recog 2.3.18 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
data/xml/tls_jarm.xml ADDED
@@ -0,0 +1,162 @@
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
+ <fingerprints matches="tls.jarm" protocol="tls" database_type="service">
3
+ <!--
4
+ Fingerprint based on https://github.com/salesforce/jarm
5
+ -->
6
+
7
+ <fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
8
+ <description>Tor relay</description>
9
+ <example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
10
+ <example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
11
+ <example>2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25</example>
12
+ <param pos="0" name="service.product" value="Tor"/>
13
+ <param pos="0" name="service.vendor" value="Tor Project"/>
14
+ <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
+ </fingerprint>
16
+
17
+ <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
18
+ <description>Synology NAS DSM 6</description>
19
+ <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
20
+ <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
21
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
22
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
23
+ <param pos="0" name="os.device" value="NAS"/>
24
+ <param pos="0" name="os.family" value="Linux"/>
25
+ <param pos="0" name="os.product" value="DSM"/>
26
+ <param pos="0" name="os.vendor" value="Synology"/>
27
+ <param pos="0" name="os.version" value="6"/>
28
+ <param pos="0" name="hw.vendor" value="Synology"/>
29
+ <param pos="0" name="hw.device" value="NAS"/>
30
+ </fingerprint>
31
+
32
+ <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
33
+ <description>Synology NAS DSM 7</description>
34
+ <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
35
+ <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
36
+ <example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
37
+ <example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
38
+ <example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
39
+ <param pos="0" name="os.device" value="NAS"/>
40
+ <param pos="0" name="os.family" value="Linux"/>
41
+ <param pos="0" name="os.product" value="DSM"/>
42
+ <param pos="0" name="os.vendor" value="Synology"/>
43
+ <param pos="0" name="os.version" value="7"/>
44
+ <param pos="0" name="hw.vendor" value="Synology"/>
45
+ <param pos="0" name="hw.device" value="NAS"/>
46
+ </fingerprint>
47
+
48
+ <fingerprint pattern="^2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef$">
49
+ <description>Ubiquiti EdgeRouter</description>
50
+ <example>2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef</example>
51
+ <param pos="0" name="hw.vendor" value="Ubiquiti"/>
52
+ <param pos="0" name="hw.device" value="Router"/>
53
+ <param pos="0" name="hw.product" value="EdgeRouter X"/>
54
+ <param pos="0" name="os.vendor" value="Ubiquiti"/>
55
+ <param pos="0" name="os.family" value="Linux"/>
56
+ <param pos="0" name="os.device" value="Router"/>
57
+ </fingerprint>
58
+
59
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
60
+ <description>Metasploit listener</description>
61
+ <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
62
+ <param pos="0" name="service.vendor" value="Rapid7"/>
63
+ <param pos="0" name="service.product" value="Metasploit"/>
64
+ <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
65
+ </fingerprint>
66
+
67
+ <!-- This fingerprint matches Java's TLS stack,
68
+ see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
69
+
70
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
71
+ <description>Cobalt Strike listener</description>
72
+ <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
73
+ <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
74
+ <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
75
+ <param pos="0" name="service.certainty" value="0.3"/>
76
+ </fingerprint>
77
+
78
+ <fingerprint pattern="^04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e$">
79
+ <description>Ligowave WiFi access point</description>
80
+ <example>04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e</example>
81
+ <param pos="0" name="hw.vendor" value="Ligowave"/>
82
+ <param pos="0" name="hw.product" value="Infinity Controler"/>
83
+ </fingerprint>
84
