recog 2.3.18 → 2.3.19

data/identifiers/service_family.txt

@@ -140,6 +140,7 @@ OzymanDNS
 PBX
 PHP
 PWS
+Phabricator
 Pi-hole
 Post.Office
 Postfix
@@ -187,6 +188,7 @@ Tomcat
 Tornado
 Twisted
 Twisted Web
+UPnP
 UTM
 UltraDNS
 Unbound
@@ -221,6 +223,7 @@ Wing FTP
 ZMailer
 Zope
 ZyWALL
+Zywall
 djbdns
 ePolicy Orchestrator
 emHTTPD

data/identifiers/service_product.txt

@@ -14,6 +14,7 @@ Abyss Web Server X1
 Active Directory Controller
 Active Intelligence Engine
 ActiveMQ
+AdGuard Home
 AirTunes
 Airflow
 Alteon Web Switch
@@ -40,6 +41,7 @@ Bigfoot Email Tools
 BlackJumboDog
 BladeSystems
 Boa
+Bugzilla
 CCProxy
 CMS
 CMS400.NET
@@ -50,17 +52,23 @@ CUPS
 CacheServe
 Caddy
 CakePHP
+Calibre-Web
 CallPilot
 Celerra
 CentOS Directory Server
 CentOS Web Panel
+Cherokee
 CherryPy
 Chronograf
+ClearPass Policy Manager
+Cloud C2
 CloudFlare Load Balancer
 CloudFront Load Balancer
+Cobalt Strike Listener
 CockroachDB
 Code Review
 ColdFusion
+Collaboration Server
 Commerce Server
 Communication Broker
 Communigate Pro
@@ -88,11 +96,13 @@ Data Connection Directory
 Deploy
 Desktop
 Desktop Authority
+Desktop Central
 Device Manager
 Director
 Directory Server
 Dnsmasq
 DocuWiki
+Dokuwiki
 Domain Time II
 Domino LDAP Server
 Dovecot
@@ -131,8 +141,10 @@ Firewall-1
 Flink
 Flower
 Flussonic Media Server
+FortiVoice
 FortressSSH Server
 FreSSH
+FreeSWITCH
 GHost
 GNAT Box
 GStreamer RTSP Server
@@ -141,6 +153,7 @@ GitLab
 Gitea
 GlassFish Server
 GoAhead Webserver
+Gogs
 Google Front End
 Google Web Services
 Grafana
@@ -198,6 +211,7 @@ Jira
 Joom!Fish
 KM FTPD
 KM-MFP-HTTP
+Kamailio
 Kangle
 Kerio Connect
 Kerio Control
@@ -237,15 +251,18 @@ MaxScale
 Media Server
 MediaSense
 Mercury Mail Transport System
+Merlin
 Messaging Gateway
 Messaging Server
 MetaDirectory Server
+Metabase
 Metasploit
 MiniDLNA
 MiniUPnP
 MobaXterm
 Mongoose
 Mongrel
+Monit
 Moodle
 MultiNet
 Multicraft
@@ -292,10 +309,13 @@ Open Directory
 Open Stack Platform Director
 OpenAdStream
 OpenEdge Explorer
+OpenFire
 OpenLDAP
 OpenManage
 OpenMediaVault
 OpenResty
+OpenSER
+OpenSIPS
 OpenSMTPD
 OpenSSH
 OpenText Exceed
@@ -303,6 +323,7 @@ OpenVMS
 OpenVPN Access Server
 OpenView
 Oracle Application Server Containers
+Orion Platform
 Outlook Web Access
 OzymanDNS
 PA Firewall
@@ -314,6 +335,7 @@ PWS
 Paramiko
 Percona Server
 Perl
+Phabricator
 Phusion Passenger
 Pi-hole
 Platform Services Controller
@@ -326,6 +348,7 @@ PowerMTA
 ProFTPD
 ProRat
 Prometheus
+Proxmox
 Proxy
 Proxygen
 Pulse Connect Secure
@@ -369,6 +392,7 @@ SSH Secure Shell
 SSH Server
 SSH Tectia Server
 SSL-VPN
+STARFACE PBX
 STUN Server
 SWAT
 Samba
@@ -421,6 +445,7 @@ Tivoli Access Manager for e-business WebSEAL
 Tivoli Storage FlashCopy Manager
 Tivoli Storage Manager
 Tomcat
+Tor
 Tornado
 Twisted FTPD
 Twisted Web
@@ -483,10 +508,12 @@ Xvnc
 ZMailer
 Zabbix
 Zimbra
+Zimbra Collaboration Suite
 Zing Vision
 Zope
 alphapd
 axTLS
+bashttpd
 bsnmpd
 cPanel
 cPanel Service Daemon

