recog 2.3.18 → 2.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +26 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +33 -12
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +355 -200
- data/features/verify.feature +14 -14
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +105 -0
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +19 -0
- data/identifiers/hw_product.txt +122 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +3 -0
- data/identifiers/os_product.txt +46 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +90 -2
- data/identifiers/vendor.txt +104 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +19 -6
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +270 -45
- data/xml/ftp_banners.xml +89 -64
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +1051 -62
- data/xml/http_cookies.xml +294 -85
- data/xml/http_servers.xml +551 -122
- data/xml/http_wwwauth.xml +139 -43
- data/xml/imap_banners.xml +8 -8
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +720 -27
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +4 -4
- data/xml/ntp_banners.xml +79 -65
- data/xml/operating_system.xml +6 -6
- data/xml/pop_banners.xml +11 -11
- data/xml/rsh_resp.xml +3 -3
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +374 -9
- data/xml/sip_user_agents.xml +377 -5
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +168 -129
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +508 -214
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +145 -29
- data/xml/telnet_banners.xml +240 -61
- data/xml/tls_jarm.xml +162 -0
- data/xml/x509_issuers.xml +237 -2
- data/xml/x509_subjects.xml +369 -49
- metadata +10 -3
data/xml/tls_jarm.xml
ADDED
@@ -0,0 +1,162 @@
|
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
|
+
<fingerprints matches="tls.jarm" protocol="tls" database_type="service">
|
3
|
+
<!--
|
4
|
+
Fingerprint based on https://github.com/salesforce/jarm
|
5
|
+
-->
|
6
|
+
|
7
|
+
<fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
|
8
|
+
<description>Tor relay</description>
|
9
|
+
<example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
|
10
|
+
<example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
|
11
|
+
<example>2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25</example>
|
12
|
+
<param pos="0" name="service.product" value="Tor"/>
|
13
|
+
<param pos="0" name="service.vendor" value="Tor Project"/>
|
14
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
|
15
|
+
</fingerprint>
|
16
|
+
|
17
|
+
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
|
18
|
+
<description>Synology NAS DSM 6</description>
|
19
|
+
<example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
|
20
|
+
<example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
|
21
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
|
22
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
|
23
|
+
<param pos="0" name="os.device" value="NAS"/>
|
24
|
+
<param pos="0" name="os.family" value="Linux"/>
|
25
|
+
<param pos="0" name="os.product" value="DSM"/>
|
26
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
27
|
+
<param pos="0" name="os.version" value="6"/>
|
28
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
29
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
30
|
+
</fingerprint>
|
31
|
+
|
32
|
+
<fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
|
33
|
+
<description>Synology NAS DSM 7</description>
|
34
|
+
<example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
|
35
|
+
<example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
|
36
|
+
<example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
|
37
|
+
<example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
|
38
|
+
<example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
|
39
|
+
<param pos="0" name="os.device" value="NAS"/>
|
40
|
+
<param pos="0" name="os.family" value="Linux"/>
|
41
|
+
<param pos="0" name="os.product" value="DSM"/>
|
42
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
43
|
+
<param pos="0" name="os.version" value="7"/>
|
44
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
45
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
46
|
+
</fingerprint>
|
47
|
+
|
48
|
+
<fingerprint pattern="^2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef$">
|
49
|
+
<description>Ubiquiti EdgeRouter</description>
|
50
|
+
<example>2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef</example>
|
51
|
+
<param pos="0" name="hw.vendor" value="Ubiquiti"/>
|
52
|
+
<param pos="0" name="hw.device" value="Router"/>
|
53
|
+
<param pos="0" name="hw.product" value="EdgeRouter X"/>
|
54
|
+
<param pos="0" name="os.vendor" value="Ubiquiti"/>
|
55
|
+
<param pos="0" name="os.family" value="Linux"/>
|
56
|
+
<param pos="0" name="os.device" value="Router"/>
|
57
|
+
</fingerprint>
|
58
|
+
|
59
|
+
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
|
60
|
+
<description>Metasploit listener</description>
|
61
|
+
<example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
|
62
|
+
<param pos="0" name="service.vendor" value="Rapid7"/>
|
63
|
+
<param pos="0" name="service.product" value="Metasploit"/>
|
64
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
|
65
|
+
</fingerprint>
|
66
|
+
|
67
|
+
<!-- This fingerprint matches Java's TLS stack,
|
68
|
+
see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
|