+
85
+ <fingerprint pattern="^06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d$">
86
+ <description>D-Link DCS-825L WiFi baby camera</description>
87
+ <example>06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d</example>
88
+ <param pos="0" name="hw.vendor" value="D-Link"/>
89
+ <param pos="0" name="hw.product" value="DCS-825L"/>
90
+ <param pos="0" name="hw.cpe23" value="cpe:/h:d-link:dcs-825l:-"/>
91
+ </fingerprint>
92
+
93
+ <fingerprint pattern="^0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d$">
94
+ <description>LANCOM Systems - 883 VoIP</description>
95
+ <example>0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d</example>
96
+ <param pos="0" name="hw.vendor" value="LANCOM Systems"/>
97
+ <param pos="0" name="hw.product" value="883 VoIP"/>
98
+ </fingerprint>
99
+
100
+ <fingerprint pattern="^21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752$">
101
+ <description>Apple CUPS - web interface</description>
102
+ <example>21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752</example>
103
+ <param pos="0" name="service.vendor" value="Apple"/>
104
+ <param pos="0" name="service.product" value="CUPS"/>
105
+ <param pos="0" name="service.family" value="CUPS"/>
106
+ <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:-"/>
107
+ </fingerprint>
108
+
109
+ <fingerprint pattern="^0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa$">
110
+ <description>Netgear R Series</description>
111
+ <example>0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa</example>
112
+ <param pos="0" name="hw.vendor" value="Netgear"/>
113
+ <param pos="0" name="hw.product" value="R Series"/>
114
+ </fingerprint>
115
+
116
+ <fingerprint pattern="^2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611$">
117
+ <description>Netgear Orbi-micro</description>
118
+ <example>2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611</example>
119
+ <param pos="0" name="hw.vendor" value="Netgear"/>
120
+ <param pos="0" name="hw.product" value="Orbi micro"/>
121
+ <param pos="0" name="hw.device" value="WAP"/>
122
+ <param pos="0" name="hw.family" value="Orbi"/>
123
+ </fingerprint>
124
+
125
+ <fingerprint pattern="^04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e$">
126
+ <description>Netgear D Series</description>
127
+ <example>04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e</example>
128
+ <param pos="0" name="hw.vendor" value="Netgear"/>
129
+ <param pos="0" name="hw.product" value="D Series"/>
130
+ </fingerprint>
131
+
132
+ <fingerprint pattern="^21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156$">
133
+ <description>Chromecast</description>
134
+ <example>21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156</example>
135
+ <param pos="0" name="os.vendor" value="Google"/>
136
+ <param pos="0" name="os.product" value="Chrome OS"/>
137
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
138
+ <param pos="0" name="hw.device" value="Media Server"/>
139
+ <param pos="0" name="hw.vendor" value="Google"/>
140
+ <param pos="0" name="hw.product" value="Chromecast"/>
141
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
142
+ </fingerprint>
143
+
144
+ <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
145
+ <description>VMware ESXi</description>
146
+ <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
147
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
148
+ <param pos="0" name="os.vendor" value="VMware"/>
149
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
150
+ <param pos="0" name="os.product" value="VMware ESXi Server"/>
151
+ <param pos="0" name="os.device" value="Hypervisor"/>
152
+ <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
153
+ <param pos="0" name="hw.device" value="Hypervisor"/>
154
+ </fingerprint>
155
+
156
+ <fingerprint pattern="^29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38$">
157
+ <description>Merlin C2</description>
158
+ <example>29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38</example>
159
+ <param pos="0" name="service.product" value="Merlin"/>
160
+ </fingerprint>
161
+
162
+ </fingerprints>
data/xml/x509_issuers.xml CHANGED
@@ -8,6 +8,91 @@
8
8
  a specific order. Please see the comments in x509_subjects.xml for details.
