recog 2.3.18 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
data/xml/ssh_banners.xml CHANGED
@@ -33,12 +33,12 @@
33
33
  <param pos="0" name="service.product" value="iLO"/>
34
34
  <param pos="0" name="service.family" value="iLO"/>
35
35
  <param pos="1" name="service.version"/>
36
- <param pos="0" name="service.cpe23" value="cpe:/a:hp:integrated_lights_out:{service.version}"/>
37
36
  <param pos="0" name="hw.vendor" value="HP"/>
38
37
  <param pos="0" name="os.vendor" value="HP"/>
39
38
  <param pos="0" name="os.product" value="iLO"/>
40
39
  <param pos="0" name="os.family" value="iLO"/>
41
40
  <param pos="0" name="os.device" value="Lights Out Management"/>
41
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
42
42
  </fingerprint>
43
43
 
44
44
  <fingerprint pattern="^Serv-U_([\d\.]+)$">
@@ -59,7 +59,7 @@
59
59
  <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:ws_ftp:{service.version}"/>
60
60
  </fingerprint>
61
61
 
62
- <fingerprint pattern="IPSSH[-_]([\d\.p]+).*$">
62
+ <fingerprint pattern="IPSSH[-_]([\d\.p]+)">
63
63
  <description>VxWorks with version information</description>
64
64
  <example os.version="6.9.0">IPSSH-6.9.0</example>
65
65
  <param pos="0" name="os.vendor" value="Wind River"/>
@@ -552,7 +552,7 @@
552
552
  </fingerprint>
553
553
 
554
554
  <fingerprint pattern="^OpenSSH_(7\.8) (FreeBSD-20180909)$">
555
- <description>OpenSSH running on FreeBSD 12.0</description>
555
+ <description>OpenSSH running on FreeBSD 12.0/12.1</description>
556
556
  <example service.version="7.8" openssh.comment="FreeBSD-20180909">OpenSSH_7.8 FreeBSD-20180909</example>
557
557
  <param pos="1" name="service.version"/>
558
558
  <param pos="2" name="openssh.comment"/>
@@ -888,9 +888,10 @@
888
888
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
889
889
  </fingerprint>
890
890
 
891
- <fingerprint pattern="^OpenSSH_(6\.2p2) (Ubuntu-6unbuntu\d(?:\.\d)?)$">
891
+ <fingerprint pattern="^OpenSSH_(6\.2p2) (Ubuntu-6\S*)$">
892
892
  <description>OpenSSH running on Ubuntu 13.10</description>
893
893
  <example service.version="6.2p2" openssh.comment="Ubuntu-6unbuntu0.4">OpenSSH_6.2p2 Ubuntu-6unbuntu0.4</example>
894
+ <example service.version="6.2p2" openssh.comment="Ubuntu-6">OpenSSH_6.2p2 Ubuntu-6</example>
894
895
  <param pos="1" name="service.version"/>
895
896
  <param pos="2" name="openssh.comment"/>
896
897
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -917,10 +918,11 @@
917
918
  <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
918
919
  </fingerprint>
919
920
 
920
- <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
921
+ <fingerprint pattern="^OpenSSH_(6\.6(?:\.1)?p1) (Ubuntu-2\S*)$">
921
922
  <description>OpenSSH running on Ubuntu 14.04</description>
922
923
  <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
923
924
  <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
925
+ <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2.13">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13</example>
924
926
  <param pos="1" name="service.version"/>
925
927
  <param pos="2" name="openssh.comment"/>
926
928
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -950,9 +952,10 @@
950
952
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
951
953
  </fingerprint>
952
954
 
953
- <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
955
+ <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5\S*)$">
954
956
  <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
955
957
  <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
958
+ <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1.4">OpenSSH_6.7p1 Ubuntu-5ubuntu1.4</example>
956
959
  <param pos="1" name="service.version"/>
957
960
  <param pos="2" name="openssh.comment"/>
958
961
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -966,9 +969,10 @@
966
969
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:15.04"/>
967
970
  </fingerprint>
968
971
 
