recog 2.3.19 → 2.3.20

data/identifiers/README.md

@@ -1,16 +1,27 @@
 # Recog: Identifiers
 
-This directory contains lists of standard identifiers for mapping Recog matches. The goal is define a standard set of constants to represent known software, hardware, vendors, and categories.
+This directory contains lists of standard identifiers for mapping Recog matches.
+The goal is define a standard set of constants to represent known software,
+hardware, vendors, and categories.
 
-This is currently incomplete and will be updated as standardization work moves forward.
+This is currently incomplete and will be updated as standardization work moves
+forward.
 
-Fingerprints should use these identifiers whenever possible; if a different name or syntax for a given identifier is preferred, this should be implemented in the application through a mapping function.
+Fingerprints should use these identifiers whenever possible; if a different name
+or syntax for a given identifier is preferred, this should be implemented in the
+application through a mapping function.
 
 ## Lists
 
+### Fields
+
+`fields.txt` defines the various fields (`os.vendor`, etc.) used to assert
+information about a match.
+
 ### Vendors
 
-`vendor.txt` defines known vendor names, covering services, operating systems, and hardware.
+`vendor.txt` defines known vendor names, covering services, operating systems,
+and hardware.
 
 ### Operating Systems
 
@@ -22,14 +33,14 @@ Fingerprints should use these identifiers whenever possible; if a different name
 
 `os_device.txt` defines known types of devices by function or purpose.
 
-
 ### Hardware
 
 `hw_product.txt` defines known hardware product names.
 
 `hw_family.txt` defines known hardware product families.
 
-`hw_device.txt` defines known types of devices by function or purpose (overlaps with `os_device.txt`).
+`hw_device.txt` defines known types of devices by function or purpose (overlaps
+with `os_device.txt`).
 
 ### Services
 
@@ -47,10 +58,13 @@ Fingerprints should use these identifiers whenever possible; if a different name
 
 ## Pending Work
 
-  * All existing fingerprints should be correlated against these lists to identify mismatches and updated accordingly.
+* All existing fingerprints should be correlated against these lists to
+  identify mismatches and updated accordingly.
 
-  * All net new identifiers from the existing fingerprints should be merged into these lists.
+* All net new identifiers from the existing fingerprints should be merged into
+these lists.
 
-  * All fingerprint assertions should be enumerated, documented, and standardized where possible (`host.mac`, etc).
+* All fingerprint assertions should be enumerated, documented, and standardized
+where possible (`host.mac`, etc).
 
-  * Hardware identifiers should be enumerated, consolidated, and standardized.
+* Hardware identifiers should be enumerated, consolidated, and standardized.

data/identifiers/fields.txt

@@ -0,0 +1,104 @@
+agilent.serial
+apache.info
+apache.variant
+apache.variant.version
+chromecast.capabilities
+chromecast.generation
+chromecast.serial_number
+cisco.imc_model
+cisco.serial_number
+cookie
+dell.service_tag
+extron.model
+fortinet.serial_number
+host.domain
+host.id
+host.ip
+host.mac
+host.mac_eui64
+host.mac_local
+host.name
+host.time
+hw.certainty
+hw.cpe23
+hw.device
+hw.family
+hw.model
+hw.product
+hw.series
+hw.vendor
+hw.version
+imail.eval
+jetty.info
+junction.cookie
+junction.name
+lenovo.machine_model
+lenovo.machine_type
+linux.kernel.version
+loadbalancer.poolname
+mdaemon.unregistered
+mercur.os.info
+metainfo.version
+metainfo.version.version
+ms.nttp.version
+notes.build.version
+ntmail.id
+openssh.comment
+openssh.cvepatch
+os.arch
+os.build
+os.certainty
+os.cpe23
+os.device
+os.edition
+os.family
+os.model
+os.product
+os.rev
+os.vendor
+os.version
+os.version.version
+os.version.version.version
+postfix.os.info
+postoffice.build
+postoffice.id
+procurve.model
+proftpd.server.name
+pureftpd.config
+python.version
+qpopper.version
+ruckus.serial_number
+securetransport.build
+sendmail.config.version
+sendmail.hpux.phne.version
+sendmail.vendor.version
+service.certainty
+service.component.cpe23
+service.component.family
+service.component.product
+service.component.vendor
+service.component.version
+service.cpe23
+service.device
+service.edition
+service.family
+service.node
+service.product
+service.protocol
+service.vendor
+service.version
+service.version.version
+service.version.version.version
+service.version.version.version.version
+siemens.model
+snmp.fpmib.oid.1
+snmp.fpmib.oid.2
+system.time
+system.time.format
+system.time.micros
+system.time.millis
+tandberg.model
+thttpd.mx-patch
+tomcat.info
+wd2go.device_id
+zmailer.ident

