recog 2.3.18 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
@@ -386,7 +386,7 @@
386
386
 
387
387
  <fingerprint pattern="^(?i:VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?)$">
388
388
  <description>Photon Linux</description>
389
- <example>VMWare Photon Linux</example>
389
+ <example>VMware Photon Linux</example>
390
390
  <example os.version="1.0">VMWare Photon 1.0</example>
391
391
  <param pos="0" name="os.vendor" value="VMware"/>
392
392
  <param pos="0" name="os.family" value="Linux"/>
@@ -397,7 +397,7 @@
397
397
 
398
398
  <!-- Vendor-based distribution catch-call -->
399
399
 
400
- <fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
400
+ <fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
401
401
  <description>Vendor-based Linux catch-all</description>
402
402
  <example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
403
403
  <param pos="0" name="os.family" value="Linux"/>
@@ -409,7 +409,7 @@
409
409
 
410
410
  <!-- Linux catch-all goes at the bottom-->
411
411
 
412
- <fingerprint pattern="^(?i:.*Linux?\s?(\d+?(?:\.\d+?)*?)?)$">
412
+ <fingerprint pattern="(?i)^.{0,1000}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
413
413
  <description>Linux catch-all</description>
414
414
  <example os.version="2.42.6">Linux 2.42.6</example>
415
415
  <param pos="0" name="os.vendor" value="Linux"/>
@@ -434,7 +434,7 @@
434
434
  <param pos="0" name="os.family" value="Mac OS"/>
435
435
  <param pos="0" name="os.product" value="Mac OS"/>
436
436
  <param pos="1" name="os.version"/>
437
- <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:{os.version}"/>
437
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:{os.version}"/>
438
438
  </fingerprint>
439
439
 
440
440
  <fingerprint pattern="^(?i:(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?)$">
@@ -588,7 +588,7 @@
588
588
 
589
589
  <!-- BSD begin -->
590
590
 
591
- <fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
591
+ <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
592
592
  <description>Many BSD family OSes</description>
593
593
  <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
594
594
  <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
@@ -605,7 +605,7 @@
605
605
 
606
606
  <!-- Other Unix-likes begin -->
607
607
 
608
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
608
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
609
609
  <description>OpenSolaris</description>
610
610
  <example os.version="2009.06">OpenSolaris 2009.06</example>
611
611
  <param pos="0" name="os.vendor" value="Sun"/>
data/xml/pop_banners.xml CHANGED
@@ -5,7 +5,7 @@
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
7
 
8
- <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
+ <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
9
9
  <description>OSX Cyrus POP</description>
10
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
11
11
  <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
@@ -20,7 +20,7 @@
20
20
  <param pos="1" name="host.domain"/>
21
21
  </fingerprint>
22
22
 
23
- <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
23
+ <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
24
24
  <description>CMU Cyrus POP</description>
25
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
26
26
  <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
@@ -31,7 +31,7 @@
31
31
  <param pos="1" name="host.domain"/>
32
32
  </fingerprint>
33
33
 
34
- <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
34
+ <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on">
35
35
  <description>IBM Lotus Notes/Domino</description>
36
36
  <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
37
37
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -40,7 +40,7 @@
40
40
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
41
41
  </fingerprint>
42
42
 
43
- <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
43
+ <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on">
44
44
  <description>IBM Lotus Notes/Domino - Release variant</description>
45
45
  <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
46
46
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -50,7 +50,7 @@
50
50
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
51
51
  </fingerprint>
52
52
 
53
- <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
53
+ <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\.">
54
54
  <description>Qpopper with Sphera mods</description>
55
55
  <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
56
56
  <param pos="0" name="service.vendor" value="Sphera"/>
@@ -60,7 +60,7 @@
60
60
  <param pos="2" name="host.domain"/>
61
61
  </fingerprint>
62
62
 
63
- <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
63
+ <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\.">
64
64
  <description>Qpopper with MySQL auth module</description>
65
65
  <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
66
66
  <param pos="0" name="service.vendor" value="Qualcomm"/>
@@ -73,7 +73,7 @@
73
73
  <param pos="3" name="host.domain"/>
74
74
  </fingerprint>
75
75
 
