recog 2.3.19 → 2.3.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/recog_standardize +6 -0
- data/cpe-remap.yaml +314 -211
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_family.txt +5 -0
- data/identifiers/hw_product.txt +11 -0
- data/identifiers/os_device.txt +0 -1
- data/identifiers/os_family.txt +1 -0
- data/identifiers/os_product.txt +12 -8
- data/identifiers/service_family.txt +7 -1
- data/identifiers/service_product.txt +52 -3
- data/identifiers/vendor.txt +23 -1
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +15 -2
- data/xml/apache_modules.xml +60 -0
- data/xml/dns_versionbind.xml +1 -1
- data/xml/favicons.xml +13 -3
- data/xml/ftp_banners.xml +4 -6
- data/xml/html_title.xml +362 -29
- data/xml/http_cookies.xml +179 -62
- data/xml/http_servers.xml +331 -81
- data/xml/http_wwwauth.xml +25 -6
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/ntp_banners.xml +7 -1
- data/xml/sip_banners.xml +2 -0
- data/xml/sip_user_agents.xml +1 -0
- data/xml/smtp_banners.xml +41 -5
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +52 -11
- data/xml/ssh_banners.xml +9 -3
- data/xml/telnet_banners.xml +10 -5
- data/xml/tls_jarm.xml +3 -2
- data/xml/x509_issuers.xml +155 -2
- data/xml/x509_subjects.xml +157 -20
- metadata +3 -2
data/xml/http_cookies.xml
CHANGED
@@ -5,8 +5,71 @@
|
|
5
5
|
servers.
|
6
6
|
-->
|
7
7
|
|
8
|
+
<fingerprint pattern="^__cfd?uid=">
|
9
|
+
<description>CloudFlare web load balancer endpoint</description>
|
10
|
+
<example>__cfuid=1337</example>
|
11
|
+
<example>__cfduid=dd450f2431e1e611a61a15f68974de9a41618794671; expires=Wed, 19-May-21 01:11:11 GMT; path=/; domain=.foo.bar; HttpOnly; SameSite=Lax</example>
|
12
|
+
<param pos="0" name="service.vendor" value="CloudFlare"/>
|
13
|
+
<param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
|
14
|
+
<param pos="0" name="service.family" value="CloudFlare"/>
|
15
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
|
16
|
+
</fingerprint>
|
17
|
+
|
18
|
+
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=.*$">
|
19
|
+
<description>Amazon Application Load Balancer</description>
|
20
|
+
<example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
21
|
+
<example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
22
|
+
<example cookie="AWSALBTGCORS">AWSALBTGCORS=E0+uuQyz1jbU2P5jrIIWTuoK0aAbjfgsuA814N0xT5w9Vu4N61/CZTKT+yxwCfUqIUx/IgZfsDyA24+eSXKFO60aqEbtGPw2Mm4bGNDMVpcZ/yKHzifDPjT7mNQvNVq7xCAed5VgTpMH/nD3D2pLn9+ooJcShVgv+z97rSYAV5C98tecx6Q=; Expires=Mon, 10 May 2021 01:21:27 GMT; Path=/; SameSite=None; Secure</example>
|
23
|
+
<param pos="1" name="cookie"/>
|
24
|
+
<param pos="0" name="service.vendor" value="Amazon"/>
|
25
|
+
<param pos="0" name="service.family" value="Web Services"/>
|
26
|
+
<param pos="0" name="service.product" value="Application Load Balancer"/>
|
27
|
+
</fingerprint>
|
28
|
+
|
29
|
+
<fingerprint pattern="^(AWSELB(?:CORS)?)=.*$">
|
30
|
+
<description>Amazon Elastic Load Balancer</description>
|
31
|
+
<example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
32
|
+
<example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
33
|
+
<param pos="1" name="cookie"/>
|
34
|
+
<param pos="0" name="service.vendor" value="Amazon"/>
|
35
|
+
<param pos="0" name="service.family" value="Web Services"/>
|
36
|
+
<param pos="0" name="service.product" value="Elastic Load Balancer"/>
|
37
|
+
</fingerprint>
|
38
|
+
|
39
|
+
<fingerprint pattern="^(PHPSESSI(?:D|ON))=.*">
|
40
|
+
<description>PHP - http://www.php.net/ref.session</description>
|
41
|
+
<example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
42
|
+
<example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
|
43
|
+
<param pos="1" name="cookie"/>
|
44
|
+
