recog 2.3.18 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
@@ -69,12 +69,12 @@
69
69
 
70
70
  <fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
71
71
  <description>Cisco IP phone with serial number</description>
72
- <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
73
- <example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
72
+ <example host.mac="B07D47D33A1C" hw.product="CP-8851" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
73
+ <example host.mac="64D989000000" hw.product="CP-9951" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
74
74
  <param pos="0" name="hw.device" value="VoIP"/>
75
75
  <param pos="0" name="hw.vendor" value="Cisco"/>
76
76
  <param pos="1" name="hw.product"/>
77
- <param pos="2" name="cisco.serial_number"/>
77
+ <param pos="2" name="hw.serial_number"/>
78
78
  <param pos="3" name="host.mac"/>
79
79
  </fingerprint>
80
80
 
@@ -103,6 +103,29 @@
103
103
  <param pos="1" name="hw.product"/>
104
104
  </fingerprint>
105
105
 
106
+ <fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
107
+ <description>Technicolor Router - without model or version</description>
108
+ <example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
109
+ <param pos="0" name="os.vendor" value="Technicolor"/>
110
+ <param pos="0" name="os.device" value="Router"/>
111
+ <param pos="0" name="os.certainty" value="0.5"/>
112
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
113
+ <param pos="0" name="hw.device" value="Router"/>
114
+ <param pos="0" name="hw.certainty" value="0.5"/>
115
+ </fingerprint>
116
+
117
+ <fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
118
+ <description>DrayTek Vigor Router - without model or version</description>
119
+ <example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
120
+ <param pos="0" name="os.vendor" value="DrayTek"/>
121
+ <param pos="0" name="os.device" value="Router"/>
122
+ <param pos="0" name="os.certainty" value="0.5"/>
123
+ <param pos="0" name="hw.vendor" value="DrayTek"/>
124
+ <param pos="0" name="hw.family" value="Vigor"/>
125
+ <param pos="0" name="hw.device" value="Router"/>
126
+ <param pos="0" name="hw.certainty" value="0.5"/>
127
+ </fingerprint>
128
+
106
129
  <fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
107
130
  <description>Nepenthes honeypot</description>
108
131
  <example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
@@ -193,16 +216,17 @@
193
216
 
194
217
  <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US$">
195
218
  <description>HP iLO</description>
196
- <example>CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
219
+ <example host.name="SERVER-1231">CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
197
220
  <param pos="0" name="hw.device" value="Lights Out Management"/>
198
221
  <param pos="0" name="hw.vendor" value="HP"/>
199
222
  <param pos="0" name="hw.family" value="iLO"/>
200
223
  <param pos="0" name="hw.product" value="iLO"/>
201
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
224
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
202
225
  <param pos="0" name="os.device" value="Lights Out Management"/>
203
226
  <param pos="0" name="os.vendor" value="HP"/>
204
227
  <param pos="0" name="os.family" value="iLO"/>
205
228
  <param pos="0" name="os.product" value="iLO"/>
229
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
206
230
  <param pos="1" name="host.name"/>
207
231
  </fingerprint>
208
232
 
@@ -213,41 +237,44 @@
213
237
  <param pos="0" name="hw.vendor" value="HP"/>
214
238
  <param pos="0" name="hw.family" value="iLO"/>
215
239
  <param pos="0" name="hw.product" value="iLO"/>
216
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
240
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
217
241
  <param pos="0" name="os.device" value="Lights Out Management"/>
218
242
  <param pos="0" name="os.vendor" value="HP"/>
219
243
  <param pos="0" name="os.family" value="iLO"/>
220
244
  <param pos="0" name="os.product" value="iLO"/>
245
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
221
246
  </fingerprint>
222
247
 
223
248
  <fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
224
249
  <description>HP iLO (Onboard Administrator)</description>
225
- <example>CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
250
+ <example host.mac="001F296E21A3">CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
226
251
  <example>CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
227
252
  <param pos="0" name="hw.device" value="Lights Out Management"/>
228
253
  <param pos="0" name="hw.vendor" value="HP"/>
229
254
  <param pos="0" name="hw.family" value="iLO"/>
230
255
  <param pos="0" name="hw.product" value="iLO"/>
231
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
256
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
232
257
  <param pos="0" name="os.device" value="Lights Out Management"/>
233
258
  <param pos="0" name="os.vendor" value="HP"/>
234
259
  <param pos="0" name="os.family" value="iLO"/>
235
260
  <param pos="0" name="os.product" value="iLO"/>
261
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
236
262
  <param pos="1" name="host.mac"/>
237
263
  </fingerprint>
238
264
 