76
- <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
76
+ <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?">
77
77
  <description>Qpopper missing version info</description>
78
78
  <example>Qpopper (version 4.0.16) at foo.example.com</example>
79
79
  <example>QPOP (version 2.53) at domain starting. &lt;xxx@domain&gt;</example>
@@ -85,7 +85,7 @@
85
85
  <param pos="2" name="host.domain"/>
86
86
  </fingerprint>
87
87
 
88
- <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
88
+ <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\.">
89
89
  <description>Qpopper with missing version info</description>
90
90
  <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
91
91
  <param pos="0" name="service.vendor" value="Qualcomm"/>
@@ -229,7 +229,7 @@
229
229
  <param pos="0" name="hw.product" value="Raspberry Pi"/>
230
230
  </fingerprint>
231
231
 
232
- <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
232
+ <fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
233
233
  <description>VMware Zimbra POP</description>
234
234
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
235
235
  <param pos="0" name="service.vendor" value="VMware"/>
@@ -238,7 +238,7 @@
238
238
  <param pos="1" name="host.name"/>
239
239
  </fingerprint>
240
240
 
241
- <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
241
+ <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
242
242
  <description>VMware Zimbra POP with version</description>
243
243
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
244
244
  <param pos="0" name="service.vendor" value="VMware"/>
@@ -269,7 +269,7 @@
269
269
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
270
270
  </fingerprint>
271
271
 
272
- <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
272
+ <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+),">
273
273
  <description>TCP/IP Services for OpenVMS POP server</description>
274
274
  <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
275
275
  <param pos="0" name="service.family" value="OpenVMS"/>
data/xml/rsh_resp.xml CHANGED
@@ -41,7 +41,7 @@
41
41
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
42
42
  </fingerprint>
43
43
 
44
- <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
44
+ <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\." flags="REG_DOT_NEWLINE">
45
45
  <description>A/UX rlogind</description>
46
46
  <example>xrlogind: Host name for your address (127.0.0.1) unknown.
47
47
  </example>
@@ -49,7 +49,7 @@
49
49
  <param pos="0" name="os.family" value="A/UX"/>
50
50
  </fingerprint>
51
51
 
52
- <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
52
+ <fingerprint pattern="^.rexecd: Login incorrect\." flags="REG_DOT_NEWLINE">
53
53
  <description>HP-UX rexecd</description>
54
54
  <example>xrexecd: Login incorrect.
55
55
  </example>
@@ -59,7 +59,7 @@
59
59
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
60
60
  </fingerprint>
61
61
 
62
- <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
62
+ <fingerprint pattern="^.rexecd: [-\d]+" flags="REG_DOT_NEWLINE">
63
63
  <description>AIX rexecd</description>
64
64
  <example>xrexecd: 0-1 The login is not correct.
65
65
  </example>
data/xml/rtsp_servers.xml CHANGED
@@ -93,4 +93,11 @@
93
93
  <param pos="1" name="os.version"/>
94
94
  </fingerprint>
95
95
 
96
+ <fingerprint pattern="^Linux/2\.6\.35\.14_nl-xarina\+ Ze-PRO$">
97
+ <description>Sony Network Camera</description>
98
+ <example>Linux/2.6.35.14_nl-xarina+ Ze-PRO</example>
99
+ <param pos="0" name="hw.vendor" value="Sony"/>
100
+ <param pos="0" name="hw.device" value="IP Camera"/>
101
+ </fingerprint>
102
+
96
103
  </fingerprints>
data/xml/sip_banners.xml CHANGED
@@ -60,10 +60,54 @@
60
60
  <param pos="2" name="hw.version"/>
61
61
  </fingerprint>
62
62
 
