recog 2.3.18 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
@@ -17,30 +17,45 @@
17
17
  Ruby, Python, Java, and Golang.
18
18
  -->
19
19
 
20
- <fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
20
+ <fingerprint pattern="(?i)\A(?:\r|\n)*login:\s*$">
21
21
  <description>bare 'login:' -- assert nothing.</description>
22
22
  <example>login:</example>
23
+ <param pos="0" name="hw.certainty" value="0.0"/>
24
+ <param pos="0" name="os.certainty" value="0.0"/>
25
+ <param pos="0" name="service.certainty" value="0.0"/>
23
26
  </fingerprint>
24
27
 
25
- <fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
28
+ <fingerprint pattern="(?i)\A(?:\r|\n)*User(?:name)?\s*:\s*$">
26
29
  <description>bare 'Username:' -- assert nothing.</description>
27
30
  <example>Username:</example>
28
31
  <example>User:</example>
32
+ <param pos="0" name="hw.certainty" value="0.0"/>
33
+ <param pos="0" name="os.certainty" value="0.0"/>
34
+ <param pos="0" name="service.certainty" value="0.0"/>
29
35
  </fingerprint>
30
36
 
31
- <fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
37
+ <fingerprint pattern="(?i)\A(?:\r|\n)*Password:\s*$">
32
38
  <description>bare 'Password:' -- assert nothing.</description>
33
39
  <example>Password:</example>
40
+ <param pos="0" name="hw.certainty" value="0.0"/>
41
+ <param pos="0" name="os.certainty" value="0.0"/>
42
+ <param pos="0" name="service.certainty" value="0.0"/>
34
43
  </fingerprint>
35
44
 
36
- <fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
45
+ <fingerprint pattern="(?i)\A(?:\r|\n)*Account:\s*$">
37
46
  <description>bare 'Account:' -- assert nothing.</description>
38
47
  <example>Account:</example>
48
+ <param pos="0" name="hw.certainty" value="0.0"/>
49
+ <param pos="0" name="os.certainty" value="0.0"/>
50
+ <param pos="0" name="service.certainty" value="0.0"/>
39
51
  </fingerprint>
40
52
 
41
- <fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
53
+ <fingerprint pattern="(?i)\AConnection refused(?:\r|\n)*$">
42
54
  <description>bare 'Connection refused' -- assert nothing.</description>
43
55
  <example>Connection refused</example>
56
+ <param pos="0" name="hw.certainty" value="0.0"/>
57
+ <param pos="0" name="os.certainty" value="0.0"/>
58
+ <param pos="0" name="service.certainty" value="0.0"/>
44
59
  </fingerprint>
45
60
 
46
61
  <!-- end of assert nothing block -->
@@ -424,7 +439,7 @@
424
439
  <param pos="4" name="host.name"/>
425
440
  </fingerprint>
426
441
 
427
- <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
442
+ <fingerprint pattern="(?m)^TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
428
443
  <description>ALCATEL Service Router running TiMOS</description>
429
444
  <!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
430
445
 
@@ -446,7 +461,7 @@
446
461
 
447
462
  <!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
448
463
 
449
- <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
464
+ <fingerprint pattern="(?m)^TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
450
465
  <description>Nokia Service Router running TiMOS</description>
451
466
  <!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
452
467
 
@@ -473,7 +488,7 @@
473
488
  <param pos="3" name="hw.product"/>
474
489
  </fingerprint>
475
490
 
476
- <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
491
+ <fingerprint pattern="(?m)^TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
477
492
  <description>Nokia Service Access Switch running TiMOS</description>
478
493
  <!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
479
494
 
@@ -540,7 +555,7 @@
540
555
  <param pos="1" name="hw.product"/>
541
556
  </fingerprint>
542
557
 
543
- <fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
558
+ <fingerprint pattern="^(?:\r|\n|\s){0,256}Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
544
559
  <description>Grandstream IP Cameras</description>
545
560
  <!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
546
561
 
@@ -578,7 +593,7 @@
578
593
  <description>Polycom Video Conferencing - VSX Family</description>
579
594
  <!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
580
595
 
581
- <example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
596
+ <example _encoding="base64" hw.product="6000A" hw.serial_number="00070906FC34F6" os.version="9.0.6.2-103">
582
597
  SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
583
598
  3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
584
599
  wgTnVtYmVyOiAgICAgICAwMDA3MDkwNkZDMzRGNg0KU29mdHdhcmUgVmVyc2lvbjogICAgUmV
@@ -589,7 +604,7 @@
589
604
  <param pos="0" name="hw.family" value="VSX"/>
590
605
  <param pos="0" name="hw.device" value="Video Conferencing"/>
591
606
  <param pos="1" name="hw.product"/>
592
- <param pos="2" name="host.id"/>
607
+ <param pos="2" name="hw.serial_number"/>
593
608
  <param pos="3" name="os.version"/>
594
609
  </fingerprint>
595
610
 