969
- <fingerprint pattern="^OpenSSH_(6\.9p1) (Ubuntu-2)$">
972
+ <fingerprint pattern="^OpenSSH_(6\.9p1) (Ubuntu-2\S*)$">
970
973
  <description>OpenSSH running on Ubuntu 15.10</description>
971
974
  <example service.version="6.9p1" openssh.comment="Ubuntu-2">OpenSSH_6.9p1 Ubuntu-2</example>
975
+ <example service.version="6.9p1" openssh.comment="Ubuntu-2ubuntu0.2">OpenSSH_6.9p1 Ubuntu-2ubuntu0.2</example>
972
976
  <param pos="1" name="service.version"/>
973
977
  <param pos="2" name="openssh.comment"/>
974
978
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -982,9 +986,11 @@
982
986
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:15.10"/>
983
987
  </fingerprint>
984
988
 
985
- <fingerprint pattern="^OpenSSH_(7\.2p2) (Ubuntu-4ubuntu\d(?:\.\d)?)$">
989
+ <fingerprint pattern="^OpenSSH_(7\.2p2) (Ubuntu-4\S*)$">
986
990
  <description>OpenSSH running on Ubuntu 16.04 (vivid)</description>
987
991
  <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu2.7">OpenSSH_7.2p2 Ubuntu-4ubuntu2.7</example>
992
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu1">OpenSSH_7.2p2 Ubuntu-4ubuntu1</example>
993
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4">OpenSSH_7.2p2 Ubuntu-4</example>
988
994
  <param pos="1" name="service.version"/>
989
995
  <param pos="2" name="openssh.comment"/>
990
996
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1030,9 +1036,10 @@
1030
1036
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:17.04"/>
1031
1037
  </fingerprint>
1032
1038
 
1033
- <fingerprint pattern="^OpenSSH_(7\.5p1) (Ubuntu-10ubuntu\d(?:\.\d)?)$">
1039
+ <fingerprint pattern="^OpenSSH_(7\.5p1) (Ubuntu-10\S*)$">
1034
1040
  <description>OpenSSH running on Ubuntu 17.10</description>
1035
1041
  <example service.version="7.5p1" openssh.comment="Ubuntu-10ubuntu0.1">OpenSSH_7.5p1 Ubuntu-10ubuntu0.1</example>
1042
+ <example service.version="7.5p1" openssh.comment="Ubuntu-10">OpenSSH_7.5p1 Ubuntu-10</example>
1036
1043
  <param pos="1" name="service.version"/>
1037
1044
  <param pos="2" name="openssh.comment"/>
1038
1045
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1046,9 +1053,10 @@
1046
1053
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:17.10"/>
1047
1054
  </fingerprint>
1048
1055
 
1049
- <fingerprint pattern="^OpenSSH_(7\.6p1) (Ubuntu-4ubuntu\d(?:\.\d)?)$">
1056
+ <fingerprint pattern="^OpenSSH_(7\.6p1) (Ubuntu-4\S*)$">
1050
1057
  <description>OpenSSH running on Ubuntu 18.04</description>
1051
1058
  <example service.version="7.6p1" openssh.comment="Ubuntu-4ubuntu0.3">OpenSSH_7.6p1 Ubuntu-4ubuntu0.3</example>
1059
+ <example service.version="7.6p1" openssh.comment="Ubuntu-4">OpenSSH_7.6p1 Ubuntu-4</example>
1052
1060
  <param pos="1" name="service.version"/>
1053
1061
  <param pos="2" name="openssh.comment"/>
1054
1062
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1062,9 +1070,10 @@
1062
1070
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
1063
1071
  </fingerprint>
1064
1072
 
