recog 2.3.18 → 2.3.22

data/xml/sip_user_agents.xml

@@ -4,6 +4,95 @@
   SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
   -->
 
+  <!-- Generic high volume matches -->
+
+  <fingerprint pattern="^SIP/2.0$">
+    <description>Generic SIP/2.0 response -- assert nothing.</description>
+    <example>SIP/2.0</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^TP-Link SIP Stack V1.0.0$">
+    <description>TP-Link SIP enabled device</description>
+    <example>TP-Link SIP Stack V1.0.0</example>
+    <param pos="0" name="hw.vendor" value="TP-LINK"/>
+  </fingerprint>
+
+  <fingerprint pattern="^DLink VoIP Stack$">
+    <description>DLink SIP enabled device</description>
+    <example>DLink VoIP Stack</example>
+    <param pos="0" name="hw.vendor" value="D-Link"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Home&amp;Life HUB/([\d.]+)$">
+    <description>Zyxel home routers</description>
+    <example>Home&amp;Life HUB/1.1.26.00</example>
+    <param pos="0" name="os.vendor" value="Zyxel"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="hw.vendor" value="Zyxel"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
+  <!-- Technicolor devices -->
+
+  <fingerprint pattern="^Technicolor / VANT-6 / AGTOT_([\d.]+) / AGTOT_[\d.]+$">
+    <description>Technicolor TG789vac Router</description>
+    <example os.version="2.1.4">Technicolor / VANT-6 / AGTOT_2.1.4 / AGTOT_2.1.4</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="0" name="hw.product" value="TG789vac"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Technicolor / VANT-6$">
+    <description>Technicolor TG789vac Router w/o version string</description>
+    <example>Technicolor / VANT-6</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="0" name="hw.product" value="TG789vac"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Technicolor|MediaAccess) (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
+    <description>Technicolor TGxxx Router with build info</description>
+    <example hw.product="TG784n" os.version="10.2.1.O">Technicolor TG784n v3 Build 10.2.1.O</example>
+    <example hw.product="TG789vn" os.version="10.5.2.Z.EC">Technicolor TG789vn v3 Build 10.5.2.Z.EC</example>
+    <example>MediaAccess TG789vac v2 Build 10.5.8.Y.GX CP1916SAQHD</example>
+    <example hw.product="TG799vn" os.version="10.5.2.T.JF">Technicolor TG799vn v2 Build 10.5.2.T.JF</example>
+    <example hw.product="TG788vn" os.version="10.5.2.S.GD">MediaAccess TG788vn v2 Build 10.5.2.S.GD</example>
+    <example hw.product="TG799vac" os.version="17.2.0405-1021">MediaAccess TG799vac Build 17.2.0405-1021</example>
+    <example hw.product="TG389">MediaAccess TG389 Build 10.5.2.T.AQ</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
+  <!-- Thomson was an older name for Technicolor-->
+
+  <fingerprint pattern="^Thomson (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
+    <description>Thomson TGxxx Router with build info</description>
+    <example hw.product="TG784" os.version="8.4.2.Q">Thomson TG784 Build 8.4.2.Q</example>
+    <example hw.product="TG784n" os.version="8.4.H.F">Thomson TG784n Build 8.4.H.F</example>
+    <example hw.product="TG797n" os.version="8.C.D.9">Thomson TG797n v2 Build 8.C.D.9</example>
+    <param pos="0" name="os.vendor" value="Thomson"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Thomson"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
   <!-- Axis devices -->
 
   <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
@@ -40,13 +129,44 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Cisco-CP(39\d{2})/([\d.]+)$">
+    <description>Cisco Unified SIP Phone 3900 Series</description>
+    <example cisco.model="3905" hw.product="Unified SIP Phone 3905" os.version="9.4.1">Cisco-CP3905/9.4.1</example>
+    <param pos="1" name="cisco.model"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="Unified SIP Phone {cisco.model}"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="Unified SIP Phone 3900 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.certainty" value="0.95"/>
+    <param pos="0" name="os.certainty" value="0.95"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:unified_sip_phone_3900_firmware:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Cisco-ATA(\d{3})/([\d.]+)$">
+    <description>Cisco Analog Telephone Adapters (ATA)</description>
+    <example cisco.model="187" hw.product="ATA 187" os.version="9.2.3">Cisco-ATA187/9.2.3</example>
+    <param pos="1" name="cisco.model"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="ATA {cisco.model}"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="ATA {cisco.model} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.certainty" value="0.9"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+
   <!-- AVM.DE Devices -->
 
