntp_banners.xml +1 -1
data/xml/ntp_banners.xml +16 -2
data/xml/operating_system.xml +4 -4
data/xml/pop_banners.xml +4 -4
data/xml/rtsp_servers.xml +7 -0
data/xml/sip_banners.xml +347 -9
data/xml/sip_user_agents.xml +323 -4
data/xml/smb_native_lm.xml +32 -1
data/xml/smb_native_os.xml +160 -33
data/xml/smtp_banners.xml +167 -128
data/xml/smtp_expn.xml +1 -0
data/xml/smtp_vrfy.xml +1 -0
data/xml/snmp_sysdescr.xml +205 -36
data/xml/ssh_banners.xml +139 -25
data/xml/telnet_banners.xml +92 -48
data/xml/tls_jarm.xml +140 -0
data/xml/x509_issuers.xml +201 -2
data/xml/x509_subjects.xml +251 -32
metadata +5 -2

data/xml/http_cookies.xml CHANGED Viewed

@@ -5,8 +5,71 @@
   servers.
   -->
+  <fingerprint pattern="^__cfd?uid=">
+    <description>CloudFlare web load balancer endpoint</description>
+    <example>__cfuid=1337</example>
+    <example>__cfduid=dd450f2431e1e611a61a15f68974de9a41618794671; expires=Wed, 19-May-21 01:11:11 GMT; path=/; domain=.foo.bar; HttpOnly; SameSite=Lax</example>
+    <param pos="0" name="service.vendor" value="CloudFlare"/>
+    <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
+    <param pos="0" name="service.family" value="CloudFlare"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=.*$">
+    <description>Amazon Application Load Balancer</description>
+    <example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
+    <example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
+    <example cookie="AWSALBTGCORS">AWSALBTGCORS=E0+uuQyz1jbU2P5jrIIWTuoK0aAbjfgsuA814N0xT5w9Vu4N61/CZTKT+yxwCfUqIUx/IgZfsDyA24+eSXKFO60aqEbtGPw2Mm4bGNDMVpcZ/yKHzifDPjT7mNQvNVq7xCAed5VgTpMH/nD3D2pLn9+ooJcShVgv+z97rSYAV5C98tecx6Q=; Expires=Mon, 10 May 2021 01:21:27 GMT; Path=/; SameSite=None; Secure</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Amazon"/>
+    <param pos="0" name="service.family" value="Web Services"/>
+    <param pos="0" name="service.product" value="Application Load Balancer"/>
+  </fingerprint>
+  <fingerprint pattern="^(AWSELB(?:CORS)?)=.*$">
+    <description>Amazon Elastic Load Balancer</description>
+    <example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
+    <example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Amazon"/>
+    <param pos="0" name="service.family" value="Web Services"/>
+    <param pos="0" name="service.product" value="Elastic Load Balancer"/>
+  </fingerprint>
+  <fingerprint pattern="^(PHPSESSI(?:D|ON))=.*">
+    <description>PHP - http://www.php.net/ref.session</description>
+    <example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
+    <example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="PHP"/>
+    <param pos="0" name="service.family" value="PHP"/>
+    <param pos="0" name="service.product" value="PHP"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
+    <description>Microsoft IIS (ASP.NET)
+      http://msdn2.microsoft.com/en-us/library/ms953828.aspx
+      http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
+    </description>
+    <example cookie="ASPSESSIONIDQSBRRTTB">ASPSESSIONIDQSBRRTTB=BECILMBCPMGHJGAHKCHNGENF; path=/</example>
+    <example cookie="ASP.NET_SessionId">ASP.NET_SessionId=00nxm4qqh2tdjl0p52m10edv</example>
+    <example cookie=".ASPXANONYMOUS">.ASPXANONYMOUS=5ts5UmJr1wEkAAAAMmY0Y2EwNTUtZGZhYi00YTFlLTlmNzAtYmEwNjdiYTgxZDA40; expires=Sun, 27-Jun-2021 14:40:06 GMT; path=/; HttpOnly</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
+    <param pos="0" name="service.component.vendor" value="Microsoft"/>
+    <param pos="0" name="service.component.family" value="ASP.NET"/>
+    <param pos="0" name="service.component.product" value="ASP.NET"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
+  </fingerprint>
   <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
     <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
+    <example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
+    <example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Adobe"/>
     <param pos="0" name="service.family" value="ColdFusion"/>
@@ -33,9 +96,10 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(JServSessionIdroot)=.*">
+  <fingerprint pattern="^JServSessionIdroot=.*">
     <description>Apache JServ</description>
-    <param pos="1" name="cookie"/>
+    <example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
+    <param pos="0" name="cookie" value="JServSessionIdroot"/>
     <param pos="0" name="service.vendor" value="Apache"/>
     <param pos="0" name="service.family" value="JServ"/>
     <param pos="0" name="service.product" value="JServ"/>
@@ -43,12 +107,22 @@
   <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
     <description>ATG Dynamo</description>
+    <example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="ATG"/>
     <param pos="0" name="service.family" value="Dynamo"/>
     <param pos="0" name="service.product" value="Dynamo"/>
   </fingerprint>
+  <fingerprint pattern="^Bugzilla_login_request_cookie=.*">