1065
- <fingerprint pattern="^OpenSSH_(7\.7p1) (Ubuntu-4)$">
1073
+ <fingerprint pattern="^OpenSSH_(7\.7p1) (Ubuntu-4\S*)$">
1066
1074
  <description>OpenSSH running on Ubuntu 18.10</description>
1067
1075
  <example service.version="7.7p1" openssh.comment="Ubuntu-4">OpenSSH_7.7p1 Ubuntu-4</example>
1076
+ <example service.version="7.7p1" openssh.comment="Ubuntu-4ubuntu0.3">OpenSSH_7.7p1 Ubuntu-4ubuntu0.3</example>
1068
1077
  <param pos="1" name="service.version"/>
1069
1078
  <param pos="2" name="openssh.comment"/>
1070
1079
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1110,6 +1119,39 @@
1110
1119
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:19.10"/>
1111
1120
  </fingerprint>
1112
1121
 
1122
+ <fingerprint pattern="^OpenSSH_(8\.2p1) (Ubuntu-4\S*)$">
1123
+ <description>OpenSSH running on Ubuntu 20.04</description>
1124
+ <example service.version="8.2p1" openssh.comment="Ubuntu-4ubuntu0.1">OpenSSH_8.2p1 Ubuntu-4ubuntu0.1</example>
1125
+ <example service.version="8.2p1" openssh.comment="Ubuntu-4">OpenSSH_8.2p1 Ubuntu-4</example>
1126
+ <param pos="1" name="service.version"/>
1127
+ <param pos="2" name="openssh.comment"/>
1128
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1129
+ <param pos="0" name="service.family" value="OpenSSH"/>
1130
+ <param pos="0" name="service.product" value="OpenSSH"/>
1131
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1132
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1133
+ <param pos="0" name="os.family" value="Linux"/>
1134
+ <param pos="0" name="os.product" value="Linux"/>
1135
+ <param pos="0" name="os.version" value="20.04"/>
1136
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:20.04"/>
1137
+ </fingerprint>
1138
+
1139
+ <fingerprint pattern="^OpenSSH_(8\.3p1) (Ubuntu-1\S*)$">
1140
+ <description>OpenSSH running on Ubuntu 20.10</description>
1141
+ <example service.version="8.3p1" openssh.comment="Ubuntu-1">OpenSSH_8.3p1 Ubuntu-1</example>
1142
+ <param pos="1" name="service.version"/>
1143
+ <param pos="2" name="openssh.comment"/>
1144
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1145
+ <param pos="0" name="service.family" value="OpenSSH"/>
1146
+ <param pos="0" name="service.product" value="OpenSSH"/>
1147
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1148
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1149
+ <param pos="0" name="os.family" value="Linux"/>
1150
+ <param pos="0" name="os.product" value="Linux"/>
1151
+ <param pos="0" name="os.version" value="20.10"/>
1152
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:20.10"/>
1153
+ </fingerprint>
1154
+
1113
1155
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Ubuntu-\d\d?)$">
1114
1156
  <description>OpenSSH running on Ubuntu (unknown release)</description>
1115
1157
  <example service.version="7.6p1" openssh.comment="Ubuntu-2">OpenSSH_7.6p1 Ubuntu-2</example>
@@ -1329,9 +1371,56 @@
1329
1371
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
1330
1372
  </fingerprint>
1331
1373
 