239
265
  <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
240
266
  <description>HP iLO - Enterprise Mgmt variant</description>
241
- <example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
267
+ <example host.name="bigsrv99">CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
242
268
  <param pos="0" name="hw.device" value="Lights Out Management"/>
243
269
  <param pos="0" name="hw.vendor" value="HP"/>
244
270
  <param pos="0" name="hw.family" value="iLO"/>
245
271
  <param pos="0" name="hw.product" value="iLO"/>
246
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
272
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
247
273
  <param pos="0" name="os.device" value="Lights Out Management"/>
248
274
  <param pos="0" name="os.vendor" value="HP"/>
249
275
  <param pos="0" name="os.family" value="iLO"/>
250
276
  <param pos="0" name="os.product" value="iLO"/>
277
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
251
278
  <param pos="1" name="host.name"/>
252
279
  </fingerprint>
253
280
 
@@ -262,6 +289,7 @@
262
289
  <param pos="0" name="os.vendor" value="Oracle"/>
263
290
  <param pos="0" name="os.family" value="ILOM"/>
264
291
  <param pos="0" name="os.product" value="ILOM"/>
292
+ <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
265
293
  </fingerprint>
266
294
 
267
295
  <fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
@@ -280,27 +308,27 @@
280
308
 
281
309
  <fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
282
310
  <description>Cisco Integrated Management Controller</description>
283
- <example cisco.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
311
+ <example hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
284
312
  <param pos="0" name="hw.device" value="Lights Out Management"/>
285
313
  <param pos="0" name="hw.vendor" value="Cisco"/>
286
314
  <param pos="0" name="hw.product" value="IMC"/>
287
315
  <param pos="0" name="os.vendor" value="Cisco"/>
288
316
  <param pos="0" name="os.family" value="Linux"/>
289
317
  <param pos="0" name="os.product" value="IMC"/>
290
- <param pos="2" name="cisco.serial_number"/>
318
+ <param pos="2" name="hw.serial_number"/>
291
319
  <param pos="1" name="cisco.imc_model"/>
292
320
  </fingerprint>
293
321
 
294
322
  <fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
295
323
  <description>Cisco Integrated Management Controller C220</description>
296
- <example cisco.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
324
+ <example hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
297
325
  <param pos="0" name="hw.device" value="Lights Out Management"/>
298
326
  <param pos="0" name="hw.vendor" value="Cisco"/>
299
327
  <param pos="0" name="hw.product" value="IMC"/>
300
328
  <param pos="0" name="os.vendor" value="Cisco"/>
301
329
  <param pos="0" name="os.family" value="Linux"/>
302
330
  <param pos="0" name="os.product" value="IMC"/>
303
- <param pos="1" name="cisco.serial_number"/>
331
+ <param pos="1" name="hw.serial_number"/>
304
332
  </fingerprint>
305
333
 
306
334
  <fingerprint pattern="^CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US$">
@@ -370,7 +398,7 @@
370
398
  <param pos="0" name="os.vendor" value="Cisco"/>
371
399
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
372
400
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
373
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
401
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
374
402
  <param pos="0" name="hw.vendor" value="Cisco"/>
375
403
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
376
404
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -380,12 +408,12 @@
380
408
 
381
409
  <fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
382
410
  <description>Cisco vWLC</description>
383
- <example cisco.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
411
+ <example hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
384
412
  <param pos="0" name="os.vendor" value="Cisco"/>
385
413
  <param pos="0" name="os.device" value="Wireless Controller"/>
386
414
  <param pos="0" name="os.product" value="Wireless LAN Controller"/>
387
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
388
- <param pos="1" name="cisco.serial_number"/>
415
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
416
+ <param pos="1" name="hw.serial_number"/>
389
417
  </fingerprint>
390
418
 
391
419
  <fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
@@ -394,7 +422,7 @@
394
422
  <param pos="0" name="os.vendor" value="Cisco"/>
395
423
  <param pos="0" name="os.device" value="Wireless Controller"/>
396
424
  <param pos="0" name="os.product" value="Wireless LAN Controller"/>
397
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
425
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
398
426
  <param pos="0" name="hw.vendor" value="Cisco"/>
399
427
  <param pos="0" name="hw.device" value="Wireless Controller"/>
400
428
  <param pos="0" name="hw.product" value="Wireless LAN Controller"/>
@@ -476,12 +504,15 @@
476
504
 
477
505
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
478
506
  <description>VMware ESX</description>
479
- <example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
507
+ <example host.name="server99.">CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
508
+ <param pos="0" name="service.vendor" value="VMware"/>
480
509
  <param pos="0" name="os.vendor" value="VMware"/>
481
- <param pos="0" name="os.product" value="ESX"/>
510
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
511
+ <param pos="0" name="os.product" value="VMware ESX Server"/>
482
512
  <param pos="0" name="os.device" value="Hypervisor"/>
483
513
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
484
514
  <param pos="1" name="host.name"/>
515
+ <param pos="0" name="hw.device" value="Hypervisor"/>
485
516
  </fingerprint>
486
517
 