9
9
  -->
10
10
 
11
+ <!-- The following group has been included for performance reasons -->
12
+
13
+ <fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
14
+ <description>Lets Encrypt R3 - generic -- assert nothing.</description>
15
+ <example>CN=R3,O=Let's Encrypt,C=US</example>
16
+ <param pos="0" name="hw.certainty" value="0.0"/>
17
+ <param pos="0" name="os.certainty" value="0.0"/>
18
+ <param pos="0" name="service.certainty" value="0.0"/>
19
+ </fingerprint>
20
+
21
+ <fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
22
+ <description>Lets Encrypt X3 - generic -- assert nothing.</description>
23
+ <example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
24
+ <param pos="0" name="hw.certainty" value="0.0"/>
25
+ <param pos="0" name="os.certainty" value="0.0"/>
26
+ <param pos="0" name="service.certainty" value="0.0"/>
27
+ </fingerprint>
28
+
29
+ <fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
30
+ <description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
31
+ <example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
32
+ <param pos="0" name="hw.certainty" value="0.0"/>
33
+ <param pos="0" name="os.certainty" value="0.0"/>
34
+ <param pos="0" name="service.certainty" value="0.0"/>
35
+ </fingerprint>
36
+
37
+ <fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
38
+ <description>DigiCert SHA2 - generic -- assert nothing.</description>
39
+ <example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
40
+ <param pos="0" name="hw.certainty" value="0.0"/>
41
+ <param pos="0" name="os.certainty" value="0.0"/>
42
+ <param pos="0" name="service.certainty" value="0.0"/>
43
+ </fingerprint>
44
+
45
+ <fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
46
+ <description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
47
+ <example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
48
+ <example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
49
+ <param pos="0" name="hw.certainty" value="0.0"/>
50
+ <param pos="0" name="os.certainty" value="0.0"/>
51
+ <param pos="0" name="service.certainty" value="0.0"/>
52
+ </fingerprint>
53
+
54
+ <fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
55
+ <description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
56
+ <example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
57
+ <param pos="0" name="hw.certainty" value="0.0"/>
58
+ <param pos="0" name="os.certainty" value="0.0"/>
59
+ <param pos="0" name="service.certainty" value="0.0"/>
60
+ </fingerprint>
61
+
62
+ <fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
63
+ <description>DigiCert SHA2 EV - generic -- assert nothing.</description>
64
+ <example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
65
+ <example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
66
+ <param pos="0" name="hw.certainty" value="0.0"/>
67
+ <param pos="0" name="os.certainty" value="0.0"/>
68
+ <param pos="0" name="service.certainty" value="0.0"/>
69
+ </fingerprint>
70
+
71
+ <fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
72
+ <description>Sectigo RSA - generic -- assert nothing.</description>
73
+ <example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
74
+ <example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
75
+ <param pos="0" name="hw.certainty" value="0.0"/>
76
+ <param pos="0" name="os.certainty" value="0.0"/>
77
+ <param pos="0" name="service.certainty" value="0.0"/>
78
+ </fingerprint>
79
+
80
+ <fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
81
+ <description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
82
+ <example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
83
+ <param pos="0" name="hw.certainty" value="0.0"/>
84
+ <param pos="0" name="os.certainty" value="0.0"/>
85
+ <param pos="0" name="service.certainty" value="0.0"/>
86
+ </fingerprint>
87
+
88
+ <fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
89
+ <description>Go Daddy G2 - generic -- assert nothing.</description>
90
+ <example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
91
+ <param pos="0" name="hw.certainty" value="0.0"/>
92
+ <param pos="0" name="os.certainty" value="0.0"/>
93
+ <param pos="0" name="service.certainty" value="0.0"/>
94
+ </fingerprint>
95
+
11
96
  <!-- Chromecast and various devices that support the Cast protocol -->
12
97
 
13
98
  <fingerprint pattern="^CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US$">
@@ -15,10 +100,13 @@
15
100
  <example>CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
16
101
  <param pos="0" name="os.vendor" value="Google"/>
17
102
  <param pos="0" name="os.product" value="Chrome OS"/>
103
+ <param pos="0" name="os.certainty" value="0.5"/>
18
104
  <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
19
105
  <param pos="0" name="hw.device" value="Media Server"/>
20
106
  <param pos="0" name="hw.vendor" value="Google"/>
21
107
  <param pos="0" name="hw.product" value="Chromecast"/>
108
+ <param pos="0" name="hw.certainty" value="0.5"/>
