recog 2.3.18 → 2.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +26 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +33 -12
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +355 -200
- data/features/verify.feature +14 -14
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +105 -0
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +19 -0
- data/identifiers/hw_product.txt +122 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +3 -0
- data/identifiers/os_product.txt +46 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +90 -2
- data/identifiers/vendor.txt +104 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +19 -6
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +270 -45
- data/xml/ftp_banners.xml +89 -64
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +1051 -62
- data/xml/http_cookies.xml +294 -85
- data/xml/http_servers.xml +551 -122
- data/xml/http_wwwauth.xml +139 -43
- data/xml/imap_banners.xml +8 -8
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +720 -27
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +4 -4
- data/xml/ntp_banners.xml +79 -65
- data/xml/operating_system.xml +6 -6
- data/xml/pop_banners.xml +11 -11
- data/xml/rsh_resp.xml +3 -3
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +374 -9
- data/xml/sip_user_agents.xml +377 -5
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +168 -129
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +508 -214
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +145 -29
- data/xml/telnet_banners.xml +240 -61
- data/xml/tls_jarm.xml +162 -0
- data/xml/x509_issuers.xml +237 -2
- data/xml/x509_subjects.xml +369 -49
- metadata +10 -3
data/xml/x509_subjects.xml
CHANGED
@@ -69,12 +69,12 @@
|
|
69
69
|
|
70
70
|
<fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
|
71
71
|
<description>Cisco IP phone with serial number</description>
|
72
|
-
<example host.mac="B07D47D33A1C" hw.product="CP-8851"
|
73
|
-
<example host.mac="64D989000000" hw.product="CP-9951"
|
72
|
+
<example host.mac="B07D47D33A1C" hw.product="CP-8851" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
|
73
|
+
<example host.mac="64D989000000" hw.product="CP-9951" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
|
74
74
|
<param pos="0" name="hw.device" value="VoIP"/>
|
75
75
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
76
76
|
<param pos="1" name="hw.product"/>
|
77
|
-
<param pos="2" name="
|
77
|
+
<param pos="2" name="hw.serial_number"/>
|
78
78
|
<param pos="3" name="host.mac"/>
|
79
79
|
</fingerprint>
|
80
80
|
|
@@ -103,6 +103,29 @@
|
|
103
103
|
<param pos="1" name="hw.product"/>
|
104
104
|
</fingerprint>
|
105
105
|
|
106
|
+
<fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
|
107
|
+
<description>Technicolor Router - without model or version</description>
|
108
|
+
<example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
|
109
|
+
<param pos="0" name="os.vendor" value="Technicolor"/>
|
110
|
+
<param pos="0" name="os.device" value="Router"/>
|
111
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
112
|
+
<param pos="0" name="hw.vendor" value="Technicolor"/>
|
113
|
+
<param pos="0" name="hw.device" value="Router"/>
|
114
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
115
|
+
</fingerprint>
|
116
|
+
|
117
|
+
<fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
|
118
|
+
<description>DrayTek Vigor Router - without model or version</description>
|
119
|
+
<example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
|
120
|
+
<param pos="0" name="os.vendor" value="DrayTek"/>
|
121
|
+
<param pos="0" name="os.device" value="Router"/>
|
122
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
123
|
+
<param pos="0" name="hw.vendor" value="DrayTek"/>
|
124
|
+
<param pos="0" name="hw.family" value="Vigor"/>
|
125
|
+
<param pos="0" name="hw.device" value="Router"/>
|
126
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
127
|
+
</fingerprint>
|
128
|
+
|
106
129
|
<fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
|
107
130
|
<description>Nepenthes honeypot</description>
|
108
131
|
<example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
|
@@ -193,16 +216,17 @@
|
|
193
216
|
|
194
217
|
<fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US$">
|
195
218
|
<description>HP iLO</description>
|
196
|
-
<example>CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
|
219
|
+
<example host.name="SERVER-1231">CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
|
197
220
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
198
221
|
<param pos="0" name="hw.vendor" value="HP"/>
|
199
222
|
<param pos="0" name="hw.family" value="iLO"/>
|
200
223
|
<param pos="0" name="hw.product" value="iLO"/>
|
201
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
224
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
202
225
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
203
226
|
<param pos="0" name="os.vendor" value="HP"/>
|
204
227
|
<param pos="0" name="os.family" value="iLO"/>
|
205
228
|
<param pos="0" name="os.product" value="iLO"/>
|
229
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
206
230
|
<param pos="1" name="host.name"/>
|
207
231
|
</fingerprint>
|
208
232
|
|
@@ -213,41 +237,44 @@
|
|
213
237
|
<param pos="0" name="hw.vendor" value="HP"/>
|
214
238
|
<param pos="0" name="hw.family" value="iLO"/>
|
215
239
|
<param pos="0" name="hw.product" value="iLO"/>
|
216
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
240
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
217
241
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
218
242
|
<param pos="0" name="os.vendor" value="HP"/>
|
219
243
|
<param pos="0" name="os.family" value="iLO"/>
|
220
244
|
<param pos="0" name="os.product" value="iLO"/>
|
245
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
221
246
|
</fingerprint>
|
222
247
|
|
223
248
|
<fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
|
224
249
|
<description>HP iLO (Onboard Administrator)</description>
|
225
|
-
<example>CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
|
250
|
+
<example host.mac="001F296E21A3">CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