487
518
  <fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
@@ -496,6 +527,24 @@
496
527
  <param pos="0" name="service.product" value="Site Recovery Manager"/>
497
528
  </fingerprint>
498
529
 
530
+ <fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware Horizon View default certificate,O=VMware\\, Inc.$">
531
+ <description>VMware Horizon (formerly View)</description>
532
+ <example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware Horizon View default certificate,O=VMware\, Inc.</example>
533
+ <param pos="0" name="service.vendor" value="VMware"/>
534
+ <param pos="0" name="service.product" value="Horizon"/>
535
+ <param pos="0" name="service.cpe23" value="cpe:/a:vmware:horizon:-"/>
536
+ <param pos="1" name="host.name"/>
537
+ </fingerprint>
538
+
539
+ <fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware View default certificate,O=VMware\\, Inc.$">
540
+ <description>VMware View</description>
541
+ <example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware View default certificate,O=VMware\, Inc.</example>
542
+ <param pos="0" name="service.vendor" value="VMware"/>
543
+ <param pos="0" name="service.product" value="View"/>
544
+ <param pos="0" name="service.cpe23" value="cpe:/a:vmware:view:-"/>
545
+ <param pos="1" name="host.name"/>
546
+ </fingerprint>
547
+
499
548
  <fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
500
549
  <description>Cisco IOS Default Certificate</description>
501
550
  <example>CN=IOS-Self-Signed-Certificate-4163115936</example>
@@ -507,17 +556,77 @@
507
556
  <param pos="0" name="hw.device" value="Router"/>
508
557
  </fingerprint>
509
558
 
559
+ <fingerprint pattern="^CN=kube-apiserver$">
560
+ <description>Kubernetes api-server default certificate</description>
561
+ <example>CN=kube-apiserver</example>
562
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
563
+ <param pos="0" name="service.family" value="Kubernetes"/>
564
+ <param pos="0" name="service.product" value="Kubernetes"/>
565
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
566
+ </fingerprint>
567
+
568
+ <fingerprint pattern="^CN=kubernetes-master$">
569
+ <description>Kubernetes Control Plane (formerly master) default certificate</description>
570
+ <example>CN=kubernetes-master</example>
571
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
572
+ <param pos="0" name="service.family" value="Kubernetes"/>
573
+ <param pos="0" name="service.product" value="Kubernetes"/>
574
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
575
+ </fingerprint>
576
+
577
+ <fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
578
+ <description>Kubernetes NGINX Ingress Controller with default cert</description>
579
+ <example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
580
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
581
+ <param pos="0" name="service.family" value="Kubernetes"/>
582
+ <param pos="0" name="service.product" value="NGINX Ingress Controller"/>
583
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
584
+ </fingerprint>
585
+
586
+ <fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
587
+ <description>Traefik Proxy default certificate</description>
588
+ <example>CN=TRAEFIK DEFAULT CERT</example>
589
+ <param pos="0" name="service.vendor" value="Traefik Labs"/>
590
+ <param pos="0" name="service.family" value="Traefik"/>
591
+ <param pos="0" name="service.product" value="Traefik Proxy"/>
592
+ <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
593
+ </fingerprint>
594
+
595
+ <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
596
+ <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
597
+ <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
598
+ <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
599
+ <param pos="0" name="service.vendor" value="Citrix"/>
600
+ <param pos="0" name="service.family" value="Netscaler"/>
601
+ <param pos="0" name="service.product" value="Netscaler"/>
602
+ <param pos="0" name="service.device" value="Network Management Device"/>
603
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
604
+ <param pos="0" name="os.vendor" value="Citrix"/>
605
+ <param pos="0" name="os.family" value="Netscaler"/>
606
+ <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
607
+ <param pos="0" name="os.device" value="Network Management Device"/>
608
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
609
+ <param pos="0" name="hw.vendor" value="Citrix"/>
610
+ <param pos="0" name="hw.family" value="Netscaler"/>
611
+ <param pos="0" name="hw.product" value="Netscaler Gateway"/>
612
+ <param pos="0" name="hw.device" value="Network Management Device"/>
613
+ <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
614
+ </fingerprint>
615
+
510
616
  <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
511
617
  <description>Google Chromecast</description>
512
- <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
513
- <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
618
+ <example host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
619
+ <example host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
514
620
  <param pos="0" name="os.vendor" value="Google"/>
515
621
  <param pos="0" name="os.product" value="Chrome OS"/>
622
+ <param pos="0" name="os.certainty" value="0.5"/>
516
623
  <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
517
624
  <param pos="0" name="hw.device" value="Media Server"/>
518
625
  <param pos="0" name="hw.vendor" value="Google"/>
519
626
  <param pos="0" name="hw.product" value="Chromecast"/>
520
- <param pos="1" name="chromecast.serial_number"/>
627
+ <param pos="0" name="hw.certainty" value="0.5"/>
628
+ <param pos="1" name="hw.serial_number"/>
629
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
521
630
  <!-- This is the hotspot-mode MAC address (clear bit 2) -->
522
631
 