109
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
22
110
  <param pos="0" name="chromecast.generation" value="1"/>
23
111
  </fingerprint>
24
112
 
@@ -34,10 +122,13 @@
34
122
  <example chromecast.generation="12">CN=Chromecast ICA 12,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
35
123
  <param pos="0" name="os.vendor" value="Google"/>
36
124
  <param pos="0" name="os.product" value="Chrome OS"/>
125
+ <param pos="0" name="os.certainty" value="0.5"/>
37
126
  <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
38
127
  <param pos="0" name="hw.device" value="Media Server"/>
39
128
  <param pos="0" name="hw.vendor" value="Google"/>
40
129
  <param pos="0" name="hw.product" value="Chromecast"/>
130
+ <param pos="0" name="hw.certainty" value="0.5"/>
131
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
41
132
  <param pos="1" name="chromecast.generation"/>
42
133
  <param pos="2" name="chromecast.capabilities"/>
43
134
  </fingerprint>
@@ -119,6 +210,20 @@
119
210
  <param pos="0" name="hw.vendor" value="APC"/>
120
211
  </fingerprint>
121
212
 
213
+ <fingerprint pattern="^CN=ASA Temporary Self Signed Certificate$">
214
+ <description>Cisco ASA Temp Cert</description>
215
+ <example>CN=ASA Temporary Self Signed Certificate</example>
216
+ <param pos="0" name="os.vendor" value="Cisco"/>
217
+ <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
218
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
219
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
220
+ <param pos="0" name="hw.vendor" value="Cisco"/>
221
+ <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
222
+ <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
223
+ <param pos="0" name="hw.device" value="Firewall"/>
224
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
225
+ </fingerprint>
226
+
122
227
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
123
228
  <description>Cisco Video Communication Server</description>
124
229
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
@@ -131,9 +236,11 @@
131
236
  <description>VMware ESXi w/Installer</description>
132
237
  <example>O=VMware Installer</example>
133
238
  <param pos="0" name="os.vendor" value="VMware"/>
134
- <param pos="0" name="os.product" value="ESXi"/>
239
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
240
+ <param pos="0" name="os.product" value="VMware ESXi Server"/>
135
241
  <param pos="0" name="os.device" value="Hypervisor"/>
136
242
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
243
+ <param pos="0" name="hw.device" value="Hypervisor"/>
137
244
  </fingerprint>
138
245
 
139
246
  <fingerprint pattern="^CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US$">
@@ -151,11 +258,139 @@
151
258
  <param pos="0" name="hw.vendor" value="HP"/>
152
259
  <param pos="0" name="hw.family" value="iLO"/>
153
260
  <param pos="0" name="hw.product" value="iLO"/>
154
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
261
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
155
262
  <param pos="0" name="os.device" value="Lights Out Management"/>
156
263
  <param pos="0" name="os.vendor" value="HP"/>
157
264
  <param pos="0" name="os.family" value="iLO"/>
158
265
  <param pos="0" name="os.product" value="iLO"/>
266
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
267
+ </fingerprint>
268
+
269
+ <fingerprint pattern="^CN=synology.com,O=Synology Inc.,L=Taipei,C=TW$">
270
+ <description>Synology</description>
271
+ <example>CN=synology.com,O=Synology Inc.,L=Taipei,C=TW</example>
272
+ <param pos="0" name="os.device" value="NAS"/>
273
+ <param pos="0" name="os.family" value="Linux"/>
274
+ <param pos="0" name="os.product" value="DSM"/>
275
+ <param pos="0" name="os.vendor" value="Synology"/>
276
+ <param pos="0" name="hw.vendor" value="Synology"/>
277
+ <param pos="0" name="hw.device" value="NAS"/>
278
+ </fingerprint>
279
+
280
+ <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
281
+ <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
282
+ <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
283
+ <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
284
+ <param pos="0" name="service.vendor" value="Citrix"/>
285
+ <param pos="0" name="service.family" value="Netscaler"/>
286
+ <param pos="0" name="service.product" value="Netscaler"/>
287
+ <param pos="0" name="service.device" value="Network Management Device"/>
288
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
289
+ <param pos="0" name="os.vendor" value="Citrix"/>
290
+ <param pos="0" name="os.family" value="Netscaler"/>
291
+ <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
292
+ <param pos="0" name="os.device" value="Network Management Device"/>
293
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
294
+ <param pos="0" name="hw.vendor" value="Citrix"/>
295
+ <param pos="0" name="hw.family" value="Netscaler"/>
296
+ <param pos="0" name="hw.product" value="Netscaler Gateway"/>
297