<param pos="0" name="service.vendor" value="PHP"/>
|
45
|
+
<param pos="0" name="service.family" value="PHP"/>
|
46
|
+
<param pos="0" name="service.product" value="PHP"/>
|
47
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
48
|
+
</fingerprint>
|
49
|
+
|
50
|
+
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
|
51
|
+
<description>Microsoft IIS (ASP.NET)
|
52
|
+
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
53
|
+
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
54
|
+
</description>
|
55
|
+
<example cookie="ASPSESSIONIDQSBRRTTB">ASPSESSIONIDQSBRRTTB=BECILMBCPMGHJGAHKCHNGENF; path=/</example>
|
56
|
+
<example cookie="ASP.NET_SessionId">ASP.NET_SessionId=00nxm4qqh2tdjl0p52m10edv</example>
|
57
|
+
<example cookie=".ASPXANONYMOUS">.ASPXANONYMOUS=5ts5UmJr1wEkAAAAMmY0Y2EwNTUtZGZhYi00YTFlLTlmNzAtYmEwNjdiYTgxZDA40; expires=Sun, 27-Jun-2021 14:40:06 GMT; path=/; HttpOnly</example>
|
58
|
+
<param pos="1" name="cookie"/>
|
59
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
60
|
+
<param pos="0" name="service.family" value="IIS"/>
|
61
|
+
<param pos="0" name="service.product" value="IIS"/>
|
62
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
63
|
+
<param pos="0" name="service.component.vendor" value="Microsoft"/>
|
64
|
+
<param pos="0" name="service.component.family" value="ASP.NET"/>
|
65
|
+
<param pos="0" name="service.component.product" value="ASP.NET"/>
|
66
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
67
|
+
</fingerprint>
|
68
|
+
|
8
69
|
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
|
9
70
|
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
71
|
+
<example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
|
72
|
+
<example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
|
10
73
|
<param pos="1" name="cookie"/>
|
11
74
|
<param pos="0" name="service.vendor" value="Adobe"/>
|
12
75
|
<param pos="0" name="service.family" value="ColdFusion"/>
|
@@ -33,9 +96,10 @@
|
|
33
96
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
34
97
|
</fingerprint>
|
35
98
|
|
36
|
-
<fingerprint pattern="^
|
99
|
+
<fingerprint pattern="^JServSessionIdroot=.*">
|
37
100
|
<description>Apache JServ</description>
|
38
|
-
<
|
101
|
+
<example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
|
102
|
+
<param pos="0" name="cookie" value="JServSessionIdroot"/>
|
39
103
|
<param pos="0" name="service.vendor" value="Apache"/>
|
40
104
|
<param pos="0" name="service.family" value="JServ"/>
|
41
105
|
<param pos="0" name="service.product" value="JServ"/>
|
@@ -43,6 +107,7 @@
|
|
43
107
|
|
44
108
|
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
|
45
109
|
<description>ATG Dynamo</description>
|
110
|
+
<example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
|
46
111
|
<param pos="1" name="cookie"/>
|
47
112
|
<param pos="0" name="service.vendor" value="ATG"/>
|
48
113
|
<param pos="0" name="service.family" value="Dynamo"/>
|
@@ -85,9 +150,10 @@
|
|
85
150
|
<param pos="0" name="service.product" value="Proxy"/>
|
86
151
|
</fingerprint>
|
87
152
|
|
88
|
-
<fingerprint pattern="^
|
153
|
+
<fingerprint pattern="^CAKEPHP=.*">
|
89
154
|
<description>CakePHP - http://www.cakephp.org/</description>
|
90
|
-
<
|
155
|
+
<example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
|
156
|
+
<param pos="0" name="cookie" value="CAKEPHP"/>
|
91
157
|
<param pos="0" name="service.family" value="PHP"/>
|
92
158
|
<param pos="0" name="service.product" value="CakePHP"/>
|
93
159
|
</fingerprint>
|
@@ -100,19 +166,21 @@
|
|
100
166
|
http://www.cisco.com/warp/public/117/AP_cookies.html
|
101
167
|
-->
|
102
168
|
|
103
|
-
<fingerprint pattern="^
|
169
|
+
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
|
104
170
|
