recog 2.3.18 → 2.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +26 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +33 -12
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +355 -200
- data/features/verify.feature +14 -14
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +105 -0
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +19 -0
- data/identifiers/hw_product.txt +122 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +3 -0
- data/identifiers/os_product.txt +46 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +90 -2
- data/identifiers/vendor.txt +104 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +19 -6
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +270 -45
- data/xml/ftp_banners.xml +89 -64
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +1051 -62
- data/xml/http_cookies.xml +294 -85
- data/xml/http_servers.xml +551 -122
- data/xml/http_wwwauth.xml +139 -43
- data/xml/imap_banners.xml +8 -8
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +720 -27
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +4 -4
- data/xml/ntp_banners.xml +79 -65
- data/xml/operating_system.xml +6 -6
- data/xml/pop_banners.xml +11 -11
- data/xml/rsh_resp.xml +3 -3
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +374 -9
- data/xml/sip_user_agents.xml +377 -5
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +168 -129
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +508 -214
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +145 -29
- data/xml/telnet_banners.xml +240 -61
- data/xml/tls_jarm.xml +162 -0
- data/xml/x509_issuers.xml +237 -2
- data/xml/x509_subjects.xml +369 -49
- metadata +10 -3
@@ -3,14 +3,18 @@ class VerifyReporter
|
|
3
3
|
attr_reader :formatter
|
4
4
|
attr_reader :success_count, :warning_count, :failure_count
|
5
5
|
|
6
|
-
def initialize(options, formatter)
|
6
|
+
def initialize(options, formatter, path=nil)
|
7
7
|
@options = options
|
8
8
|
@formatter = formatter
|
9
|
+
@path = path
|
9
10
|
reset_counts
|
10
11
|
end
|
11
12
|
|
12
13
|
def report(fingerprint_count)
|
13
14
|
reset_counts
|
15
|
+
if detail? and !@path.to_s.empty?
|
16
|
+
formatter.status_message("\n#{@path}:\n")
|
17
|
+
end
|
14
18
|
yield self
|
15
19
|
summarize(fingerprint_count) unless @options.quiet
|
16
20
|
end
|
@@ -23,12 +27,12 @@ class VerifyReporter
|
|
23
27
|
def warning(text)
|
24
28
|
return unless @options.warnings
|
25
29
|
@warning_count += 1
|
26
|
-
formatter.warning_message("#{padding}#{text}")
|
30
|
+
formatter.warning_message("#{path_label}#{padding}#{text}")
|
27
31
|
end
|
28
32
|
|
29
33
|
def failure(text)
|
30
34
|
@failure_count += 1
|
31
|
-
formatter.failure_message("#{padding}#{text}")
|
35
|
+
formatter.failure_message("#{path_label}#{padding}#{text}")
|
32
36
|
end
|
33
37
|
|
34
38
|
def print_name(fingerprint)
|
@@ -61,12 +65,18 @@ class VerifyReporter
|
|
61
65
|
@options.detail
|
62
66
|
end
|
63
67
|
|
68
|
+
def path_label
|
69
|
+
unless detail?
|
70
|
+
@path.to_s.empty? ? "" : "#{@path}: "
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
64
74
|
def padding
|
65
75
|
' ' if @options.detail
|
66
76
|
end
|
67
77
|
|
68
78
|
def summary_line
|
69
|
-
summary = "SUMMARY: Test completed with "
|
79
|
+
summary = "#{path_label}SUMMARY: Test completed with "
|
70
80
|
summary << "#{@success_count} successful"
|
71
81
|
summary << ", #{@warning_count} warnings"
|
72
82
|
summary << ", and #{@failure_count} failures"
|
data/lib/recog/version.rb
CHANGED
data/requirements.txt
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
lxml==4.6.
