recog 2.3.20 → 2.3.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb4df95cbe1561c384b06be8c36fcea1e51df3c6cdb86a2a944715213d119ae8
-  data.tar.gz: 751fa73b20c6fb9f1c372be5503c07302101b77d729cdce3befee2981651f1ca
+  metadata.gz: 972b7cc1ae69526b61f221eeefce61d192ccf4b1603342f94195bf6cd2ddba95
+  data.tar.gz: 807831da5cdfd3160bca893367c92f4b817514758b996968829253f548d19709
 SHA512:
-  metadata.gz: 6612cf0d0c5f19cd1a913123fe3c4fce9772ac82b7a07f78ace94f51b1681210a8dfacde3624b2b54c7d66f2f1530771d9a592c3d5bda8bde897d4f9713c2ef9
-  data.tar.gz: 7b935f573b7b4050b2b06e2b8965af9201bb385e2695f9859e6ecf233f93aadb9331d648b18a506528efbd97e2821d0b9816970bfd5df978262b05ec8aeb9f8e
+  metadata.gz: a923e57f1f34fb74358756372fc3d3d08c20f0a0b9b1088905f57f4b09a2a56b2d9d4940d39e609ff50c164d15e285c9e1707032864d55f969a7ed4d72e68de5
+  data.tar.gz: 62d17cd2cdf9c3a6d35b36e4ace9c20744d42cfd99a2e90f65e463540fceb551f35f7572179af261c8881116aeadc51986e371631dc451df31081d52d79a58c1

data/cpe-remap.yaml

@@ -180,7 +180,7 @@ mappings:
     tor_project:
       vendor: torproject
     traefik_labs:
-      vendor: containous
+      vendor: traefik
       products:
         traefik_proxy: traefik
     twistedmatrix:
@@ -208,6 +208,10 @@ mappings:
     apple:
       products:
         ios: iphone_os
+    brocade:
+      vendor: broadcom
+      products:
+        fabric_os: fabric_operating_system
     centos:
       products:
         linux: centos
@@ -297,6 +301,26 @@ mappings:
   # The following section contains CPE hardware or 'h' remappings. These will
   # ONLY be used for mapping Recog 'hw' attributes.
   h:
+    apple:
+      products:
+        imac_(retina_4k_21.5-inch_2019): imac
+        imac_(retina_5k_27-inch_2017): imac
+        imac_(retina_5k_27-inch_2019): imac
+        imac_(retina_5k_27-inch_2020): imac
+        macbook_air_(13-inch_2017): macbook_air
+        macbook_air_(m1_2020): macbook_air
+        macbook_air_(retina_13-inch_2018): macbook_air
+        macbook_air_(retina_13-inch_2019): macbook_air
+        macbook_air_(retina_13-inch_2020): macbook_air
+        macbook_pro_(13-inch_2018_four_thunderbolt_3_ports): macbook_pro
+        macbook_pro_(13-inch_2019_two_thunderbolt_3_ports): macbook_pro
+        macbook_pro_(13-inch_2020): macbook_pro
+        macbook_pro_(13-inch_m1_2020): macbook_pro
+        macbook_pro_(15-inch_2018): macbook_pro
+        macbook_pro_(15-inch_2019): macbook_pro
+        macbook_pro_(16-inch_2019): macbook_pro
+        macbook_pro_(retina_13-inch_early_2015): macbook_pro
+        macbook_pro_(retina_15-inch_mid_2015): macbook_pro
     cisco:
       products:
         nam: network_analysis_module
@@ -309,6 +333,10 @@ mappings:
     hp:
       products:
         ilo: integrated_lights-out
+    kace:
+      vendor: dell
+      products:
+        k1000: kace_k1000_systems_management_appliance
     tandberg:
       vendor: cisco
     ubiquiti:

data/identifiers/fields.txt

@@ -12,7 +12,6 @@ dell.service_tag
 extron.model
 fortinet.serial_number
 host.domain
-host.id
 host.ip
 host.mac
 host.mac_eui64
@@ -25,6 +24,7 @@ hw.device
 hw.family
 hw.model
 hw.product
+hw.serial_number
 hw.series
 hw.vendor
 hw.version

data/identifiers/hw_product.txt

@@ -20,6 +20,7 @@ Apple TV (2nd generation)
 Apple TV (3rd generation)
 Apple TV (4th generation)
 Apple TV 4K
+Apple TV 4K (2nd generation)
 Appliance
 ArchiveTeam Warrior
 Asset Management

data/identifiers/os_product.txt

@@ -116,7 +116,6 @@ IPReach
 IPSO
 IRIX
 Integrated Lights Out Manager
-Integrated Lights Out Manager firmware
 Irix
 Isilon OneFS OS
 JetDirect

data/lib/recog/nizer.rb

@@ -8,13 +8,13 @@ class Nizer
   # Non-weighted host attributes that can be extracted from fingerprint matches
   HOST_ATTRIBUTES = %W{
     host.domain
-    host.id
     host.ip
     host.mac
     host.name
     host.time
     hw.device
     hw.family
+    hw.serial_number
     hw.product
     hw.vendor
   }
@@ -264,84 +264,3 @@ class Nizer
 