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
105
|
-
<
|
106
|
-
<param pos="
|
107
|
-
<param pos="
|
171
|
+
<example host.id="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
|
172
|
+
<param pos="0" name="cookie" value="ARPT"/>
|
173
|
+
<param pos="1" name="host.id"/>
|
174
|
+
<param pos="2" name="host.ip"/>
|
108
175
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
109
176
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
110
177
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
111
178
|
</fingerprint>
|
112
179
|
|
113
|
-
<fingerprint pattern="^
|
180
|
+
<fingerprint pattern="^ARPT=.*">
|
114
181
|
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
115
|
-
<
|
182
|
+
<example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
|
183
|
+
<param pos="0" name="cookie" value="ARPT"/>
|
116
184
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
117
185
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
118
186
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
@@ -131,7 +199,7 @@
|
|
131
199
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
132
200
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
133
201
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
134
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
202
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
135
203
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
136
204
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
137
205
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -139,9 +207,9 @@
|
|
139
207
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
140
208
|
</fingerprint>
|
141
209
|
|
142
|
-
<fingerprint pattern="^
|
210
|
+
<fingerprint pattern="^st8id=.*">
|
143
211
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
144
|
-
<param pos="
|
212
|
+
<param pos="0" name="cookie" value="st8id"/>
|
145
213
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
146
214
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
147
215
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
@@ -155,6 +223,7 @@
|
|
155
223
|
<param pos="0" name="os.family" value="NetScaler"/>
|
156
224
|
<param pos="0" name="os.device" value="Network Management Device"/>
|
157
225
|
<param pos="0" name="os.product" value="NetScaler"/>
|
226
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
|
158
227
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
159
228
|
<param pos="0" name="service.family" value="NetScaler"/>
|
160
229
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
@@ -185,12 +254,22 @@
|
|
185
254
|
|
186
255
|
<fingerprint pattern="^(EktGUID|ecm)=.*">
|
187
256
|
<description>Ektron CMS400.net</description>
|
257
|
+
<example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
|
188
258
|
<param pos="1" name="cookie"/>
|
189
259
|
<param pos="0" name="service.vendor" value="Ektron"/>
|
190
260
|
<param pos="0" name="service.family" value="CMS400.NET"/>
|
191
261
|
<param pos="0" name="service.product" value="CMS400.NET"/>
|
192
262
|
</fingerprint>
|
193
263
|
|
264
|
+
<fingerprint pattern="^FESESSIONID=">
|
265
|
+
<description>Atlanssian's Fisheye</description>
|
266
|
+
<example>FESESSIONID=133713381337</example>
|
267
|
+
<param pos="0" name="cookie" value="FESESSIONID"/>
|
268
|
+
<param pos="0" name="service.vendor" value="Atlassian"/>
|
269
|
+
<param pos="0" name="service.product" value="Fisheye"/>
|
270
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
|
271
|
+
</fingerprint>
|
272
|
+
|
194
273
|
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
|
195
274
|
<description>F5 BIG-IP LTM - Server variant</description>
|
196
275
|
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
@@ -211,8 +290,10 @@
|
|
211
290
|