|
226
251
|
<example>CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
|
227
252
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
228
253
|
<param pos="0" name="hw.vendor" value="HP"/>
|
229
254
|
<param pos="0" name="hw.family" value="iLO"/>
|
230
255
|
<param pos="0" name="hw.product" value="iLO"/>
|
231
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
256
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
232
257
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
233
258
|
<param pos="0" name="os.vendor" value="HP"/>
|
234
259
|
<param pos="0" name="os.family" value="iLO"/>
|
235
260
|
<param pos="0" name="os.product" value="iLO"/>
|
261
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
236
262
|
<param pos="1" name="host.mac"/>
|
237
263
|
</fingerprint>
|
238
264
|
|
239
265
|
<fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
|
240
266
|
<description>HP iLO - Enterprise Mgmt variant</description>
|
241
|
-
<example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
|
267
|
+
<example host.name="bigsrv99">CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
|
242
268
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
243
269
|
<param pos="0" name="hw.vendor" value="HP"/>
|
244
270
|
<param pos="0" name="hw.family" value="iLO"/>
|
245
271
|
<param pos="0" name="hw.product" value="iLO"/>
|
246
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
272
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
247
273
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
248
274
|
<param pos="0" name="os.vendor" value="HP"/>
|
249
275
|
<param pos="0" name="os.family" value="iLO"/>
|
250
276
|
<param pos="0" name="os.product" value="iLO"/>
|
277
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
251
278
|
<param pos="1" name="host.name"/>
|
252
279
|
</fingerprint>
|
253
280
|
|
@@ -262,6 +289,7 @@
|
|
262
289
|
<param pos="0" name="os.vendor" value="Oracle"/>
|
263
290
|
<param pos="0" name="os.family" value="ILOM"/>
|
264
291
|
<param pos="0" name="os.product" value="ILOM"/>
|
292
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
|
265
293
|
</fingerprint>
|
266
294
|
|
267
295
|
<fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
|
@@ -280,27 +308,27 @@
|
|
280
308
|
|
281
309
|
<fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
|
282
310
|
<description>Cisco Integrated Management Controller</description>
|
283
|
-
<example
|
311
|
+
<example hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
|
284
312
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
285
313
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
286
314
|
<param pos="0" name="hw.product" value="IMC"/>
|
287
315
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
288
316
|
<param pos="0" name="os.family" value="Linux"/>
|
289
317
|
<param pos="0" name="os.product" value="IMC"/>
|
290
|
-
<param pos="2" name="
|
318
|
+
<param pos="2" name="hw.serial_number"/>
|
291
319
|
<param pos="1" name="cisco.imc_model"/>
|
292
320
|
</fingerprint>
|
293
321
|
|
294
322
|
<fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
|
295
323
|
<description>Cisco Integrated Management Controller C220</description>
|
296
|
-
<example
|
324
|
+
<example hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
|
297
325
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
298
326
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
299
327
|
<param pos="0" name="hw.product" value="IMC"/>
|
300
328
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
301
329
|
<param pos="0" name="os.family" value="Linux"/>
|
302
330
|
<param pos="0" name="os.product" value="IMC"/>
|
303
|
-
<param pos="1" name="
|
331
|
+
<param pos="1" name="hw.serial_number"/>
|
304
332
|
</fingerprint>
|
305
333
|
|
306
334
|
<fingerprint pattern="^CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US$">
|
@@ -370,7 +398,7 @@
|
|
370
398
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
371
399
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
372
400
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
373
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
401
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
374
402
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
375
403
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
376
404
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -380,12 +408,12 @@
|
|
380
408
|
|
381
409
|
<fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
|
382
410
|
<description>Cisco vWLC</description>
|
383
|
-
<example
|
411
|
+
<example hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
|
384
412
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
385
413
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
386
414
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
387
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
388
|
-
<param pos="1" name="
|
415
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
416
|
+
<param pos="1" name="hw.serial_number"/>
|
389
417
|
</fingerprint>
|
390
418
|
|
391
419
|
<fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
|
@@ -394,7 +422,7 @@
|
|
394
422
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
395
423
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
396
424
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
397
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
425
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
398
426
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
399
427
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
400
428
|
<param pos="0" name="hw.product" value="Wireless LAN Controller"/>
|
@@ -476,12 +504,15 @@
|
|
476
504
|
|
477
505
|
<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
|
478
506
|
<description>VMware ESX</description>
|
479
|
-
<example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
507
|
+
<example host.name="server99.">CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
508
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
480
509
|
<param pos="0" name="os.vendor" value="VMware"/>
|
481
|
-
<param pos="0" name="os.