data/identifiers/hw_family.txt

@@ -45,8 +45,11 @@ Multifunction
 My Book
 NE
 NPort
+NetScaler
 NetVanta
+Netscaler
 Network Audio
+Network Security Appliance
 Network Video Door Station
 Optra
 Orbi
@@ -88,6 +91,7 @@ UniFi
 Unified Security Gateway
 VDX
 VSX
+Vigor
 VoIP
 WD2GO
 WiMax
@@ -99,6 +103,7 @@ Xserve
 ZXDSL
 ZXHN
 ZXV
+airMAX
 iLO
 iMac
 iPad

data/identifiers/hw_product.txt

@@ -62,8 +62,10 @@ EP-series
 EXA Signal Analyzer
 Eagle Eye Director II
 EchoLife Home Gateway
+EdgeRouter X
 EdgeSwitch
 Elevation
+Email Security Gateway
 EqualLogic
 Ethernet Relay Controller
 Ethernet Relay Module
@@ -202,15 +204,20 @@ Mergepoint
 Miniserver
 My Book Live
 N5172B Signal Generator
+NAM
 NAS4Free
 NFVIS
 NPort
+NetScaler Gateway
+NetScaler SDX Gateway
 NetScreen
 NetVR
 Netbox
+Netscaler Gateway
 Network Camera
 Network Gateway
 Network Node
+Network Security Appliance
 Nexus 1000V
 Nexus Player
 OfficeConnect Switch
@@ -290,6 +297,9 @@ UCM6202
 UCM6204
 UCM6208
 UCS Manager
+USG20-VPN
+USG40
+USG60
 UniFi Cloud Key
 UniFi NVR
 UniFi Security Gateway
@@ -325,6 +335,7 @@ iCOM Control Panel
 iDRAC
 iLO
 iLO 3
+iLO 4
 iMac (20/24-inch, Early 2008)
 iMac (21.5-inch, 2017)
 iMac (21.5-inch, Late 2012)

data/identifiers/os_device.txt

@@ -14,7 +14,6 @@ DSU/CSU
 DVR
 Device Server
 Fax Server
-File Server
 Firewall
 Frame Relay
 HMI Controller

data/identifiers/os_family.txt

@@ -132,6 +132,7 @@ OpenServer
 OpenVMS
 OpenWRT
 Optra
+PAN-OS
 PIX
 PLC
 Packet-Optical

data/identifiers/os_product.txt

@@ -68,8 +68,6 @@ Document Centre
 Dynix
 EDR G902 Firmware
 EDR G903 Firmware
-ESX
-ESXi
 EdgeBlaster
 EdgeOS
 Email Appliance
@@ -78,7 +76,6 @@ Enterprise Linux
 Enterprise WAP
 EqualLogic
 Excella
-FRITZ!BOX
 FRITZ!OS
 Fabric OS
 Fastmark M5
@@ -100,6 +97,7 @@ GXP1628 Firmware
 GXP2200 Firmware
 GigaVUE HD
 GigaVUE TA1
+GuardianOS
 HP-UX
 HT801 Firmware
 HT802 Firmware
@@ -118,6 +116,7 @@ IPReach
 IPSO
 IRIX
 Integrated Lights Out Manager
+Integrated Lights Out Manager firmware
 Irix
 Isilon OneFS OS
 JetDirect
@@ -157,6 +156,7 @@ NetScaler Gateway
 NetScaler SDX Gateway
 NetVanta
 NetWare
+Netscaler Gateway Firmware
 Network Gateway
 Network Scanner
 Network Storage Router
@@ -173,14 +173,12 @@ OpenServer
 OpenTV
 OpenVMS
 OpenWall
-PA Firewall
-PANOS
+PAN-OS
 PIX
 PLC-5
 PRO/100
 PacketShaper
 PalmOS
-Panorama Server
 Photon Linux
 PocketPro
 Polycom
@@ -193,13 +191,14 @@ Prestige 660HW-D1
 Prestige 660ME-61
 Prime Collaboration Manager
 Print Server
-Print server
 PrintServer
 Printer
 Printer Board
 ProLiant
+Prosafe Firmware
 Proxmox
 Pulse Connect Secure
+QTS
 RASExpress
 RDK
 RISC OS
@@ -259,6 +258,9 @@ UCM6204 Firmware
 UCM6208 Firmware
 UCS Device
 UNIX
+USG20-VPN firmware
+USG40 firmware
+USG60 firmware
 Ubuntu Linux
 Ultrix
 UnixWare
@@ -268,7 +270,6 @@ VIOS
 VMS
 VMware ESX Server
 VMware ESXi Server
-VPN
 VPN 3000 Concentrator
 VRP
 Virtual Library
@@ -317,16 +318,19 @@ WorkCentre Pro
 X3e 31C-M
 XCC Linux
 XOS
+XenServer
 Zentyal
 Zone Director
 ZyNOS firmware
 audioOS
 e-STUDIO
 eCos
+i5/OS
 iDRAC Linux
 iLO
 iLO 2
 iLO 3
+iLO 4
 iOS
 iScale
 im