   <fingerprint pattern="^FRITZ!OS$">
-    <description>AVM FritzOS Device</description>
+    <description>AVM Fritz!OS Device</description>
     <example>FRITZ!OS</example>
     <param pos="0" name="os.vendor" value="AVM"/>
-    <param pos="0" name="os.product" value="FRITZ!BOX"/>
+    <param pos="0" name="os.product" value="FRITZ!OS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:avm:fritz\!os:-"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
@@ -67,6 +187,8 @@
     <param pos="0" name="os.family" value="FRITZ!Box"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="0" name="hw.family" value="FRITZ!Box"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
@@ -77,15 +199,19 @@
     <param pos="0" name="os.family" value="FRITZ!Fon"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="0" name="hw.family" value="FRITZ!Fon"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
-    <description>AVM Multibox</description>
+    <description>AVM Multibox - Generic</description>
     <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
     <param pos="0" name="os.vendor" value="AVM"/>
     <param pos="0" name="os.family" value="Multibox"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <!-- Huawei devices -->
@@ -196,7 +322,7 @@
     <param pos="2" name="hw.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
+  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)$">
     <description>Nero SIPPS IP Phone</description>
     <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
     <param pos="0" name="service.vendor" value="Nero"/>
@@ -206,10 +332,11 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
+  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel [\d\.]+\)$">
     <description>ShoreTel VoIP Switch</description>
     <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
     <example hw.version="22.11.4900.0">ShoreGear/22.11.4900.0 (ShoreTel 15)</example>
+    <example hw.version="19.48.2600.0">ShoreGear/19.48.2600.0 (ShoreTel 14.2)</example>
     <param pos="0" name="hw.vendor" value="ShoreTel"/>
     <param pos="0" name="hw.device" value="VoIP Switch"/>
     <param pos="1" name="hw.version"/>
@@ -245,4 +372,249 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
 