@@ -640,7 +655,7 @@
640
655
  <param pos="1" name="host.name"/>
641
656
  </fingerprint>
642
657
 
643
- <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
658
+ <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+">
644
659
  <description>HP Printer - Jet Direct</description>
645
660
  <!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
646
661
 
@@ -721,13 +736,13 @@
721
736
  <param pos="0" name="hw.device" value="Router"/>
722
737
  </fingerprint>
723
738
 
724
- <fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
739
+ <fingerprint pattern="(?m)^(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
725
740
  <description>Cisco Catalyst 1900</description>
726
741
  <!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
727
742
 
728
743
  <!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
729
744
 
730
- <example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
745
+ <example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" hw.serial_number="FAB0341AAAA">
731
746
  Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
732
747
  3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
733
748
  lzZSBFZGl0aW9uIFNvZnR3YXJlDQpFdGhlcm5ldCBBZGRyZXNzOiAgICAgIDAwLUFBLTE5LTM
@@ -744,7 +759,7 @@
744
759
  <param pos="0" name="hw.device" value="Switch"/>
745
760
  <param pos="1" name="host.mac"/>
746
761
  <param pos="2" name="hw.model"/>
747
- <param pos="3" name="host.id"/>
762
+ <param pos="3" name="hw.serial_number"/>
748
763
  </fingerprint>
749
764
 
750
765
  <fingerprint pattern="^192.0.0.64 login:\s*$">
@@ -855,7 +870,7 @@
855
870
  <param pos="1" name="hw.product"/>
856
871
  </fingerprint>
857
872
 
858
- <fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
873
+ <fingerprint pattern="(?m)^(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
859
874
  <description>OEM'd Broadcom Router - input validation code</description>
860
875
  <!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
861
876
 
@@ -919,7 +934,7 @@
919
934
  <description>Moxa NPort Device Server - IA Series</description>
920
935
  <!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
921
936
 
922
- <example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
937
+ <example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="281" os.version="1.6" os.version.version="17060616">
923
938
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
924
939
  DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
925
940
  Vyc2lvbiA6IDEuNiBCdWlsZCAxNzA2MDYxNg0AClN5c3RlbSB1cHRpbWUgICAgOiAzMSBkYXl
@@ -930,7 +945,7 @@
930
945
  <param pos="0" name="hw.device" value="Device Server"/>
931
946
  <param pos="1" name="hw.product"/>
932
947
  <param pos="2" name="host.mac"/>
933
- <param pos="3" name="host.id"/>
948
+ <param pos="3" name="hw.serial_number"/>
934
949
  <param pos="0" name="os.vendor" value="Moxa"/>
935
950
  <param pos="4" name="os.version"/>
936
951
  <param pos="5" name="os.version.version"/>
@@ -942,7 +957,7 @@
942
957
 
943
958
  <!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
944
959
 
945
- <example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
960
+ <example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="9522" os.version="2.2" os.version.version="11090613">
946
961
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
947
962
  iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
948
963
  UgdmVyc2lvbiA6IDIuMiBCdWlsZCAxMTA5MDYxMw0AClN5c3RlbSB1cHRpbWUgICAgOiA4IGR
@@ -953,7 +968,7 @@
953
968
  <param pos="0" name="hw.device" value="Device Server"/>
954
969
  <param pos="1" name="hw.product"/>
955
970
  <param pos="2" name="host.mac"/>
956
- <param pos="3" name="host.id"/>
971
+ <param pos="3" name="hw.serial_number"/>
957
972
  <param pos="0" name="os.vendor" value="Moxa"/>
958
973
  <param pos="4" name="os.version"/>
959
974
  <param pos="5" name="os.version.version"/>
@@ -976,7 +991,7 @@
976
991
  <description>Moxa MGate Modbus Gateway</description>
977
992
  <!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
978
993
 
979
- <example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
994
+ <example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="9474" os.version="1.2" os.version.version="09101913">
980
995
  TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
981
996
  Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
982
997
  Vyc2lvbiA6IDEuMiBCdWlsZCAwOTEwMTkxMw0AClN5c3RlbSB1cHRpbWUgICAgOiAxNSBkYXl
@@ -987,7 +1002,7 @@
987
1002
  <param pos="0" name="hw.device" value="Industrial Control"/>
988
1003
  <param pos="1" name="hw.product"/>
989
1004
  <param pos="2" name="host.mac"/>
990
- <param pos="3" name="host.id"/>
1005
+ <param pos="3" name="hw.serial_number"/>
991
1006
  <param pos="0" name="os.vendor" value="Moxa"/>
992
1007
  <param pos="4" name="os.version"/>
993
1008
  <param pos="5" name="os.version.version"/>
@@ -997,14 +1012,14 @@
997
1012
  <description>Moxa NE Series Embedded device server</description>
998
1013
  <!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
999
1014
 