data/identifiers/vendor.txt

@@ -2,6 +2,7 @@
 8x8 Inc.
 A.K.I Software
 ACME
+ACT Security
 ADB
 ADC
 ADTRAN
@@ -22,12 +23,14 @@ AT&T Worldworx
 ATEN
 ATG
 ATL Telecom Limited
+ATT
 AVM
 AVT
 AVTECH
 AXIS
 Aastra
 Accelerated Technology
+AdGuard
 Adaptec
 Adobe
 Adtran
@@ -77,6 +80,7 @@ AudioCodes
 Avaya
 Avery Dennison
 Avigilon
+Avleen Vig
 Avocent
 Axis
 Axonius
@@ -110,6 +114,7 @@ CDVI
 CSM
 Cabletron
 CaddyServer
+Calibre-Web Project
 Calient
 Calnex
 Cambium Networks
@@ -126,6 +131,7 @@ Cesanta
 Chainpoint
 Check Point
 Checkpoint
+Cherokee Project
 CherryPy
 Ciena
 Cintech Tele-Management
@@ -159,6 +165,7 @@ Crestron
 Critical Path
 CrushFTP
 CrystalVoice Communications
+Cumulus
 Cyberoam
 D J Bernstein
 D-Link
@@ -176,11 +183,13 @@ Debian
 Dell
 Deutsche Telekom
 Device42
+Dialogic
 Digi
 Digitronic Computersysteme GmbH
 Digium
 DirectLOGIC
 DocuWiki
+Dokuwiki
 Double Precision
 Dovecot
 Dr. Neuhaus Mikroelektronik
@@ -238,6 +247,7 @@ Foundry
 Foundry Networks
 FreeBSD
 FreePBX
+FreeSWITCH
 Fuji Xerox
 Fujitsu
 Fujitsu Siemens
@@ -261,6 +271,7 @@ GitLab
 Gitea
 Global Technology Associates
 GlobalScape
+Gogs
 Google
 Gordano
 Grafana
@@ -277,6 +288,7 @@ HP
 HPE
 Hadoop
 Haivision
+Hak5
 Hanwha Techwin
 HashiCorp
 Hauni Elektronik
@@ -298,6 +310,7 @@ ISC
 ISDN Communications
 ITO Communications
 Idea
+Ignite Realtime
 ImageCom
 Imagistics
 Inari Inc.
@@ -314,6 +327,7 @@ Inveo
 Ipswitch
 Isilon
 Jamf
+Jellyfin
 Jenkins
 JetBrains
 Juniper
@@ -352,6 +366,7 @@ LibreNMS
 Liebert
 Lifesize
 LigoWave
+Ligowave
 Linksys
 Linux
 LiteSpeed Technologies
@@ -385,8 +400,10 @@ Mercury Security
 Merit LILIN
 Mersive
 MetaInfo
+Metabase
 MiBridge Inc.
 Michael Tokarev
+MicroStrategy
 Microplex
 Microsoft
 MikroTik
@@ -401,6 +418,7 @@ Mort Bay
 Motion Media Technology
 Motorola
 Moxa
+Mozilla
 MultiTech
 Multicraft
 Munin
@@ -453,6 +471,8 @@ OpenLDAP
 OpenMediaVault
 OpenNAC
 OpenResty
+OpenSER
+OpenSIPS
 OpenSUSE
 OpenStack
 OpenVMS
@@ -464,6 +484,7 @@ Oracle
 Overland
 Oversee
 PHP
+PIAF
 PLD
 PRTG
 Pagoo, Inc.
@@ -476,7 +497,9 @@ Paradyne
 Parallels
 Paramiko
 Paul Smith Computer Services
+Pelco
 Percona
+Phacility
 Philips
 Philips Video Conferencing Systems
 Pi-hole
@@ -498,6 +521,7 @@ Process Software
 Progress
 Prometheus
 Pronet
+Proxmox
 Pulse Secure
 Pure Storage
 PureFTPd
@@ -527,6 +551,7 @@ Rhino Software
 Ricoh
 Ridgeway Systems and Software
 Rifatron
+Riverbed
 Riverstone
 Rockliffe
 Rockwell Automation
@@ -550,6 +575,7 @@ SMA Solar Technology Ag
 SMC Networks
 SPIP
 SSH Communications Security
+STARFACE GmhH
 SUSE
 SafeNet
 Samba
@@ -605,6 +631,7 @@ StarNet Communications Corp.
 StarVox, Inc.
 StartCom
 Steinsvik
+Strategic Cyber LLC
 StreamComm
 SuSE
 Sun
@@ -616,6 +643,7 @@ Symantec
 Symbol
 Symbol Technologies Inc.
 Symplified
+Synacor
 Syndeo Corp.
 Synology
 SysMaster Corporation
@@ -629,6 +657,7 @@ TYPO3
 Tandberg
 Taobao
 Tasman Networks
+Technicolor
 Tektronix
 Teldat H. Kruszynski, M. Cichocki Sp. J.
 TeleStream Technologies, Inc.
@@ -641,12 +670,14 @@ Thekelleys
 Thomson
 TigerVNC
 TightVNC
+Tildeslash
 Tilgin
 Tintro
 Tinyproxy Project
 Tivo
 Tobit Software
 Tokutek
+Tor Project
 TornadoWeb
 Toshiba
 Treck
@@ -707,6 +738,7 @@ Xitami
 Xlight
 Xubuntu
 Xyplex
+Xytronix
 Yamaha
 Yealink
 Yocto
@@ -738,6 +770,7 @@ noVNC
 ownCloud
 pfSense
 port25
+proxmox
 qmail
 rPath
 vsFTPd Project