63
+ <!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
64
+
65
+ <fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
66
+ <description>Linksys RT31P2</description>
67
+ <example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
68
+ <example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
69
+ <example os.version="3.1.6">001310E72B51 Linksys/RT31P2-3.1.6(LI)</example>
70
+ <param pos="0" name="os.vendor" value="Linksys"/>
71
+ <param pos="0" name="os.product" value="RT31P2 Firmware"/>
72
+ <param pos="1" name="os.version"/>
73
+ <param pos="0" name="os.device" value="VoIP"/>
74
+ <param pos="0" name="hw.vendor" value="Linksys"/>
75
+ <param pos="0" name="hw.product" value="RT31P2"/>
76
+ <param pos="0" name="hw.device" value="VoIP"/>
77
+ <param pos="0" name="hw.cpe23" value="cpe:/h:linksys:rt31p2:-"/>
78
+ </fingerprint>
79
+
80
+ <fingerprint pattern="^Cisco/SPA122-([\d.]+)\(\w+\)[\w-]*$">
81
+ <description>Cisco SPA122</description>
82
+ <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)</example>
83
+ <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)_BestGo</example>
84
+ <param pos="0" name="os.vendor" value="Cisco"/>
85
+ <param pos="0" name="os.product" value="SPA122 Firmware"/>
86
+ <param pos="1" name="os.version"/>
87
+ <param pos="0" name="os.device" value="VoIP"/>
88
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa122_firmware:{os.version}"/>
89
+ <param pos="0" name="hw.vendor" value="Cisco"/>
90
+ <param pos="0" name="hw.product" value="SPA122"/>
91
+ <param pos="0" name="hw.device" value="VoIP"/>
92
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa122:-"/>
93
+ </fingerprint>
94
+
95
+ <fingerprint pattern="^Cisco/SPA112-([\d.SR]+)\(\w+\)[\w-]*$">
96
+ <description>Cisco SPA112</description>
97
+ <example os.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
98
+ <param pos="0" name="os.vendor" value="Cisco"/>
99
+ <param pos="0" name="os.product" value="SPA112 Firmware"/>
100
+ <param pos="1" name="os.version"/>
101
+ <param pos="0" name="os.device" value="VoIP"/>
102
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa112_firmware:{os.version}"/>
103
+ <param pos="0" name="hw.vendor" value="Cisco"/>
104
+ <param pos="0" name="hw.product" value="SPA112"/>
105
+ <param pos="0" name="hw.device" value="VoIP"/>
106
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
107
+ </fingerprint>
108
+
63
109
  <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
64
110
  <description>Cisco/Linksys SPA VoIP Phone</description>
65
- <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
66
- <example hw.model="SPA122" hw.version="1.3.3">Cisco/SPA122-1.3.3(004)</example>
67
111
  <example hw.model="SPA922" hw.version="6.1.5">PhoneSystems.net aabbccddeeff Linksys/SPA922-6.1.5(a)</example>
68
112
  <example hw.model="SPA232D" hw.version="1.4.1">Cisco/SPA232D-1.4.1(002_282)</example>
69
113
  <example hw.model="SPA504G" hw.version="7.5.2">Cisco/SPA504G-7.5.2</example>
@@ -155,6 +199,131 @@
155
199
  <param pos="1" name="hw.product"/>
156
200
  </fingerprint>
157
201
 