data/identifiers/service_family.txt

@@ -12,6 +12,7 @@ Application Protection System
 Appweb
 Atlas Anchor
 Aura
+Azure
 BIG-IP
 BIND
 Bftpd
@@ -40,6 +41,7 @@ DSM
 DSView
 David
 Desktop Authority
+Diskstation
 Dnsmasq
 Dovecot
 Dropbear
@@ -47,7 +49,6 @@ Dynamo
 E-mail Services
 EWS
 Ecelerity Mail Server
-Elastic Load Balancing
 EmWeb
 Email Security
 Embedded SSH Server
@@ -94,6 +95,7 @@ JetDirect
 Jetty
 Joom!Fish
 Knot
+Kubernetes
 ListManager
 Lotus Domino
 Lotus Expeditor
@@ -127,6 +129,7 @@ NetWare Enterprise Web Server
 NetWare HTTP Server
 NetWare HTTP Stack
 NetWeaver
+Netscaler
 Network Printer Manager
 Niagara
 OpenAdStream
@@ -167,6 +170,7 @@ SMH
 SSH
 SSH Tectia Server
 SSL-VPN
+Sage X3 Syracuse Web Server
 Samba
 Secure Access Gateway
 Secure FTP Server
@@ -186,6 +190,7 @@ TippingPoint
 Tivoli
 Tomcat
 Tornado
+Traefik
 Twisted
 Twisted Web
 UPnP
@@ -206,6 +211,7 @@ VoiP Gateway
 WS_FTP
 WeOnlyDo
 Web PN Server
+Web Services
 WebGUI
 WebLogic
 WebServer