|
510
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
511
|
+
<param pos="0" name="os.product" value="VMware ESX Server"/>
|
482
512
|
<param pos="0" name="os.device" value="Hypervisor"/>
|
483
513
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
|
484
514
|
<param pos="1" name="host.name"/>
|
515
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
485
516
|
</fingerprint>
|
486
517
|
|
487
518
|
<fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
|
@@ -496,6 +527,24 @@
|
|
496
527
|
<param pos="0" name="service.product" value="Site Recovery Manager"/>
|
497
528
|
</fingerprint>
|
498
529
|
|
530
|
+
<fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware Horizon View default certificate,O=VMware\\, Inc.$">
|
531
|
+
<description>VMware Horizon (formerly View)</description>
|
532
|
+
<example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware Horizon View default certificate,O=VMware\, Inc.</example>
|
533
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
534
|
+
<param pos="0" name="service.product" value="Horizon"/>
|
535
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:horizon:-"/>
|
536
|
+
<param pos="1" name="host.name"/>
|
537
|
+
</fingerprint>
|
538
|
+
|
539
|
+
<fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware View default certificate,O=VMware\\, Inc.$">
|
540
|
+
<description>VMware View</description>
|
541
|
+
<example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware View default certificate,O=VMware\, Inc.</example>
|
542
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
543
|
+
<param pos="0" name="service.product" value="View"/>
|
544
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:view:-"/>
|
545
|
+
<param pos="1" name="host.name"/>
|
546
|
+
</fingerprint>
|
547
|
+
|
499
548
|
<fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
|
500
549
|
<description>Cisco IOS Default Certificate</description>
|
501
550
|
<example>CN=IOS-Self-Signed-Certificate-4163115936</example>
|
@@ -507,17 +556,77 @@
|
|
507
556
|
<param pos="0" name="hw.device" value="Router"/>
|
508
557
|
</fingerprint>
|
509
558
|
|
559
|
+
<fingerprint pattern="^CN=kube-apiserver$">
|
560
|
+
<description>Kubernetes api-server default certificate</description>
|
561
|
+
<example>CN=kube-apiserver</example>
|
562
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
563
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
564
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
565
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
566
|
+
</fingerprint>
|
567
|
+
|
568
|
+
<fingerprint pattern="^CN=kubernetes-master$">
|
569
|
+
<description>Kubernetes Control Plane (formerly master) default certificate</description>
|
570
|
+
<example>CN=kubernetes-master</example>
|
571
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
572
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
573
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
574
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
575
|
+
</fingerprint>
|
576
|
+
|
577
|
+
<fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
|
578
|
+
<description>Kubernetes NGINX Ingress Controller with default cert</description>
|
579
|
+
<example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
|
580
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
581
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
582
|
+
<param pos="0" name="service.product" value="NGINX Ingress Controller"/>
|
583
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
|
584
|
+
</fingerprint>
|
585
|
+
|
586
|
+
<fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
|
587
|
+
<description>Traefik Proxy default certificate</description>
|
588
|
+
<example>CN=TRAEFIK DEFAULT CERT</example>
|
589
|
+
<param pos="0" name="service.vendor" value="Traefik Labs"/>
|
590
|
+
<param pos="0" name="service.family" value="Traefik"/>
|
591
|
+
<param pos="0" name="service.product" value="Traefik Proxy"/>
|
592
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
|
593
|
+
</fingerprint>
|
594
|
+
|
595
|
+
<fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
|
596
|
+
<description>Citrix Netscaler (later renamed to Citrix ADC)</description>
|
597
|
+
<example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
598
|
+
<example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
599
|
+
<param pos="0" name="service.vendor" value="Citrix"/>
|
600
|
+
<param pos="0" name="service.family" value="Netscaler"/>
|
601
|
+
<param pos="0" name="service.product" value="Netscaler"/>
|
602
|
+
<param pos="0" name="service.device" value="Network Management Device"/>
|
603
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
|
604
|
+
<param pos="0" name="os.vendor" value="Citrix"/>
|
605
|
+
<param pos="0" name="os.family" value="Netscaler"/>
|
606
|
+
<param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
|
607
|
+