202
+ <!-- NEC -->
203
+
204
+ <fingerprint pattern="^NEC SL2100/([\d.]+)$">
205
+ <description>NEC SL2100 Communications Server</description>
206
+ <example os.version="2.1">NEC SL2100/2.1</example>
207
+ <param pos="0" name="os.vendor" value="NEC"/>
208
+ <param pos="0" name="os.product" value="SL2100 Firmware"/>
209
+ <param pos="1" name="os.version"/>
210
+ <param pos="0" name="os.device" value="SIP Gateway"/>
211
+ <param pos="0" name="os.cpe23" value="cpe:/o:nec:sl2100_firmware:{os.version}"/>
212
+ <param pos="0" name="hw.vendor" value="NEC"/>
213
+ <param pos="0" name="hw.family" value="SL2100"/>
214
+ <param pos="0" name="hw.product" value="SL2100"/>
215
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
216
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sl2100:-"/>
217
+ </fingerprint>
218
+
219
+ <fingerprint pattern="^NEC (Aspire [WU]X) ([\d.]+)(?:/\d\.\d)?$">
220
+ <description>NEC UNIVERGE Aspire WX or UX SIP Gateway</description>
221
+ <example hw.product="Aspire WX" os.version="02.00.00">NEC Aspire WX 02.00.00</example>
222
+ <example hw.product="Aspire UX" os.version="08.00.00">NEC Aspire UX 08.00.00/2.1</example>
223
+ <param pos="0" name="os.vendor" value="NEC"/>
224
+ <param pos="2" name="os.version"/>
225
+ <param pos="0" name="hw.vendor" value="NEC"/>
226
+ <param pos="0" name="hw.family" value="UNIVERGE"/>
227
+ <param pos="1" name="hw.product"/>
228
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
229
+ </fingerprint>
230
+
231
+ <!-- The next few NEC fingerprints could be merged but are split to enable CPEs -->
232
+
233
+ <fingerprint pattern="^NEC(?:-i)? SV9100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
234
+ <description>NEC UNIVERGE 9100 SIP Gateway</description>
235
+ <example os.version="08.00.65">NEC SV9100-NA 08.00.65/2.1</example>
236
+ <example os.version="09.00.60">NEC SV9100-GE 09.00.60/2.1</example>
237
+ <param pos="0" name="os.vendor" value="NEC"/>
238
+ <param pos="0" name="os.product" value="SV9100 Firmware"/>
239
+ <param pos="1" name="os.version"/>
240
+ <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv9100_firmware:{os.version}"/>
241
+ <param pos="0" name="hw.vendor" value="NEC"/>
242
+ <param pos="0" name="hw.family" value="UNIVERGE"/>
243
+ <param pos="0" name="hw.product" value="SV9100"/>
244
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
245
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv9100:-"/>
246
+ </fingerprint>
247
+
248
+ <fingerprint pattern="^NEC(?:-i)? SV8100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
249
+ <description>NEC UNIVERGE 8100 SIP Gateway</description>
250
+ <example os.version="08.00.65">NEC SV8100-GE 08.00.65/2.1</example>
251
+ <example os.version="09.50">NEC-i SV8100-NA 09.50/2.1</example>
252
+ <example os.version="10.12">NEC SV8100-NA 10.12/2.1</example>
253
+ <param pos="0" name="os.vendor" value="NEC"/>
254
+ <param pos="0" name="os.product" value="SV8100 Firmware"/>
255
+ <param pos="1" name="os.version"/>
256
+ <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv8100_firmware:{os.version}"/>
257
+ <param pos="0" name="hw.vendor" value="NEC"/>
258
+ <param pos="0" name="hw.family" value="UNIVERGE"/>
259
+ <param pos="0" name="hw.product" value="SV8100"/>
260
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
261
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv8100:-"/>
262
+ </fingerprint>
263
+
264
