recog 2.3.18 → 2.3.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +26 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +33 -12
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +355 -200
- data/features/verify.feature +14 -14
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +105 -0
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +19 -0
- data/identifiers/hw_product.txt +122 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +3 -0
- data/identifiers/os_product.txt +46 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +90 -2
- data/identifiers/vendor.txt +104 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +19 -6
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +270 -45
- data/xml/ftp_banners.xml +89 -64
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +1051 -62
- data/xml/http_cookies.xml +294 -85
- data/xml/http_servers.xml +551 -122
- data/xml/http_wwwauth.xml +139 -43
- data/xml/imap_banners.xml +8 -8
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +720 -27
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +4 -4
- data/xml/ntp_banners.xml +79 -65
- data/xml/operating_system.xml +6 -6
- data/xml/pop_banners.xml +11 -11
- data/xml/rsh_resp.xml +3 -3
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +374 -9
- data/xml/sip_user_agents.xml +377 -5
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +168 -129
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +508 -214
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +145 -29
- data/xml/telnet_banners.xml +240 -61
- data/xml/tls_jarm.xml +162 -0
- data/xml/x509_issuers.xml +237 -2
- data/xml/x509_subjects.xml +369 -49
- metadata +10 -3
data/xml/x509_subjects.xml
CHANGED
@@ -69,12 +69,12 @@
|
|
69
69
|
|
70
70
|
<fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
|
71
71
|
<description>Cisco IP phone with serial number</description>
|
72
|
-
<example host.mac="B07D47D33A1C" hw.product="CP-8851"
|
73
|
-
<example host.mac="64D989000000" hw.product="CP-9951"
|
72
|
+
<example host.mac="B07D47D33A1C" hw.product="CP-8851" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
|
73
|
+
<example host.mac="64D989000000" hw.product="CP-9951" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
|
74
74
|
<param pos="0" name="hw.device" value="VoIP"/>
|
75
75
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
76
76
|
<param pos="1" name="hw.product"/>
|
77
|
-
<param pos="2" name="
|
77
|
+
<param pos="2" name="hw.serial_number"/>
|
78
78
|
<param pos="3" name="host.mac"/>
|
79
79
|
</fingerprint>
|
80
80
|
|
@@ -103,6 +103,29 @@
|
|
103
103
|
<param pos="1" name="hw.product"/>
|
104
104
|
</fingerprint>
|
105
105
|
|
106
|
+
<fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
|
107
|
+
<description>Technicolor Router - without model or version</description>
|
108
|
+
<example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
|
109
|
+
<param pos="0" name="os.vendor" value="Technicolor"/>
|
110
|
+
<param pos="0" name="os.device" value="Router"/>
|
111
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
112
|
+
<param pos="0" name="hw.vendor" value="Technicolor"/>
|
113
|
+
<param pos="0" name="hw.device" value="Router"/>
|
114
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
115
|
+
</fingerprint>
|
116
|
+
|
117
|
+
<fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
|
118
|
+
<description>DrayTek Vigor Router - without model or version</description>
|
119
|
+
<example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
|
120
|
+
<param pos="0" name="os.vendor" value="DrayTek"/>
|
121
|
+
<param pos="0" name="os.device" value="Router"/>
|
122
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
123
|
+
<param pos="0" name="hw.vendor" value="DrayTek"/>
|
124
|
+
<param pos="0" name="hw.family" value="Vigor"/>
|
125
|
+
<param pos="0" name="hw.device" value="Router"/>
|
126
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
127
|
+
</fingerprint>
|
128
|
+
|
106
129
|
<fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
|
107
130
|
<description>Nepenthes honeypot</description>
|
108
131
|
<example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
|
@@ -193,16 +216,17 @@
|
|
193
216
|
|
194
217
|
<fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US$">
|
195
218
|
<description>HP iLO</description>
|
196
|
-
<example>CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
|
219
|
+
<example host.name="SERVER-1231">CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
|
197
220
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
198
221
|
<param pos="0" name="hw.vendor" value="HP"/>
|
199
222
|
<param pos="0" name="hw.family" value="iLO"/>
|
200
223
|
<param pos="0" name="hw.product" value="iLO"/>
|
201
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
224
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
202
225
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
203
226
|
<param pos="0" name="os.vendor" value="HP"/>
|
204
227
|
<param pos="0" name="os.family" value="iLO"/>
|
205
228
|
<param pos="0" name="os.product" value="iLO"/>
|
229
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
206
230
|
<param pos="1" name="host.name"/>
|
207
231
|
</fingerprint>
|
208
232
|
|
@@ -213,41 +237,44 @@
|
|
213
237
|
<param pos="0" name="hw.vendor" value="HP"/>
|
214
238
|
<param pos="0" name="hw.family" value="iLO"/>
|
215
239
|
<param pos="0" name="hw.product" value="iLO"/>
|
216
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
240
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
217
241
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
218
242
|
<param pos="0" name="os.vendor" value="HP"/>
|
219
243
|
<param pos="0" name="os.family" value="iLO"/>
|
220
244
|
<param pos="0" name="os.product" value="iLO"/>
|
245
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
221
246
|
</fingerprint>
|
222
247
|
|
223
248
|
<fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
|
224
249
|
<description>HP iLO (Onboard Administrator)</description>
|
225
|
-
<example>CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
|
250
|
+
<example host.mac="001F296E21A3">CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