<param pos="0" name="os.device" value="Network Management Device"/>
|
608
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
609
|
+
<param pos="0" name="hw.vendor" value="Citrix"/>
|
610
|
+
<param pos="0" name="hw.family" value="Netscaler"/>
|
611
|
+
<param pos="0" name="hw.product" value="Netscaler Gateway"/>
|
612
|
+
<param pos="0" name="hw.device" value="Network Management Device"/>
|
613
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
|
614
|
+
</fingerprint>
|
615
|
+
|
510
616
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
511
617
|
<description>Google Chromecast</description>
|
512
|
-
<example
|
513
|
-
<example
|
618
|
+
<example host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
619
|
+
<example host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
514
620
|
<param pos="0" name="os.vendor" value="Google"/>
|
515
621
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
622
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
516
623
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
517
624
|
<param pos="0" name="hw.device" value="Media Server"/>
|
518
625
|
<param pos="0" name="hw.vendor" value="Google"/>
|
519
626
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
520
|
-
<param pos="
|
627
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
628
|
+
<param pos="1" name="hw.serial_number"/>
|
629
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
521
630
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
522
631
|
|
523
632
|
<param pos="2" name="host.mac_local"/>
|
@@ -525,14 +634,14 @@
|
|
525
634
|
|
526
635
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
527
636
|
<description>Vizio SmartTV (Android) with Google Cast</description>
|
528
|
-
<example
|
637
|
+
<example hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
529
638
|
<param pos="0" name="os.vendor" value="Google"/>
|
530
639
|
<param pos="0" name="os.family" value="Linux"/>
|
531
640
|
<param pos="0" name="os.product" value="Android"/>
|
532
641
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
|
533
642
|
<param pos="0" name="hw.device" value="Smart TV"/>
|
534
643
|
<param pos="0" name="hw.vendor" value="Vizio"/>
|
535
|
-
<param pos="1" name="
|
644
|
+
<param pos="1" name="hw.serial_number"/>
|
536
645
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
537
646
|
|
538
647
|
<param pos="2" name="host.mac_local"/>
|
@@ -562,6 +671,30 @@
|
|
562
671
|
<param pos="0" name="os.device" value="Video Conferencing"/>
|
563
672
|
</fingerprint>
|
564
673
|
|
674
|
+
<fingerprint pattern="^CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US$">
|
675
|
+
<description>Lifesize TelePresence (a_lifesize variant 1)</description>
|
676
|
+
<example>CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US</example>
|
677
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
678
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
679
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
680
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
681
|
+
<param pos="0" name="os.family" value="Linux"/>
|
682
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
683
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
684
|
+
</fingerprint>
|
685
|
+
|
686
|
+
<fingerprint pattern="^CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\\, Inc\.,ST=Texas,C=US$">
|
687
|
+
<description>Lifesize TelePresence (a_lifesize variant 2)</description>
|
688
|
+
<example>CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\, Inc.,ST=Texas,C=US</example>
|
689
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
690
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
691
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
692
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
693
|
+
<param pos="0" name="os.family" value="Linux"/>
|
694
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
695
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
696
|
+
</fingerprint>
|
697
|
+
|
565
698
|
<fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
|
566
699
|
<description>Crestron Mercury</description>
|
567
700
|
<example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
|
@@ -747,8 +880,8 @@
|
|
747
880
|
|
748
881
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
749
882
|
<description>Fortinet Gateway</description>
|
750
|
-
<example
|
751
|
-
<example
|
883
|
+
<example hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
884
|
+
<example hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
752
885
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
753
886
|
<param pos="0" name="hw.device" value="Firewall"/>
|
754
887
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
@@ -756,12 +889,12 @@
|
|
756
889
|
<param pos="0" name="os.device" value="Firewall"/>
|
757
890
|
<param pos="0" name="os.product" value="FortiOS"/>
|
758
891
|
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