|
1
|
+
lxml==4.6.3
|
2
2
|
pyyaml
|
@@ -151,6 +151,7 @@ describe Recog::DB do
|
|
151
151
|
# test any extractions specified in the example
|
152
152
|
example.attributes.each_pair do |k,v|
|
153
153
|
next if k == '_encoding'
|
154
|
+
next if k == '_filename'
|
154
155
|
expect(match[k]).to eq(v), "Regex didn't extract expected value for fingerprint attribute #{k} -- got #{match[k]} instead of #{v}"
|
155
156
|
end
|
156
157
|
end
|
@@ -7,6 +7,7 @@ describe Recog::VerifyReporter do
|
|
7
7
|
let(:summary_line) do
|
8
8
|
"SUMMARY: Test completed with 1 successful, 1 warnings, and 1 failures"
|
9
9
|
end
|
10
|
+
let(:path) { "fingerprint.xml" }
|
10
11
|
|
11
12
|
subject { Recog::VerifyReporter.new(double(detail: false, quiet: false, warnings: true), formatter) }
|
12
13
|
|
@@ -77,6 +78,74 @@ describe Recog::VerifyReporter do
|
|
77
78
|
end
|
78
79
|
end
|
79
80
|
end
|
81
|
+
|
82
|
+
context "with fingerprint path" do
|
83
|
+
|
84
|
+
subject { Recog::VerifyReporter.new(double(detail: false, quiet: false, warnings: true), formatter, path) }
|
85
|
+
|
86
|
+
it "prints warnings" do
|
87
|
+
expect(formatter).to receive(:warning_message).with("#{path}: a warning")
|
88
|
+
run_report
|
89
|
+
end
|
90
|
+
|
91
|
+
it "prints failures" do
|
92
|
+
expect(formatter).to receive(:failure_message).with("#{path}: a failure")
|
93
|
+
run_report
|
94
|
+
end
|
95
|
+
|
96
|
+
it "prints summary" do
|
97
|
+
expect(formatter).to receive(:failure_message).with("#{path}: #{summary_line}")
|
98
|
+
run_report
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
context "with fingerprint path and detail" do
|
103
|
+
subject { Recog::VerifyReporter.new(double(detail: true, quiet: false, warnings: true), formatter, path) }
|
104
|
+
|
105
|
+
it "prints the fingerprint path" do
|
106
|
+
expect(formatter).to receive(:status_message).with("\n#{path}:\n")
|
107
|
+
run_report
|
108
|
+
end
|
109
|
+
|
110
|
+
it "prints the fingerprint name" do
|
111
|
+
expect(formatter).to receive(:status_message).with("\na name")
|
112
|
+
run_report
|
113
|
+
end
|
114
|
+
|
115
|
+
it "prints successes" do
|
116
|
+
expect(formatter).to receive(:success_message).with(' passed')
|
117
|
+
run_report
|
118
|
+
end
|
119
|
+
|
120
|
+
it "prints warnings" do
|
121
|
+
expect(formatter).to receive(:warning_message).with(' a warning')
|
122
|
+
run_report
|
123
|
+
end
|
124
|
+
|
125
|
+
it "prints failures" do
|
126
|
+
expect(formatter).to receive(:failure_message).with(' a failure')
|
127
|
+
run_report
|
128
|
+
end
|
129
|
+
|
130
|
+
it "prints the fingerprint count" do
|
131
|
+
expect(formatter).to receive(:status_message).with("\nVerified 1 fingerprints:")
|
132
|
+
run_report
|
133
|
+
end
|
134
|
+
|
135
|
+
it "prints summary" do
|
136
|
+
expect(formatter).to receive(:failure_message).with(summary_line)
|
137
|
+
run_report
|
138
|
+
end
|
139
|
+
|
140
|
+
context "with no fingerprint tests" do
|
141
|
+
let(:tests) { [] }
|
142
|
+
|
143
|
+
it "does not print the name" do
|
144
|
+
expect(formatter).not_to receive(:status_message).with("\na name")
|
145
|
+
run_report
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
80
149
|
end
|
81
150
|
|
82
151
|
describe "#print_summary" do
|
@@ -0,0 +1,21 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# Hook script to verify changes about to be committed.