|
226
251
|
<example>CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
|
227
252
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
228
253
|
<param pos="0" name="hw.vendor" value="HP"/>
|
229
254
|
<param pos="0" name="hw.family" value="iLO"/>
|
230
255
|
<param pos="0" name="hw.product" value="iLO"/>
|
231
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
256
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
232
257
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
233
258
|
<param pos="0" name="os.vendor" value="HP"/>
|
234
259
|
<param pos="0" name="os.family" value="iLO"/>
|
235
260
|
<param pos="0" name="os.product" value="iLO"/>
|
261
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
236
262
|
<param pos="1" name="host.mac"/>
|
237
263
|
</fingerprint>
|
238
264
|
|
239
265
|
<fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
|
240
266
|
<description>HP iLO - Enterprise Mgmt variant</description>
|
241
|
-
<example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
|
267
|
+
<example host.name="bigsrv99">CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
|
242
268
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
243
269
|
<param pos="0" name="hw.vendor" value="HP"/>
|
244
270
|
<param pos="0" name="hw.family" value="iLO"/>
|
245
271
|
<param pos="0" name="hw.product" value="iLO"/>
|
246
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
272
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
247
273
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
248
274
|
<param pos="0" name="os.vendor" value="HP"/>
|
249
275
|
<param pos="0" name="os.family" value="iLO"/>
|
250
276
|
<param pos="0" name="os.product" value="iLO"/>
|
277
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
251
278
|
<param pos="1" name="host.name"/>
|
252
279
|
</fingerprint>
|
253
280
|
|
@@ -262,6 +289,7 @@
|
|
262
289
|
<param pos="0" name="os.vendor" value="Oracle"/>
|
263
290
|
<param pos="0" name="os.family" value="ILOM"/>
|
264
291
|
<param pos="0" name="os.product" value="ILOM"/>
|
292
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
|
265
293
|
</fingerprint>
|
266
294
|
|
267
295
|
<fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
|
@@ -280,27 +308,27 @@
|
|
280
308
|
|
281
309
|
<fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
|
282
310
|
<description>Cisco Integrated Management Controller</description>
|
283
|
-
<example
|
311
|
+
<example hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
|
284
312
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
285
313
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
286
314
|
<param pos="0" name="hw.product" value="IMC"/>
|
287
315
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
288
316
|
<param pos="0" name="os.family" value="Linux"/>
|
289
317
|
<param pos="0" name="os.product" value="IMC"/>
|
290
|
-
<param pos="2" name="
|
318
|
+
<param pos="2" name="hw.serial_number"/>
|
291
319
|
<param pos="1" name="cisco.imc_model"/>
|
292
320
|
</fingerprint>
|
293
321
|
|
294
322
|
<fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
|
295
323
|
<description>Cisco Integrated Management Controller C220</description>
|
296
|
-
<example
|
324
|
+
<example hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
|
297
325
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
298
326
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
299
327
|
<param pos="0" name="hw.product" value="IMC"/>
|
300
328
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
301
329
|
<param pos="0" name="os.family" value="Linux"/>
|
302
330
|
<param pos="0" name="os.product" value="IMC"/>
|
303
|
-
<param pos="1" name="
|
331
|
+
<param pos="1" name="hw.serial_number"/>
|
304
332
|
</fingerprint>
|
305
333
|
|
306
334
|
<fingerprint pattern="^CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US$">
|
@@ -370,7 +398,7 @@
|
|
370
398
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
371
399
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
372
400
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
373
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
401
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
374
402
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
375
403
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
376
404
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -380,12 +408,12 @@
|
|
380
408
|
|
381
409
|
<fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
|
382
410
|
<description>Cisco vWLC</description>
|
383
|
-
<example
|
411
|
+
<example hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
|
384
412
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
385
413
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
386
414
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
387
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
388
|
-
<param pos="1" name="
|
415
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
416
|
+
<param pos="1" name="hw.serial_number"/>
|
389
417
|
</fingerprint>
|
390
418
|
|
391
419
|
<fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
|
@@ -394,7 +422,7 @@
|
|
394
422
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
395
423
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
396
424
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
397
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
425
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
398
426
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
399
427
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
400
428
|
<param pos="0" name="hw.product" value="Wireless LAN Controller"/>
|
@@ -476,12 +504,15 @@
|
|
476
504
|
|
477
505
|
<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
|
478
506
|
<description>VMware ESX</description>
|
479
|
-
<example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
507
|
+
<example host.name="server99.">CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
508
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
480
509
|
<param pos="0" name="os.vendor" value="VMware"/>
|
481
|
-
<param pos="0" name="os.