1000
- <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
1015
+ <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="3616" os.version="4.1" os.version.version="07061517">
1001
1016
  TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
1002
1017
  kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
1003
1018
  9uIDogNC4xIEJ1aWxkIDA3MDYxNTE3DQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
1004
1019
  </example>
1005
1020
  <!-- Model name : NE-4110S\r\nMAC address : 00:90:E8:AA:AA:AA\r\nSerial No : 000\r\nFirmware version : 1.5.2\r\n\r\nPlease keyin your password: -->
1006
1021
 
1007
- <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="000" os.version="1.5.2">
1022
+ <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="000" os.version="1.5.2">
1008
1023
  TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQpNQUMgYWRkcmVzcyAgICAgIDogMDA6OTA6RTg6QUE6QUE6QUENClNlcmlhbCBObyAgICAgICAgOiAwMDANCkZpcm13YXJlIHZlcnNpb24gOiAxLjUuMg0KDQpQbGVhc2Uga2V5aW4geW91ciBwYXNzd29yZDoK
1009
1024
  </example>
1010
1025
  <param pos="0" name="hw.vendor" value="Moxa"/>
@@ -1012,17 +1027,17 @@
1012
1027
  <param pos="0" name="hw.device" value="Device Server"/>
1013
1028
  <param pos="1" name="hw.product"/>
1014
1029
  <param pos="2" name="host.mac"/>
1015
- <param pos="3" name="host.id"/>
1030
+ <param pos="3" name="hw.serial_number"/>
1016
1031
  <param pos="0" name="os.vendor" value="Moxa"/>
1017
1032
  <param pos="4" name="os.version"/>
1018
1033
  <param pos="5" name="os.version.version"/>
1019
1034
  </fingerprint>
1020
1035
 
1021
- <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:-_\&amp;]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
1036
+ <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:\&amp;-]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
1022
1037
  <description>Moxa MiiNePort Series Embedded device server</description>
1023
1038
  <!-- Model name : MiiNePort E2\r\nSerial No. : 9999\r\nDevice name : MiiNePort_E2_4064\r\nFirmware version : 1.3.36 Build 15031615\r\nEthernet MAC address: 00:90:E8:5A:92:FF\r\n\r\nPlease keyin your password: -->
1024
1039
 
1025
- <example _encoding="base64" hw.product="MiiNePort E2" host.mac="00:90:E8:5A:92:FF" host.id="9999" os.version="1.3.36" os.version.version="15031615">
1040
+ <example _encoding="base64" hw.product="MiiNePort E2" host.mac="00:90:E8:5A:92:FF" hw.serial_number="9999" os.version="1.3.36" os.version.version="15031615">
1026
1041
  TW9kZWwgbmFtZSAgICAgICAgICA6IE1paU5lUG9ydCBFMg0KU2VyaWFsIE5vLiAgICAgICAgI
1027
1042
  CA6IDk5OTkNCkRldmljZSBuYW1lICAgICAgICAgOiBNaWlOZVBvcnRfRTJfNDA2NA0KRmlybX
1028
1043
  dhcmUgdmVyc2lvbiAgICA6IDEuMy4zNiBCdWlsZCAxNTAzMTYxNQ0KRXRoZXJuZXQgTUFDIGF
@@ -1033,7 +1048,7 @@
1033
1048
  <param pos="0" name="hw.family" value="MiiNePort"/>
1034
1049
  <param pos="0" name="hw.device" value="Device Server"/>
1035
1050
  <param pos="1" name="hw.product"/>
1036
- <param pos="2" name="host.id"/>
1051
+ <param pos="2" name="hw.serial_number"/>
1037
1052
  <param pos="0" name="os.vendor" value="Moxa"/>
1038
1053
  <param pos="3" name="os.version"/>
1039
1054
  <param pos="4" name="os.version.version"/>
@@ -1071,7 +1086,7 @@
1071
1086
  <param pos="0" name="os.product" value="EDR G902 Firmware"/>
1072
1087
  </fingerprint>
1073
1088
 
1074
- <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*.*$">
1089
+ <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*">
1075
1090
  <description>RedHat general purpose linux</description>
1076
1091
  <!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
1077
1092
 
@@ -1084,7 +1099,7 @@
1084
1099
  <param pos="1" name="os.version"/>
1085
1100
  </fingerprint>
1086
1101
 
1087
- <fingerprint pattern="^(?m)Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1102
+ <fingerprint pattern="(?m)^Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1088
1103
  <description>RedHat Enterprise Linux ES</description>
1089
1104
  <!-- Red Hat Enterprise Linux ES release 3 (Taroon Update 9\nKernel 2.4.21-47.EL on an x86_64\nlogin: -->
1090
1105
 
@@ -1101,7 +1116,7 @@
1101
1116
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
1102
1117
  </fingerprint>
1103
1118
 
1104
- <fingerprint pattern="^(?m)Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1119
+ <fingerprint pattern="(?m)^Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1105
1120
  <description>RedHat Enterprise Linux AS</description>
1106
1121
  <!-- Red Hat Enterprise Linux AS release 5.8 (Tikanga)\nKernel 2.6.18-308.11.1.el5 on an x86_64\nlogin: -->
1107
1122
 