69
|
+
|
70
|
+
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
|
71
|
+
<description>Cobalt Strike listener</description>
|
72
|
+
<example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
|
73
|
+
<param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
|
74
|
+
<param pos="0" name="service.product" value="Cobalt Strike Listener"/>
|
75
|
+
<param pos="0" name="service.certainty" value="0.3"/>
|
76
|
+
</fingerprint>
|
77
|
+
|
78
|
+
<fingerprint pattern="^04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e$">
|
79
|
+
<description>Ligowave WiFi access point</description>
|
80
|
+
<example>04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e</example>
|
81
|
+
<param pos="0" name="hw.vendor" value="Ligowave"/>
|
82
|
+
<param pos="0" name="hw.product" value="Infinity Controler"/>
|
83
|
+
</fingerprint>
|
84
|
+
|
85
|
+
<fingerprint pattern="^06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d$">
|
86
|
+
<description>D-Link DCS-825L WiFi baby camera</description>
|
87
|
+
<example>06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d</example>
|
88
|
+
<param pos="0" name="hw.vendor" value="D-Link"/>
|
89
|
+
<param pos="0" name="hw.product" value="DCS-825L"/>
|
90
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:d-link:dcs-825l:-"/>
|
91
|
+
</fingerprint>
|
92
|
+
|
93
|
+
<fingerprint pattern="^0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d$">
|
94
|
+
<description>LANCOM Systems - 883 VoIP</description>
|
95
|
+
<example>0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d</example>
|
96
|
+
<param pos="0" name="hw.vendor" value="LANCOM Systems"/>
|
97
|
+
<param pos="0" name="hw.product" value="883 VoIP"/>
|
98
|
+
</fingerprint>
|
99
|
+
|
100
|
+
<fingerprint pattern="^21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752$">
|
101
|
+
<description>Apple CUPS - web interface</description>
|
102
|
+
<example>21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752</example>
|
103
|
+
<param pos="0" name="service.vendor" value="Apple"/>
|
104
|
+
<param pos="0" name="service.product" value="CUPS"/>
|
105
|
+
<param pos="0" name="service.family" value="CUPS"/>
|
106
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:-"/>
|
107
|
+
</fingerprint>
|
108
|
+
|
109
|
+
<fingerprint pattern="^0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa$">
|
110
|
+
<description>Netgear R Series</description>
|
111
|
+
<example>0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa</example>
|
112
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
113
|
+
<param pos="0" name="hw.product" value="R Series"/>
|
114
|
+
</fingerprint>
|
115
|
+
|
116
|
+
<fingerprint pattern="^2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611$">
|
117
|
+
<description>Netgear Orbi-micro</description>
|
118
|
+
<example>2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611</example>
|
119
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
120
|
+
<param pos="0" name="hw.product" value="Orbi micro"/>
|
121
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
122
|
+
<param pos="0" name="hw.family" value="Orbi"/>
|
123
|
+
</fingerprint>
|
124
|
+
|
125
|
+
<fingerprint pattern="^04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e$">
|
126
|
+
<description>Netgear D Series</description>
|
127
|
+
<example>04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e</example>
|
128
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
129
|
+
<param pos="0" name="hw.product" value="D Series"/>
|
130
|
+
</fingerprint>
|
131
|
+
|
132
|
+
<fingerprint pattern="^21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156$">
|
133
|
+
<description>Chromecast</description>
|
134
|
+
<example>21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156</example>
|
135
|
+
<param pos="0" name="os.vendor" value="Google"/>
|
136
|
+
<param pos="0" name="os.product" value="Chrome OS"/>
|
137
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
138
|
+
<param pos="0" name="hw.device" value="Media Server"/>
|
139
|
+
<param pos="0" name="hw.vendor" value="Google"/>
|
140
|
+
<param pos="0" name="hw.product" value="Chromecast"/>
|
141
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
142
|
+
</fingerprint>
|
143
|
+
|
144
|
+
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
|
145
|
+
<description>VMware ESXi</description>
|
146
|
+
<example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
|
147
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
|
148
|
+
<param pos="0" name="os.vendor" value="VMware"/>
|
149
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
150
|
+
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
151
|
+
<param pos="0" name="os.device" value="Hypervisor"/>
|
152
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
|
153
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
154
|
+
</fingerprint>
|
155
|
+
|
156
|
+
<fingerprint pattern="^29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38$">
|
157
|
+
<description>Merlin C2</description>
|
158
|
+
<example>29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38</example>
|
159
|
+
<param pos="0" name="service.product" value="Merlin"/>
|
160
|
+
</fingerprint>
|
161
|
+
|
162
|
+
</fingerprints>
|
data/xml/x509_issuers.xml
CHANGED
@@ -8,6 +8,91 @@
|
|
8
8
|
a specific order. Please see the comments in x509_subjects.xml for details.