759
|
-
<param pos="1" name="
|
892
|
+
<param pos="1" name="hw.serial_number"/>
|
760
893
|
</fingerprint>
|
761
894
|
|
762
895
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
|
763
896
|
<description>Fortinet Gateway (Older)</description>
|
764
|
-
<example
|
897
|
+
<example hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
|
765
898
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
766
899
|
<param pos="0" name="hw.device" value="Firewall"/>
|
767
900
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
@@ -769,7 +902,7 @@
|
|
769
902
|
<param pos="0" name="os.device" value="Firewall"/>
|
770
903
|
<param pos="0" name="os.product" value="FortiOS"/>
|
771
904
|
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
772
|
-
<param pos="1" name="
|
905
|
+
<param pos="1" name="hw.serial_number"/>
|
773
906
|
</fingerprint>
|
774
907
|
|
775
908
|
<fingerprint pattern="^CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
@@ -893,6 +1026,16 @@
|
|
893
1026
|
<param pos="0" name="os.device" value="Router"/>
|
894
1027
|
</fingerprint>
|
895
1028
|
|
1029
|
+
<fingerprint pattern="^CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US">
|
1030
|
+
<description>Ubiquiti Router UI</description>
|
1031
|
+
<example>CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US</example>
|
1032
|
+
<param pos="0" name="hw.vendor" value="Ubiquiti"/>
|
1033
|
+
<param pos="0" name="hw.device" value="Router"/>
|
1034
|
+
<param pos="0" name="os.vendor" value="Ubiquiti"/>
|
1035
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1036
|
+
<param pos="0" name="os.device" value="Router"/>
|
1037
|
+
</fingerprint>
|
1038
|
+
|
896
1039
|
<fingerprint pattern="^CN=UniFi-Video Controller,OU=R&D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
|
897
1040
|
<description>Ubiquiti Video Controller</description>
|
898
1041
|
<example>CN=UniFi-Video Controller,OU=R&D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
|
@@ -989,10 +1132,11 @@
|
|
989
1132
|
<param pos="0" name="os.product" value="Linux"/>
|
990
1133
|
</fingerprint>
|
991
1134
|
|
992
|
-
<fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US
|
1135
|
+
<fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US(?:,\S+)?$">
|
993
1136
|
<description>Mercurity Security (now HID Global)</description>
|
994
1137
|
<example hw.product="M5IC" host.mac="000FE507A1F1">CN=MAC000FE507A1F1,OU=M5IC,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
|
995
1138
|
<example hw.product="EP-1502" host.mac="000FE508BC71">CN=MAC000FE508BC71,OU=EP-1502,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
|
1139
|
+
<example hw.product="LP-1501" host.mac="000FE5091111">CN=MAC000FE5091111,OU=LP-1501,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US,2.5.4.4=#111111111111111111</example>
|
996
1140
|
<param pos="0" name="hw.vendor" value="Mercury Security"/>
|
997
1141
|
<param pos="0" name="hw.device" value="Access Control"/>
|
998
1142
|
<param pos="1" name="host.mac"/>
|
@@ -1027,13 +1171,30 @@
|
|
1027
1171
|
</fingerprint>
|
1028
1172
|
|
1029
1173
|
<fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
|
1030
|
-
<description>SonicWALL
|
1174
|
+
<description>SonicWALL SSL-VPN</description>
|
1031
1175
|
<example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
|
1176
|
+
<param pos="0" name="service.vendor" value="SonicWall"/>
|
1177
|
+
<param pos="0" name="service.family" value="SSL-VPN"/>
|
1032
1178
|
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
1033
1179
|
<param pos="0" name="hw.device" value="VPN"/>
|
1034
1180
|
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1035
|
-
<param pos="0" name="os.
|
1036
|
-
<param pos="0" name="os.
|
1181
|
+
<param pos="0" name="os.family" value="SonicOS"/>
|
1182
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1183
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1184
|
+
</fingerprint>
|
1185
|
+
|
1186
|
+
<fingerprint pattern="^CN=[0-9\.]+,OU=HTTPS Management Certificate for SonicWALL \(self-signed\),O=HTTPS Management Certificate for SonicWALL \(self-signed\),L=Sunnyvale,ST=California,C=US$">
|
1187
|
+
<description>SonicWALL Network Security Appliance firewall</description>
|
1188
|
+
<example>CN=192.168.168.168,OU=HTTPS Management Certificate for SonicWALL (self-signed),O=HTTPS Management Certificate for SonicWALL (self-signed),L=Sunnyvale,ST=California,C=US</example>
|
1189
|
+
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
1190
|
+
<param pos="0" name="hw.product" value="Network Security Appliance"/>
|
1191
|
+
<param pos="0" name="hw.family" value="Network Security Appliance"/>
|
1192
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
1193
|
+
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1194
|
+
<param pos="0" name="os.family" value="SonicOS"/>
|
1195
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1196
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