523
632
  <param pos="2" name="host.mac_local"/>
@@ -525,14 +634,14 @@
525
634
 
526
635
  <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
527
636
  <description>Vizio SmartTV (Android) with Google Cast</description>
528
- <example chromecast.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
637
+ <example hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
529
638
  <param pos="0" name="os.vendor" value="Google"/>
530
639
  <param pos="0" name="os.family" value="Linux"/>
531
640
  <param pos="0" name="os.product" value="Android"/>
532
641
  <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
533
642
  <param pos="0" name="hw.device" value="Smart TV"/>
534
643
  <param pos="0" name="hw.vendor" value="Vizio"/>
535
- <param pos="1" name="chromecast.serial_number"/>
644
+ <param pos="1" name="hw.serial_number"/>
536
645
  <!-- This is the hotspot-mode MAC address (clear bit 2) -->
537
646
 
538
647
  <param pos="2" name="host.mac_local"/>
@@ -562,6 +671,30 @@
562
671
  <param pos="0" name="os.device" value="Video Conferencing"/>
563
672
  </fingerprint>
564
673
 
674
+ <fingerprint pattern="^CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US$">
675
+ <description>Lifesize TelePresence (a_lifesize variant 1)</description>
676
+ <example>CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US</example>
677
+ <param pos="0" name="hw.vendor" value="Lifesize"/>
678
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
679
+ <param pos="0" name="hw.product" value="TelePresence"/>
680
+ <param pos="0" name="os.vendor" value="Lifesize"/>
681
+ <param pos="0" name="os.family" value="Linux"/>
682
+ <param pos="0" name="os.product" value="TelePresence"/>
683
+ <param pos="0" name="os.device" value="Video Conferencing"/>
684
+ </fingerprint>
685
+
686
+ <fingerprint pattern="^CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\\, Inc\.,ST=Texas,C=US$">
687
+ <description>Lifesize TelePresence (a_lifesize variant 2)</description>
688
+ <example>CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\, Inc.,ST=Texas,C=US</example>
689
+ <param pos="0" name="hw.vendor" value="Lifesize"/>
690
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
691
+ <param pos="0" name="hw.product" value="TelePresence"/>
692
+ <param pos="0" name="os.vendor" value="Lifesize"/>
693
+ <param pos="0" name="os.family" value="Linux"/>
694
+ <param pos="0" name="os.product" value="TelePresence"/>
695
+ <param pos="0" name="os.device" value="Video Conferencing"/>
696
+ </fingerprint>
697
+
565
698
  <fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
566
699
  <description>Crestron Mercury</description>
567
700
  <example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -747,8 +880,8 @@
747
880
 
748
881
  <fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
749
882
  <description>Fortinet Gateway</description>
750
- <example fortinet.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
751
- <example fortinet.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
883
+ <example hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
884
+ <example hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
752
885
  <param pos="0" name="hw.vendor" value="Fortinet"/>
753
886
  <param pos="0" name="hw.device" value="Firewall"/>
754
887
  <param pos="0" name="os.vendor" value="Fortinet"/>
@@ -756,12 +889,12 @@
756
889
  <param pos="0" name="os.device" value="Firewall"/>
757
890
  <param pos="0" name="os.product" value="FortiOS"/>
758
891
  <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
759
- <param pos="1" name="fortinet.serial_number"/>
892
+ <param pos="1" name="hw.serial_number"/>
760
893
  </fingerprint>
761
894
 
762
895
  <fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
763
896
  <description>Fortinet Gateway (Older)</description>
764
- <example fortinet.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
897
+ <example hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
765
898
  <param pos="0" name="hw.vendor" value="Fortinet"/>
766
899
  <param pos="0" name="hw.device" value="Firewall"/>
767
900
  <param pos="0" name="os.vendor" value="Fortinet"/>
@@ -769,7 +902,7 @@
769
902
  <param pos="0" name="os.device" value="Firewall"/>
770
903
  <param pos="0" name="os.product" value="FortiOS"/>
771
904
  <param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
772
- <param pos="1" name="fortinet.serial_number"/>
905
+ <param pos="1" name="hw.serial_number"/>
773
906
  </fingerprint>
774
907
 
775
908
  <fingerprint pattern="^CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
@@ -893,6 +1026,16 @@
893
1026
  <param pos="0" name="os.device" value="Router"/>
894
1027
  </fingerprint>
895
1028
 