|
4
|
+
# The hook should exit with non-zero status after issuing an appropriate
|
5
|
+
# message if it wants to stop the commit.
|
6
|
+
|
7
|
+
# Verify that each fingerprint asserts known identifiers.
|
8
|
+
git diff --cached --name-only --diff-filter=ACM -z xml/*.xml | xargs -0 ./bin/recog_standardize --write
|
9
|
+
|
10
|
+
# get status
|
11
|
+
status=$?
|
12
|
+
|
13
|
+
if [ $status -ne 0 ]; then
|
14
|
+
echo "Please review any new additions to the text files under 'identifiers/'."
|
15
|
+
echo "If any of these names are close to an existing name, update the offending"
|
16
|
+
echo "fingerprint to use the existing name instead. Once the fingerprints are fixed,"
|
17
|
+
echo "remove the 'extra' names from the identifiers files, and run the tool again."
|
18
|
+
exit 1
|
19
|
+
fi
|
20
|
+
|
21
|
+
exit 0
|
data/update_cpes.py
CHANGED
@@ -16,8 +16,17 @@ def parse_cpe_vp_map(file):
|
|
16
16
|
parser = etree.XMLParser(remove_comments=False)
|
17
17
|
doc = etree.parse(file, parser)
|
18
18
|
namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
|
19
|
-
for
|
19
|
+
for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
|
20
|
+
cpe_name = entry.get("name")
|
21
|
+
if not cpe_name:
|
22
|
+
continue
|
23
|
+
|
24
|
+
# If the entry is deprecated then don't add it to our list of valid CPEs.
|
25
|
+
if entry.get("deprecated"):
|
26
|
+
continue
|
27
|
+
|
20
28
|
cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
|
29
|
+
|
21
30
|
if cpe_match:
|
22
31
|
cpe_type, vendor, product = cpe_match.group(1, 2, 3)
|
23
32
|
if cpe_type not in vp_map:
|
@@ -55,7 +64,7 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
55
64
|
these values to more correct values used by NIST.
|
56
65
|
|
57
66
|
For example, the remapping might tell us that a value of 'alpine' for the
|
58
|
-
vendor string should be '
|
67
|
+
vendor string should be 'alpinelinux' instead, or for product 'solaris'
|
59
68
|
should be 'sunos'.
|
60
69
|
|
61
70
|
This function should only emit values seen in the official NIST CPE list
|
@@ -86,7 +95,11 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
86
95
|
|
87
96
|
# Everything else depends on a remap of some sort.
|
88
97
|
# get the remappings for this one vendor string.
|
89
|
-
vendor_remap =
|
98
|
+
vendor_remap = None
|
99
|
+
|
100
|
+
remap_type = remap.get(cpe_type, None)
|
101
|
+
if remap_type:
|
102
|
+
vendor_remap = remap_type.get(vendor, None)
|
90
103
|
|
91
104
|
if vendor_remap:
|
92
105
|
# If we have product remappings, work that angle next
|
@@ -190,7 +203,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
190
203
|
continue
|
191
204
|
|
192
205
|
vendor = vendor.lower().replace(' ', '_').replace(',', '')
|
193
|
-
product = product.lower().replace(' ', '_').replace(',', '')
|
206
|
+
product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
|
194
207
|
if 'unknown' in [vendor, product]:
|
195
208
|
continue
|
196
209
|
|
@@ -209,8 +222,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
209
222
|
continue
|
210
223
|
|
211
224
|
# building the CPE string
|
212
|
-
# Last minute escaping of '/'
|
213
|
-
product = product.replace('/', '\/')
|
225
|
+
# Last minute escaping of '/' and `!`
|
226
|
+
product = product.replace('/', '\/').replace('%21', '\!')