|
9
9
|
-->
|
10
10
|
|
11
|
+
<!-- The following group has been included for performance reasons -->
|
12
|
+
|
13
|
+
<fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
|
14
|
+
<description>Lets Encrypt R3 - generic -- assert nothing.</description>
|
15
|
+
<example>CN=R3,O=Let's Encrypt,C=US</example>
|
16
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
17
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
18
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
19
|
+
</fingerprint>
|
20
|
+
|
21
|
+
<fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
|
22
|
+
<description>Lets Encrypt X3 - generic -- assert nothing.</description>
|
23
|
+
<example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
|
24
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
25
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
26
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
27
|
+
</fingerprint>
|
28
|
+
|
29
|
+
<fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
|
30
|
+
<description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
|
31
|
+
<example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
|
32
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
33
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
34
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
35
|
+
</fingerprint>
|
36
|
+
|
37
|
+
<fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
|
38
|
+
<description>DigiCert SHA2 - generic -- assert nothing.</description>
|
39
|
+
<example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
|
40
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
41
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
42
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
43
|
+
</fingerprint>
|
44
|
+
|
45
|
+
<fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
|
46
|
+
<description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
|
47
|
+
<example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
|
48
|
+
<example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
|
49
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
50
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
51
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
52
|
+
</fingerprint>
|
53
|
+
|
54
|
+
<fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
55
|
+
<description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
|
56
|
+
<example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
57
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
58
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
59
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
60
|
+
</fingerprint>
|
61
|
+
|
62
|
+
<fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
63
|
+
<description>DigiCert SHA2 EV - generic -- assert nothing.</description>
|
64
|
+
<example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
65
|
+
<example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
66
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
67
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
68
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
69
|
+
</fingerprint>
|
70
|
+
|
71
|
+
<fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
|
72
|
+
<description>Sectigo RSA - generic -- assert nothing.</description>
|
73
|
+
<example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
|
74
|
+
<example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
|
75
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
76
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
77
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
78
|
+
</fingerprint>
|
79
|
+
|
80
|
+
<fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
81
|
+
<description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
|
82
|
+
<example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
83
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
84
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
85
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
86
|
+
</fingerprint>
|
87
|
+
|
88
|
+
<fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
|
89
|
+
<description>Go Daddy G2 - generic -- assert nothing.</description>
|
90
|
+
<example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
|
91
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
92
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
93
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
94
|
+
</fingerprint>
|
95
|
+
|
11
96
|
<!-- Chromecast and various devices that support the Cast protocol -->
|
12
97
|
|
13
98
|
<fingerprint pattern="^CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US$">
|
@@ -15,10 +100,13 @@
|
|
15
100
|
<example>CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
16
101
|
<param pos="0" name="os.vendor" value="Google"/>
|
17
102
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
103
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
18
104
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
19
105
|
<param pos="0" name="hw.device" value="Media Server"/>
|
20
106
|
<param pos="0" name="hw.vendor" value="Google"/>
|
21
107
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
108
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
109
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
22
110
|
<param pos="0" name="chromecast.generation" value="1"/>
|
23
111
|
</fingerprint>
|
24
112
|
|
@@ -34,10 +122,13 @@
|
|
34
122
|
<example chromecast.generation="12">CN=Chromecast ICA 12,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
35
123
|
<param pos="0" name="os.vendor" value="Google"/>
|
36
124
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
125
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
37
126
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
38
127
|
<param pos="0" name="hw.device" value="Media Server"/>
|
39
128
|
<param pos="0" name="hw.vendor" value="Google"/>
|
40
129
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
130
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
131
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
41
132
|
<param pos="1" name="chromecast.generation"/>
|
42
133
|
<param pos="2" name="chromecast.capabilities"/>
|
43
134
|
</fingerprint>
|
@@ -119,6 +210,20 @@
|
|
119
210
|
<param pos="0" name="hw.vendor" value="APC"/>
|
120
211
|
</fingerprint>
|
121
212
|
|
213
|
+
<fingerprint pattern="^CN=ASA Temporary Self Signed Certificate$">
|
214
|
+
<description>Cisco ASA Temp Cert</description>
|
215
|
+
<example>CN=ASA Temporary Self Signed Certificate</example>
|
216
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
217
|
+
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
218
|
+
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
219
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
220
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
221
|
+
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
222
|
+
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
223
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
224
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
225
|
+
</fingerprint>
|
226
|
+
|
122
227
|
<fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
|
123
228
|
<description>Cisco Video Communication Server</description>
|
124
229
|
<example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
|
@@ -131,9 +236,11 @@
|
|
131
236
|
<description>VMware ESXi w/Installer</description>
|
132
237
|
<example>O=VMware Installer</example>
|
133
238
|
<param pos="0" name="os.vendor" value="VMware"/>
|
134
|
-
<param pos="0" name="os.