+    <description>Bugzilla</description>
+    <example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
+    <param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
+    <param pos="0" name="service.vendor" value="Mozilla"/>
+    <param pos="0" name="service.product" value="Bugzilla"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
+  </fingerprint>
   <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
     <description>BEA WebLogic (with timestamp)</description>
     <param pos="1" name="cookie"/>
@@ -76,9 +150,10 @@
     <param pos="0" name="service.product" value="Proxy"/>
   </fingerprint>
-  <fingerprint pattern="^(CAKEPHP)=.*">
+  <fingerprint pattern="^CAKEPHP=.*">
     <description>CakePHP - http://www.cakephp.org/</description>
-    <param pos="1" name="cookie"/>
+    <example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="CAKEPHP"/>
     <param pos="0" name="service.family" value="PHP"/>
     <param pos="0" name="service.product" value="CakePHP"/>
   </fingerprint>
@@ -88,22 +163,23 @@
       The cookie value breaks down to [box-id][service-id][timeout-value]
       unfortunately, there's no separator so it's hard to tell what the
       actual break is between the pieces of data.
-      http://www.cisco.com/warp/public/117/AP_cookies.html
   -->
-  <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
+  <fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
     <description>Cisco 11000 Series Content Service Switch (CSS)</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="host.id"/>
-    <param pos="3" name="host.ip"/>
+    <example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
+    <param pos="0" name="cookie" value="ARPT"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="host.ip"/>
     <param pos="0" name="service.vendor" value="Cisco"/>
     <param pos="0" name="service.family" value="Content Service Switch"/>
     <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
   </fingerprint>
-  <fingerprint pattern="^(ARPT)=.*">
+  <fingerprint pattern="^ARPT=.*">
     <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
-    <param pos="1" name="cookie"/>
+    <example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
+    <param pos="0" name="cookie" value="ARPT"/>
     <param pos="0" name="service.vendor" value="Cisco"/>
     <param pos="0" name="service.family" value="Content Service Switch"/>
     <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
@@ -122,7 +198,7 @@
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -130,9 +206,9 @@
     <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
   </fingerprint>
-  <fingerprint pattern="^(st8id)=.*">
+  <fingerprint pattern="^st8id=.*">
     <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
-    <param pos="1" name="cookie"/>
+    <param pos="0" name="cookie" value="st8id"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="Application Protection System"/>
     <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
@@ -146,6 +222,7 @@
     <param pos="0" name="os.family" value="NetScaler"/>
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
@@ -165,14 +242,33 @@
     <param pos="0" name="os.product" value="Pulse Connect Secure"/>
   </fingerprint>
+  <fingerprint pattern="^DokuWiki=.*">
+    <description>Dokuwiki</description>
+    <example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
+    <param pos="0" name="cookie" value="DokuWiki"/>
+    <param pos="0" name="service.vendor" value="Dokuwiki"/>
+    <param pos="0" name="service.product" value="Dokuwiki"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
+  </fingerprint>
   <fingerprint pattern="^(EktGUID|ecm)=.*">
     <description>Ektron CMS400.net</description>
+    <example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Ektron"/>
     <param pos="0" name="service.family" value="CMS400.NET"/>
     <param pos="0" name="service.product" value="CMS400.NET"/>
   </fingerprint>
+  <fingerprint pattern="^FESESSIONID=">
+    <description>Atlanssian's Fisheye</description>
+    <example>FESESSIONID=133713381337</example>
+    <param pos="0" name="cookie" value="FESESSIONID"/>
+    <param pos="0" name="service.vendor" value="Atlassian"/>
+    <param pos="0" name="service.product" value="Fisheye"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
+  </fingerprint>
   <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
     <description>F5 BIG-IP LTM - Server variant</description>
     <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
@@ -184,8 +280,19 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
   </fingerprint>
-  <fingerprint pattern="^(BigIPCookie)=.*">
+  <fingerprint pattern="^i_like_gogits=.*">
+    <description>Gogs</description>
+    <example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="i_like_gogits"/>
+    <param pos="0" name="service.vendor" value="Gogs"/>