@@ -1117,7 +1132,7 @@
1117
1132
  <param pos="3" name="os.arch"/>
1118
1133
  </fingerprint>
1119
1134
 
1120
- <fingerprint pattern="^(?m)Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
1135
+ <fingerprint pattern="(?m)^Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
1121
1136
  <description>RedHat Enterprise Linux WS</description>
1122
1137
  <!--Red Hat Enterprise Linux WS release 2.1 (Tampa) \nKernel 2.4.9-e.40smp on an i686 \nlogin: -->
1123
1138
 
@@ -1133,7 +1148,7 @@
1133
1148
  <param pos="3" name="os.arch"/>
1134
1149
  </fingerprint>
1135
1150
 
1136
- <fingerprint pattern="^(?m)Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
1151
+ <fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1137
1152
  <description>Fedora Core Release</description>
1138
1153
  <!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
1139
1154
 
@@ -1149,7 +1164,7 @@
1149
1164
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
1150
1165
  </fingerprint>
1151
1166
 
1152
- <fingerprint pattern="^(?m)Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
1167
+ <fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) ">
1153
1168
  <description>SuSE Linux</description>
1154
1169
  <!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
1155
1170
 
@@ -1165,7 +1180,7 @@
1165
1180
  <param pos="3" name="linux.kernel.version"/>
1166
1181
  </fingerprint>
1167
1182
 
1168
- <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+).*">
1183
+ <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+)">
1169
1184
  <description>Turbolinux ApplianceServer</description>
1170
1185
  <!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
1171
1186
 
@@ -1180,7 +1195,7 @@
1180
1195
  <param pos="1" name="os.version"/>
1181
1196
  </fingerprint>
1182
1197
 
1183
- <fingerprint pattern="^UnixWare ([^ ]+).*$">
1198
+ <fingerprint pattern="^UnixWare ([^ ]+)">
1184
1199
  <description>UnixWare</description>
1185
1200
  <!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
1186
1201
 
@@ -1194,7 +1209,7 @@
1194
1209
  <param pos="1" name="os.version"/>
1195
1210
  </fingerprint>
1196
1211
 
1197
- <fingerprint pattern="^Telnet Server Build (5.*)">
1212
+ <fingerprint pattern="(?m)^Telnet Server Build (5\.[.\d]+)">
1198
1213
  <description>Windows 2000</description>
1199
1214
  <!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
1200
1215
 
@@ -1222,20 +1237,23 @@
1222
1237
  <param pos="0" name="os.product" value="Brother Printer"/>
1223
1238
  </fingerprint>
1224
1239
 
1225
- <fingerprint pattern="^(.*) Copyright by ARESCOM">
1240
+ <fingerprint pattern="^\s{0,256}(\S{1,64}) Copyright by ARESCOM">
1226
1241
  <description>Arescom System</description>
1227
1242
  <!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
1228
1243
 
1229
- <example _encoding="base64" os.model="NDS1260HE-TLI">
1244
+ <example _encoding="base64" os.model="NDS1260HE-TLI" hw.model="NDS1260HE-TLI">
1230
1245
  TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
1231
1246
  </example>
1232
1247
  <param pos="0" name="os.vendor" value="Arescom"/>
1233
1248
  <param pos="0" name="os.device" value="WAP"/>
1234
1249
  <param pos="1" name="os.model"/>
1250
+ <param pos="0" name="hw.vendor" value="Arescom"/>
1251
+ <param pos="0" name="hw.device" value="WAP"/>
1252
+ <param pos="1" name="hw.model"/>
1235
1253
  </fingerprint>
1236
1254
 
1237
1255
  <fingerprint pattern="^Welcome to ViewStation">
1238
- <description>Polycom ViewStation Video Vonference System</description>
1256
+ <description>Polycom ViewStation Video Conference System</description>
1239
1257
  <!-- Welcome to ViewStation\nPassword: -->
1240
1258
 
1241
1259
  <example _encoding="base64">
@@ -1278,7 +1296,7 @@
1278
1296
  <param pos="0" name="os.family" value="VxWorks"/>
1279
1297
  </fingerprint>
1280
1298
 
1281
- <fingerprint pattern=".*Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*).*">
1299
+ <fingerprint pattern="Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*)">
1282
1300
  <description>Nortel Passport</description>
1283
1301
  <!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
1284
1302
 
@@ -1369,7 +1387,7 @@
1369
1387
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1370
1388
  </fingerprint>
1371
1389
 
1372
- <fingerprint pattern="Cobalt Linux release\W(.*)\W\(.*">
1390
+ <fingerprint pattern="Cobalt Linux release\W(.*)\W\(">
1373
1391
  <description>Cobalt Linux</description>
1374
1392
  <!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
1375
1393
 
@@ -1438,7 +1456,7 @@
1438
1456
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1439
1457
  </fingerprint>
1440
1458
 