|
214
227
|
cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
|
215
228
|
|
216
229
|
if version:
|
data/xml/apache_modules.xml
CHANGED
@@ -220,6 +220,36 @@
|
|
220
220
|
<param pos="0" name="service.component.product" value="mod_auth_ldap"/>
|
221
221
|
</fingerprint>
|
222
222
|
|
223
|
+
<fingerprint pattern="mod_auth_oracle/(\S+)$">
|
224
|
+
<description>mod_auth_oracle with version</description>
|
225
|
+
<example service.component.version="1.2.3">mod_auth_oracle/1.2.3</example>
|
226
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
227
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
228
|
+
<param pos="1" name="service.component.version"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<fingerprint pattern="mod_auth_oracle/?$">
|
232
|
+
<description>mod_auth_oracle without version</description>
|
233
|
+
<example>mod_auth_oracle/</example>
|
234
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
235
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
236
|
+
</fingerprint>
|
237
|
+
|
238
|
+
<fingerprint pattern="mod_auth_pgsql/(\S+)$">
|
239
|
+
<description>mod_auth_pgsql with version</description>
|
240
|
+
<example service.component.version="1.2.3">mod_auth_pgsql/1.2.3</example>
|
241
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
242
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
243
|
+
<param pos="1" name="service.component.version"/>
|
244
|
+
</fingerprint>
|
245
|
+
|
246
|
+
<fingerprint pattern="mod_auth_pgsql/?$">
|
247
|
+
<description>mod_auth_pgsql without version</description>
|
248
|
+
<example>mod_auth_pgsql/</example>
|
249
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
250
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
251
|
+
</fingerprint>
|
252
|
+
|
223
253
|
<fingerprint pattern="mod_auth_radius/(\S+)$">
|
224
254
|
<description>mod_auth_radius with version</description>
|
225
255
|
<example service.component.version="1.2.3">mod_auth_radius/1.2.3</example>
|
@@ -978,6 +1008,36 @@
|
|
978
1008
|
<param pos="0" name="service.component.product" value="mod_filter"/>
|
979
1009
|
</fingerprint>
|
980
1010
|
|
1011
|
+
<fingerprint pattern="mod_frontpage/(\S+)$">
|
1012
|
+
<description>mod_frontpage with version</description>
|
1013
|
+
<example service.component.version="1.2.3">mod_frontpage/1.2.3</example>
|
1014
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1015
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1016
|
+
<param pos="1" name="service.component.version"/>
|
1017
|
+
</fingerprint>
|
1018
|
+
|
1019
|
+
<fingerprint pattern="mod_frontpage/?$">
|
1020
|
+
<description>mod_frontpage without version</description>
|
1021
|
+
<example>mod_frontpage/</example>
|
1022
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1023
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1024
|
+
</fingerprint>
|
1025
|
+
|
1026
|
+
<fingerprint pattern="mod_gzip/(\S+)$">
|
1027
|
+
<description>mod_gzip with version</description>
|
1028
|
+
<example service.component.version="1.2.3">mod_gzip/1.2.3</example>
|
1029
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1030
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1031
|
+
<param pos="1" name="service.component.version"/>
|
1032
|
+
</fingerprint>
|
1033
|
+
|
1034
|
+
<fingerprint pattern="mod_gzip/?$">
|
1035
|
+
<description>mod_gzip without version</description>
|
1036
|
+
<example>mod_gzip/</example>
|
1037
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1038
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1039
|
+
</fingerprint>
|
1040
|
+
|
981
1041
|
<fingerprint pattern="mod_headers/(\S+)$">
|
982
1042
|
<description>mod_headers with version</description>
|
983
1043
|
<example service.component.version="1.2.3">mod_headers/1.2.3</example>
|
data/xml/apache_os.xml
CHANGED
@@ -6,7 +6,7 @@
|
|
6
6
|
against the following patterns to extract OS information.