+ <param pos="0" name="hw.device" value="Network Management Device"/>
298
+ <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
299
+ </fingerprint>
300
+
301
+ <fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
302
+ <description>Technicolor Router - without model or version</description>
303
+ <example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
304
+ <param pos="0" name="os.vendor" value="Technicolor"/>
305
+ <param pos="0" name="os.device" value="Router"/>
306
+ <param pos="0" name="os.certainty" value="0.5"/>
307
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
308
+ <param pos="0" name="hw.device" value="Router"/>
309
+ <param pos="0" name="hw.certainty" value="0.5"/>
310
+ </fingerprint>
311
+
312
+ <fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
313
+ <description>DrayTek Vigor Router - without model or version</description>
314
+ <example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
315
+ <param pos="0" name="os.vendor" value="DrayTek"/>
316
+ <param pos="0" name="os.device" value="Router"/>
317
+ <param pos="0" name="os.certainty" value="0.5"/>
318
+ <param pos="0" name="hw.vendor" value="DrayTek"/>
319
+ <param pos="0" name="hw.family" value="Vigor"/>
320
+ <param pos="0" name="hw.device" value="Router"/>
321
+ <param pos="0" name="hw.certainty" value="0.5"/>
322
+ </fingerprint>
323
+
324
+ <fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
325
+ <description>Kubernetes NGINX Ingress Controller with default cert</description>
326
+ <example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
327
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
328
+ <param pos="0" name="service.family" value="Kubernetes"/>
329
+ <param pos="0" name="service.product" value="NGINX Ingress Controller"/>
330
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
331
+ </fingerprint>
332
+
333
+ <fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
334
+ <description>Traefik Proxy default certificate</description>
335
+ <example>CN=TRAEFIK DEFAULT CERT</example>
336
+ <param pos="0" name="service.vendor" value="Traefik Labs"/>
337
+ <param pos="0" name="service.family" value="Traefik"/>
338
+ <param pos="0" name="service.product" value="Traefik Proxy"/>
339
+ <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
340
+ </fingerprint>
341
+
342
+ <fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
343
+ <description>WatchGuard Fireware</description>
344
+ <example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
345
+ <example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>
346
+ <param pos="0" name="service.vendor" value="WatchGuard"/>
347
+ <param pos="0" name="service.product" value="Fireware XTM"/>
348
+ <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
349
+ <param pos="0" name="os.vendor" value="WatchGuard"/>
350
+ <param pos="0" name="os.product" value="Fireware"/>
351
+ <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
352
+ </fingerprint>
353
+
354
+ <fingerprint pattern="^O=Caddy Self-Signed$">
355
+ <description>CaddyServer Caddy - golang based httpd</description>
356
+ <example>O=Caddy Self-Signed</example>
357
+ <param pos="0" name="service.vendor" value="CaddyServer"/>
358
+ <param pos="0" name="service.product" value="Caddy"/>
359
+ <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
360
+ </fingerprint>
361
+
362
+ <fingerprint pattern="^CN=Avaya cu360 (\S+)$">
363
+ <description>Avaya Video Conferencing Device - CU360</description>
364
+ <example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
365
+ <param pos="0" name="hw.vendor" value="Avaya"/>
366
+ <param pos="0" name="hw.device" value="Video Conference"/>
367
+ <param pos="0" name="hw.product" value="CU360"/>
368
+ <param pos="1" name="hw.serial_number"/>
369
+ </fingerprint>
370
+
371
+ <fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
372
+ <description>Roomba Device</description>
373
+ <example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
374
+ <param pos="0" name="hw.vendor" value="iRobot"/>
375
+ <param pos="0" name="hw.device" value="Device"/>
376
+ <param pos="0" name="hw.product" value="Roomba"/>
377
+ </fingerprint>
378
+
379
+ <fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
380
+ <description>FreshTomato Router Fireware</description>
381
+ <example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
382
+ <param pos="0" name="os.vendor" value="FreshTomato"/>
383
+ <param pos="0" name="os.product" value="Linux"/>
384
+ <param pos="0" name="os.device" value="Router"/>
385
+ </fingerprint>
386
+
387
+ <fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
388
+ <description>Bosch Device</description>
389
+ <example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
390
+ <param pos="0" name="os.vendor" value="Bosch"/>
391
+ <param pos="0" name="hw.vendor" value="Bosch"/>
392
+ <param pos="1" name="hw.serial_number"/>
393
+ <param pos="2" name="host.mac"/>
159
394
  </fingerprint>
160
395
 
161
396
  </fingerprints>