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
212
291
|
</fingerprint>
|
213
292
|
|
214
|
-
<fingerprint pattern="^(BigIPCookie)=.*">
|
293
|
+
<fingerprint pattern="^(BigIPCookie[^=]*)=.*">
|
215
294
|
<description>F5 BIG-IP LTM</description>
|
295
|
+
<example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
|
296
|
+
<example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
|
216
297
|
<param pos="1" name="cookie"/>
|
217
298
|
<param pos="0" name="service.vendor" value="F5"/>
|
218
299
|
<param pos="0" name="service.family" value="BIG-IP"/>
|
@@ -220,6 +301,15 @@
|
|
220
301
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
221
302
|
</fingerprint>
|
222
303
|
|
304
|
+
<fingerprint pattern="^flyspray_project=">
|
305
|
+
<description>Flyspray</description>
|
306
|
+
<example>flyspray_project=133713381234; Path=/; HttpOnly</example>
|
307
|
+
<param pos="0" name="cookie" value="flyspray_project"/>
|
308
|
+
<param pos="0" name="service.vendor" value="Flyspray"/>
|
309
|
+
<param pos="0" name="service.product" value="Flyspray"/>
|
310
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
|
311
|
+
</fingerprint>
|
312
|
+
|
223
313
|
<fingerprint pattern="^i_like_gitea=.*">
|
224
314
|
<description>Gitea</description>
|
225
315
|
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
@@ -232,6 +322,7 @@
|
|
232
322
|
|
233
323
|
<fingerprint pattern="^_gitlab_session=.*">
|
234
324
|
<description>GitLab</description>
|
325
|
+
<example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
|
235
326
|
<param pos="0" name="cookie" value="_gitlab_session"/>
|
236
327
|
<param pos="0" name="service.vendor" value="GitLab"/>
|
237
328
|
<param pos="0" name="service.product" value="GitLab"/>
|
@@ -239,10 +330,11 @@
|
|
239
330
|
<param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
|
240
331
|
</fingerprint>
|
241
332
|
|
242
|
-
<fingerprint pattern="^
|
333
|
+
<fingerprint pattern="^SERVERID=([A-Za-z0-9\-_]+)">
|
243
334
|
<description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
|
244
|
-
<
|
245
|
-
<param pos="
|
335
|
+
<example host.name="foo1">SERVERID=foo1; path=/</example>
|
336
|
+
<param pos="0" name="cookie" value="SERVERID"/>
|
337
|
+
<param pos="1" name="host.name"/>
|
246
338
|
<param pos="0" name="service.family" value="HAProxy"/>
|
247
339
|
<param pos="0" name="service.product" value="HAProxy"/>
|
248
340
|
</fingerprint>
|
@@ -251,6 +343,7 @@
|
|
251
343
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
252
344
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
253
345
|
</description>
|
346
|
+
<example cookie="AMWEBJCT!%2F4plportal!JSESSIONID" junction.name="%2F4plportal" junction.cookie="JSESSIONID">AMWEBJCT!%2F4plportal!JSESSIONID=fQDCzpljFPMhMVaDUOD+uOBe.undefined; Path=/</example>
|
254
347
|
<param pos="1" name="cookie"/>
|
255
348
|
<param pos="2" name="junction.name"/>
|
256
349
|
<param pos="3" name="junction.cookie"/>
|
@@ -263,15 +356,17 @@
|
|
263
356
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
264
357
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
265
358
|
</description>
|
359
|
+
<example cookie="PD-S-SESSION-ID">PD-S-SESSION-ID=1_2_0_xRzIc55lBOTYkrYfW+qWHWGgdqlVKeEgwrhtKt+KRfq8R3lW; Path=/; Secure; HttpOnly</example>
|
360
|
+
<example cookie="PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c">PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c=%2F; Path=/</example>
|
266
361
|
<param pos="1" name="cookie"/>
|
267
362
|
<param pos="0" name="service.vendor" value="IBM"/>
|
268
363
|
<param pos="0" name="service.family" value="Tivoli"/>
|
269
364
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
270
365
|
</fingerprint>
|
271
366
|
|
272
|
-
<fingerprint pattern="^
|
367