+ <!-- Grandstream -->
265
+
266
+ <!-- The next few fingerprints could be merged but are split to enable CPEs -->
267
+
268
+ <fingerprint pattern="^Grandstream UCM6208V(\d\.\d\w) ([\d.]+)$">
269
+ <description>Grandstream UCM 6208</description>
270
+ <example hw.version="1.4A" os.version="1.0.16.20">Grandstream UCM6208V1.4A 1.0.16.20</example>
271
+ <param pos="0" name="os.vendor" value="Grandstream"/>
272
+ <param pos="0" name="os.product" value="UCM6208 Firmware"/>
273
+ <param pos="2" name="os.version"/>
274
+ <param pos="0" name="os.device" value="SIP Gateway"/>
275
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6208_firmware:{os.version}"/>
276
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
277
+ <param pos="0" name="hw.product" value="UCM6208"/>
278
+ <param pos="1" name="hw.version"/>
279
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
280
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6208:{hw.version}"/>
281
+ </fingerprint>
282
+
283
+ <fingerprint pattern="^Grandstream UCM6204V(\d\.\d\w) ([\d.]+)$">
284
+ <description>Grandstream UCM 6204</description>
285
+ <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6204V1.4A 1.0.15.16</example>
286
+ <param pos="0" name="os.vendor" value="Grandstream"/>
287
+ <param pos="0" name="os.product" value="UCM6204 Firmware"/>
288
+ <param pos="2" name="os.version"/>
289
+ <param pos="0" name="os.device" value="SIP Gateway"/>
290
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6204_firmware:{os.version}"/>
291
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
292
+ <param pos="0" name="hw.product" value="UCM6204"/>
293
+ <param pos="1" name="hw.version"/>
294
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
295
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
296
+ </fingerprint>
297
+
298
+ <fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">
299
+ <description>Grandstream UCM 6202</description>
300
+ <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6202V1.4A 1.0.15.16</example>
301
+ <param pos="0" name="os.vendor" value="Grandstream"/>
302
+ <param pos="0" name="os.product" value="UCM6202 Firmware"/>
303
+ <param pos="2" name="os.version"/>
304
+ <param pos="0" name="os.device" value="SIP Gateway"/>
305
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6202_firmware:{os.version}"/>
306
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
307
+ <param pos="0" name="hw.product" value="UCM6202"/>
308
+ <param pos="1" name="hw.version"/>
309
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
310
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6202:{hw.version}"/>
311
+ </fingerprint>
312
+
313
+ <fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
314
+ <description>Grandstream UCM 6xxx series generic</description>
315
+ <example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
316
+ <example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
317
+ <example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
318
+ <param pos="0" name="os.vendor" value="Grandstream"/>
319
+ <param pos="3" name="os.version"/>
320
+ <param pos="0" name="os.device" value="SIP Gateway"/>
321
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
322
+ <param pos="1" name="hw.product"/>
323
+ <param pos="2" name="hw.version"/>
324
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
325
+ </fingerprint>
326
+
158
327
  <!-- Various -->
159
328
 