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.18'
+  VERSION = '2.3.19'
 end

data/update_cpes.py

@@ -190,7 +190,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                     continue
 
                 vendor = vendor.lower().replace(' ', '_').replace(',', '')
-                product = product.lower().replace(' ', '_').replace(',', '')
+                product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
                 if 'unknown' in [vendor, product]:
                     continue
 
@@ -209,8 +209,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                     continue
 
                 # building the CPE string
-                # Last minute escaping of '/'
-                product = product.replace('/', '\/')
+                # Last minute escaping of '/' and `!`
+                product = product.replace('/', '\/').replace('%21', '\!')
                 cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
 
                 if version:

data/xml/favicons.xml

@@ -6,6 +6,30 @@
 
   <!-- Services -->
 
+  <fingerprint pattern="^4297c114f263c206ed12aaff4b0c7a50|e5af3b68e837498a85b25ef2c36a0825$">
+    <description>Metabase</description>
+    <example>4297c114f263c206ed12aaff4b0c7a50</example>
+    <example>e5af3b68e837498a85b25ef2c36a0825</example>
+    <param pos="0" name="service.product" value="Metabase"/>
+    <param pos="0" name="service.vendor" value="Metabase"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^14bd519881ea49a75353572cfb458dec$">
+    <description>Calibre-Web Project</description>
+    <example>14bd519881ea49a75353572cfb458dec</example>
+    <param pos="0" name="service.vendor" value="Calibre-Web Project"/>
+    <param pos="0" name="service.product" value="Calibre-Web"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:calibre-web_project:calibre-web:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^d2cef6047a604012455f5c9a1cd4d960$">
+    <description>Jellyfin Media Server</description>
+    <example>d2cef6047a604012455f5c9a1cd4d960</example>
+    <param pos="0" name="service.vendor" value="Jellyfin"/>
+    <param pos="0" name="service.product" value="Media Server"/>
+  </fingerprint>
+
   <fingerprint pattern="^0f584138aacfb79aaba7e2539fc4e642$">
     <description>Plex Media Server</description>
     <example>0f584138aacfb79aaba7e2539fc4e642</example>
@@ -194,6 +218,16 @@
     <param pos="0" name="service.vendor" value="SolarWinds"/>
     <param pos="0" name="service.product" value="Virtualization Manager"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^53317933c27890ae9218697ecc0e97d9$">
+    <description>SolarWinds Orion</description>
+    <example>53317933c27890ae9218697ecc0e97d9</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Orion Platform"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
   </fingerprint>
 