1332
- <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10|Debian-\d\d?\+deb10u\d+)$">
1333
- <description>OpenSSH running on Debian 10.x (buster)</description>
1374
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10)$">
1375
+ <description>OpenSSH running on Debian 10.0 (buster)</description>
1334
1376
  <example service.version="7.9p1" openssh.comment="Debian-10">OpenSSH_7.9p1 Debian-10</example>
1377
+ <param pos="1" name="service.version"/>
1378
+ <param pos="2" name="openssh.comment"/>
1379
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1380
+ <param pos="0" name="service.family" value="OpenSSH"/>
1381
+ <param pos="0" name="service.product" value="OpenSSH"/>
1382
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1383
+ <param pos="0" name="os.vendor" value="Debian"/>
1384
+ <param pos="0" name="os.family" value="Linux"/>
1385
+ <param pos="0" name="os.product" value="Linux"/>
1386
+ <param pos="0" name="os.version" value="10.0"/>
1387
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
1388
+ </fingerprint>
1389
+
1390
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\+deb10u1)$">
1391
+ <description>OpenSSH running on Debian 10.1 (buster)</description>
1392
+ <example service.version="7.9p1" openssh.comment="Debian-10+deb10u1">OpenSSH_7.9p1 Debian-10+deb10u1</example>
1393
+ <param pos="1" name="service.version"/>
1394
+ <param pos="2" name="openssh.comment"/>
1395
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1396
+ <param pos="0" name="service.family" value="OpenSSH"/>
1397
+ <param pos="0" name="service.product" value="OpenSSH"/>
1398
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1399
+ <param pos="0" name="os.vendor" value="Debian"/>
1400
+ <param pos="0" name="os.family" value="Linux"/>
1401
+ <param pos="0" name="os.product" value="Linux"/>
1402
+ <param pos="0" name="os.version" value="10.1"/>
1403
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.1"/>
1404
+ </fingerprint>
1405
+
1406
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\+deb10u2)$">
1407
+ <description>OpenSSH running on Debian 10.2 (buster)</description>
1408
+ <example service.version="7.9p1" openssh.comment="Debian-10+deb10u2">OpenSSH_7.9p1 Debian-10+deb10u2</example>
1409
+ <param pos="1" name="service.version"/>
1410
+ <param pos="2" name="openssh.comment"/>
1411
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1412
+ <param pos="0" name="service.family" value="OpenSSH"/>
1413
+ <param pos="0" name="service.product" value="OpenSSH"/>
1414
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1415
+ <param pos="0" name="os.vendor" value="Debian"/>
1416
+ <param pos="0" name="os.family" value="Linux"/>
1417
+ <param pos="0" name="os.product" value="Linux"/>
1418
+ <param pos="0" name="os.version" value="10.2"/>
1419
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.2"/>
1420
+ </fingerprint>
1421
+
1422
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\S+)$">
1423
+ <description>OpenSSH running on Debian 10.x (buster catchall)</description>
1335
1424
  <example service.version="7.9p1" openssh.comment="Debian-10+deb10u6">OpenSSH_7.9p1 Debian-10+deb10u6</example>
1336
1425
  <param pos="1" name="service.version"/>
1337
1426
  <param pos="2" name="openssh.comment"/>
@@ -1402,6 +1491,7 @@
1402
1491
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-\d\d?\+deb9u\d+)$">
1403
1492
  <description>OpenSSH running on Raspbian (Debian 9 "Stretch" based)</description>
1404
1493
  <example service.version="7.4p1" openssh.comment="Raspbian-10+deb9u1">OpenSSH_7.4p1 Raspbian-10+deb9u1</example>
1494
+ <example service.version="7.4p1" openssh.comment="Raspbian-10+deb9u7">OpenSSH_7.4p1 Raspbian-10+deb9u7</example>
1405
1495
  <example service.version="7.4p1" openssh.comment="Raspbian-9+deb9u1">OpenSSH_7.4p1 Raspbian-9+deb9u1</example>
1406
1496
  <param pos="1" name="service.version"/>
1407
1497
  <param pos="2" name="openssh.comment"/>
@@ -1416,10 +1506,11 @@
1416
1506
  <param pos="0" name="hw.product" value="Raspberry Pi"/>
1417
1507
  </fingerprint>
1418
1508
 