|
510
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
511
|
+
<param pos="0" name="os.product" value="VMware ESX Server"/>
|
482
512
|
<param pos="0" name="os.device" value="Hypervisor"/>
|
483
513
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
|
484
514
|
<param pos="1" name="host.name"/>
|
515
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
485
516
|
</fingerprint>
|
486
517
|
|
487
518
|
<fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
|
@@ -496,6 +527,24 @@
|
|
496
527
|
<param pos="0" name="service.product" value="Site Recovery Manager"/>
|
497
528
|
</fingerprint>
|
498
529
|
|
530
|
+
<fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware Horizon View default certificate,O=VMware\\, Inc.$">
|
531
|
+
<description>VMware Horizon (formerly View)</description>
|
532
|
+
<example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware Horizon View default certificate,O=VMware\, Inc.</example>
|
533
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
534
|
+
<param pos="0" name="service.product" value="Horizon"/>
|
535
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:horizon:-"/>
|
536
|
+
<param pos="1" name="host.name"/>
|
537
|
+
</fingerprint>
|
538
|
+
|
539
|
+
<fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware View default certificate,O=VMware\\, Inc.$">
|
540
|
+
<description>VMware View</description>
|
541
|
+
<example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware View default certificate,O=VMware\, Inc.</example>
|
542
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
543
|
+
<param pos="0" name="service.product" value="View"/>
|
544
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:view:-"/>
|
545
|
+
<param pos="1" name="host.name"/>
|
546
|
+
</fingerprint>
|
547
|
+
|
499
548
|
<fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
|
500
549
|
<description>Cisco IOS Default Certificate</description>
|
501
550
|
<example>CN=IOS-Self-Signed-Certificate-4163115936</example>
|
@@ -507,17 +556,77 @@
|
|
507
556
|
<param pos="0" name="hw.device" value="Router"/>
|
508
557
|
</fingerprint>
|
509
558
|
|
559
|
+
<fingerprint pattern="^CN=kube-apiserver$">
|
560
|
+
<description>Kubernetes api-server default certificate</description>
|
561
|
+
<example>CN=kube-apiserver</example>
|
562
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
563
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
564
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
565
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
566
|
+
</fingerprint>
|
567
|
+
|
568
|
+
<fingerprint pattern="^CN=kubernetes-master$">
|
569
|
+
<description>Kubernetes Control Plane (formerly master) default certificate</description>
|
570
|
+
<example>CN=kubernetes-master</example>
|
571
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
572
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
573
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
574
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
575
|
+
</fingerprint>
|
576
|
+
|
577
|
+
<fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
|
578
|
+
<description>Kubernetes NGINX Ingress Controller with default cert</description>
|
579
|
+
<example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
|
580
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
581
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
582
|
+
<param pos="0" name="service.product" value="NGINX Ingress Controller"/>
|
583
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
|
584
|
+
</fingerprint>
|
585
|
+
|
586
|
+
<fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
|
587
|
+
<description>Traefik Proxy default certificate</description>
|
588
|
+
<example>CN=TRAEFIK DEFAULT CERT</example>
|
589
|
+
<param pos="0" name="service.vendor" value="Traefik Labs"/>
|
590
|
+
<param pos="0" name="service.family" value="Traefik"/>
|
591
|
+
<param pos="0" name="service.product" value="Traefik Proxy"/>
|
592
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
|
593
|
+
</fingerprint>
|
594
|
+
|
595
|
+
<fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
|
596
|
+
<description>Citrix Netscaler (later renamed to Citrix ADC)</description>
|
597
|
+
<example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
598
|
+
<example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
599
|
+
<param pos="0" name="service.vendor" value="Citrix"/>
|
600
|
+
<param pos="0" name="service.family" value="Netscaler"/>
|
601
|
+
<param pos="0" name="service.product" value="Netscaler"/>
|
602
|
+
<param pos="0" name="service.device" value="Network Management Device"/>
|
603
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
|
604
|
+
<param pos="0" name="os.vendor" value="Citrix"/>
|
605
|
+
<param pos="0" name="os.family" value="Netscaler"/>
|
606
|
+
<param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
|
607
|
+