1197
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1037
1198
|
</fingerprint>
|
1038
1199
|
|
1039
1200
|
<fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
|
@@ -1041,10 +1202,19 @@
|
|
1041
1202
|
<example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
|
1042
1203
|
<param pos="0" name="service.vendor" value="Akamai"/>
|
1043
1204
|
<param pos="0" name="service.product" value="GHost"/>
|
1205
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:akamai:akamaighost:-"/>
|
1044
1206
|
<param pos="0" name="os.vendor" value="Akamai"/>
|
1045
1207
|
<param pos="0" name="os.device" value="Web Proxy"/>
|
1046
1208
|
</fingerprint>
|
1047
1209
|
|
1210
|
+
<fingerprint pattern="^O=Caddy Self-Signed$">
|
1211
|
+
<description>CaddyServer Caddy - golang based httpd</description>
|
1212
|
+
<example>O=Caddy Self-Signed</example>
|
1213
|
+
<param pos="0" name="service.vendor" value="CaddyServer"/>
|
1214
|
+
<param pos="0" name="service.product" value="Caddy"/>
|
1215
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
1216
|
+
</fingerprint>
|
1217
|
+
|
1048
1218
|
<fingerprint pattern="^CN=HP_3PAR_">
|
1049
1219
|
<description>HP 3PAR</description>
|
1050
1220
|
<example>CN=HP_3PAR_1626615</example>
|
@@ -1066,7 +1236,7 @@
|
|
1066
1236
|
|
1067
1237
|
<fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
|
1068
1238
|
<description>Canon iR-ADV Printer with product info</description>
|
1069
|
-
<example os.product="iR-ADV">CN=Canon iR-ADV</example>
|
1239
|
+
<example os.product="iR-ADV" hw.product="iR-ADV">CN=Canon iR-ADV</example>
|
1070
1240
|
<param pos="0" name="hw.device" value="Printer"/>
|
1071
1241
|
<param pos="0" name="hw.vendor" value="Canon"/>
|
1072
1242
|
<param pos="0" name="os.device" value="Printer"/>
|
@@ -1131,19 +1301,28 @@
|
|
1131
1301
|
|
1132
1302
|
<fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
|
1133
1303
|
<description>Ruckus Zone Director</description>
|
1134
|
-
<example
|
1304
|
+
<example hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
|
1135
1305
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1136
1306
|
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1137
1307
|
<param pos="0" name="hw.product" value="Zone Director"/>
|
1138
1308
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
1139
1309
|
<param pos="0" name="os.vendor" value="Ruckus"/>
|
1140
1310
|
<param pos="0" name="os.product" value="Zone Director"/>
|
1141
|
-
<param pos="1" name="
|
1311
|
+
<param pos="1" name="hw.serial_number"/>
|
1312
|
+
</fingerprint>
|
1313
|
+
|
1314
|
+
<fingerprint pattern="^CN=SN-(\d+),O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US$">
|
1315
|
+
<description>Ruckus Wireless Access Point</description>
|
1316
|
+
<example hw.serial_number="010101010101">CN=SN-010101010101,O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US</example>
|
1317
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1318
|
+
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1319
|
+
<param pos="0" name="hw.product" value="Access Point"/>
|
1320
|
+
<param pos="1" name="hw.serial_number"/>
|
1142
1321
|
</fingerprint>
|
1143
1322
|
|
1144
1323
|
<fingerprint pattern="^CN=DT([^\s]+) Series,O=NEC Corporation,ST=Tokyo,C=JP$">
|
1145
1324
|
<description>NEC DT Series IP Phone</description>
|
1146
|
-
<example>CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
|
1325
|
+
<example hw.product="800">CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
|
1147
1326
|
<param pos="0" name="os.vendor" value="NEC"/>
|
1148
1327
|
<param pos="0" name="os.device" value="VoIP"/>
|
1149
1328
|
<param pos="0" name="hw.vendor" value="NEC"/>
|
@@ -1197,16 +1376,12 @@
|
|
1197
1376
|
<param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
|
1198
1377
|
<param pos="0" name="hw.device" value="Firewall"/>
|
1199
1378
|
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
|
1200
|
-
<param pos="0" name="os.product" value="
|
1379
|
+
<param pos="0" name="os.product" value="PAN-OS"/>
|
1380
|
+
<param pos="0" name="os.family" value="PAN-OS"/>
|
1201
1381
|
<param pos="0" name="os.device" value="Firewall"/>
|
1202
|
-
|
1203
|
-
|
1204
|
-
|
1205
|
-
<description>VMware vCenter</description>
|
1206
|
-
<example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
|
1207
|
-
<param pos="0" name="service.vendor" value="VMware"/>
|
1208
|
-
<param pos="0" name="service.product" value="vCenter"/>
|
1209
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:vcenter_server:-"/>
|
1382
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
|
1383
|
+
<param pos="0" name="service.vendor" value="Palo Alto Networks"/>
|
1384
|
+
<param pos="0" name="service.device" value="Firewall"/>
|
1210
1385
|
</fingerprint>
|
1211
1386
|
|
1212
1387
|
<fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
|
@@ -1296,9 +1471,10 @@
|
|
1296
1471
|