1441
- <fingerprint pattern="^Digital UNIX \(([^)]+).*">
1459
+ <fingerprint pattern="^Digital UNIX \(([^)]+)">
1442
1460
  <description>Digital Unix</description>
1443
1461
  <!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
1444
1462
 
@@ -1451,7 +1469,7 @@
1451
1469
  <param pos="1" name="host.name"/>
1452
1470
  </fingerprint>
1453
1471
 
1454
- <fingerprint pattern="^(?m)Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1472
+ <fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) ">
1455
1473
  <description>Compaq Tru64 UNIX V</description>
1456
1474
  <!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
1457
1475
 
@@ -1466,7 +1484,7 @@
1466
1484
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1467
1485
  </fingerprint>
1468
1486
 
1469
- <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\)).*$">
1487
+ <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\))">
1470
1488
  <description>System HP-UX</description>
1471
1489
  <!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
1472
1490
 
@@ -1492,10 +1510,15 @@
1492
1510
  <param pos="0" name="os.vendor" value="NetApp"/>
1493
1511
  <param pos="0" name="os.family" value="Data ONTAP"/>
1494
1512
  <param pos="0" name="os.product" value="Data ONTAP"/>
1513
+ <param pos="0" name="os.device" value="NAS"/>
1495
1514
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
1515
+ <param pos="0" name="hw.vendor" value="NetApp"/>
1516
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
1517
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
1518
+ <param pos="0" name="hw.device" value="NAS"/>
1496
1519
  </fingerprint>
1497
1520
 
1498
- <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
1521
+ <fingerprint pattern="OpenVMS.*Version\sV([^\s]+)">
1499
1522
  <description>OpenVMS</description>
1500
1523
  <!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
1501
1524
 
@@ -1509,7 +1532,7 @@
1509
1532
  <param pos="1" name="os.version"/>
1510
1533
  </fingerprint>
1511
1534
 
1512
- <fingerprint pattern="^(?m)SCO OpenServer\(TM\) Release ([^ ]+).*$">
1535
+ <fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+)">
1513
1536
  <description>SCO OpenServer</description>
1514
1537
  <!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
1515
1538
 
@@ -1591,7 +1614,7 @@
1591
1614
  <param pos="0" name="hw.product" value="Vigor"/>
1592
1615
  </fingerprint>
1593
1616
 
1594
- <fingerprint pattern=".*Version\s(\d*.\d*)\/OpenBSD.*">
1617
+ <fingerprint pattern="Version\s(\d*.\d*)\/OpenBSD">
1595
1618
  <description>OpenBSD</description>
1596
1619
  <!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
1597
1620
 
@@ -1680,7 +1703,7 @@
1680
1703
  <param pos="3" name="os.version"/>
1681
1704
  </fingerprint>
1682
1705
 
1683
- <fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
1706
+ <fingerprint pattern="(?m)^HP ([^\s]+) ProCurve Switch">
1684
1707
  <description>HP ProCurve Switch</description>
1685
1708
  <!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
1686
1709
  Firmware revision v2.2.3\n\nCopyright (C) 1991-2004 Hewlett-Packard Co. All Rights Reserved.\n\n
@@ -1715,7 +1738,7 @@
1715
1738
  <param pos="1" name="os.product"/>
1716
1739
  </fingerprint>
1717
1740
 
1718
- <fingerprint pattern="^(?m).*ConnectUPS">
1741
+ <fingerprint pattern="(?m)^.*ConnectUPS">
1719
1742
  <description>PowerWare ConnectUPS</description>
1720
1743
  <!-- +============================================================================+\n| [ ConnectUPS Web/SNMP
1721
1744
  Card Configuration Utility ] |\n+============================================================================+\n
@@ -1792,13 +1815,13 @@
1792
1815
  <param pos="2" name="os.version"/>
1793
1816
  </fingerprint>
1794
1817
 
1795
- <fingerprint pattern="^(?m).*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1818
+ <fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..)">
1796
1819
  <description>System is a Buffalo/MELCO Embedded Print Server</description>
1797
1820
  <!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
1798
1821
  \n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
1799
1822
  Uptime: 0 days, 00: 00: 12\n \nPlease Enter Password:"-->
1800
1823
 