1029
+ <fingerprint pattern="^CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US">
1030
+ <description>Ubiquiti Router UI</description>
1031
+ <example>CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US</example>
1032
+ <param pos="0" name="hw.vendor" value="Ubiquiti"/>
1033
+ <param pos="0" name="hw.device" value="Router"/>
1034
+ <param pos="0" name="os.vendor" value="Ubiquiti"/>
1035
+ <param pos="0" name="os.family" value="Linux"/>
1036
+ <param pos="0" name="os.device" value="Router"/>
1037
+ </fingerprint>
1038
+
896
1039
  <fingerprint pattern="^CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
897
1040
  <description>Ubiquiti Video Controller</description>
898
1041
  <example>CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
@@ -989,10 +1132,11 @@
989
1132
  <param pos="0" name="os.product" value="Linux"/>
990
1133
  </fingerprint>
991
1134
 
992
- <fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US$">
1135
+ <fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US(?:,\S+)?$">
993
1136
  <description>Mercurity Security (now HID Global)</description>
994
1137
  <example hw.product="M5IC" host.mac="000FE507A1F1">CN=MAC000FE507A1F1,OU=M5IC,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
995
1138
  <example hw.product="EP-1502" host.mac="000FE508BC71">CN=MAC000FE508BC71,OU=EP-1502,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
1139
+ <example hw.product="LP-1501" host.mac="000FE5091111">CN=MAC000FE5091111,OU=LP-1501,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US,2.5.4.4=#111111111111111111</example>
996
1140
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
997
1141
  <param pos="0" name="hw.device" value="Access Control"/>
998
1142
  <param pos="1" name="host.mac"/>
@@ -1027,13 +1171,30 @@
1027
1171
  </fingerprint>
1028
1172
 
1029
1173
  <fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
1030
- <description>SonicWALL Firewall</description>
1174
+ <description>SonicWALL SSL-VPN</description>
1031
1175
  <example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
1176
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1177
+ <param pos="0" name="service.family" value="SSL-VPN"/>
1032
1178
  <param pos="0" name="hw.vendor" value="SonicWall"/>
1033
1179
  <param pos="0" name="hw.device" value="VPN"/>
1034
1180
  <param pos="0" name="os.vendor" value="SonicWall"/>
1035
- <param pos="0" name="os.product" value="VPN"/>
1036
- <param pos="0" name="os.family" value="VPN"/>
1181
+ <param pos="0" name="os.family" value="SonicOS"/>
1182
+ <param pos="0" name="os.product" value="SonicOS"/>
1183
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1184
+ </fingerprint>
1185
+
1186
+ <fingerprint pattern="^CN=[0-9\.]+,OU=HTTPS Management Certificate for SonicWALL \(self-signed\),O=HTTPS Management Certificate for SonicWALL \(self-signed\),L=Sunnyvale,ST=California,C=US$">
1187
+ <description>SonicWALL Network Security Appliance firewall</description>
1188
+ <example>CN=192.168.168.168,OU=HTTPS Management Certificate for SonicWALL (self-signed),O=HTTPS Management Certificate for SonicWALL (self-signed),L=Sunnyvale,ST=California,C=US</example>
1189
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1190
+ <param pos="0" name="hw.product" value="Network Security Appliance"/>
1191
+ <param pos="0" name="hw.family" value="Network Security Appliance"/>
1192
+ <param pos="0" name="hw.device" value="Firewall"/>
1193
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1194
+ <param pos="0" name="os.family" value="SonicOS"/>
1195
+ <param pos="0" name="os.product" value="SonicOS"/>
1196
+ <param pos="0" name="os.device" value="Firewall"/>
1197
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1037
1198
  </fingerprint>
1038
1199
 
1039
1200
  <fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
@@ -1041,10 +1202,19 @@
1041
1202
  <example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
1042
1203
  <param pos="0" name="service.vendor" value="Akamai"/>
1043
1204
  <param pos="0" name="service.product" value="GHost"/>
1205
+ <param pos="0" name="service.cpe23" value="cpe:/a:akamai:akamaighost:-"/>
1044
1206
  <param pos="0" name="os.vendor" value="Akamai"/>
1045
1207
  <param pos="0" name="os.device" value="Web Proxy"/>
1046
1208
  </fingerprint>
1047
1209
 
1210
+ <fingerprint pattern="^O=Caddy Self-Signed$">
1211
+ <description>CaddyServer Caddy - golang based httpd</description>
1212
+ <example>O=Caddy Self-Signed</example>
1213
+ <param pos="0" name="service.vendor" value="CaddyServer"/>
1214
+ <param pos="0" name="service.product" value="Caddy"/>
1215
+ <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
1216
+ </fingerprint>
1217
+
1048
1218
  <fingerprint pattern="^CN=HP_3PAR_">
1049
1219
  <description>HP 3PAR</description>
1050
1220
  <example>CN=HP_3PAR_1626615</example>
@@ -1066,7 +1236,7 @@
1066
1236
 