1419
- <fingerprint pattern="^OpenSSH_(7\.9p1)\s+(Raspbian-(?:10|\d\d?\+deb10u\d+))$">
1509
+ <fingerprint pattern="^OpenSSH_(7\.9p1)\s+(Raspbian-(?:10|\d\d?\+deb10u\d+)(?:\+rpt\d)?)$">
1420
1510
  <description>OpenSSH running on Raspbian (Debian 10 "Buster" based)</description>
1421
1511
  <example service.version="7.9p1" openssh.comment="Raspbian-10">OpenSSH_7.9p1 Raspbian-10</example>
1422
1512
  <example service.version="7.9p1" openssh.comment="Raspbian-10+deb10u1">OpenSSH_7.9p1 Raspbian-10+deb10u1</example>
1513
+ <example service.version="7.9p1" openssh.comment="Raspbian-10+deb10u2+rpt1">OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1</example>
1423
1514
  <param pos="1" name="service.version"/>
1424
1515
  <param pos="2" name="openssh.comment"/>
1425
1516
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1615,7 +1706,7 @@
1615
1706
  <param pos="0" name="service.product" value="SSH"/>
1616
1707
  <param pos="0" name="os.vendor" value="Cisco"/>
1617
1708
  <param pos="0" name="os.product" value="Wireless LAN Controller"/>
1618
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
1709
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
1619
1710
  </fingerprint>
1620
1711
 
1621
1712
  <fingerprint pattern="(?i)^Cleo (\S+)/(\S+) SSH FTP server$">
@@ -1695,7 +1786,7 @@
1695
1786
  <param pos="1" name="os.version"/>
1696
1787
  </fingerprint>
1697
1788
 
1698
- <fingerprint pattern="^([\d.]+)[ _]sshlib:? (?i:GlobalScape)$">
1789
+ <fingerprint pattern="^([\d.]{1,8})[ _]sshlib:? (?i:GlobalScape)$">
1699
1790
  <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
1700
1791
  <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
1701
1792
  <example service.component.version="1.82">1.82_sshlib Globalscape</example>
@@ -1713,7 +1804,7 @@
1713
1804
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1714
1805
  </fingerprint>
1715
1806
 
1716
- <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
1807
+ <fingerprint pattern="^([\d.]{1,8}) sshlib: WinSSHD ([\w.-]*)$">
1717
1808
  <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
1718
1809
  <example service.component.version="1.78" service.version="4.15a">1.78 sshlib: WinSSHD 4.15a</example>
1719
1810
  <param pos="1" name="service.component.version"/>
@@ -1730,7 +1821,7 @@
1730
1821
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1731
1822
  </fingerprint>
1732
1823
 
1733
- <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
1824
+ <fingerprint pattern="^([\d.]{1,8}) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?">
1734
1825
  <description>Bitvise WinSSHD (which uses Bitvise flowssh) with version</description>
1735
1826
  <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
1736
1827
  <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
@@ -1749,7 +1840,7 @@
1749
1840
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1750
1841
  </fingerprint>
1751
1842
 
1752
- <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD)(?: :.*)?$">
1843
+ <fingerprint pattern="^([\d.]{1,8}) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD)(?: :.*)?$">
1753
1844
  <description>Bitvise WinSSHD (which uses Bitvise flowssh) without version</description>
1754
1845
  <example service.component.version="9.99">9.99 FlowSsh: Bitvise SSH Server (WinSSHD)</example>
1755
1846
  <example service.component.version="9.99">9.99 FlowSsh: Bitvise SSH Server (WinSSHD) : free only for personal non-commercial use</example>
@@ -1766,7 +1857,7 @@
1766
1857
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1767
1858
  </fingerprint>
1768
1859
 
1769
- <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
1860
+ <fingerprint pattern="^([\d.]{1,8}) sshlib: MOVEit DMZ SSH (.*)$">
1770
1861
  <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
1771
1862
  <param pos="1" name="service.component.version"/>
1772
1863
  <param pos="2" name="service.version"/>
@@ -1776,13 +1867,14 @@
1776
1867
  <param pos="0" name="service.vendor" value="Standard Networks"/>
1777
1868
  <param pos="0" name="service.family" value="MOVEit DMZ"/>
1778
1869
  <param pos="0" name="service.product" value="MOVEit DMZ"/>
1870
+ <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:moveit_dmz:{service.version}"/>
1779
1871
  <param pos="0" name="os.vendor" value="Microsoft"/>
1780
1872
  <param pos="0" name="os.family" value="Windows"/>
1781
1873
  <param pos="0" name="os.product" value="Windows"/>
1782
1874
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1783
1875
  </fingerprint>
1784
1876
 