+    <param pos="0" name="service.product" value="Gogs"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(BigIPCookie[^=]*)=.*">
     <description>F5 BIG-IP LTM</description>
+    <example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
+    <example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="F5"/>
     <param pos="0" name="service.family" value="BIG-IP"/>
@@ -193,10 +300,40 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
   </fingerprint>
-  <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
+  <fingerprint pattern="^flyspray_project=">
+    <description>Flyspray</description>
+    <example>flyspray_project=133713381234; Path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="flyspray_project"/>
+    <param pos="0" name="service.vendor" value="Flyspray"/>
+    <param pos="0" name="service.product" value="Flyspray"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
+  </fingerprint>
+  <fingerprint pattern="^i_like_gitea=.*">
+    <description>Gitea</description>
+    <example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
+    <param pos="0" name="cookie" value="i_like_gitea"/>
+    <param pos="0" name="service.vendor" value="Gitea"/>
+    <param pos="0" name="service.product" value="Gitea"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
+  </fingerprint>
+  <fingerprint pattern="^_gitlab_session=.*">
+    <description>GitLab</description>
+    <example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
+    <param pos="0" name="cookie" value="_gitlab_session"/>
+    <param pos="0" name="service.vendor" value="GitLab"/>
+    <param pos="0" name="service.product" value="GitLab"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
+  </fingerprint>
+  <fingerprint pattern="^SERVERID=([A-Za-z0-9\-_]+)">
     <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="host.name"/>
+    <example host.name="foo1">SERVERID=foo1; path=/</example>
+    <param pos="0" name="cookie" value="SERVERID"/>
+    <param pos="1" name="host.name"/>
     <param pos="0" name="service.family" value="HAProxy"/>
     <param pos="0" name="service.product" value="HAProxy"/>
   </fingerprint>
@@ -205,6 +342,7 @@
     <description>IBM Tivoli Access Manager for e-business WebSEAL
       http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
     </description>
+    <example cookie="AMWEBJCT!%2F4plportal!JSESSIONID" junction.name="%2F4plportal" junction.cookie="JSESSIONID">AMWEBJCT!%2F4plportal!JSESSIONID=fQDCzpljFPMhMVaDUOD+uOBe.undefined; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="2" name="junction.name"/>
     <param pos="3" name="junction.cookie"/>
@@ -217,15 +355,17 @@
     <description>IBM Tivoli Access Manager for e-business WebSeal
       http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
     </description>
+    <example cookie="PD-S-SESSION-ID">PD-S-SESSION-ID=1_2_0_xRzIc55lBOTYkrYfW+qWHWGgdqlVKeEgwrhtKt+KRfq8R3lW; Path=/; Secure; HttpOnly</example>
+    <example cookie="PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c">PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c=%2F; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="Tivoli"/>
     <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
   </fingerprint>
-  <fingerprint pattern="^(IBMCBR)=.*">
+  <fingerprint pattern="^IBMCBR=.*">
     <description>IBM WebSphere Load Balancer</description>
-    <param pos="1" name="cookie"/>
+    <param pos="0" name="cookie" value="IBMCBR"/>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="WebSphere"/>
     <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
@@ -233,11 +373,19 @@
   <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
     <description>Joom!Fish http://www.joomfish.net/</description>
+    <example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
+    <example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.family" value="Joom!Fish"/>
     <param pos="0" name="service.product" value="Joom!Fish"/>
   </fingerprint>
+  <fingerprint pattern="^_mastodon_session=">
+    <description>Mastodon</description>
+    <param pos="0" name="cookie" value="_mastodon_session"/>
+    <param pos="0" name="service.product" value="Mastodon"/>
+  </fingerprint>
   <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
     <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
     <param pos="1" name="cookie"/>
@@ -247,30 +395,35 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
-    <description>Microsoft IIS (ASP.NET)
-      http://msdn2.microsoft.com/en-us/library/ms953828.aspx
-      http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
-    </description>
+  <fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=.*">
+    <description>Nextcloud</description>
+    <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
+    <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
+    <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
-    <param pos="0" name="service.vendor" value="Microsoft"/>