<param pos="0" name="os.device" value="Network Management Device"/>
|
608
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
609
|
+
<param pos="0" name="hw.vendor" value="Citrix"/>
|
610
|
+
<param pos="0" name="hw.family" value="Netscaler"/>
|
611
|
+
<param pos="0" name="hw.product" value="Netscaler Gateway"/>
|
612
|
+
<param pos="0" name="hw.device" value="Network Management Device"/>
|
613
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
|
614
|
+
</fingerprint>
|
615
|
+
|
510
616
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
511
617
|
<description>Google Chromecast</description>
|
512
|
-
<example
|
513
|
-
<example
|
618
|
+
<example host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
619
|
+
<example host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
514
620
|
<param pos="0" name="os.vendor" value="Google"/>
|
515
621
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
622
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
516
623
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
517
624
|
<param pos="0" name="hw.device" value="Media Server"/>
|
518
625
|
<param pos="0" name="hw.vendor" value="Google"/>
|
519
626
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
520
|
-
<param pos="
|
627
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
628
|
+
<param pos="1" name="hw.serial_number"/>
|
629
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
521
630
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
522
631
|
|
523
632
|
<param pos="2" name="host.mac_local"/>
|
@@ -525,14 +634,14 @@
|
|
525
634
|
|
526
635
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
527
636
|
<description>Vizio SmartTV (Android) with Google Cast</description>
|
528
|
-
<example
|
637
|
+
<example hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
529
638
|
<param pos="0" name="os.vendor" value="Google"/>
|
530
639
|
<param pos="0" name="os.family" value="Linux"/>
|
531
640
|
<param pos="0" name="os.product" value="Android"/>
|
532
641
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
|
533
642
|
<param pos="0" name="hw.device" value="Smart TV"/>
|
534
643
|
<param pos="0" name="hw.vendor" value="Vizio"/>
|
535
|
-
<param pos="1" name="
|
644
|
+
<param pos="1" name="hw.serial_number"/>
|
536
645
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
537
646
|
|
538
647
|
<param pos="2" name="host.mac_local"/>
|
@@ -562,6 +671,30 @@
|
|
562
671
|
<param pos="0" name="os.device" value="Video Conferencing"/>
|
563
672
|
</fingerprint>
|
564
673
|
|
674
|
+
<fingerprint pattern="^CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US$">
|
675
|
+
<description>Lifesize TelePresence (a_lifesize variant 1)</description>
|
676
|
+
<example>CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US</example>
|
677
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
678
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
679
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
680
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
681
|
+
<param pos="0" name="os.family" value="Linux"/>
|
682
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
683
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
684
|
+
</fingerprint>
|
685
|
+
|
686
|
+
<fingerprint pattern="^CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\\, Inc\.,ST=Texas,C=US$">
|
687
|
+
<description>Lifesize TelePresence (a_lifesize variant 2)</description>
|
688
|
+
<example>CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\, Inc.,ST=Texas,C=US</example>
|
689
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
690
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
691
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
692
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
693
|
+
<param pos="0" name="os.family" value="Linux"/>
|
694
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
695
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
696
|
+
</fingerprint>
|
697
|
+
|
565
698
|
<fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
|
566
699
|
<description>Crestron Mercury</description>
|
567
700
|
<example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
|
@@ -747,8 +880,8 @@
|
|
747
880
|
|
748
881
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
749
882
|
<description>Fortinet Gateway</description>
|
750
|
-
<example
|
751
|
-
<example
|
883
|
+
<example hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
884
|
+
<example hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
752
885
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
753
886
|
<param pos="0" name="hw.device" value="Firewall"/>
|
754
887
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
@@ -756,12 +889,12 @@
|
|
756
889
|
<param pos="0" name="os.device" value="Firewall"/>
|
757
890
|
<param pos="0" name="os.product" value="FortiOS"/>
|
758
891
|
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