1785
- <fingerprint pattern="^paramiko_([\d\.]+).*$">
1877
+ <fingerprint pattern="^paramiko_([\d\.]+)">
1786
1878
  <description>Paramiko</description>
1787
1879
  <example service.version="2.1.3">paramiko_2.1.3 501 command not implemented ERROR</example>
1788
1880
  <example service.version="2.1.4">paramiko_2.1.4</example>
@@ -1848,8 +1940,9 @@
1848
1940
  <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
1849
1941
  </fingerprint>
1850
1942
 
1851
- <fingerprint pattern="^([\s]*)\s*VShell$">
1943
+ <fingerprint pattern="^([\d.]{0,8})\s{1,8}VShell$">
1852
1944
  <description>VanDyke VShell</description>
1945
+ <example service.version="1.0.2">1.0.2 VShell</example>
1853
1946
  <param pos="1" name="service.version"/>
1854
1947
  <param pos="0" name="service.vendor" value="VanDyke Software"/>
1855
1948
  <param pos="0" name="service.family" value="VShell"/>
@@ -1864,10 +1957,11 @@
1864
1957
  <param pos="1" name="service.version"/>
1865
1958
  <param pos="0" name="service.vendor" value="Attachmate"/>
1866
1959
  <param pos="0" name="service.family" value="Reflection"/>
1867
- <param pos="0" name="service.product" value="Reflection"/>
1960
+ <param pos="0" name="service.product" value="Reflection for Secure IT"/>
1961
+ <param pos="0" name="service.cpe23" value="cpe:/a:attachmate:reflection_for_secure_it:{service.version}"/>
1868
1962
  </fingerprint>
1869
1963
 
1870
- <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
1964
+ <fingerprint pattern="^(\S{0,256})\s{0,256}F-Secure SSH ">
1871
1965
  <description>Attachmate Reflection (formerly F-Secure SSH)</description>
1872
1966
  <example service.version="3.2.3">3.2.3 F-Secure SSH Windows NT Server</example>
1873
1967
  <param pos="1" name="service.version"/>
@@ -1876,16 +1970,17 @@
1876
1970
  <param pos="0" name="service.product" value="Reflection"/>
1877
1971
  </fingerprint>
1878
1972
 
1879
- <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
1973
+ <fingerprint pattern="^(\S{0,256})\s{0,256}SSH Tectia Server$">
1880
1974
  <description>SSH Communications Security Tectia Server - branded</description>
1881
1975
  <example service.version="6.4.12.353">6.4.12.353 SSH Tectia Server</example>
1882
1976
  <param pos="1" name="service.version"/>
1883
1977
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
1884
1978
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
1885
1979
  <param pos="0" name="service.product" value="SSH Tectia Server"/>
1980
+ <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
1886
1981
  </fingerprint>
1887
1982
 
1888
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
1983
+ <fingerprint pattern="^([0-9\.]{1,8}) SSH Secure Shell(?: \(non-commercial\))?$">
1889
1984
  <description>SSH Communications Security Tectia Server</description>
1890
1985
  <example service.version="3.2.9.1">3.2.9.1 SSH Secure Shell (non-commercial)</example>
1891
1986
  <example service.version="4.0.3">4.0.3 SSH Secure Shell</example>
@@ -1894,9 +1989,10 @@
1894
1989
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
1895
1990
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
1896
1991
  <param pos="0" name="service.product" value="SSH Tectia Server"/>
1992
+ <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
1897
1993
  </fingerprint>
1898
1994
 