|
239
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
240
|
+
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
135
241
|
<param pos="0" name="os.device" value="Hypervisor"/>
|
136
242
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
|
243
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
137
244
|
</fingerprint>
|
138
245
|
|
139
246
|
<fingerprint pattern="^CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US$">
|
@@ -151,11 +258,139 @@
|
|
151
258
|
<param pos="0" name="hw.vendor" value="HP"/>
|
152
259
|
<param pos="0" name="hw.family" value="iLO"/>
|
153
260
|
<param pos="0" name="hw.product" value="iLO"/>
|
154
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
261
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
155
262
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
156
263
|
<param pos="0" name="os.vendor" value="HP"/>
|
157
264
|
<param pos="0" name="os.family" value="iLO"/>
|
158
265
|
<param pos="0" name="os.product" value="iLO"/>
|
266
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
267
|
+
</fingerprint>
|
268
|
+
|
269
|
+
<fingerprint pattern="^CN=synology.com,O=Synology Inc.,L=Taipei,C=TW$">
|
270
|
+
<description>Synology</description>
|
271
|
+
<example>CN=synology.com,O=Synology Inc.,L=Taipei,C=TW</example>
|
272
|
+
<param pos="0" name="os.device" value="NAS"/>
|
273
|
+
<param pos="0" name="os.family" value="Linux"/>
|
274
|
+
<param pos="0" name="os.product" value="DSM"/>
|
275
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
276
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
277
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
278
|
+
</fingerprint>
|
279
|
+
|
280
|
+
<fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
|
281
|
+
<description>Citrix Netscaler (later renamed to Citrix ADC)</description>
|
282
|
+
<example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
283
|
+
<example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
284
|
+
<param pos="0" name="service.vendor" value="Citrix"/>
|
285
|
+
<param pos="0" name="service.family" value="Netscaler"/>
|
286
|
+
<param pos="0" name="service.product" value="Netscaler"/>
|
287
|
+
<param pos="0" name="service.device" value="Network Management Device"/>
|
288
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
|
289
|
+
<param pos="0" name="os.vendor" value="Citrix"/>
|
290
|
+
<param pos="0" name="os.family" value="Netscaler"/>
|
291
|
+
<param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
|
292
|
+
<param pos="0" name="os.device" value="Network Management Device"/>
|
293
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
294
|
+
<param pos="0" name="hw.vendor" value="Citrix"/>
|
295
|
+
<param pos="0" name="hw.family" value="Netscaler"/>
|
296
|
+
<param pos="0" name="hw.product" value="Netscaler Gateway"/>
|
297
|
+
<param pos="0" name="hw.device" value="Network Management Device"/>
|
298
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
|
299
|
+
</fingerprint>
|
300
|
+
|
301
|
+
<fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
|
302
|
+
<description>Technicolor Router - without model or version</description>
|
303
|
+
<example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
|
304
|
+
<param pos="0" name="os.vendor" value="Technicolor"/>
|
305
|
+
<param pos="0" name="os.device" value="Router"/>
|
306
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
307
|
+
<param pos="0" name="hw.vendor" value="Technicolor"/>
|
308
|
+
<param pos="0" name="hw.device" value="Router"/>
|
309
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
310
|
+
</fingerprint>
|
311
|
+
|
312
|
+
<fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
|
313
|
+
<description>DrayTek Vigor Router - without model or version</description>
|
314
|
+
<example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
|
315
|
+
<param pos="0" name="os.vendor" value="DrayTek"/>
|
316
|
+
<param pos="0" name="os.device" value="Router"/>
|
317
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
318
|
+
<param pos="0" name="hw.vendor" value="DrayTek"/>
|
319