1067
1237
  <fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
1068
1238
  <description>Canon iR-ADV Printer with product info</description>
1069
- <example os.product="iR-ADV">CN=Canon iR-ADV</example>
1239
+ <example os.product="iR-ADV" hw.product="iR-ADV">CN=Canon iR-ADV</example>
1070
1240
  <param pos="0" name="hw.device" value="Printer"/>
1071
1241
  <param pos="0" name="hw.vendor" value="Canon"/>
1072
1242
  <param pos="0" name="os.device" value="Printer"/>
@@ -1131,19 +1301,28 @@
1131
1301
 
1132
1302
  <fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
1133
1303
  <description>Ruckus Zone Director</description>
1134
- <example ruckus.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
1304
+ <example hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
1135
1305
  <param pos="0" name="hw.device" value="Wireless Controller"/>
1136
1306
  <param pos="0" name="hw.vendor" value="Ruckus"/>
1137
1307
  <param pos="0" name="hw.product" value="Zone Director"/>
1138
1308
  <param pos="0" name="os.device" value="Wireless Controller"/>
1139
1309
  <param pos="0" name="os.vendor" value="Ruckus"/>
1140
1310
  <param pos="0" name="os.product" value="Zone Director"/>
1141
- <param pos="1" name="ruckus.serial_number"/>
1311
+ <param pos="1" name="hw.serial_number"/>
1312
+ </fingerprint>
1313
+
1314
+ <fingerprint pattern="^CN=SN-(\d+),O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US$">
1315
+ <description>Ruckus Wireless Access Point</description>
1316
+ <example hw.serial_number="010101010101">CN=SN-010101010101,O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US</example>
1317
+ <param pos="0" name="hw.device" value="WAP"/>
1318
+ <param pos="0" name="hw.vendor" value="Ruckus"/>
1319
+ <param pos="0" name="hw.product" value="Access Point"/>
1320
+ <param pos="1" name="hw.serial_number"/>
1142
1321
  </fingerprint>
1143
1322
 
1144
1323
  <fingerprint pattern="^CN=DT([^\s]+) Series,O=NEC Corporation,ST=Tokyo,C=JP$">
1145
1324
  <description>NEC DT Series IP Phone</description>
1146
- <example>CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
1325
+ <example hw.product="800">CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
1147
1326
  <param pos="0" name="os.vendor" value="NEC"/>
1148
1327
  <param pos="0" name="os.device" value="VoIP"/>
1149
1328
  <param pos="0" name="hw.vendor" value="NEC"/>
@@ -1197,16 +1376,12 @@
1197
1376
  <param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
1198
1377
  <param pos="0" name="hw.device" value="Firewall"/>
1199
1378
  <param pos="0" name="os.vendor" value="Palo Alto Networks"/>
1200
- <param pos="0" name="os.product" value="PANOS"/>
1379
+ <param pos="0" name="os.product" value="PAN-OS"/>
1380
+ <param pos="0" name="os.family" value="PAN-OS"/>
1201
1381
  <param pos="0" name="os.device" value="Firewall"/>
1202
- </fingerprint>
1203
-
1204
- <fingerprint pattern="^CN=VMware default certificate,OU=vCenterServer.*,O=VMware\\, Inc\.$">
1205
- <description>VMware vCenter</description>
1206
- <example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
1207
- <param pos="0" name="service.vendor" value="VMware"/>
1208
- <param pos="0" name="service.product" value="vCenter"/>
1209
- <param pos="0" name="service.cpe23" value="cpe:/a:vmware:vcenter_server:-"/>
1382
+ <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
1383
+ <param pos="0" name="service.vendor" value="Palo Alto Networks"/>
1384
+ <param pos="0" name="service.device" value="Firewall"/>
1210
1385
  </fingerprint>
1211
1386
 
1212
1387
  <fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
@@ -1296,9 +1471,10 @@
1296
1471
  <param pos="0" name="hw.product" value="Sensor"/>
1297
1472
  </fingerprint>
1298
1473
 
1299
- <fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US$">
1474
+ <fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,(?:L=Sunnyvale,)?ST=California,C=US$">
1300
1475
  <description>Aerohive Access Point</description>
1301
1476
  <example>CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US</example>
1477
+ <example>CN=HiveAP,OU=Default,O=Aerohive,L=Sunnyvale,ST=California,C=US</example>
1302
1478
  <param pos="0" name="hw.vendor" value="Aerohive"/>
1303
1479
  <param pos="0" name="hw.device" value="WAP"/>
1304
1480
  <param pos="0" name="hw.product" value="Access Point"/>
@@ -1324,6 +1500,7 @@
1324
1500
  <param pos="0" name="hw.vendor" value="Philips"/>
1325
1501
  <param pos="0" name="hw.product" value="Hue"/>
1326
1502
  <param pos="0" name="hw.device" value="Light Bulb"/>
1503
+ <param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
1327
1504
  <param pos="1" name="host.mac_eui64"/>
1328
1505
  </fingerprint>
1329
1506
 
@@ -1435,4 +1612,147 @@
1435
1612
  <param pos="0" name="os.product" value="Linux"/>
1436
1613
  </fingerprint>
1437
1614
 