1801
- <example _encoding="base64" os.version="2.00" host.id="PS-B04E8E" os.model="LPV" os.address="AE 32 EA 21 BB E3">
1824
+ <example _encoding="base64" os.version="2.00" host.name="PS-B04E8E" hw.model="LPV" host.mac="AE 32 EA 21 BB E3">
1802
1825
  KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiogV2VsY29tZSB0byBNRUxDTyBQc
1803
1826
  mludCBTZXJ2ZXIgKlxuKiBUZWxuZXQgQ29uc29sZSAqXG4qKioqKioqKioqKioqKioqKioqKioqKi
1804
1827
  oqKioqKioqKioqKlxuIFxuU2VydmVyIE5hbWU6IFBTLUIwNEU4RVxuU2VydmVyIE1vZGVsOiBMUFY
@@ -1808,14 +1831,16 @@
1808
1831
  </example>
1809
1832
  <param pos="0" name="os.vendor" value="Buffalo"/>
1810
1833
  <param pos="0" name="os.family" value="PrintServer"/>
1811
- <param pos="0" name="os.device" value="Printer"/>
1812
- <param pos="1" name="host.id"/>
1813
- <param pos="2" name="os.model"/>
1834
+ <param pos="0" name="os.device" value="Print Server"/>
1835
+ <param pos="1" name="host.name"/>
1836
+ <param pos="0" name="hw.vendor" value="Buffalo"/>
1837
+ <param pos="0" name="hw.device" value="Print Server"/>
1838
+ <param pos="2" name="hw.model"/>
1814
1839
  <param pos="3" name="os.version"/>
1815
- <param pos="4" name="os.address"/>
1840
+ <param pos="4" name="host.mac"/>
1816
1841
  </fingerprint>
1817
1842
 
1818
- <fingerprint pattern="^(?m)AIX Version\W(\d).*">
1843
+ <fingerprint pattern="(?m)^AIX Version\W(\d)">
1819
1844
  <description>System is IBM AIX v</description>
1820
1845
  <!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
1821
1846
 
@@ -1829,7 +1854,7 @@
1829
1854
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1830
1855
  </fingerprint>
1831
1856
 
1832
- <fingerprint pattern="^(?m)CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1857
+ <fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+)">
1833
1858
  <description>System is Cisco UCS Device</description>
1834
1859
  <!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
1835
1860
 
@@ -1843,7 +1868,7 @@
1843
1868
  <param pos="1" name="host.name"/>
1844
1869
  </fingerprint>
1845
1870
 
1846
- <fingerprint pattern="^(?m)HP ProLiant.*v(\d+.\d+)">
1871
+ <fingerprint pattern="(?m)^HP ProLiant.*v(\d+.\d+)">
1847
1872
  <description>Sytem is HP ProLiant server</description>
1848
1873
  <!-- HP ProLiant BL e-Class Integrated Administrator v2.00
1849
1874
  Copyright 2005 Hewlett-Packard Development Group, L.P.
@@ -1870,7 +1895,7 @@
1870
1895
  <param pos="1" name="os.version"/>
1871
1896
  </fingerprint>
1872
1897
 
1873
- <fingerprint pattern="^Power Measurement Ltd. Meter ION ([[:alnum:]]+)">
1898
+ <fingerprint pattern="^Power Measurement Ltd. Meter ION ([a-zA-Z0-9]+)">
1874
1899
  <!-- Power Measurement Ltd. Meter ION 7330V271 ETH ETH7330V272
1875
1900
  Serial#: PB-0204A058-11
1876
1901
  login: -->
@@ -1885,7 +1910,7 @@
1885
1910
  <param pos="1" name="hw.version"/>
1886
1911
  </fingerprint>
1887
1912
 
1888
- <fingerprint pattern="^GW25 v([[:digit:]\.]+) - Intelligent Power Meters GPRS Gateway[[:space:]]+Developed by Satelitech">
1913
+ <fingerprint pattern="^GW25 v([\d.]+) - Intelligent Power Meters GPRS Gateway\s+Developed by Satelitech">
1889
1914
  <!-- GW25 v1.2.1 - Intelligent Power Meters GPRS Gateway
1890
1915
  Developed by Satelitech S.A for ESG Dilec
1891
1916
  Enter password: -->
@@ -2066,4 +2091,158 @@
2066
2091
  <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
2067
2092
  </fingerprint>
2068
2093
 