759
|
-
<param pos="1" name="
|
892
|
+
<param pos="1" name="hw.serial_number"/>
|
760
893
|
</fingerprint>
|
761
894
|
|
762
895
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
|
763
896
|
<description>Fortinet Gateway (Older)</description>
|
764
|
-
<example
|
897
|
+
<example hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
|
765
898
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
766
899
|
<param pos="0" name="hw.device" value="Firewall"/>
|
767
900
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
@@ -769,7 +902,7 @@
|
|
769
902
|
<param pos="0" name="os.device" value="Firewall"/>
|
770
903
|
<param pos="0" name="os.product" value="FortiOS"/>
|
771
904
|
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
772
|
-
<param pos="1" name="
|
905
|
+
<param pos="1" name="hw.serial_number"/>
|
773
906
|
</fingerprint>
|
774
907
|
|
775
908
|
<fingerprint pattern="^CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
@@ -893,6 +1026,16 @@
|
|
893
1026
|
<param pos="0" name="os.device" value="Router"/>
|
894
1027
|
</fingerprint>
|
895
1028
|
|
1029
|
+
<fingerprint pattern="^CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US">
|
1030
|
+
<description>Ubiquiti Router UI</description>
|
1031
|
+
<example>CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US</example>
|
1032
|
+
<param pos="0" name="hw.vendor" value="Ubiquiti"/>
|
1033
|
+
<param pos="0" name="hw.device" value="Router"/>
|
1034
|
+
<param pos="0" name="os.vendor" value="Ubiquiti"/>
|
1035
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1036
|
+
<param pos="0" name="os.device" value="Router"/>
|
1037
|
+
</fingerprint>
|
1038
|
+
|
896
1039
|
<fingerprint pattern="^CN=UniFi-Video Controller,OU=R&D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
|
897
1040
|
<description>Ubiquiti Video Controller</description>
|
898
1041
|
<example>CN=UniFi-Video Controller,OU=R&D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
|
@@ -989,10 +1132,11 @@
|
|
989
1132
|
<param pos="0" name="os.product" value="Linux"/>
|
990
1133
|
</fingerprint>
|
991
1134
|
|
992
|
-
<fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US
|
1135
|
+
<fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US(?:,\S+)?$">
|
993
1136
|
<description>Mercurity Security (now HID Global)</description>
|
994
1137
|
<example hw.product="M5IC" host.mac="000FE507A1F1">CN=MAC000FE507A1F1,OU=M5IC,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
|
995
1138
|
<example hw.product="EP-1502" host.mac="000FE508BC71">CN=MAC000FE508BC71,OU=EP-1502,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
|
1139
|
+
<example hw.product="LP-1501" host.mac="000FE5091111">CN=MAC000FE5091111,OU=LP-1501,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US,2.5.4.4=#111111111111111111</example>
|
996
1140
|
<param pos="0" name="hw.vendor" value="Mercury Security"/>
|
997
1141
|
<param pos="0" name="hw.device" value="Access Control"/>
|
998
1142
|
<param pos="1" name="host.mac"/>
|
@@ -1027,13 +1171,30 @@
|
|
1027
1171
|
</fingerprint>
|
1028
1172
|
|
1029
1173
|
<fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
|
1030
|
-
<description>SonicWALL
|
1174
|
+
<description>SonicWALL SSL-VPN</description>
|
1031
1175
|
<example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
|
1176
|
+
<param pos="0" name="service.vendor" value="SonicWall"/>
|
1177
|
+
<param pos="0" name="service.family" value="SSL-VPN"/>
|
1032
1178
|
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
1033
1179
|
<param pos="0" name="hw.device" value="VPN"/>
|
1034
1180
|
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1035
|
-
<param pos="0" name="os.
|
1036
|
-
<param pos="0" name="os.
|
1181
|
+
<param pos="0" name="os.family" value="SonicOS"/>
|
1182
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1183
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1184
|
+
</fingerprint>
|
1185
|
+
|
1186
|
+
<fingerprint pattern="^CN=[0-9\.]+,OU=HTTPS Management Certificate for SonicWALL \(self-signed\),O=HTTPS Management Certificate for SonicWALL \(self-signed\),L=Sunnyvale,ST=California,C=US$">
|
1187
|
+
<description>SonicWALL Network Security Appliance firewall</description>
|
1188
|
+
<example>CN=192.168.168.168,OU=HTTPS Management Certificate for SonicWALL (self-signed),O=HTTPS Management Certificate for SonicWALL (self-signed),L=Sunnyvale,ST=California,C=US</example>
|
1189
|
+
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
1190
|
+
<param pos="0" name="hw.product" value="Network Security Appliance"/>
|
1191
|
+
<param pos="0" name="hw.family" value="Network Security Appliance"/>
|
1192
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
1193
|
+
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1194
|
+
<param pos="0" name="os.family" value="SonicOS"/>
|
1195
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1196
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