1615
+ <fingerprint pattern="^CN=(RFS\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
1616
+ <description>Motorola RFS Wireless Controllers</description>
1617
+ <example host.mac="B1-C1-11-11-11-11" hw.product="RFS6000">CN=RFS6000-B1-C1-11-11-11-11</example>
1618
+ <param pos="0" name="hw.device" value="Wireless Controller"/>
1619
+ <param pos="0" name="hw.vendor" value="Motorola"/>
1620
+ <param pos="1" name="hw.product"/>
1621
+ <param pos="2" name="host.mac"/>
1622
+ </fingerprint>
1623
+
1624
+ <fingerprint pattern="^CN=(AP\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
1625
+ <description>Motorola Wireless Access Points</description>
1626
+ <example host.mac="F1-11-11-11-11-11" hw.product="AP6532">CN=AP6532-F1-11-11-11-11-11</example>
1627
+ <param pos="0" name="hw.device" value="WAP"/>
1628
+ <param pos="0" name="hw.vendor" value="Motorola"/>
1629
+ <param pos="1" name="hw.product"/>
1630
+ <param pos="2" name="host.mac"/>
1631
+ </fingerprint>
1632
+
1633
+ <fingerprint pattern="^CN=attvpngateway\.att\.com,O=AT&amp;T,L=Tampa,ST=FL,C=US$">
1634
+ <description>ATT VPN Gateway</description>
1635
+ <example>CN=attvpngateway.att.com,O=AT&amp;T,L=Tampa,ST=FL,C=US</example>
1636
+ <param pos="0" name="hw.vendor" value="ATT"/>
1637
+ <param pos="0" name="hw.device" value="VPN"/>
1638
+ <param pos="0" name="hw.product" value="VPN Gateway"/>
1639
+ </fingerprint>
1640
+
1641
+ <fingerprint pattern="^CN=silver-peak,OU=Networking Appliance">
1642
+ <description>Silver Peak Appliance</description>
1643
+ <example>CN=silver-peak,OU=Networking Appliance,O=Silver Peak Systems Inc,L=Mountain View,ST=California,C=--</example>
1644
+ <param pos="0" name="hw.vendor" value="Silver Peak"/>
1645
+ <param pos="0" name="hw.device" value="Network Appliance"/>
1646
+ <param pos="0" name="hw.product" value="SD-WAN"/>
1647
+ </fingerprint>
1648
+
1649
+ <fingerprint pattern="^CN=Windows Media Player Network Sharing Service \(([A-Z-]{1,15})\)$">
1650
+ <description>Windows Media Player Network Sharing Service</description>
1651
+ <example host.name="LIVING-ROOM">CN=Windows Media Player Network Sharing Service (LIVING-ROOM)</example>
1652
+ <param pos="0" name="service.vendor" value="Microsoft"/>
1653
+ <param pos="0" name="service.product" value="Windows Media Player"/>
1654
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:windows_media_player:-"/>
1655
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1656
+ <param pos="0" name="os.family" value="Windows"/>
1657
+ <param pos="1" name="host.name"/>
1658
+ </fingerprint>
1659
+
1660
+ <fingerprint pattern="^CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR$">
1661
+ <description>Freebox Device</description>
1662
+ <example>CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR</example>
1663
+ <param pos="0" name="hw.vendor" value="Freebox"/>
1664
+ </fingerprint>
1665
+
1666
+ <fingerprint pattern="^CN=TP-LINK CA,O=TP-LINK Technologies CO.\\, LTD.,L=Shenzhen,ST=Guangdong,C=CN(?:,\S+)?$">
1667
+ <description>TP-LINK Device</description>
1668
+ <example>CN=TP-LINK CA,O=TP-LINK Technologies CO.\, LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c16736572766963654074702d6c696e6b2e636f6d2e636e</example>
1669
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
1670
+ </fingerprint>
1671
+
1672
+ <fingerprint pattern="^CN=BHA-([0-9a-fA-F]{12}),O=Bird Home Automation$">
1673
+ <description>Bird Home Automation</description>
1674
+ <example host.mac="0123456789AB">CN=BHA-0123456789AB,O=Bird Home Automation</example>
1675
+ <param pos="0" name="hw.device" value="Device"/>
1676
+ <param pos="0" name="hw.vendor" value="Bird Home Automation"/>
1677
+ <param pos="1" name="host.mac"/>
1678
+ </fingerprint>
1679
+
1680
+ <fingerprint pattern="^CN=\S+,OU=Media Server,O=Avaya Inc\.,C=US">
1681
+ <description>Avaya Media Server</description>
1682
+ <example>CN=192.168.0.3,OU=Media Server,O=Avaya Inc.,C=US</example>
1683
+ <param pos="0" name="os.vendor" value="Avaya"/>
1684
+ <param pos="0" name="os.device" value="Media Gateway"/>