1899
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
1995
+ <fingerprint pattern="^([0-9\.]{1,8}) SSH Secure Shell Windows NT Server$">
1900
1996
  <description>Unknown Windows SSH server</description>
1901
1997
  <example service.version="4.0.3">4.0.3 SSH Secure Shell Windows NT Server</example>
1902
1998
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -1907,6 +2003,7 @@
1907
2003
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
1908
2004
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
1909
2005
  <param pos="0" name="service.product" value="SSH Tectia Server"/>
2006
+ <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
1910
2007
  </fingerprint>
1911
2008
 
1912
2009
  <fingerprint pattern="^ARRIS_(.*)$">
@@ -1948,7 +2045,7 @@
1948
2045
  <param pos="0" name="os.product" value="NetVanta"/>
1949
2046
  </fingerprint>
1950
2047
 
1951
- <fingerprint pattern="^.*MultiNet.*$">
2048
+ <fingerprint pattern="MultiNet">
1952
2049
  <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
1953
2050
  <param pos="0" name="service.vendor" value="Process Software"/>
1954
2051
  <param pos="0" name="service.family" value="MultiNet"/>
@@ -1994,6 +2091,7 @@
1994
2091
  <param pos="0" name="service.vendor" value="Standard Networks"/>
1995
2092
  <param pos="0" name="service.family" value="MOVEit DMZ"/>
1996
2093
  <param pos="0" name="service.product" value="MOVEit DMZ"/>
2094
+ <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:moveit_dmz:-"/>
1997
2095
  <param pos="0" name="os.vendor" value="Microsoft"/>
1998
2096
  <param pos="0" name="os.family" value="Windows"/>
1999
2097
  <param pos="0" name="os.product" value="Windows"/>
@@ -2019,7 +2117,12 @@
2019
2117
  <param pos="0" name="os.vendor" value="NetApp"/>
2020
2118
  <param pos="0" name="os.family" value="Data ONTAP"/>
2021
2119
  <param pos="0" name="os.product" value="Data ONTAP"/>
2120
+ <param pos="0" name="os.device" value="NAS"/>
2022
2121
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
2122
+ <param pos="0" name="hw.vendor" value="NetApp"/>
2123
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
2124
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
2125
+ <param pos="0" name="hw.device" value="NAS"/>
2023
2126
  </fingerprint>
2024
2127
 
2025
2128
  <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
@@ -2057,7 +2160,7 @@
2057
2160
  <param pos="0" name="os.certainty" value="0.75"/>
2058
2161
  </fingerprint>
2059
2162
 
2060
- <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
2163
+ <fingerprint pattern="^\S{1,16} SSH Secure Shell Tru64 UNIX$">
2061
2164
  <description>Digital/Compaq/HP Tru64 Unix</description>
2062
2165
  <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
2063
2166
  <param pos="0" name="os.vendor" value="HP"/>
@@ -2125,6 +2228,19 @@
2125
2228
  <param pos="0" name="service.product" value="WeOnlyDo SSH Server"/>
2126
2229
  </fingerprint>
2127
2230
 
2231
+ <fingerprint pattern="^Zyxel SSH server$">
2232
+ <description>Zyxel Firewall SSH service</description>
2233
+ <example>Zyxel SSH server</example>
2234
+ <param pos="0" name="service.vendor" value="Zyxel"/>
2235
+ <param pos="0" name="service.family" value="Zywall"/>
2236
+ <param pos="0" name="os.vendor" value="Zyxel"/>
2237
+ <param pos="0" name="os.product" value="ZyNOS firmware"/>
2238
+ <param pos="0" name="os.cpe23" value="cpe:/o:zyxel:zynos_firmware:-"/>
2239
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
2240
+ <param pos="0" name="hw.device" value="Firewall"/>
2241
+ <param pos="0" name="hw.family" value="Unified Security Gateway"/>
2242
+ </fingerprint>
2243
+
2128
2244
  <!--
2129
2245
  1.2.22j4rad
2130
2246
  2.40