|
+
<fingerprint pattern="^IBMCBR=.*">
|
273
368
|
<description>IBM WebSphere Load Balancer</description>
|
274
|
-
<param pos="
|
369
|
+
<param pos="0" name="cookie" value="IBMCBR"/>
|
275
370
|
<param pos="0" name="service.vendor" value="IBM"/>
|
276
371
|
<param pos="0" name="service.family" value="WebSphere"/>
|
277
372
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
@@ -279,11 +374,19 @@
|
|
279
374
|
|
280
375
|
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
|
281
376
|
<description>Joom!Fish http://www.joomfish.net/</description>
|
377
|
+
<example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
378
|
+
<example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
|
282
379
|
<param pos="1" name="cookie"/>
|
283
380
|
<param pos="0" name="service.family" value="Joom!Fish"/>
|
284
381
|
<param pos="0" name="service.product" value="Joom!Fish"/>
|
285
382
|
</fingerprint>
|
286
383
|
|
384
|
+
<fingerprint pattern="^_mastodon_session=">
|
385
|
+
<description>Mastodon</description>
|
386
|
+
<param pos="0" name="cookie" value="_mastodon_session"/>
|
387
|
+
<param pos="0" name="service.product" value="Mastodon"/>
|
388
|
+
</fingerprint>
|
389
|
+
|
287
390
|
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
|
288
391
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
289
392
|
<param pos="1" name="cookie"/>
|
@@ -293,30 +396,35 @@
|
|
293
396
|
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
|
294
397
|
</fingerprint>
|
295
398
|
|
296
|
-
<fingerprint pattern="^(
|
297
|
-
<description>
|
298
|
-
|
299
|
-
|
300
|
-
</
|
399
|
+
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=.*">
|
400
|
+
<description>Nextcloud</description>
|
401
|
+
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
402
|
+
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
403
|
+
<example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
301
404
|
<param pos="1" name="cookie"/>
|
302
|
-
<param pos="0" name="service.vendor" value="
|
303
|
-
<param pos="0" name="service.
|
304
|
-
<param pos="0" name="service.
|
305
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
306
|
-
<param pos="0" name="service.component.vendor" value="Microsoft"/>
|
307
|
-
<param pos="0" name="service.component.family" value="ASP.NET"/>
|
308
|
-
<param pos="0" name="service.component.product" value="ASP.NET"/>
|
309
|
-
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
405
|
+
<param pos="0" name="service.vendor" value="Nextcloud"/>
|
406
|
+
<param pos="0" name="service.product" value="Nextcloud Server"/>
|
407
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
|
310
408
|
</fingerprint>
|
311
409
|
|
312
|
-
<fingerprint pattern="^
|
410
|
+
<fingerprint pattern="^AlteonP=.*">
|
313
411
|
<description>Nortel Alteon Web Switch</description>
|
314
|
-
<
|
412
|
+
<example>AlteonP=c46736793e45929dbaeebabb; path=</example>
|
413
|
+
<param pos="0" name="cookie" value="AlteonP"/>
|
315
414
|
<param pos="0" name="service.vendor" value="Nortel"/>
|
316
415
|
<param pos="0" name="service.family" value="Alteon"/>
|
317
416
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
318
417
|
</fingerprint>
|
319
418
|
|
419
|
+
<fingerprint pattern="^OBSID=.*">
|
420
|
+
<description>Observium</description>
|
421
|
+
<example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
|
422
|
+
<param pos="0" name="cookie" value="OBSID"/>
|
423
|
+
<param pos="0" name="service.vendor" value="Observium"/>
|
424
|
+
<param pos="0" name="service.product" value="Observium"/>
|
425
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
|
426
|
+
</fingerprint>
|
427
|
+
|
320
428
|
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
|
321
429
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