|
7
7
|
-->
|
8
8
|
|
9
|
-
<fingerprint pattern="
|
9
|
+
<fingerprint pattern="\(iSeries\)">
|
10
10
|
<description>IBM i5/OS iSeries (OS/400)</description>
|
11
11
|
<param pos="0" name="os.vendor" value="IBM"/>
|
12
12
|
<param pos="0" name="os.family" value="OS/400"/>
|
@@ -14,7 +14,7 @@
|
|
14
14
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
|
15
15
|
</fingerprint>
|
16
16
|
|
17
|
-
<fingerprint pattern="
|
17
|
+
<fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.92mdk\)">
|
18
18
|
<description>Mandriva (formerly Mandrake) Linux 9.2</description>
|
19
19
|
<param pos="0" name="os.certainty" value="0.9"/>
|
20
20
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
@@ -24,7 +24,7 @@
|
|
24
24
|
<param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:9.2"/>
|
25
25
|
</fingerprint>
|
26
26
|
|
27
|
-
<fingerprint pattern="
|
27
|
+
<fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.100mdk\)">
|
28
28
|
<description>Mandriva (formerly Mandrake) Linux 10.0</description>
|
29
29
|
<param pos="0" name="os.certainty" value="0.9"/>
|
30
30
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
@@ -34,7 +34,7 @@
|
|
34
34
|
<param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:10.0"/>
|
35
35
|
</fingerprint>
|
36
36
|
|
37
|
-
<fingerprint pattern="
|
37
|
+
<fingerprint pattern="\((?:Mandrake|Mandriva) Linux/">
|
38
38
|
<description>Mandriva (formerly Mandrake) Linux unknown version</description>
|
39
39
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
40
40
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -42,7 +42,7 @@
|
|
42
42
|
<param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
|
43
43
|
</fingerprint>
|
44
44
|
|
45
|
-
<fingerprint pattern="
|
45
|
+
<fingerprint pattern="\(Mandrakelinux/">
|
46
46
|
<description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
|
47
47
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
48
48
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -50,14 +50,14 @@
|
|
50
50
|
<param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
|
51
51
|
</fingerprint>
|
52
52
|
|
53
|
-
<fingerprint pattern="
|
53
|
+
<fingerprint pattern="\(PalmOS\)">
|
54
54
|
<description>PalmOS</description>
|
55
55
|
<param pos="0" name="os.vendor" value="Palm"/>
|
56
56
|
<param pos="0" name="os.family" value="PalmOS"/>
|
57
57
|
<param pos="0" name="os.product" value="PalmOS"/>
|
58
58
|
</fingerprint>
|
59
59
|
|
60
|
-
<fingerprint pattern="
|
60
|
+
<fingerprint pattern="\(Win32\)">
|
61
61
|
<description>Microsoft Windows</description>
|
62
62
|
<param pos="0" name="os.certainty" value="0.75"/>
|
63
63
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
@@ -66,7 +66,7 @@
|
|
66
66
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
67
67
|
</fingerprint>
|
68
68
|
|
69
|
-
<fingerprint pattern="
|
69
|
+
<fingerprint pattern="\(Darwin\)">
|
70
70
|
<description>Apple Mac OS X</description>
|
71
71
|
<param pos="0" name="os.vendor" value="Apple"/>
|
72
72
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
@@ -74,7 +74,7 @@
|
|
74
74
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
|
75
75
|
</fingerprint>
|
76
76
|
|
77
|
-
<fingerprint pattern="
|
77
|
+
<fingerprint pattern="\(Ubuntu\)">
|
78
78
|
<description>Ubuntu</description>
|
79
79
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
80
80
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -82,21 +82,21 @@
|
|
82
82
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
83
83
|
</fingerprint>
|
84
84
|
|
85
|
-
<fingerprint pattern="
|
85
|
+
<fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?">
|
86
86
|
<description>Sun Cobalt RaQ (Red Hat based Linux)</description>
|
87