-    <param pos="0" name="service.family" value="IIS"/>
-    <param pos="0" name="service.product" value="IIS"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
-    <param pos="0" name="service.component.vendor" value="Microsoft"/>
-    <param pos="0" name="service.component.family" value="ASP.NET"/>
-    <param pos="0" name="service.component.product" value="ASP.NET"/>
-    <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
+    <param pos="0" name="service.vendor" value="Nextcloud"/>
+    <param pos="0" name="service.product" value="Nextcloud Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(AlteonP)=.*">
+  <fingerprint pattern="^AlteonP=.*">
     <description>Nortel Alteon Web Switch</description>
-    <param pos="1" name="cookie"/>
+    <example>AlteonP=c46736793e45929dbaeebabb; path=</example>
+    <param pos="0" name="cookie" value="AlteonP"/>
     <param pos="0" name="service.vendor" value="Nortel"/>
     <param pos="0" name="service.family" value="Alteon"/>
     <param pos="0" name="service.product" value="Alteon Web Switch"/>
   </fingerprint>
+  <fingerprint pattern="^OBSID=.*">
+    <description>Observium</description>
+    <example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="OBSID"/>
+    <param pos="0" name="service.vendor" value="Observium"/>
+    <param pos="0" name="service.product" value="Observium"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
+  </fingerprint>
   <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
     <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
     <param pos="1" name="cookie"/>
@@ -279,42 +432,46 @@
     <param pos="0" name="service.product" value="Content Server"/>
   </fingerprint>
-  <fingerprint pattern="^(parkinglot)=.*">
+  <fingerprint pattern="^parkinglot=.*">
     <description>Oversee Webserver</description>
-    <param pos="1" name="cookie"/>
+    <param pos="0" name="cookie" value="parkinglot"/>
     <param pos="0" name="service.vendor" value="Oversee"/>
     <param pos="0" name="service.family" value="Webserver"/>
     <param pos="0" name="service.product" value="Webserver"/>
   </fingerprint>
-  <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
-    <description>PHP - http://www.php.net/ref.session</description>
-    <param pos="1" name="cookie"/>
-    <param pos="0" name="service.vendor" value="PHP"/>
-    <param pos="0" name="service.family" value="PHP"/>
-    <param pos="0" name="service.product" value="PHP"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
+  <fingerprint pattern="^phsid=.*">
+    <description>Phabricator</description>
+    <example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
+    <param pos="0" name="cookie" value="phsid"/>
+    <param pos="0" name="service.vendor" value="Phacility"/>
+    <param pos="0" name="service.family" value="Phabricator"/>
+    <param pos="0" name="service.product" value="Phabricator"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
   </fingerprint>
-  <fingerprint pattern="^(RMID)=.*">
+  <fingerprint pattern="^RMID=.*">
     <description>RealMedia OpenAdStream</description>
-    <param pos="1" name="cookie"/>
+    <example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
+    <param pos="0" name="cookie" value="RMID"/>
     <param pos="0" name="service.vendor" value="RealMedia"/>
     <param pos="0" name="service.family" value="OpenAdStream"/>
     <param pos="0" name="service.product" value="OpenAdStream"/>
   </fingerprint>
-  <fingerprint pattern="^(RoxenUserID)=.*">
+  <fingerprint pattern="^RoxenUserID=.*">
     <description>Roxen WebServer</description>
-    <param pos="1" name="cookie"/>
+    <example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
+    <param pos="0" name="cookie" value="RoxenUserID"/>
     <param pos="0" name="service.vendor" value="Roxen"/>
     <param pos="0" name="service.family" value="WebServer"/>
     <param pos="0" name="service.product" value="WebServer"/>
   </fingerprint>
-  <fingerprint pattern="^(_sn)=.*">
+  <fingerprint pattern="^_sn=.*">
     <description>Siebel CRM</description>
-    <param pos="1" name="cookie"/>
+    <example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
+    <param pos="0" name="cookie" value="_sn"/>
     <param pos="0" name="service.vendor" value="Siebel"/>
     <param pos="0" name="service.family" value="CRM"/>
     <param pos="0" name="service.product" value="CRM"/>
@@ -332,9 +489,9 @@
    -->
-  <fingerprint pattern="^(NSES40Session)=.*">
+  <fingerprint pattern="^NSES40Session=.*">
     <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
-    <param pos="1" name="cookie"/>
+    <param pos="0" name="cookie" value="NSES40Session"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Web Server"/>
     <param pos="0" name="service.product" value="Java System Web Server"/>
@@ -342,6 +499,24 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
   </fingerprint>
+  <fingerprint pattern="^_redmine_session=.*">