322
430
|
<param pos="1" name="cookie"/>
|
@@ -325,23 +433,14 @@
|
|
325
433
|
<param pos="0" name="service.product" value="Content Server"/>
|
326
434
|
</fingerprint>
|
327
435
|
|
328
|
-
<fingerprint pattern="^
|
436
|
+
<fingerprint pattern="^parkinglot=.*">
|
329
437
|
<description>Oversee Webserver</description>
|
330
|
-
<param pos="
|
438
|
+
<param pos="0" name="cookie" value="parkinglot"/>
|
331
439
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
332
440
|
<param pos="0" name="service.family" value="Webserver"/>
|
333
441
|
<param pos="0" name="service.product" value="Webserver"/>
|
334
442
|
</fingerprint>
|
335
443
|
|
336
|
-
<fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
|
337
|
-
<description>PHP - http://www.php.net/ref.session</description>
|
338
|
-
<param pos="1" name="cookie"/>
|
339
|
-
<param pos="0" name="service.vendor" value="PHP"/>
|
340
|
-
<param pos="0" name="service.family" value="PHP"/>
|
341
|
-
<param pos="0" name="service.product" value="PHP"/>
|
342
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
343
|
-
</fingerprint>
|
344
|
-
|
345
444
|
<fingerprint pattern="^phsid=.*">
|
346
445
|
<description>Phabricator</description>
|
347
446
|
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
@@ -352,25 +451,28 @@
|
|
352
451
|
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
353
452
|
</fingerprint>
|
354
453
|
|
355
|
-
<fingerprint pattern="^
|
454
|
+
<fingerprint pattern="^RMID=.*">
|
356
455
|
<description>RealMedia OpenAdStream</description>
|
357
|
-
<
|
456
|
+
<example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
|
457
|
+
<param pos="0" name="cookie" value="RMID"/>
|
358
458
|
<param pos="0" name="service.vendor" value="RealMedia"/>
|
359
459
|
<param pos="0" name="service.family" value="OpenAdStream"/>
|
360
460
|
<param pos="0" name="service.product" value="OpenAdStream"/>
|
361
461
|
</fingerprint>
|
362
462
|
|
363
|
-
<fingerprint pattern="^
|
463
|
+
<fingerprint pattern="^RoxenUserID=.*">
|
364
464
|
<description>Roxen WebServer</description>
|
365
|
-
<
|
465
|
+
<example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
|
466
|
+
<param pos="0" name="cookie" value="RoxenUserID"/>
|
366
467
|
<param pos="0" name="service.vendor" value="Roxen"/>
|
367
468
|
<param pos="0" name="service.family" value="WebServer"/>
|
368
469
|
<param pos="0" name="service.product" value="WebServer"/>
|
369
470
|
</fingerprint>
|
370
471
|
|
371
|
-
<fingerprint pattern="^
|
472
|
+
<fingerprint pattern="^_sn=.*">
|
372
473
|
<description>Siebel CRM</description>
|
373
|
-
<
|
474
|
+
<example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
|
475
|
+
<param pos="0" name="cookie" value="_sn"/>
|
374
476
|
<param pos="0" name="service.vendor" value="Siebel"/>
|
375
477
|
<param pos="0" name="service.family" value="CRM"/>
|
376
478
|
<param pos="0" name="service.product" value="CRM"/>
|
@@ -388,9 +490,9 @@
|
|
388
490
|
|
389
491
|
-->
|
390
492
|
|
391
|
-
<fingerprint pattern="^
|
493
|
+
<fingerprint pattern="^NSES40Session=.*">
|
392
494
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
393
|
-
<param pos="
|
495
|
+
<param pos="0" name="cookie" value="NSES40Session"/>
|
394
496
|
<param pos="0" name="service.vendor" value="Sun"/>
|
395
497
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
396
498
|
<param pos="0" name="service.product" value="Java System Web Server"/>
|
@@ -407,6 +509,15 @@
|
|
407
509
|
<param pos="0" name="service.cpe23" value="cpe:/a:redmine:redmine:-"/>
|
408
510
|
</fingerprint>
|
409
511
|
|
512
|
+
<fingerprint pattern="^(syracuse\.sid\.\d+)=">
|
513
|
+
<description>Sage X3 Syracuse Web Server</description>
|
514
|
+