|
+
<param pos="0" name="hw.family" value="Vigor"/>
|
320
|
+
<param pos="0" name="hw.device" value="Router"/>
|
321
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
322
|
+
</fingerprint>
|
323
|
+
|
324
|
+
<fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
|
325
|
+
<description>Kubernetes NGINX Ingress Controller with default cert</description>
|
326
|
+
<example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
|
327
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
328
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
329
|
+
<param pos="0" name="service.product" value="NGINX Ingress Controller"/>
|
330
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
|
331
|
+
</fingerprint>
|
332
|
+
|
333
|
+
<fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
|
334
|
+
<description>Traefik Proxy default certificate</description>
|
335
|
+
<example>CN=TRAEFIK DEFAULT CERT</example>
|
336
|
+
<param pos="0" name="service.vendor" value="Traefik Labs"/>
|
337
|
+
<param pos="0" name="service.family" value="Traefik"/>
|
338
|
+
<param pos="0" name="service.product" value="Traefik Proxy"/>
|
339
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
|
340
|
+
</fingerprint>
|
341
|
+
|
342
|
+
<fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
|
343
|
+
<description>WatchGuard Fireware</description>
|
344
|
+
<example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
|
345
|
+
<example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>
|
346
|
+
<param pos="0" name="service.vendor" value="WatchGuard"/>
|
347
|
+
<param pos="0" name="service.product" value="Fireware XTM"/>
|
348
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
|
349
|
+
<param pos="0" name="os.vendor" value="WatchGuard"/>
|
350
|
+
<param pos="0" name="os.product" value="Fireware"/>
|
351
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
|
352
|
+
</fingerprint>
|
353
|
+
|
354
|
+
<fingerprint pattern="^O=Caddy Self-Signed$">
|
355
|
+
<description>CaddyServer Caddy - golang based httpd</description>
|
356
|
+
<example>O=Caddy Self-Signed</example>
|
357
|
+
<param pos="0" name="service.vendor" value="CaddyServer"/>
|
358
|
+
<param pos="0" name="service.product" value="Caddy"/>
|
359
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
360
|
+
</fingerprint>
|
361
|
+
|
362
|
+
<fingerprint pattern="^CN=Avaya cu360 (\S+)$">
|
363
|
+
<description>Avaya Video Conferencing Device - CU360</description>
|
364
|
+
<example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
|
365
|
+
<param pos="0" name="hw.vendor" value="Avaya"/>
|
366
|
+
<param pos="0" name="hw.device" value="Video Conference"/>
|
367
|
+
<param pos="0" name="hw.product" value="CU360"/>
|
368
|
+
<param pos="1" name="hw.serial_number"/>
|
369
|
+
</fingerprint>
|
370
|
+
|
371
|
+
<fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
|
372
|
+
<description>Roomba Device</description>
|
373
|
+
<example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
|
374
|
+
<param pos="0" name="hw.vendor" value="iRobot"/>
|
375
|
+
<param pos="0" name="hw.device" value="Device"/>
|
376
|
+
<param pos="0" name="hw.product" value="Roomba"/>
|
377
|
+
</fingerprint>
|
378
|
+
|
379
|
+
<fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
|
380
|
+
<description>FreshTomato Router Fireware</description>
|
381
|
+
<example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
|
382
|
+
<param pos="0" name="os.vendor" value="FreshTomato"/>
|
383
|
+
<param pos="0" name="os.product" value="Linux"/>
|
384
|
+
<param pos="0" name="os.device" value="Router"/>
|
385
|
+
</fingerprint>
|
386
|
+
|
387
|
+
<fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
|
388
|
+
<description>Bosch Device</description>
|
389
|
+
<example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
|
390
|
+
<param pos="0" name="os.vendor" value="Bosch"/>
|
391
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
392
|
+
<param pos="1" name="hw.serial_number"/>
|
393
|
+
<param pos="2" name="host.mac"/>
|
159
394
|
</fingerprint>
|
160
395
|
|
161
396
|
</fingerprints>
|