160
329
  <fingerprint pattern="EnGenius_Router$">
@@ -249,7 +418,7 @@
249
418
  <param pos="1" name="hw.product"/>
250
419
  </fingerprint>
251
420
 
252
- <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
421
+ <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
253
422
  <description>Audiocodes-Sip-Gateway</description>
254
423
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
255
424
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
@@ -275,6 +444,18 @@
275
444
  <param pos="0" name="hw.product" value="SIP Gateway"/>
276
445
  </fingerprint>
277
446
 
447
+ <fingerprint pattern="^Wildix GW ([\d.~a-h]+)$">
448
+ <description>Wildix SIP Gateway - timestamp/build variant</description>
449
+ <example os.version="20201008.1~a2e84be1">Wildix GW 20201008.1~a2e84be1</example>
450
+ <param pos="0" name="os.vendor" value="Wildix"/>
451
+ <param pos="0" name="os.family" value="SIP Gateway"/>
452
+ <param pos="1" name="os.version"/>
453
+ <param pos="0" name="hw.vendor" value="Wildix"/>
454
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
455
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
456
+ <param pos="0" name="hw.product" value="SIP Gateway"/>
457
+ </fingerprint>
458
+
278
459
  <fingerprint pattern="^Wildix GW$">
279
460
  <description>Wildix SIP Gateway w/o Version</description>
280
461
  <example>Wildix GW</example>
@@ -286,6 +467,18 @@
286
467
  <param pos="0" name="hw.product" value="SIP Gateway"/>
287
468
  </fingerprint>
288
469
 
470
+ <fingerprint pattern="^PBX-IP Media Gateway/([\d.]+)$">
471
+ <description>Dialogic Media Gateway w Version</description>
472
+ <example os.version="2.1">PBX-IP Media Gateway/2.1</example>
473
+ <param pos="0" name="os.vendor" value="Dialogic"/>
474
+ <param pos="0" name="os.family" value="SIP Gateway"/>
475
+ <param pos="1" name="os.version"/>
476
+ <param pos="0" name="hw.vendor" value="Dialogic"/>
477
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
478
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
479
+ <param pos="0" name="hw.product" value="Media Gateway"/>
480
+ </fingerprint>
481
+
289
482
  <fingerprint pattern="^Asterisk PBX (\S+)$">
290
483
  <description>Asterisk PBX w/ Version</description>
291
484
  <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
@@ -314,14 +507,115 @@
314
507
  <param pos="1" name="service.version"/>
315
508
  </fingerprint>
316
509
 