+  <!-- Grandstream -->
+
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+
+  <fingerprint pattern="^Grandstream HT818 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT818</description>
+    <example os.version="1.0.8.7">Grandstream HT818 1.0.8.7</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT818 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht818_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT818"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht818:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT814 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT814</description>
+    <example os.version="1.0.9.3">Grandstream HT814 1.0.9.3</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT814 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht814_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT814"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht814:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT813 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT813</description>
+    <example os.version="1.0.1.2">Grandstream HT813 1.0.1.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT813 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht813_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT813"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht813:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT812 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT812</description>
+    <example os.version="1.0.3.5">Grandstream HT812 1.0.3.5</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT812 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht812_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT812"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht812:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT802 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT802</description>
+    <example os.version="1.0.3.2">Grandstream HT802 1.0.3.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT802 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht802_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT802"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht802:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT801 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT801</description>
+    <example os.version="1.0.3.2">Grandstream HT801 1.0.3.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT801 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht801_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT801"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht801:-"/>
+  </fingerprint>
+
+  <!-- Grandstream Handy Tone catchall for when CPEs aren't required for vuln mapping-->
+
+  <fingerprint pattern="^Grandstream (HT7\d\d) ([\d.]+)$">
+    <description>Grandstream Handy Tone HT7xx</description>
+    <example hw.product="HT701" os.version="1.0.8.2">Grandstream HT701 1.0.8.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+
+  <fingerprint pattern="^Grandstream GXP2200 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP2200</description>
+    <example os.version="1.0.3.27">Grandstream GXP2200 1.0.3.27</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP2200 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp2200_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP2200"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp2200:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1628 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1628</description>
+    <example os.version="1.0.7.6">Grandstream GXP1628 1.0.7.6</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1628 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1628_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1628"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1628:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1625 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1625</description>
+    <example os.version="1.0.4.128">Grandstream GXP1625 1.0.4.128</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1625 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1625_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1625"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1625:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1615 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1615</description>
+    <example os.version="1.0.4.128">Grandstream GXP1615 1.0.4.128</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1615 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1615_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1615"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1615:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1610 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1610</description>
+    <example os.version="1.0.4.138">Grandstream GXP1610 1.0.4.138</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1610 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1610_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1610"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1610:-"/>
+  </fingerprint>
+
+  <!-- Grandstream GXP catchall for when CPEs aren't required for vuln mapping-->
+
+  <fingerprint pattern="^Grandstream (GXP\d\d\d\d) ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone</description>
+    <example hw.product="GXP2135" os.version="1.0.9.108">Grandstream GXP2135 1.0.9.108</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FortiVoice/([\w.-]+)$">
+    <description>Fortinet FortiVoice</description>
+    <example service.version="7.31b00">FortiVoice/7.31b00</example>
+    <example service.version="5.2.95-5">FortiVoice/5.2.95-5</example>
+    <param pos="0" name="service.vendor" value="Fortinet"/>
+    <param pos="0" name="service.product" value="FortiVoice"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:{service.version}"/>
+    <param pos="0" name="hw.vendor" value="Fortinet"/>
+    <param pos="0" name="hw.family" value="FortiVoice"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FreeSWITCH$">
+    <description>FreeSWITCH FreeSWITCH without version</description>
+    <example>FreeSWITCH</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FreeSWITCH-mod_sofia/([\d.]+)">
+    <description>FreeSWITCH FreeSWITCH with version, mod_sofia</description>
+    <example service.version="1.10.4">FreeSWITCH-mod_sofia/1.10.4-release+git~20200805T110119Z~133fc2c870~64bit</example>
+    <example service.version="1.6.20">FreeSWITCH-mod_sofia/1.6.20~64bit</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Valcom (VIP-\w+) sw([\d.]+)">
+    <description>Valcom SIP device with version</description>
+    <example os.version="1.50.28">Valcom VIP-204 sw1.50.28</example>
+    <param pos="0" name="os.vendor" value="Valcom"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="hw.vendor" value="Valcom"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+  </fingerprint>
+
+  <fingerprint pattern="^DX800A/([\d.]+)$">
+    <description>Gigaset SIP Phones</description>
+    <example os.version="41.175.00.000.000">DX800A/41.175.00.000.000</example>
+    <param pos="0" name="hw.vendor" value="Gigaset"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="DX800A"/>
+    <param pos="0" name="os.vendor" value="Gigaset"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/smb_native_lm.xml

@@ -40,7 +40,7 @@
   <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
     <description>Samba</description>
     <example>Samba 3.0.24</example>
-    <example>Samba 3.0.28a</example>
+    <example service.version="3.0.28a">Samba 3.0.28a</example>
     <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
     <example>Samba 3.6.3</example>
     <example>Samba 3.6.6</example>
@@ -51,6 +51,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Samba (?:Samba )?for GuardianOS v\.?(\d\.[\d.]+)$">
+    <description>Samba on a SnapServer appliance</description>
+    <example os.version="4.3.007.200609131215">Samba Samba for GuardianOS v4.3.007.200609131215</example>
+    <example os.version="5.0.133.200807301131">Samba Samba for GuardianOS v5.0.133.200807301131</example>
+    <example os.version="7.7.220">Samba for GuardianOS v.7.7.220</example>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
+    <param pos="0" name="os.vendor" value="SnapServer"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="GuardianOS"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+
   <fingerprint pattern="^Netreon LANMAN 1.0$">
     <description>Netreon SAN software</description>
     <example>Netreon LANMAN 1.0</example>
@@ -67,4 +81,21 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^NQ (\d\.\d+)$">
+    <description>Visuality Systems NQ Enterprise Storage SMB stack</description>
+    <example service.version="7.3">NQ 7.3</example>
+    <example service.version="4.32">NQ 4.32</example>
+    <param pos="0" name="service.vendor" value="Visuality Systems"/>
+    <param pos="0" name="service.product" value="NQ"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^YNQ (\d\.[\d.]+)$">
+    <description>Visuality Systems YNQ Storage SMB stack</description>
+    <example service.version="1.2.1">YNQ 1.2.1</example>
+    <param pos="0" name="service.vendor" value="Visuality Systems"/>
+    <param pos="0" name="service.product" value="YNQ"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
 </fingerprints>