1197
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1037
1198
|
</fingerprint>
|
1038
1199
|
|
1039
1200
|
<fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
|
@@ -1041,10 +1202,19 @@
|
|
1041
1202
|
<example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
|
1042
1203
|
<param pos="0" name="service.vendor" value="Akamai"/>
|
1043
1204
|
<param pos="0" name="service.product" value="GHost"/>
|
1205
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:akamai:akamaighost:-"/>
|
1044
1206
|
<param pos="0" name="os.vendor" value="Akamai"/>
|
1045
1207
|
<param pos="0" name="os.device" value="Web Proxy"/>
|
1046
1208
|
</fingerprint>
|
1047
1209
|
|
1210
|
+
<fingerprint pattern="^O=Caddy Self-Signed$">
|
1211
|
+
<description>CaddyServer Caddy - golang based httpd</description>
|
1212
|
+
<example>O=Caddy Self-Signed</example>
|
1213
|
+
<param pos="0" name="service.vendor" value="CaddyServer"/>
|
1214
|
+
<param pos="0" name="service.product" value="Caddy"/>
|
1215
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
1216
|
+
</fingerprint>
|
1217
|
+
|
1048
1218
|
<fingerprint pattern="^CN=HP_3PAR_">
|
1049
1219
|
<description>HP 3PAR</description>
|
1050
1220
|
<example>CN=HP_3PAR_1626615</example>
|
@@ -1066,7 +1236,7 @@
|
|
1066
1236
|
|
1067
1237
|
<fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
|
1068
1238
|
<description>Canon iR-ADV Printer with product info</description>
|
1069
|
-
<example os.product="iR-ADV">CN=Canon iR-ADV</example>
|
1239
|
+
<example os.product="iR-ADV" hw.product="iR-ADV">CN=Canon iR-ADV</example>
|
1070
1240
|
<param pos="0" name="hw.device" value="Printer"/>
|
1071
1241
|
<param pos="0" name="hw.vendor" value="Canon"/>
|
1072
1242
|
<param pos="0" name="os.device" value="Printer"/>
|
@@ -1131,19 +1301,28 @@
|
|
1131
1301
|
|
1132
1302
|
<fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
|
1133
1303
|
<description>Ruckus Zone Director</description>
|
1134
|
-
<example
|
1304
|
+
<example hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
|
1135
1305
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1136
1306
|
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1137
1307
|
<param pos="0" name="hw.product" value="Zone Director"/>
|
1138
1308
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
1139
1309
|
<param pos="0" name="os.vendor" value="Ruckus"/>
|
1140
1310
|
<param pos="0" name="os.product" value="Zone Director"/>
|
1141
|
-
<param pos="1" name="
|
1311
|
+
<param pos="1" name="hw.serial_number"/>
|
1312
|
+
</fingerprint>
|
1313
|
+
|
1314
|
+
<fingerprint pattern="^CN=SN-(\d+),O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US$">
|
1315
|
+
<description>Ruckus Wireless Access Point</description>
|
1316
|
+
<example hw.serial_number="010101010101">CN=SN-010101010101,O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US</example>
|
1317
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1318
|
+
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1319
|
+
<param pos="0" name="hw.product" value="Access Point"/>
|
1320
|
+
<param pos="1" name="hw.serial_number"/>
|
1142
1321
|
</fingerprint>
|
1143
1322
|
|
1144
1323
|
<fingerprint pattern="^CN=DT([^\s]+) Series,O=NEC Corporation,ST=Tokyo,C=JP$">
|
1145
1324
|
<description>NEC DT Series IP Phone</description>
|
1146
|
-
<example>CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
|
1325
|
+
<example hw.product="800">CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
|
1147
1326
|
<param pos="0" name="os.vendor" value="NEC"/>
|
1148
1327
|
<param pos="0" name="os.device" value="VoIP"/>
|
1149
1328
|
<param pos="0" name="hw.vendor" value="NEC"/>
|
@@ -1197,16 +1376,12 @@
|
|
1197
1376
|
<param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
|
1198
1377
|
<param pos="0" name="hw.device" value="Firewall"/>
|
1199
1378
|
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
|
1200
|
-
<param pos="0" name="os.product" value="
|
1379
|
+
<param pos="0" name="os.product" value="PAN-OS"/>
|
1380
|
+
<param pos="0" name="os.family" value="PAN-OS"/>
|
1201
1381
|
<param pos="0" name="os.device" value="Firewall"/>
|
1202
|
-
|
1203
|
-
|
1204
|
-
|
1205
|
-
<description>VMware vCenter</description>
|
1206
|
-
<example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
|
1207
|
-
<param pos="0" name="service.vendor" value="VMware"/>
|
1208
|
-
<param pos="0" name="service.product" value="vCenter"/>
|
1209
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:vcenter_server:-"/>
|
1382
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
|
1383
|
+
<param pos="0" name="service.vendor" value="Palo Alto Networks"/>
|
1384
|
+
<param pos="0" name="service.device" value="Firewall"/>
|
1210
1385
|
</fingerprint>
|
1211
1386
|
|
1212
1387
|
<fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
|
@@ -1296,9 +1471,10 @@
|
|
1296
1471
|