87
|
<param pos="0" name="os.vendor" value="Sun"/>
|
88
88
|
<param pos="0" name="os.family" value="Linux"/>
|
89
89
|
<param pos="0" name="os.product" value="Cobalt RaQ"/>
|
90
90
|
</fingerprint>
|
91
91
|
|
92
|
-
<fingerprint pattern="
|
92
|
+
<fingerprint pattern="\(BlueQuartz\)">
|
93
93
|
<description>Blue Quartz is created by a Cobalt RaQ UG</description>
|
94
94
|
<param pos="0" name="os.vendor" value="Sun"/>
|
95
95
|
<param pos="0" name="os.family" value="Linux"/>
|
96
96
|
<param pos="0" name="os.product" value="Cobalt RaQ"/>
|
97
97
|
</fingerprint>
|
98
98
|
|
99
|
-
<fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)
|
99
|
+
<fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)">
|
100
100
|
<description>Red Hat Fedora 11</description>
|
101
101
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
102
102
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -105,7 +105,7 @@
|
|
105
105
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
|
106
106
|
</fingerprint>
|
107
107
|
|
108
|
-
<fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)
|
108
|
+
<fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)">
|
109
109
|
<description>Red Hat Fedora 13</description>
|
110
110
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
111
111
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -114,7 +114,7 @@
|
|
114
114
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
|
115
115
|
</fingerprint>
|
116
116
|
|
117
|
-
<fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)
|
117
|
+
<fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)">
|
118
118
|
<description>Red Hat Fedora 14</description>
|
119
119
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
120
120
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -123,7 +123,7 @@
|
|
123
123
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
|
124
124
|
</fingerprint>
|
125
125
|
|
126
|
-
<fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)
|
126
|
+
<fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)">
|
127
127
|
<description>Red Hat Fedora 17</description>
|
128
128
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
129
129
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -132,7 +132,7 @@
|
|
132
132
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
|
133
133
|
</fingerprint>
|
134
134
|
|
135
|
-
<fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)
|
135
|
+
<fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)">
|
136
136
|
<description>Red Hat Fedora 18</description>
|
137
137
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
138
138
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -141,7 +141,7 @@
|
|
141
141
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
|
142
142
|
</fingerprint>
|
143
143
|
|
144
|
-
<fingerprint pattern="
|
144
|
+
<fingerprint pattern="\(Fedora\)">
|
145
145
|
<description>Red Hat Fedora</description>
|
146
146
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
147
147
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -149,7 +149,7 @@
|
|
149
149
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
|
150
150
|
</fingerprint>
|
151
151
|
|
152
|
-
<fingerprint pattern="
|
152
|
+
<fingerprint pattern="\(RHEL\)">
|
153
153
|
<description>Red Hat Enterprise Linux</description>
|
154
154
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
155
155
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -157,7 +157,7 @@
|
|
157
157
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
|
158
158
|
</fingerprint>
|
159
159
|
|
160
|
-
<fingerprint pattern="
|
160
|
+
<fingerprint pattern="\(Red[ -]Hat(?:[/ ]Linux)?\)">
|
161
161
|
<description>Red Hat Linux</description>
|
162