<param pos="0" name="hw.product" value="Sensor"/>
|
1297
1472
|
</fingerprint>
|
1298
1473
|
|
1299
|
-
<fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US$">
|
1474
|
+
<fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,(?:L=Sunnyvale,)?ST=California,C=US$">
|
1300
1475
|
<description>Aerohive Access Point</description>
|
1301
1476
|
<example>CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US</example>
|
1477
|
+
<example>CN=HiveAP,OU=Default,O=Aerohive,L=Sunnyvale,ST=California,C=US</example>
|
1302
1478
|
<param pos="0" name="hw.vendor" value="Aerohive"/>
|
1303
1479
|
<param pos="0" name="hw.device" value="WAP"/>
|
1304
1480
|
<param pos="0" name="hw.product" value="Access Point"/>
|
@@ -1324,6 +1500,7 @@
|
|
1324
1500
|
<param pos="0" name="hw.vendor" value="Philips"/>
|
1325
1501
|
<param pos="0" name="hw.product" value="Hue"/>
|
1326
1502
|
<param pos="0" name="hw.device" value="Light Bulb"/>
|
1503
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
|
1327
1504
|
<param pos="1" name="host.mac_eui64"/>
|
1328
1505
|
</fingerprint>
|
1329
1506
|
|
@@ -1435,4 +1612,147 @@
|
|
1435
1612
|
<param pos="0" name="os.product" value="Linux"/>
|
1436
1613
|
</fingerprint>
|
1437
1614
|
|
1615
|
+
<fingerprint pattern="^CN=(RFS\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
|
1616
|
+
<description>Motorola RFS Wireless Controllers</description>
|
1617
|
+
<example host.mac="B1-C1-11-11-11-11" hw.product="RFS6000">CN=RFS6000-B1-C1-11-11-11-11</example>
|
1618
|
+
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1619
|
+
<param pos="0" name="hw.vendor" value="Motorola"/>
|
1620
|
+
<param pos="1" name="hw.product"/>
|
1621
|
+
<param pos="2" name="host.mac"/>
|
1622
|
+
</fingerprint>
|
1623
|
+
|
1624
|
+
<fingerprint pattern="^CN=(AP\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
|
1625
|
+
<description>Motorola Wireless Access Points</description>
|
1626
|
+
<example host.mac="F1-11-11-11-11-11" hw.product="AP6532">CN=AP6532-F1-11-11-11-11-11</example>
|
1627
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1628
|
+
<param pos="0" name="hw.vendor" value="Motorola"/>
|
1629
|
+
<param pos="1" name="hw.product"/>
|
1630
|
+
<param pos="2" name="host.mac"/>
|
1631
|
+
</fingerprint>
|
1632
|
+
|
1633
|
+
<fingerprint pattern="^CN=attvpngateway\.att\.com,O=AT&T,L=Tampa,ST=FL,C=US$">
|
1634
|
+
<description>ATT VPN Gateway</description>
|
1635
|
+
<example>CN=attvpngateway.att.com,O=AT&T,L=Tampa,ST=FL,C=US</example>
|
1636
|
+
<param pos="0" name="hw.vendor" value="ATT"/>
|
1637
|
+
<param pos="0" name="hw.device" value="VPN"/>
|
1638
|
+
<param pos="0" name="hw.product" value="VPN Gateway"/>
|
1639
|
+
</fingerprint>
|
1640
|
+
|
1641
|
+
<fingerprint pattern="^CN=silver-peak,OU=Networking Appliance">
|
1642
|
+
<description>Silver Peak Appliance</description>
|
1643
|
+
<example>CN=silver-peak,OU=Networking Appliance,O=Silver Peak Systems Inc,L=Mountain View,ST=California,C=--</example>
|
1644
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
1645
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1646
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
1647
|
+
</fingerprint>
|
1648
|
+
|
1649
|
+
<fingerprint pattern="^CN=Windows Media Player Network Sharing Service \(([A-Z-]{1,15})\)$">
|
1650
|
+
<description>Windows Media Player Network Sharing Service</description>
|
1651
|
+
<example host.name="LIVING-ROOM">CN=Windows Media Player Network Sharing Service (LIVING-ROOM)</example>
|
1652
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
1653
|
+
<param pos="0" name="service.product" value="Windows Media Player"/>
|
1654
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:windows_media_player:-"/>
|
1655
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1656
|
+
<param pos="0" name="os.family" value="Windows"/>
|
1657
|
+
<param pos="1" name="host.name"/>
|
1658
|
+
</fingerprint>
|
1659
|
+
|
1660
|
+
<fingerprint pattern="^CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR$">
|
1661
|
+
<description>Freebox Device</description>
|
1662
|
+
<example>CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR</example>
|
1663
|
+
<param pos="0" name="hw.vendor" value="Freebox"/>
|
1664
|
+
</fingerprint>
|
1665
|
+
|
1666
|
+
<fingerprint pattern="^CN=TP-LINK CA,O=TP-LINK Technologies CO.\\, LTD.,L=Shenzhen,ST=Guangdong,C=CN(?:,\S+)?$">
|
1667
|
+
<description>TP-LINK Device</description>
|
1668
|
+
<example>CN=TP-LINK CA,O=TP-LINK Technologies CO.\, LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c16736572766963654074702d6c696e6b2e636f6d2e636e</example>
|
1669
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
1670
|
+
</fingerprint>
|
1671
|
+
|
1672
|
+
<fingerprint pattern="^CN=BHA-([0-9a-fA-F]{12}),O=Bird Home Automation$">
|
1673
|
+
<description>Bird Home Automation</description>
|
1674
|
+
<example host.mac="0123456789AB">CN=BHA-0123456789AB,O=Bird Home Automation</example>