<param pos="0" name="hw.product" value="Sensor"/>
|
1297
1472
|
</fingerprint>
|
1298
1473
|
|
1299
|
-
<fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US$">
|
1474
|
+
<fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,(?:L=Sunnyvale,)?ST=California,C=US$">
|
1300
1475
|
<description>Aerohive Access Point</description>
|
1301
1476
|
<example>CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US</example>
|
1477
|
+
<example>CN=HiveAP,OU=Default,O=Aerohive,L=Sunnyvale,ST=California,C=US</example>
|
1302
1478
|
<param pos="0" name="hw.vendor" value="Aerohive"/>
|
1303
1479
|
<param pos="0" name="hw.device" value="WAP"/>
|
1304
1480
|
<param pos="0" name="hw.product" value="Access Point"/>
|
@@ -1324,6 +1500,7 @@
|
|
1324
1500
|
<param pos="0" name="hw.vendor" value="Philips"/>
|
1325
1501
|
<param pos="0" name="hw.product" value="Hue"/>
|
1326
1502
|
<param pos="0" name="hw.device" value="Light Bulb"/>
|
1503
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
|
1327
1504
|
<param pos="1" name="host.mac_eui64"/>
|
1328
1505
|
</fingerprint>
|
1329
1506
|
|
@@ -1435,4 +1612,147 @@
|
|
1435
1612
|
<param pos="0" name="os.product" value="Linux"/>
|
1436
1613
|
</fingerprint>
|
1437
1614
|
|
1615
|
+
<fingerprint pattern="^CN=(RFS\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
|
1616
|
+
<description>Motorola RFS Wireless Controllers</description>
|
1617
|
+
<example host.mac="B1-C1-11-11-11-11" hw.product="RFS6000">CN=RFS6000-B1-C1-11-11-11-11</example>
|
1618
|
+
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1619
|
+
<param pos="0" name="hw.vendor" value="Motorola"/>
|
1620
|
+
<param pos="1" name="hw.product"/>
|
1621
|
+
<param pos="2" name="host.mac"/>
|
1622
|
+
</fingerprint>
|
1623
|
+
|
1624
|
+
<fingerprint pattern="^CN=(AP\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
|
1625
|
+
<description>Motorola Wireless Access Points</description>
|
1626
|
+
<example host.mac="F1-11-11-11-11-11" hw.product="AP6532">CN=AP6532-F1-11-11-11-11-11</example>
|
1627
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1628
|
+
<param pos="0" name="hw.vendor" value="Motorola"/>
|
1629
|
+
<param pos="1" name="hw.product"/>
|
1630
|
+
<param pos="2" name="host.mac"/>
|
1631
|
+
</fingerprint>
|
1632
|
+
|
1633
|
+
<fingerprint pattern="^CN=attvpngateway\.att\.com,O=AT&T,L=Tampa,ST=FL,C=US$">
|
1634
|
+
<description>ATT VPN Gateway</description>
|
1635
|
+
<example>CN=attvpngateway.att.com,O=AT&T,L=Tampa,ST=FL,C=US</example>
|
1636
|
+
<param pos="0" name="hw.vendor" value="ATT"/>
|
1637
|
+
<param pos="0" name="hw.device" value="VPN"/>
|
1638
|
+
<param pos="0" name="hw.product" value="VPN Gateway"/>
|
1639
|
+
</fingerprint>
|
1640
|
+
|
1641
|
+
<fingerprint pattern="^CN=silver-peak,OU=Networking Appliance">
|
1642
|
+
<description>Silver Peak Appliance</description>
|
1643
|
+
<example>CN=silver-peak,OU=Networking Appliance,O=Silver Peak Systems Inc,L=Mountain View,ST=California,C=--</example>
|
1644
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
1645
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1646
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
1647
|
+
</fingerprint>
|
1648
|
+
|
1649
|
+
<fingerprint pattern="^CN=Windows Media Player Network Sharing Service \(([A-Z-]{1,15})\)$">
|
1650
|
+
<description>Windows Media Player Network Sharing Service</description>
|
1651
|
+
<example host.name="LIVING-ROOM">CN=Windows Media Player Network Sharing Service (LIVING-ROOM)</example>
|
1652
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
1653
|
+
<param pos="0" name="service.product" value="Windows Media Player"/>
|
1654
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:windows_media_player:-"/>
|
1655
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1656
|
+
<param pos="0" name="os.family" value="Windows"/>
|
1657
|
+
<param pos="1" name="host.name"/>
|
1658
|
+
</fingerprint>
|
1659
|
+
|
1660
|
+
<fingerprint pattern="^CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR$">
|
1661
|
+
<description>Freebox Device</description>
|
1662
|
+
<example>CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR</example>
|
1663
|
+
<param pos="0" name="hw.vendor" value="Freebox"/>
|
1664
|
+
</fingerprint>
|
1665
|
+
|
1666
|
+
<fingerprint pattern="^CN=TP-LINK CA,O=TP-LINK Technologies CO.\\, LTD.,L=Shenzhen,ST=Guangdong,C=CN(?:,\S+)?$">
|
1667
|
+
<description>TP-LINK Device</description>
|
1668
|
+
<example>CN=TP-LINK CA,O=TP-LINK Technologies CO.\, LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c16736572766963654074702d6c696e6b2e636f6d2e636e</example>
|
1669
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
1670
|
+
</fingerprint>
|
1671
|
+
|
1672
|
+
<fingerprint pattern="^CN=BHA-([0-9a-fA-F]{12}),O=Bird Home Automation$">
|
1673
|
+
<description>Bird Home Automation</description>
|
1674
|
+
<example host.mac="0123456789AB">CN=BHA-0123456789AB,O=Bird Home Automation</example>