162
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
163
163
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -165,7 +165,7 @@
|
|
165
165
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
|
166
166
|
</fingerprint>
|
167
167
|
|
168
|
-
<fingerprint pattern="
|
168
|
+
<fingerprint pattern="\(Red Hat Enterprise (?:Linux)?\)">
|
169
169
|
<description>Apache OS: Red Hat Enterprise Linux</description>
|
170
170
|
<example os.vendor="Red Hat">Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips</example>
|
171
171
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
@@ -174,7 +174,7 @@
|
|
174
174
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
|
175
175
|
</fingerprint>
|
176
176
|
|
177
|
-
<fingerprint pattern="
|
177
|
+
<fingerprint pattern="Debian(?:[/ ]GNU)?(?:/Linux)?">
|
178
178
|
<description>Debian Linux</description>
|
179
179
|
<param pos="0" name="os.vendor" value="Debian"/>
|
180
180
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -182,7 +182,7 @@
|
|
182
182
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
183
183
|
</fingerprint>
|
184
184
|
|
185
|
-
<fingerprint pattern="
|
185
|
+
<fingerprint pattern="\((?:Linux/)?S[uU]SE(?:/Linux)?\)">
|
186
186
|
<description>Novell SuSE Linux</description>
|
187
187
|
<param pos="0" name="os.vendor" value="SuSE"/>
|
188
188
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -190,7 +190,7 @@
|
|
190
190
|
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:-"/>
|
191
191
|
</fingerprint>
|
192
192
|
|
193
|
-
<fingerprint pattern="
|
193
|
+
<fingerprint pattern="\(NETWARE\)">
|
194
194
|
<description>Novell NetWare</description>
|
195
195
|
<param pos="0" name="os.vendor" value="Novell"/>
|
196
196
|
<param pos="0" name="os.family" value="NetWare"/>
|
@@ -198,7 +198,7 @@
|
|
198
198
|
<param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
|
199
199
|
</fingerprint>
|
200
200
|
|
201
|
-
<fingerprint pattern="
|
201
|
+
<fingerprint pattern="HP-UX_Apache-based_Web_Server">
|
202
202
|
<description>HP HP-UX</description>
|
203
203
|
<param pos="0" name="os.vendor" value="HP"/>
|
204
204
|
<param pos="0" name="os.family" value="HP-UX"/>
|
@@ -206,7 +206,7 @@
|
|
206
206
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
|
207
207
|
</fingerprint>
|
208
208
|
|
209
|
-
<fingerprint pattern="
|
209
|
+
<fingerprint pattern="\(CentOS\)">
|
210
210
|
<description>CentOS Linux</description>
|
211
211
|
<param pos="0" name="os.vendor" value="CentOS"/>
|
212
212
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -214,14 +214,14 @@
|
|
214
214
|
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
|
215
215
|
</fingerprint>
|
216
216
|
|
217
|
-
<fingerprint pattern="
|
217
|
+
<fingerprint pattern="\(Turbolinux\)">
|
218
218
|
<description>Turbolinux</description>
|
219
219
|
<param pos="0" name="os.vendor" value="Turbolinux"/>
|
220
220
|
<param pos="0" name="os.family" value="Linux"/>
|
221
221
|
<param pos="0" name="os.product" value="Linux"/>
|
222
222
|
</fingerprint>
|
223
223
|
|
224
|
-
<fingerprint pattern="
|
224
|
+
<fingerprint pattern="\(FreeBSD\)">
|
225
225
|
<description>FreeBSD</description>
|
226
226
|
<param pos="0" name="os.vendor" value="FreeBSD"/>
|
227
227
|
<param pos="0" name="os.family" value="FreeBSD"/>
|
@@ -229,14 +229,14 @@
|
|
229
229
|
<param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
|
230
230
|
</fingerprint>
|
231
231
|
|
232
|
-
<fingerprint pattern="
|
232
|
+
<fingerprint pattern="\(Asianux\)">
|
233
233
|
<description>Asianux Linux</description>
|
234
234
|
<param pos="0" name="os.vendor" value="Asianux"/>
|
235
235
|
<param pos="0" name="os.family" value="Linux"/>
|
236
236
|