<example cookie="syracuse.sid.8124">syracuse.sid.8124=8b102bf7-327c-4962-9279-550e72afcaa9; path=/; HttpOnly</example>
|
515
|
+
<param pos="1" name="cookie"/>
|
516
|
+
<param pos="0" name="service.vendor" value="Sage"/>
|
517
|
+
<param pos="0" name="service.family" value="Sage X3 Syracuse Web Server"/>
|
518
|
+
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
519
|
+
</fingerprint>
|
520
|
+
|
410
521
|
<fingerprint pattern="^(gx_session_id|JROUTE)=.*">
|
411
522
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
412
523
|
<param pos="1" name="cookie"/>
|
@@ -416,17 +527,19 @@
|
|
416
527
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
|
417
528
|
</fingerprint>
|
418
529
|
|
419
|
-
<fingerprint pattern="^
|
530
|
+
<fingerprint pattern="^fe_typo_user=.*">
|
420
531
|
<description>TYPO3 CMS - http://typo3.com/</description>
|
421
|
-
<
|
532
|
+
<example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
|
533
|
+
<param pos="0" name="cookie" value="fe_typo_user"/>
|
422
534
|
<param pos="0" name="service.vendor" value="TYPO3"/>
|
423
535
|
<param pos="0" name="service.family" value="CMS"/>
|
424
536
|
<param pos="0" name="service.product" value="CMS"/>
|
425
537
|
</fingerprint>
|
426
538
|
|
427
|
-
<fingerprint pattern="^
|
539
|
+
<fingerprint pattern="^SaneID=.*">
|
428
540
|
<description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
|
429
|
-
<
|
541
|
+
<example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
|
542
|
+
<param pos="0" name="cookie" value="SaneID"/>
|
430
543
|
<param pos="0" name="service.vendor" value="Unica"/>
|
431
544
|
<param pos="0" name="service.family" value="NetTracker"/>
|
432
545
|
<param pos="0" name="service.product" value="NetTracker"/>
|
@@ -434,6 +547,7 @@
|
|
434
547
|
|
435
548
|
<fingerprint pattern="^(__utm[a-z])=.*">
|
436
549
|
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
550
|
+
<example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
|
437
551
|
<param pos="1" name="cookie"/>
|
438
552
|
<param pos="0" name="service.vendor" value="Google"/>
|
439
553
|
<param pos="0" name="service.family" value="Urchin"/>
|
@@ -458,16 +572,18 @@
|
|
458
572
|
<param pos="0" name="service.product" value="Vignette"/>
|
459
573
|
</fingerprint>
|
460
574
|
|
461
|
-
<fingerprint pattern="^
|
575
|
+
<fingerprint pattern="^wgSession=.*">
|
462
576
|
<description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
|
463
|
-
<
|
577
|
+
<example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
|
578
|
+
<param pos="0" name="cookie" value="wgSession"/>
|
464
579
|
<param pos="0" name="service.vendor" value="Plain Black"/>
|
465
580
|
<param pos="0" name="service.family" value="WebGUI"/>
|
466
581
|
<param pos="0" name="service.product" value="WebGUI"/>
|
467
582
|
</fingerprint>
|
468
583
|
|
469
|
-
<fingerprint pattern="^(
|
584
|
+
<fingerprint pattern="^(WEBTRENDS_?ID)=.*">
|
470
585
|
<description>WebTrends</description>
|
586
|
+
<example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
|
471
587
|
<param pos="1" name="cookie"/>
|
472
588
|
<param pos="0" name="service.vendor" value="WebTrends"/>
|
473
589
|
<param pos="0" name="service.family" value="WebTrends"/>
|
@@ -484,9 +600,10 @@
|
|
484
600
|
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
485
601
|
</fingerprint>
|
486
602
|
|
487
|
-
<fingerprint pattern="^
|
603
|
+
<fingerprint pattern="^_ZopeId=.*">
|
488
604
|
<description>Zope</description>
|
489
|
-
<
|
605
|
+
<example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
|
606
|
+
<param pos="0" name="cookie" value="_ZopeId"/>
|
490
607
|
<param pos="0" name="service.family" value="Zope"/>
|
491
608
|
<param pos="0" name="service.product" value="Zope"/>
|
492
609
|
</fingerprint>
|