|
1675
|
+
<param pos="0" name="hw.device" value="Device"/>
|
1676
|
+
<param pos="0" name="hw.vendor" value="Bird Home Automation"/>
|
1677
|
+
<param pos="1" name="host.mac"/>
|
1678
|
+
</fingerprint>
|
1679
|
+
|
1680
|
+
<fingerprint pattern="^CN=\S+,OU=Media Server,O=Avaya Inc\.,C=US">
|
1681
|
+
<description>Avaya Media Server</description>
|
1682
|
+
<example>CN=192.168.0.3,OU=Media Server,O=Avaya Inc.,C=US</example>
|
1683
|
+
<param pos="0" name="os.vendor" value="Avaya"/>
|
1684
|
+
<param pos="0" name="os.device" value="Media Gateway"/>
|
1685
|
+
<param pos="0" name="os.product" value="Media Server"/>
|
1686
|
+
</fingerprint>
|
1687
|
+
|
1688
|
+
<fingerprint pattern="^CN=iSTAR Ultra">
|
1689
|
+
<description>iSTAR Ultra</description>
|
1690
|
+
<example>CN=iSTAR Ultra,OU=Access Control and Video Division,O=Johnson Controls,L=Westford,ST=Massachusetts,C=US</example>
|
1691
|
+
<param pos="0" name="os.vendor" value="Software House"/>
|
1692
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1693
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
1694
|
+
<param pos="0" name="hw.vendor" value="Software House"/>
|
1695
|
+
<param pos="0" name="hw.device" value="Access Control"/>
|
1696
|
+
<param pos="0" name="hw.family" value="iSTAR Door Controllers"/>
|
1697
|
+
<param pos="0" name="hw.product" value="iSTAR Ultra"/>
|
1698
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:swhouse:istar_ultra:-"/>
|
1699
|
+
</fingerprint>
|
1700
|
+
|
1701
|
+
<fingerprint pattern="^O=SpotteRF - NetworkedIO$">
|
1702
|
+
<description>SpotterRF</description>
|
1703
|
+
<example>O=SpotteRF - NetworkedIO</example>
|
1704
|
+
<param pos="0" name="os.vendor" value="SpotterRF"/>
|
1705
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1706
|
+
<param pos="0" name="os.certainty" value="0.90"/>
|
1707
|
+
<param pos="0" name="hw.vendor" value="SpotterRF"/>
|
1708
|
+
<param pos="0" name="hw.device" value="Sensor"/>
|
1709
|
+
<param pos="0" name="hw.product" value="Drone Detector"/>
|
1710
|
+
</fingerprint>
|
1711
|
+
|
1712
|
+
<fingerprint pattern="(?i)^CN=.{0,1000}myboschcam.net,O=Bosch Sicherheitssysteme">
|
1713
|
+
<description>Bosch AutoDome IP Camera</description>
|
1714
|
+
<example>CN=local.myboschcam.net,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,ST=Bayern,C=DE</example>
|
1715
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
1716
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
1717
|
+
<param pos="0" name="hw.product" value="AutoDome"/>
|
1718
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1719
|
+
</fingerprint>
|
1720
|
+
|
1721
|
+
<fingerprint pattern="(?i)CN=(\w+),OU=BWI,O=Redline Communications Inc">
|
1722
|
+
<description>Redline Communication Radios</description>
|
1723
|
+
<example hw.product="an80i">CN=an80i,OU=BWI,O=Redline Communications Inc.,C=CA</example>
|
1724
|
+
<param pos="0" name="hw.vendor" value="Redline"/>
|
1725
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1726
|
+
<param pos="1" name="hw.product"/>
|
1727
|
+
</fingerprint>
|
1728
|
+
|
1729
|
+
<fingerprint pattern="(?i)CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US">
|
1730
|
+
<description>Vadio DocCom</description>
|
1731
|
+
<example>CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US</example>
|
1732
|
+
<param pos="0" name="hw.vendor" value="Vaddio"/>
|
1733
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
1734
|
+
<param pos="0" name="hw.product" value="DocCam"/>
|
1735
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1736
|
+
</fingerprint>
|
1737
|
+
|
1738
|
+
<fingerprint pattern="(?i)CN=.{0,1000},OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ">
|
1739
|
+
<description>2N IP Intercoms</description>
|
1740
|
+
<example>CN=11111111111d,OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ</example>
|
1741
|
+
<param pos="0" name="hw.vendor" value="2N Telekomunikace"/>
|
1742
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
1743
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1744
|
+
</fingerprint>
|
1745
|
+
|
1746
|
+
<fingerprint pattern="^CN=(.{1,256}),OU=PVE Cluster Node,O=Proxmox Virtual Environment$">
|
1747
|
+
<description>Proxmox open-source virtualization platform</description>
|
1748
|
+
<example host.name="pve.example.org">CN=pve.example.org,OU=PVE Cluster Node,O=Proxmox Virtual Environment</example>
|
1749
|
+
<param pos="1" name="host.name"/>
|
1750
|
+
<param pos="0" name="service.vendor" value="Proxmox"/>
|
1751
|
+
<param pos="0" name="service.product" value="Virtual Environment"/>
|
1752
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
|
1753
|
+
<param pos="0" name="os.vendor" value="Proxmox"/>
|
1754
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1755
|
+
<param pos="0" name="os.product" value="Proxmox"/>
|
1756
|
+
</fingerprint>
|
1757
|
+
|
1438
1758
|
</fingerprints>
|