2094
+ <fingerprint pattern="^(?:\r|\n|\s){0,256}UDP/TCP/IP Stack: ACT Video security">
2095
+ <description>ACT Security IP Cameras</description>
2096
+ <!--
2097
+ UDP/TCP/IP Stack: ACT Video security\r\n
2098
+ V5.8\r\n
2099
+ Welcome connection : 192.168.0.1:61300\r\n
2100
+ \r\n
2101
+ Password:
2102
+ -->
2103
+
2104
+ <example _encoding="base64">
2105
+ VURQL1RDUC9JUCBTdGFjazogQUNUIFZpZGVvIHNlY3VyaXR5DQpWNS44DQpX
2106
+ ZWxjb21lIGNvbm5lY3Rpb24gOiAxOTIuMTY4LjAuMTo2MTMwMA0KDQpQYXNz
2107
+ d29yZDog
2108
+ </example>
2109
+ <param pos="0" name="hw.vendor" value="ACT Security"/>
2110
+ <param pos="0" name="hw.device" value="IP Camera"/>
2111
+ </fingerprint>
2112
+
2113
+ <fingerprint pattern="Novus Telnet Interface \(v(\S+)\)">
2114
+ <description>Alpha Technologies Novus UPS</description>
2115
+ <example hw.version="2.00.01">Novus Telnet Interface (v2.00.01)</example>
2116
+ <param pos="0" name="hw.vendor" value="Alpha Technologies"/>
2117
+ <param pos="0" name="hw.device" value="Power Device"/>
2118
+ <param pos="0" name="hw.product" value="Novus UPS"/>
2119
+ <param pos="1" name="hw.version"/>
2120
+ </fingerprint>
2121
+
2122
+ <fingerprint pattern="New Telnet Console Client Attached">
2123
+ <description>Psion Teklogix</description>
2124
+ <example>New Telnet Console Client Attached.</example>
2125
+ <param pos="0" name="hw.vendor" value="Psion Teklogix"/>
2126
+ <param pos="0" name="hw.device" value="Network Appliance"/>
2127
+ <param pos="0" name="hw.product" value="CommServer"/>
2128
+ </fingerprint>
2129
+
2130
+ <fingerprint pattern="UPS SYSTEMS SNMP/Web agent Configuration menu">
2131
+ <description>APC UPS Network Card</description>
2132
+ <example>UPS SYSTEMS SNMP/Web agent Configuration menu</example>
2133
+ <param pos="0" name="hw.vendor" value="APC"/>
2134
+ <param pos="0" name="hw.device" value="Power Device"/>
2135
+ <param pos="0" name="hw.product" value="UPS"/>
2136
+ <param pos="0" name="hw.certainty" value="0.5"/>
2137
+ </fingerprint>
2138
+
2139
+ <fingerprint pattern="(?i)Welcome to (\S+Dome [^\)]+) \d+\.\d+.\d+\.\d+ from">
2140
+ <description>Bosch Dome IP Cameras</description>
2141
+ <example hw.product="AutoDome 800 HD">Welcome to AutoDome 800 HD 1.2.3.4 from 5.6.7.8</example>
2142
+ <example hw.product="FLEXIDOME NDC-455-P">Welcome to FLEXIDOME NDC-455-P 1.2.3.4 from 5.6.7.8</example>
2143
+ <param pos="0" name="hw.vendor" value="Bosch"/>
2144
+ <param pos="0" name="hw.device" value="Web Cam"/>
2145
+ <param pos="1" name="hw.product"/>
2146
+ </fingerprint>
2147
+
2148
+ <fingerprint pattern="(?:RDL-\d+ Ellipse\s+|Connect-OWS?) .{0,1000} Copyright .{0,1000} Redline Communications Inc">
2149
+ <description>Redline Communication Radios</description>
2150
+ <example>RDL-3000 Ellipse (c) Copyright 2010-2016 Redline Communications Inc.</example>
2151
+ <example>Connect-OW (c) Copyright 2010-2016 Redline Communications Inc.</example>
2152
+ <example>Connect-OWS (c) Copyright 2010-2016 Redline Communications Inc.</example>
2153
+ <param pos="0" name="hw.vendor" value="Redline"/>
2154
+ <param pos="0" name="hw.device" value="WAP"/>
2155
+ <param pos="0" name="hw.product" value="Wireless Radio"/>
2156
+ <param pos="0" name="hw.certainty" value="0.5"/>
2157
+ </fingerprint>
2158
+
2159
+ <fingerprint pattern="Vaddio VNG (\S+) vaddio-doccam-([a-fA-F0-9-]{17})">
2160
+ <description>Vadio VNG DocCom</description>
2161
+ <example hw.version="1.6+snapshot-20170720" host.mac="54-10-EC-31-2A-19">Vaddio VNG 1.6+snapshot-20170720 vaddio-doccam-54-10-EC-31-2A-19</example>
2162
+ <param pos="0" name="hw.vendor" value="Vaddio"/>
2163
+ <param pos="0" name="hw.device" value="Web Cam"/>
2164
+ <param pos="0" name="hw.product" value="DocCam"/>
2165
+ <param pos="1" name="hw.version"/>
2166
+ <param pos="2" name="host.mac"/>
2167
+ </fingerprint>
2168
+
2169
+ <fingerprint pattern="\((FL WLAN \S+)\)">
2170
+ <description>Phoenix Contact Wireless Module</description>
2171
+ <example hw.product="FL WLAN 510X">(FL WLAN 510X)</example>