<param pos="0" name="os.product" value="Linux"/>
|
237
237
|
</fingerprint>
|
238
238
|
|
239
|
-
<fingerprint pattern="
|
239
|
+
<fingerprint pattern="\(Gentoo(?:/Linux)?\)">
|
240
240
|
<description>Gentoo Linux</description>
|
241
241
|
<param pos="0" name="os.vendor" value="Gentoo"/>
|
242
242
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -244,7 +244,7 @@
|
|
244
244
|
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
|
245
245
|
</fingerprint>
|
246
246
|
|
247
|
-
<fingerprint pattern="
|
247
|
+
<fingerprint pattern="\(Conectiva(?:/Linux)?\)">
|
248
248
|
<description>Conectiva Linux</description>
|
249
249
|
<param pos="0" name="os.vendor" value="Conectiva"/>
|
250
250
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -252,7 +252,7 @@
|
|
252
252
|
<param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
|
253
253
|
</fingerprint>
|
254
254
|
|
255
|
-
<fingerprint pattern="
|
255
|
+
<fingerprint pattern="\(Trustix Secure Linux(?:/Linux)?\)">
|
256
256
|
<description>Trustix Linux</description>
|
257
257
|
<param pos="0" name="os.vendor" value="Trustix"/>
|
258
258
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -260,49 +260,49 @@
|
|
260
260
|
<param pos="0" name="os.cpe23" value="cpe:/o:trustix:secure_linux:-"/>
|
261
261
|
</fingerprint>
|
262
262
|
|
263
|
-
<fingerprint pattern="
|
263
|
+
<fingerprint pattern="\(White Box\)">
|
264
264
|
<description>White Box Enterprise Linux</description>
|
265
265
|
<param pos="0" name="os.vendor" value="White Box"/>
|
266
266
|
<param pos="0" name="os.family" value="Linux"/>
|
267
267
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
268
268
|
</fingerprint>
|
269
269
|
|
270
|
-
<fingerprint pattern="
|
270
|
+
<fingerprint pattern="\(UnitedLinux\)">
|
271
271
|
<description>UnitedLinux</description>
|
272
272
|
<param pos="0" name="os.vendor" value="UnitedLinux"/>
|
273
273
|
<param pos="0" name="os.family" value="Linux"/>
|
274
274
|
<param pos="0" name="os.product" value="Linux"/>
|
275
275
|
</fingerprint>
|
276
276
|
|
277
|
-
<fingerprint pattern="
|
277
|
+
<fingerprint pattern="\(PLD/Linux\)">
|
278
278
|
<description>PLD Linux</description>
|
279
279
|
<param pos="0" name="os.vendor" value="PLD"/>
|
280
280
|
<param pos="0" name="os.family" value="Linux"/>
|
281
281
|
<param pos="0" name="os.product" value="Linux"/>
|
282
282
|
</fingerprint>
|
283
283
|
|
284
|
-
<fingerprint pattern="
|
284
|
+
<fingerprint pattern="\(Vine/Linux\)">
|
285
285
|
<description>Vine Linux</description>
|
286
286
|
<param pos="0" name="os.vendor" value="Vine"/>
|
287
287
|
<param pos="0" name="os.family" value="Linux"/>
|
288
288
|
<param pos="0" name="os.product" value="Linux"/>
|
289
289
|
</fingerprint>
|
290
290
|
|
291
|
-
<fingerprint pattern="
|
291
|
+
<fingerprint pattern="\(rPath\)">
|
292
292
|
<description>rPath Linux</description>
|
293
293
|
<param pos="0" name="os.vendor" value="rPath"/>
|
294
294
|
<param pos="0" name="os.family" value="Linux"/>
|
295
295
|
<param pos="0" name="os.product" value="Linux"/>
|
296
296
|
</fingerprint>
|
297
297
|
|
298
|
-
<fingerprint pattern="
|
298
|
+
<fingerprint pattern="\(StartCom Linux\)">
|
299
299
|
<description>StartCom Linux</description>
|
300
300
|
<param pos="0" name="os.vendor" value="StartCom"/>
|
301
301
|
<param pos="0" name="os.family" value="Linux"/>
|
302
302
|
<param pos="0" name="os.product" value="Linux"/>
|
303
303
|
</fingerprint>
|
304
304
|
|
305
|
-
<fingerprint pattern="
|
305
|
+
<fingerprint pattern="Linux">
|
306
306
|
<description>Generic Linux fallback</description>
|
307
307
|
<param pos="0" name="os.certainty" value="0.75"/>
|
308
308
|
<param pos="0" name="os.family" value="Linux"/>
|