+    <description>Redmine</description>
+    <example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
+    <param pos="0" name="cookie" value="_redmine_session"/>
+    <param pos="0" name="service.vendor" value="Redmine"/>
+    <param pos="0" name="service.product" value="Redmine"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:redmine:redmine:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(syracuse\.sid\.\d+)=">
+    <description>Sage X3 Syracuse Web Server</description>
+    <example cookie="syracuse.sid.8124">syracuse.sid.8124=8b102bf7-327c-4962-9279-550e72afcaa9; path=/; HttpOnly</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Sage"/>
+    <param pos="0" name="service.family" value="Sage X3 Syracuse Web Server"/>
+    <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
+  </fingerprint>
   <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
     <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
     <param pos="1" name="cookie"/>
@@ -351,17 +526,19 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(fe_typo_user)=.*">
+  <fingerprint pattern="^fe_typo_user=.*">
     <description>TYPO3 CMS - http://typo3.com/</description>
-    <param pos="1" name="cookie"/>
+    <example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
+    <param pos="0" name="cookie" value="fe_typo_user"/>
     <param pos="0" name="service.vendor" value="TYPO3"/>
     <param pos="0" name="service.family" value="CMS"/>
     <param pos="0" name="service.product" value="CMS"/>
   </fingerprint>
-  <fingerprint pattern="^(SaneID)=.*">
+  <fingerprint pattern="^SaneID=.*">
     <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
-    <param pos="1" name="cookie"/>
+    <example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
+    <param pos="0" name="cookie" value="SaneID"/>
     <param pos="0" name="service.vendor" value="Unica"/>
     <param pos="0" name="service.family" value="NetTracker"/>
     <param pos="0" name="service.product" value="NetTracker"/>
@@ -369,12 +546,23 @@
   <fingerprint pattern="^(__utm[a-z])=.*">
     <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
+    <example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Google"/>
     <param pos="0" name="service.family" value="Urchin"/>
     <param pos="0" name="service.product" value="Urchin Tracking Module"/>
   </fingerprint>
+  <fingerprint pattern="vxoaSessionID=">
+    <description>Silver Peak Appliance</description>
+    <example>vxoaSessionID=s%3A2650cfe1df092fc617d229d6d6b5dbfc.70yKRpb371czAWFkZWXdNfCSNexQvtiVr%2B3Z51YXbIw; Path=/; HttpOnly; Secure</example>
+    <example>vxoaSessionID=s%3A65e39ce7ae15193cb4bb0f812d20105b.qgHrgV4MtPKWeKwBrfynmxZmn5iaegh%2FRP0nV5ntaE8; Path=/; HttpOnly; Secure</example>
+    <example>vxoaSessionID=s%3A7e17300953b68c4713990a01bd00aa2b.5mg3edagZCkddCmWqMXbp4AOEzTVby6K2z2jfhal7Uw; Path=/; HttpOnly; Secure</example>
+    <param pos="0" name="hw.vendor" value="Silver Peak"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.product" value="SD-WAN"/>
+  </fingerprint>
   <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
     <description>Vignette</description>
     <param pos="1" name="cookie"/>
@@ -383,25 +571,38 @@
     <param pos="0" name="service.product" value="Vignette"/>
   </fingerprint>
-  <fingerprint pattern="^(wgSession)=.*">
+  <fingerprint pattern="^wgSession=.*">
     <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
-    <param pos="1" name="cookie"/>
+    <example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
+    <param pos="0" name="cookie" value="wgSession"/>
     <param pos="0" name="service.vendor" value="Plain Black"/>
     <param pos="0" name="service.family" value="WebGUI"/>
     <param pos="0" name="service.product" value="WebGUI"/>
   </fingerprint>
-  <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
+  <fingerprint pattern="^(WEBTRENDS_?ID)=.*">
     <description>WebTrends</description>
+    <example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="WebTrends"/>
     <param pos="0" name="service.family" value="WebTrends"/>
     <param pos="0" name="service.product" value="WebTrends"/>
   </fingerprint>
-  <fingerprint pattern="^(_ZopeId)=.*">
-    <description>Zope</description>
+  <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=.*">
+    <description>Zimbra</description>
+    <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
+    <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
     <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Synacor"/>
+    <param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
+  </fingerprint>
+  <fingerprint pattern="^_ZopeId=.*">
+    <description>Zope</description>
+    <example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
+    <param pos="0" name="cookie" value="_ZopeId"/>
     <param pos="0" name="service.family" value="Zope"/>
     <param pos="0" name="service.product" value="Zope"/>
   </fingerprint>