|
1675
|
+
<param pos="0" name="hw.device" value="Device"/>
|
1676
|
+
<param pos="0" name="hw.vendor" value="Bird Home Automation"/>
|
1677
|
+
<param pos="1" name="host.mac"/>
|
1678
|
+
</fingerprint>
|
1679
|
+
|
1680
|
+
<fingerprint pattern="^CN=\S+,OU=Media Server,O=Avaya Inc\.,C=US">
|
1681
|
+
<description>Avaya Media Server</description>
|
1682
|
+
<example>CN=192.168.0.3,OU=Media Server,O=Avaya Inc.,C=US</example>
|
1683
|
+
<param pos="0" name="os.vendor" value="Avaya"/>
|
1684
|
+
<param pos="0" name="os.device" value="Media Gateway"/>
|
1685
|
+
<param pos="0" name="os.product" value="Media Server"/>
|
1686
|
+
</fingerprint>
|
1687
|
+
|
1688
|
+
<fingerprint pattern="^CN=iSTAR Ultra">
|
1689
|
+
<description>iSTAR Ultra</description>
|
1690
|
+
<example>CN=iSTAR Ultra,OU=Access Control and Video Division,O=Johnson Controls,L=Westford,ST=Massachusetts,C=US</example>
|
1691
|
+
<param pos="0" name="os.vendor" value="Software House"/>
|
1692
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1693
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
1694
|
+
<param pos="0" name="hw.vendor" value="Software House"/>
|
1695
|
+
<param pos="0" name="hw.device" value="Access Control"/>
|
1696
|
+
<param pos="0" name="hw.family" value="iSTAR Door Controllers"/>
|
1697
|
+
<param pos="0" name="hw.product" value="iSTAR Ultra"/>
|
1698
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:swhouse:istar_ultra:-"/>
|
1699
|
+
</fingerprint>
|
1700
|
+
|
1701
|
+
<fingerprint pattern="^O=SpotteRF - NetworkedIO$">
|
1702
|
+
<description>SpotterRF</description>
|
1703
|
+
<example>O=SpotteRF - NetworkedIO</example>
|
1704
|
+
<param pos="0" name="os.vendor" value="SpotterRF"/>
|
1705
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1706
|
+
<param pos="0" name="os.certainty" value="0.90"/>
|
1707
|
+
<param pos="0" name="hw.vendor" value="SpotterRF"/>
|
1708
|
+
<param pos="0" name="hw.device" value="Sensor"/>
|
1709
|
+
<param pos="0" name="hw.product" value="Drone Detector"/>
|
1710
|
+
</fingerprint>
|
1711
|
+
|
1712
|
+
<fingerprint pattern="(?i)^CN=.{0,1000}myboschcam.net,O=Bosch Sicherheitssysteme">
|
1713
|
+
<description>Bosch AutoDome IP Camera</description>
|
1714
|
+
<example>CN=local.myboschcam.net,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,ST=Bayern,C=DE</example>
|
1715
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
1716
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
1717
|
+
<param pos="0" name="hw.product" value="AutoDome"/>
|
1718
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1719
|
+
</fingerprint>
|
1720
|
+
|
1721
|
+
<fingerprint pattern="(?i)CN=(\w+),OU=BWI,O=Redline Communications Inc">
|
1722
|
+
<description>Redline Communication Radios</description>
|
1723
|
+
<example hw.product="an80i">CN=an80i,OU=BWI,O=Redline Communications Inc.,C=CA</example>
|
1724
|
+
<param pos="0" name="hw.vendor" value="Redline"/>
|
1725
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1726
|
+
<param pos="1" name="hw.product"/>
|
1727
|
+
</fingerprint>
|
1728
|
+
|
1729
|
+
<fingerprint pattern="(?i)CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US">
|
1730
|
+
<description>Vadio DocCom</description>
|
1731
|
+
<example>CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US</example>
|
1732
|
+
<param pos="0" name="hw.vendor" value="Vaddio"/>
|
1733
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
1734
|
+
<param pos="0" name="hw.product" value="DocCam"/>
|
1735
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1736
|
+
</fingerprint>
|
1737
|
+
|
1738
|
+
<fingerprint pattern="(?i)CN=.{0,1000},OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ">
|
1739
|
+
<description>2N IP Intercoms</description>
|
1740
|
+
<example>CN=11111111111d,OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ</example>
|
1741
|
+
<param pos="0" name="hw.vendor" value="2N Telekomunikace"/>
|
1742
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
1743
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1744
|
+
</fingerprint>
|
1745
|
+
|
1746
|
+
<fingerprint pattern="^CN=(.{1,256}),OU=PVE Cluster Node,O=Proxmox Virtual Environment$">
|
1747
|
+
<description>Proxmox open-source virtualization platform</description>
|
1748
|
+
<example host.name="pve.example.org">CN=pve.example.org,OU=PVE Cluster Node,O=Proxmox Virtual Environment</example>
|
1749
|
+
<param pos="1" name="host.name"/>
|
1750
|
+
<param pos="0" name="service.vendor" value="Proxmox"/>
|
1751
|
+
<param pos="0" name="service.product" value="Virtual Environment"/>
|
1752
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
|
1753
|
+
<param pos="0" name="os.vendor" value="Proxmox"/>
|
1754
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1755
|
+
<param pos="0" name="os.product" value="Proxmox"/>
|
1756
|
+
</fingerprint>
|
1757
|
+
|
1438
1758
|
</fingerprints>
|