2172
+ <param pos="0" name="hw.vendor" value="Phoenix Contact"/>
2173
+ <param pos="0" name="hw.device" value="WAP"/>
2174
+ <param pos="1" name="hw.product"/>
2175
+ </fingerprint>
2176
+
2177
+ <fingerprint pattern="Welcome to i\.CanDoIt (.{0,1000}) v(\S+)">
2178
+ <description>Control Solutions i.CanDoIt PLC</description>
2179
+ <example hw.product="BAS-700 ReMOTE I/O" hw.version="2.47x">Welcome to i.CanDoIt BAS-700 ReMOTE I/O v2.47x</example>
2180
+ <param pos="0" name="hw.vendor" value="Control Solutions"/>
2181
+ <param pos="0" name="hw.device" value="PLC"/>
2182
+ <param pos="1" name="hw.product"/>
2183
+ <param pos="2" name="hw.version"/>
2184
+ <param pos="0" name="hw.certainty" value="0.75"/>
2185
+ </fingerprint>
2186
+
2187
+ <fingerprint pattern="Welcome to the MRV Communications' LX Series Server">
2188
+ <description>MRV Communications LX Series</description>
2189
+ <example>Welcome to the MRV Communications' LX Series Server</example>
2190
+ <param pos="0" name="hw.vendor" value="MRV Communications"/>
2191
+ <param pos="0" name="hw.device" value="Device Server"/>
2192
+ <param pos="0" name="hw.family" value="LX Series"/>
2193
+ </fingerprint>
2194
+
2195
+ <fingerprint pattern="(?m)\*\*\* Lantronix ([\S]+) Device Server \*\*\*(?:\r|\n)+MAC address ([a-fA-F0-9]{12})(?:\r|\n)+Software version V(\S+)">
2196
+ <description>Lantronix device server - w/o Serial</description>
2197
+ <!--
2198
+ *** Lantronix UDS1100-IAP Device Server ***
2199
+ MAC address 0080A3BD0000
2200
+ Software version V6.11.0.0 (150514) UDS1100
2201
+ Press Enter for Setup Mode
2202
+ -->
2203
+
2204
+ <example _encoding="base64" hw.product="UDS1100-IAP" hw.version="6.11.0.0" host.mac="0080A3BD0000">
2205
+ KioqIExhbnRyb25peCBVRFMxMTAwLUlBUCBEZXZpY2UgU2VydmVyICoqKgpN
2206
+ QUMgYWRkcmVzcyAwMDgwQTNCRDAwMDAKClNvZnR3YXJlIHZlcnNpb24gVjYu
2207
+ MTEuMC4wICgxNTA1MTQpIFVEUzExMDAKCgpQcmVzcyBFbnRlciBmb3IgU2V0
2208
+ dXAgTW9kZQo=
2209
+ </example>
2210
+ <param pos="0" name="hw.vendor" value="Lantronix"/>
2211
+ <param pos="0" name="hw.device" value="Device Server"/>
2212
+ <param pos="1" name="hw.product"/>
2213
+ <param pos="2" name="host.mac"/>
2214
+ <param pos="3" name="hw.version"/>
2215
+ </fingerprint>
2216
+
2217
+ <fingerprint pattern="(?m)\*\*\* Lantronix Universal Device Server \*\*\*(?:\r|\n)+Serial Number (\d+)\s+MAC address ([a-fA-F0-9:]{17})(?:\r|\n)+Software version (\S+)">
2218
+ <description>Lantronix device server - w/ Serial</description>
2219
+ <!--
2220
+ *** Lantronix Universal Device Server ***
2221
+ Serial Number 6451000 MAC address 00:20:4A:64:00:00
2222
+ Software version 04.5 (011025)
2223
+ Press Enter to go into Setup Mode
2224
+ -->
2225
+
2226
+ <example _encoding="base64" hw.version="04.5" host.mac="00:20:4A:64:00:00" hw.serial_number="6451000" lantronix.serial_number="6451000">
2227
+ KioqIExhbnRyb25peCBVbml2ZXJzYWwgRGV2aWNlIFNlcnZlciAqKioKU2Vy
2228
+ aWFsIE51bWJlciA2NDUxMDAwICBNQUMgYWRkcmVzcyAwMDoyMDo0QTo2NDow
2229
+ MDowMAoKU29mdHdhcmUgdmVyc2lvbiAwNC41ICgwMTEwMjUpCgpQcmVzcyBF
2230
+ bnRlciB0byBnbyBpbnRvIFNldHVwIE1vZGUK
2231
+ </example>
2232
+ <param pos="0" name="hw.vendor" value="Lantronix"/>
2233
+ <param pos="0" name="hw.device" value="Device Server"/>
2234
+ <param pos="0" name="hw.product" value="UDS"/>
2235
+ <param pos="1" name="lantronix.serial_number"/>
2236
+ <param pos="1" name="hw.serial_number"/>
2237
+ <param pos="2" name="host.mac"/>
2238
+ <param pos="3" name="hw.version"/>
2239
+ </fingerprint>
2240
+
2241
+ <fingerprint pattern="&quot;BeerTemp&quot;:.*&quot;FridgeTemp&quot;:">
2242
+ <description>Fermentrack Beer Brewing Monitor</description>
2243
+ <example>T:{"BeerTemp":null,"BeerSet":null,"BeerAnn":null,"FridgeTemp":null,"FridgeSet":null,"FridgeAnn":null,"State":0}</example>
2244
+ <param pos="0" name="hw.device" value="Device"/>
2245
+ <param pos="0" name="os.product" value="Fermentrack"/>
2246
+ </fingerprint>
2247
+
2069
2248
  </fingerprints>