317
- <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
318
- <description>Kamailio SIP Server</description>
319
- <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
510
+ <!-- Kamailio seems to be a successor to OpenSER and perhaps OpenSIPS? -->
511
+
512
+ <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
513
+ <description>Kamailio Kamailio - Linux on x86_64</description>
514
+ <example service.version="4.4.4">kamailio (4.4.4 (x86_64/linux))</example>
320
515
  <param pos="0" name="service.vendor" value="Kamailio"/>
321
- <param pos="0" name="service.family" value="SIP Server"/>
322
- <param pos="0" name="service.product" value="SIP Server"/>
516
+ <param pos="0" name="service.product" value="Kamailio"/>
517
+ <param pos="1" name="service.version"/>
518
+ <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
519
+ <param pos="0" name="os.family" value="Linux"/>
520
+ <param pos="0" name="os.product" value="Linux"/>
521
+ <param pos="0" name="os.arch" value="x86_64"/>
522
+ </fingerprint>
523
+
524
+ <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
525
+ <description>Kamailio Kamailio - Linux on x86</description>
526
+ <example service.version="1.5.2">Kamailio (1.5.2-notls (i386/linux))</example>
527
+ <param pos="0" name="service.vendor" value="Kamailio"/>
528
+ <param pos="0" name="service.product" value="Kamailio"/>
529
+ <param pos="1" name="service.version"/>
530
+ <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
531
+ <param pos="0" name="os.family" value="Linux"/>
532
+ <param pos="0" name="os.product" value="Linux"/>
533
+ <param pos="0" name="os.arch" value="x86"/>
534
+ </fingerprint>
535
+
536
+ <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
537
+ <description>OpenSIPS OpenSIPS - Linux on x86_64</description>
538
+ <example service.version="1.7.2">OpenSIPS (1.7.2-notls (x86_64/linux))</example>
539
+ <example service.version="1.11.11">OpenSIPS (1.11.11-tls (x86_64/linux))</example>
540
+ <example service.version="2.2.7">OpenSIPS (2.2.7 (x86_64/linux))</example>
541
+ <param pos="0" name="service.vendor" value="OpenSIPS"/>
542
+ <param pos="0" name="service.product" value="OpenSIPS"/>
543
+ <param pos="1" name="service.version"/>
544
+ <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
545
+ <param pos="0" name="os.family" value="Linux"/>
546
+ <param pos="0" name="os.product" value="Linux"/>
547
+ <param pos="0" name="os.arch" value="x86_64"/>
548
+ </fingerprint>
549
+
550
+ <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
551
+ <description>OpenSIPS OpenSIPS - Linux on x86</description>
552
+ <example service.version="1.8.2">OpenSIPS (1.8.2-notls (i386/linux))</example>
553
+ <example service.version="1.11.3">OpenSIPS (1.11.3-tls (i386/linux))</example>
554
+ <example service.version="2.3.3">OpenSIPS (2.3.3 (i386/linux))</example>
555
+ <param pos="0" name="service.vendor" value="OpenSIPS"/>
556
+ <param pos="0" name="service.product" value="OpenSIPS"/>
557
+ <param pos="1" name="service.version"/>
558
+ <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
559
+ <param pos="0" name="os.family" value="Linux"/>
560
+ <param pos="0" name="os.product" value="Linux"/>
561
+ <param pos="0" name="os.arch" value="x86"/>
562
+ </fingerprint>
563
+
564
+ <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(arm(?:v4tl|v7l)?/linux\)\)$">
565
+ <description>OpenSIPS OpenSIPS - Linux on ARM</description>
566
+ <example service.version="2.2.2">OpenSIPS (2.2.2 (arm/linux))</example>
567
+ <example service.version="1.6.0">OpenSIPS (1.6.0-notls (armv4tl/linux))</example>
568
+ <example service.version="1.11.5">OpenSIPS (1.11.5-tls (armv7l/linux))</example>
569
+ <param pos="0" name="service.vendor" value="OpenSIPS"/>
570
+ <param pos="0" name="service.product" value="OpenSIPS"/>
571
+ <param pos="1" name="service.version"/>
572
+ <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
573
+ <param pos="0" name="os.family" value="Linux"/>
574
+ <param pos="0" name="os.product" value="Linux"/>
575
+ <param pos="0" name="os.arch" value="ARM"/>
576
+ </fingerprint>
577
+
578
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
579
+ <description>OpenSER OpenSER - Linux on Renesas SH4</description>
580
+ <example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
581
+ <param pos="0" name="service.vendor" value="OpenSER"/>
582
+ <param pos="0" name="service.product" value="OpenSER"/>
583
+ <param pos="1" name="service.version"/>
584
+ <param pos="0" name="os.family" value="Linux"/>
585
+ <param pos="0" name="os.product" value="Linux"/>
586
+ </fingerprint>
587
+
588
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
589
+ <description>OpenSER OpenSER - Linux on x86_64</description>
590
+ <example service.version="1.1.0">OpenSer (1.1.0-notls (x86_64/linux))</example>
591
+ <param pos="0" name="service.vendor" value="OpenSER"/>
592
+ <param pos="0" name="service.product" value="OpenSER"/>
593
+ <param pos="1" name="service.version"/>
594
+ <param pos="0" name="os.family" value="Linux"/>
595
+ <param pos="0" name="os.product" value="Linux"/>
596
+ <param pos="0" name="os.arch" value="x86_64"/>
597
+ </fingerprint>
598
+
599
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
600
+ <description>OpenSER OpenSER - Linux on x86</description>
601
+ <example service.version="1.3.0">OpenSER (1.3.0-notls (i386/linux))</example>
602
+ <param pos="0" name="service.vendor" value="OpenSER"/>
603
+ <param pos="0" name="service.product" value="OpenSER"/>
604
+ <param pos="1" name="service.version"/>
605
+ <param pos="0" name="os.family" value="Linux"/>
606
+ <param pos="0" name="os.product" value="Linux"/>
607
+ <param pos="0" name="os.arch" value="x86"/>
608
+ </fingerprint>
609
+
610
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(arm/linux\)\)$">
611
+ <description>OpenSER OpenSER - Linux on ARM</description>
612
+ <example service.version="1.3.2">OpenSER (1.3.2-tls (arm/linux))</example>
613
+ <param pos="0" name="service.vendor" value="OpenSER"/>
614
+ <param pos="0" name="service.product" value="OpenSER"/>
323
615
  <param pos="1" name="service.version"/>
324
- <param pos="2" name="kamailio.platform"/>
616
+ <param pos="0" name="os.family" value="Linux"/>
617
+ <param pos="0" name="os.product" value="Linux"/>
618
+ <param pos="0" name="os.arch" value="ARM"/>
325
619
  </fingerprint>
326
620
 