1685
+ <param pos="0" name="os.product" value="Media Server"/>
1686
+ </fingerprint>
1687
+
1688
+ <fingerprint pattern="^CN=iSTAR Ultra">
1689
+ <description>iSTAR Ultra</description>
1690
+ <example>CN=iSTAR Ultra,OU=Access Control and Video Division,O=Johnson Controls,L=Westford,ST=Massachusetts,C=US</example>
1691
+ <param pos="0" name="os.vendor" value="Software House"/>
1692
+ <param pos="0" name="os.family" value="Linux"/>
1693
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
1694
+ <param pos="0" name="hw.vendor" value="Software House"/>
1695
+ <param pos="0" name="hw.device" value="Access Control"/>
1696
+ <param pos="0" name="hw.family" value="iSTAR Door Controllers"/>
1697
+ <param pos="0" name="hw.product" value="iSTAR Ultra"/>
1698
+ <param pos="0" name="hw.cpe23" value="cpe:/h:swhouse:istar_ultra:-"/>
1699
+ </fingerprint>
1700
+
1701
+ <fingerprint pattern="^O=SpotteRF - NetworkedIO$">
1702
+ <description>SpotterRF</description>
1703
+ <example>O=SpotteRF - NetworkedIO</example>
1704
+ <param pos="0" name="os.vendor" value="SpotterRF"/>
1705
+ <param pos="0" name="os.family" value="Linux"/>
1706
+ <param pos="0" name="os.certainty" value="0.90"/>
1707
+ <param pos="0" name="hw.vendor" value="SpotterRF"/>
1708
+ <param pos="0" name="hw.device" value="Sensor"/>
1709
+ <param pos="0" name="hw.product" value="Drone Detector"/>
1710
+ </fingerprint>
1711
+
1712
+ <fingerprint pattern="(?i)^CN=.{0,1000}myboschcam.net,O=Bosch Sicherheitssysteme">
1713
+ <description>Bosch AutoDome IP Camera</description>
1714
+ <example>CN=local.myboschcam.net,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,ST=Bayern,C=DE</example>
1715
+ <param pos="0" name="hw.vendor" value="Bosch"/>
1716
+ <param pos="0" name="hw.device" value="Web Cam"/>
1717
+ <param pos="0" name="hw.product" value="AutoDome"/>
1718
+ <param pos="0" name="hw.certainty" value="0.50"/>
1719
+ </fingerprint>
1720
+
1721
+ <fingerprint pattern="(?i)CN=(\w+),OU=BWI,O=Redline Communications Inc">
1722
+ <description>Redline Communication Radios</description>
1723
+ <example hw.product="an80i">CN=an80i,OU=BWI,O=Redline Communications Inc.,C=CA</example>
1724
+ <param pos="0" name="hw.vendor" value="Redline"/>
1725
+ <param pos="0" name="hw.device" value="WAP"/>
1726
+ <param pos="1" name="hw.product"/>
1727
+ </fingerprint>
1728
+
1729
+ <fingerprint pattern="(?i)CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US">
1730
+ <description>Vadio DocCom</description>
1731
+ <example>CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US</example>
1732
+ <param pos="0" name="hw.vendor" value="Vaddio"/>
1733
+ <param pos="0" name="hw.device" value="Web Cam"/>
1734
+ <param pos="0" name="hw.product" value="DocCam"/>
1735
+ <param pos="0" name="hw.certainty" value="0.50"/>
1736
+ </fingerprint>
1737
+
1738
+ <fingerprint pattern="(?i)CN=.{0,1000},OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ">
1739
+ <description>2N IP Intercoms</description>
1740
+ <example>CN=11111111111d,OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ</example>
1741
+ <param pos="0" name="hw.vendor" value="2N Telekomunikace"/>
1742
+ <param pos="0" name="hw.device" value="IP Camera"/>
1743
+ <param pos="0" name="hw.certainty" value="0.50"/>
1744
+ </fingerprint>
1745
+
1746
+ <fingerprint pattern="^CN=(.{1,256}),OU=PVE Cluster Node,O=Proxmox Virtual Environment$">
1747
+ <description>Proxmox open-source virtualization platform</description>
1748
+ <example host.name="pve.example.org">CN=pve.example.org,OU=PVE Cluster Node,O=Proxmox Virtual Environment</example>
1749
+ <param pos="1" name="host.name"/>
1750
+ <param pos="0" name="service.vendor" value="Proxmox"/>
1751
+ <param pos="0" name="service.product" value="Virtual Environment"/>
1752
+ <param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
1753
+ <param pos="0" name="os.vendor" value="Proxmox"/>
1754
+ <param pos="0" name="os.family" value="Linux"/>
1755
+ <param pos="0" name="os.product" value="Proxmox"/>
1756
+ </fingerprint>
1757
+
1438
1758
  </fingerprints>