   <fingerprint pattern="^ee20526df4d69f7b02ee107458d8d679$">
@@ -813,6 +847,14 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^ad4de5c717c886a99c4cf0e066e9b461$">
+    <description>MicroStrategy Collaboration Server</description>
+    <example>ad4de5c717c886a99c4cf0e066e9b461</example>
+    <param pos="0" name="service.vendor" value="MicroStrategy"/>
+    <param pos="0" name="service.product" value="Collaboration Server"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
+
   <!-- Devices -->
 
   <fingerprint pattern="^2fd26da3d6b790a86038f440d5b37eea$">
@@ -1714,6 +1756,64 @@
     <param pos="0" name="os.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^ed61e4c9e9a176e82734aa42c6a00ce4|0dc6bff9bdabf1184c157d75ac73c22a$">
+    <description>Lifesize TelePresence</description>
+    <example>ed61e4c9e9a176e82734aa42c6a00ce4</example>
+    <example>0dc6bff9bdabf1184c157d75ac73c22a</example>
+    <param pos="0" name="hw.vendor" value="Lifesize"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="TelePresence"/>
+    <param pos="0" name="os.vendor" value="Lifesize"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="TelePresence"/>
+    <param pos="0" name="os.device" value="Video Conferencing"/>
+  </fingerprint>
+
+  <fingerprint pattern="^45e72b45613ba6ec2a1ded251a31f201$">
+    <description>Symantec PGP Key Management Server</description>
+    <example>45e72b45613ba6ec2a1ded251a31f201</example>
+    <param pos="0" name="hw.vendor" value="Symantec"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Key Management Server"/>
+  </fingerprint>
+
+  <fingerprint pattern="^302fe34dc0e9515e2d0509ff5f3217e5|8565497731f799fdd25ae59286807055$">
+    <description>Riverbed Steelhead Appliance</description>
+    <example>302fe34dc0e9515e2d0509ff5f3217e5</example>
+    <example>8565497731f799fdd25ae59286807055</example>
+    <param pos="0" name="hw.vendor" value="Riverbed"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Steelhead"/>
+    <param pos="0" name="os.product" value="RiOS"/>
+    <param pos="0" name="os.vendor" value="Riverbed"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^d29a1ef8a3d0011504f5d076600ce16d$">
+    <description>Silver Peak Appliance</description>
+    <example>d29a1ef8a3d0011504f5d076600ce16d</example>
+    <param pos="0" name="hw.vendor" value="Silver Peak"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.product" value="SD-WAN"/>
+  </fingerprint>
+
+  <fingerprint pattern="^425515e283192a3a686c04e1c50620aa$">
+    <description>Cisco Meraki Appliance</description>
+    <example>425515e283192a3a686c04e1c50620aa</example>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="Meraki Device"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.certainty" value="0.40"/>
+  </fingerprint>
+
+  <fingerprint pattern="^f5c62ea4c4e9f9a8606400becc01375e$">
+    <description>PBX in a Flash</description>
+    <example>f5c62ea4c4e9f9a8606400becc01375e</example>
+    <param pos="0" name="hw.vendor" value="PIAF"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
+  </fingerprint>
+
   <fingerprint pattern="^7b73744799150c888a172daf3d7093bf$">
     <description>Pure Storage Appliance</description>
     <example>7b73744799150c888a172daf3d7093bf</example>
@@ -1723,4 +1823,12 @@
     <param pos="0" name="hw.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^1b786be7a46bd96a503a81b7faf86263$">
+    <description>AdGuard Home</description>
+    <example>1b786be7a46bd96a503a81b7faf86263</example>
+    <param pos="0" name="service.vendor" value="AdGuard"/>
+    <param pos="0" name="service.product" value="AdGuard Home"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
+
 </fingerprints>