327
621
  <!-- This match covers multiple product families and should be split up further -->
@@ -351,4 +645,75 @@
351
645
  <param pos="0" name="hw.product" value="SIParator Firewall"/>
352
646
  </fingerprint>
353
647
 
648
+ <fingerprint pattern="^CommuniGatePro/(\d\.[\w.]+)$">
649
+ <description>Communigate Pro</description>
650
+ <example service.version="6.2.14">CommuniGatePro/6.2.14</example>
651
+ <example service.version="6.3c1m">CommuniGatePro/6.3c1m</example>
652
+ <param pos="0" name="service.vendor" value="Communigate"/>
653
+ <param pos="0" name="service.family" value="Pro"/>
654
+ <param pos="0" name="service.product" value="Communigate Pro"/>
655
+ <param pos="1" name="service.version"/>
656
+ <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
657
+ </fingerprint>
658
+
659
+ <fingerprint pattern="^STARFACE PBX$">
660
+ <description>STARFACE GmhH STARFACE PBX</description>
661
+ <example>STARFACE PBX</example>
662
+ <param pos="0" name="service.vendor" value="STARFACE GmhH"/>
663
+ <param pos="0" name="service.family" value="SIP Server"/>
664
+ <param pos="0" name="service.product" value="STARFACE PBX"/>
665
+ </fingerprint>
666
+
667
+ <fingerprint pattern="^FortiVoice-([\w-]+)$">
668
+ <description>Fortinet FortiVoice</description>
669
+ <example hw.product="200D">FortiVoice-200D</example>
670
+ <example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
671
+ <example>FortiVoice-1000E</example>
672
+ <param pos="0" name="service.vendor" value="Fortinet"/>
673
+ <param pos="0" name="service.product" value="FortiVoice"/>
674
+ <param pos="0" name="service.device" value="SIP Gateway"/>
675
+ <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:-"/>
676
+ <param pos="0" name="hw.vendor" value="Fortinet"/>
677
+ <param pos="0" name="hw.family" value="FortiVoice"/>
678
+ <param pos="1" name="hw.product"/>
679
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
680
+ </fingerprint>
681
+
682
+ <fingerprint pattern="^Freeswitch ([\d.]+)$">
683
+ <description>FreeSWITCH FreeSWITCH</description>
684
+ <example service.version="2.0.0">Freeswitch 2.0.0</example>
685
+ <param pos="0" name="service.vendor" value="FreeSWITCH"/>
686
+ <param pos="0" name="service.product" value="FreeSWITCH"/>
687
+ <param pos="1" name="service.version"/>
688
+ <param pos="0" name="service.device" value="SIP Gateway"/>
689
+ <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
690
+ </fingerprint>
691
+
692
+ <fingerprint pattern="^(OpenStage|OpenScape)_(\d+)_(V\d \S+) ">
693
+ <description>Unify OpenStage VoIP Phone 1</description>
694
+ <example hw.family="OpenStage" unify.model="40" os.version="V3 R5.13.0">OpenStage_40_V3 R5.13.0 SIP 190111</example>
695
+ <param pos="0" name="os.vendor" value="Unify"/>
696
+ <param pos="0" name="os.product" value="{hw.family} {unify.model} Firmware"/>
697
+ <param pos="0" name="hw.vendor" value="Unify"/>
698
+ <param pos="0" name="hw.product" value="{hw.family} {unify.model}"/>
699
+ <param pos="0" name="hw.device" value="VoIP"/>
700
+ <param pos="1" name="hw.family"/>
701
+ <param pos="2" name="unify.model"/>
702
+ <param pos="3" name="os.version"/>
703
+ </fingerprint>
704
+
705
+ <fingerprint pattern="^Desk_Phone_IP_(CP\d+[EXT]?)_(V\d \S+) ">
706
+ <description>Unify OpenStage VoIP Phone 2</description>
707
+ <example unify.model="CP200" os.version="V1 R6.14.0">Desk_Phone_IP_CP200_V1 R6.14.0 SIP 190802</example>
708
+ <example unify.model="CP400" os.version="V1 R6.14.0">Desk_Phone_IP_CP400_V1 R6.14.0 SIP 190802</example>
709
+ <example unify.model="CP600" os.version="V1 R6.14.0">Desk_Phone_IP_CP600_V1 R6.14.0 SIP 190802</example>
710
+ <param pos="0" name="os.vendor" value="Unify"/>
711
+ <param pos="0" name="hw.vendor" value="Unify"/>
712
+ <param pos="0" name="hw.family" value="OpenScape Desk Phone"/>
713
+ <param pos="0" name="hw.product" value="{hw.family} {unify.model}"/>
714
+ <param pos="0" name="hw.device" value="VoIP"/>
715
+ <param pos="1" name="unify.model"/>
716
+ <param pos="2" name="os.version"/>
717
+ </fingerprint>
718
+
354
719
  </fingerprints>