data/identifiers/service_product.txt

@@ -3,14 +3,18 @@
 11000 Series Content Service Switch
 2wire
 389 Directory Server
+3CX Web Server
 4690 FTP Server
 ADAudit Plus
+AIOHTTP
 AOS
 APIC
 ARRIS
 ASM
 ASP.NET
 Abyss Web Server X1
+Abyss Web Server X2
+Access Manager
 Active Directory Controller
 Active Intelligence Engine
 ActiveMQ
@@ -23,16 +27,19 @@ AnswerX
 Antivirus for Gateways
 Apache Tomcat HTTP Connector
 AppleShare IP Mail Server
+Application Load Balancer
 Application Protection System, Enterprise
 Application Server Portal
 Application Server Web Cache
 Appweb
 Arachni
+Artifactory
 Aspen
 Aura Communication Manager
 AuthServ
 Authoritative Server
 Avahi
+Azure App Service on Azure Stack
 BIG-IP LTM
 BIND
 BRCM400
@@ -77,10 +84,12 @@ Connect
 ConnectUPS
 Consul
 Content Server
+Control
 CouchDB
 Couchbase Server
 Courier IMAP
 Courier POP
+Cowboy
 Coyote
 Cross Web Server
 CrushFTP Web Interface
@@ -115,12 +124,16 @@ E-mail Services
 ESMTP
 EWS
 Ecelerity Mail Server
+Elastic Load Balancer
+Elastic Load Balancing
 EmWeb
 Email Appliance
 Email Security
+Email Security Gateway
 Embedded SSH Server
 Endpoint Protection Manager
 Enterprise
+Envoy
 Exchange 2000 Server
 Exchange 2003 Server
 Exchange 2007 Server
@@ -138,17 +151,22 @@ FastTrack Server
 Fiery Print Server
 FileZilla Server
 Firewall-1
+Fireware XTM
+Fisheye
 Flink
 Flower
 Flussonic Media Server
+Flyspray
 FortiVoice
 FortressSSH Server
 FreSSH
 FreeSWITCH
+Fusion Middleware
 GHost
 GNAT Box
 GStreamer RTSP Server
 Gateway
+Gerrit
 GitLab
 Gitea
 GlassFish Server
@@ -219,6 +237,7 @@ Kestrel web server
 Kibana
 Kiwi Syslog
 Knot DNS
+Kubernetes
 LDAP Agent for eDirectory
 LDAP Server
 LLBServer
@@ -247,6 +266,7 @@ Management Console
 Management Server
 Management Service
 MariaDB
+Mastodon
 MaxScale
 Media Server
 MediaSense
@@ -258,8 +278,9 @@ MetaDirectory Server
 Metabase
 Metasploit
 MiniDLNA
-MiniUPnP
+MiniUPnPd
 MobaXterm
+MoinMoin
 Mongoose
 Mongrel
 Monit
@@ -269,7 +290,9 @@ Multicraft
 Munin
 MySQL
 MySQL Proxy
+NGINX Ingress Controller
 NNTP
+NQ
 NTMail
 NTP
 Nagios Log Server
@@ -296,14 +319,17 @@ NetWeaver Application Server
 NetWeaver Application Server Java
 NetWeaver Internet Communication Manager
 NetWeaver Web AS
+Netscaler
 Network Monitor
 Network Printer Manager
 Nexpose
+Nextcloud Server
 Nexus Repository Manager
 Niagara AX
 Node
 Notebook
 Nucleus SNMP Agent
+Observium
 OpManager
 Open Directory
 Open Stack Platform Director
@@ -332,6 +358,7 @@ PHP
 PMS
 PMail Server
 PWS
+Panorama Server
 Paramiko
 Percona Server
 Perl
@@ -348,7 +375,6 @@ PowerMTA
 ProFTPD
 ProRat
 Prometheus
-Proxmox
 Proxy
 Proxygen
 Pulse Connect Secure
@@ -364,6 +390,7 @@ Recursor
 Red Hat Directory Server
 Redmine
 Reflection
+Reflection for Secure IT
 ReflectionX
 RemoteView
 Resin
@@ -378,7 +405,6 @@ S7/S5 OPC Server
 SABnzbd
 SAP Message Server
 SCO X server
-SIP Server
 SIP Stack
 SIPPS IP Phone
 SLMail
@@ -395,9 +421,11 @@ SSL-VPN
 STARFACE PBX
 STUN Server
 SWAT
+Sage X3 Syracuse Web Server
 Samba
 Search
 Secure FTP Server
+Secure Global Desktop
 Secure Tencent Gateway
 SecureTransport
 Security Center
@@ -420,8 +448,10 @@ Snowball
 SonarQube
 SpeedTouch
 Splunk
+Squeezebox
 Squid
 StarNet X-Win32
+Streaming Engine
 Stronghold
 Sun Directory Proxy Server
 Sun Directory Server
@@ -435,6 +465,7 @@ TBS FTP Server
 TCP/IP
 TCPIP POP server
 TUX Web Server
+Tableau Server
 TeamCity
 Tengine
 TestCenter IQ
@@ -447,13 +478,17 @@ Tivoli Storage Manager
 Tomcat
 Tor
 Tornado
+Traefik Proxy
+Transportation Management
 Twisted FTPD
 Twisted Web
 Twonky Media Server
 UnboundID Directory Proxy Server
 UnboundID Directory Server
 UniFi Video
+Universal Management Appliance
 Urchin Tracking Module
+Usermin
 VM
 VMS SFTP Server
 VOPMail
@@ -463,8 +498,10 @@ VShell
 Varnish
 Vault
 VcXsrv
+View
 Vignette
 Virtual Directory Server
+Virtual Environment
 Virtualization Manager
 VisionFS
 VxWorks CIFS
@@ -478,6 +515,7 @@ Web Client
 Web Jetadmin
 Web PN Server
 Web Server
+Web Station
 WebGUI
 WebLogic
 WebServer
@@ -485,6 +523,7 @@ WebShield
 WebSphere
 WebSphere Load Balancer
 WebTrends
+Webmin
 Webserver
 Werkzeug
 WildFly
@@ -492,6 +531,7 @@ WinRoute
 WinSSHD
 WinWebMail
 Windows CE Web Server
+Windows Media Player
 Windows Media Server
 Wing FTP Server
 Work Server
@@ -505,6 +545,7 @@ XSun Solaris X11 server
 XenServer
 Xming
 Xvnc
+YNQ
 ZMailer
 Zabbix
 Zimbra
@@ -522,6 +563,7 @@ dnsd
 eDirectory
 ePolicy Orchestrator
 emHTTPD
+etherpad
 exim
 flowssh
 gSOAP
@@ -550,6 +592,8 @@ mod_auth_dbm
 mod_auth_digest
 mod_auth_form
 mod_auth_ldap
+mod_auth_oracle
+mod_auth_pgsql
 mod_auth_radius
 mod_authn_alias
 mod_authn_anon
@@ -600,6 +644,8 @@ mod_ext_filter
 mod_fcgid
 mod_file_cache
 mod_filter
+mod_frontpage
+mod_gzip
 mod_headers
 mod_heartbeat
 mod_heartmonitor
@@ -683,6 +729,7 @@ mod_xml2enc
 nginx
 noVNC
 ownCloud Server
+perl
 pfSense
 qmail
 qpopper-mysql
@@ -695,7 +742,9 @@ tnftpd
 uc-httpd
 ucftpd
 unbound
+uvicorn
 vCenter
+vCenter Converter
 vmauthd
 vsFTPd
 vsFTPd Extended