 end
 end
-
-=begin
-
-Current key names:
-
-  apache.info
-  apache.variant
-  apache.variant.version
-  cookie
-  host.domain
-  host.id
-  host.ip
-  host.mac
-  host.name
-  host.time
-  hw.device
-  hw.family
-  hw.product
-  hw.vendor
-  imail.eval
-  jetty.info
-  junction.cookie
-  junction.name
-  linux.kernel.version
-  loadbalancer.poolname
-  mdaemon.unregistered
-  mercur.os.info
-  metainfo.version
-  metainfo.version.version
-  ms.nttp.version
-  notes.build.version
-  notes.intl
-  ntmail.id
-  openssh.comment
-  openssh.cvepatch
-  os.arch
-  os.build
-  os.certainty
-  os.device
-  os.edition
-  os.family
-  os.product
-  os.vendor
-  os.version
-  os.version.version
-  os.version.version.version
-  postfix.os.info
-  postoffice.build
-  postoffice.id
-  proftpd.server.name
-  pureftpd.config
-  qpopper.version
-  sendmail.config.version
-  sendmail.hpux.phne.version
-  sendmail.vendor.version
-  service.certainty
-  service.component.family
-  service.component.product
-  service.component.vendor
-  service.component.version
-  service.family
-  service.product
-  service.vendor
-  service.version
-  service.version.version
-  service.version.version.version
-  service.version.version.version.version
-  service.version.version.version.version.version
-  siemens.model
-  snmp.fpmib.oid.1
-  snmp.fpmib.oid.2
-  system.time
-  system.time.format
-  system.time.micros
-  system.time.millis
-  thttpd.mx-patch
-  timeout
-  tomcat.info
-  zmailer.ident
-
-=end

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.20'
+  VERSION = '2.3.21'
 end

data/xml/apache_os.xml

@@ -82,7 +82,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
 
-  <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
+  <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?.*">
     <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Linux"/>

data/xml/dns_versionbind.xml

@@ -17,30 +17,40 @@
   <fingerprint pattern="^$">
     <description>empty string -- assert nothing.</description>
     <example/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^none$">
     <description>bare 'none' -- assert nothing.</description>
     <example>none</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^null$">
     <description>bare 'null' -- assert nothing.</description>
     <example>null</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^unknown$">
     <description>bare 'unknown' -- assert nothing.</description>
     <example>unknown</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^no version$">
     <description>bare 'no version' -- assert nothing.</description>
     <example>no version</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 

data/xml/favicons.xml

@@ -1105,6 +1105,7 @@
     <param pos="0" name="os.family" value="ILOM"/>
     <param pos="0" name="os.product" value="ILOM"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^665f96fcdcc9da0ab89312acc02fa815$">

data/xml/ftp_banners.xml

@@ -5,9 +5,9 @@
   against these patterns to fingerprint FTP servers.
   -->
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
     <description>Microsoft FTP Server on Windows NT</description>
-    <example>xx Microsoft FTP Service (Version 3.0).</example>
+    <example host.name="foo.bar" service.version="3.0">foo.bar Microsoft FTP Service (Version 3.0).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -20,9 +20,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.0\)\.$">
     <description>Microsoft FTP Server on Windows 2000</description>
-    <example>xxx Microsoft FTP Service (Version 5.0).</example>
+    <example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.0).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -35,9 +35,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.1\)\.$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
-    <example>xxx Microsoft FTP Service (Version 5.1).</example>
+    <example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.1).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -49,9 +49,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
+  <fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
-    <example>hostname Microsoft FTP Service</example>
+    <example host.name="foo.bar">foo.bar Microsoft FTP Service</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -76,7 +76,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
     <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
     <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
     <param pos="0" name="service.vendor" value="HP"/>
@@ -89,7 +89,7 @@
     <param pos="2" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
     <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
     <param pos="0" name="service.vendor" value="Washington University"/>
@@ -102,7 +102,7 @@
     <param pos="2" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512})(?: \S{1,512})? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on various OS</description>
     <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
     <example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
@@ -114,7 +114,7 @@
     <param pos="2" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server with a version</description>
     <example host.name="example.com" os.version="10.3">example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
     <example host.name="example.com" os.version="10.3">this is a banner.  change it.&#13;
@@ -129,7 +129,7 @@ example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server without a version</description>
     <example host.name="example.com">example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example host.name="example.com">this is a banner.  change it.&#13;
@@ -143,7 +143,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
     <description>Simple tnftpd banner with a version</description>
     <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
     <param pos="0" name="service.product" value="tnftpd"/>
@@ -151,7 +151,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris</description>
     <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
     <param pos="0" name="os.vendor" value="Oracle"/>
@@ -162,7 +162,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris 5.7-5.10</description>
     <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
     <example host.name="example.com" os.version="10">example.com FTP server (SunOS 5.10) ready.</example>
@@ -174,7 +174,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
     <description>SunOS 5.6 (Solaris 2.6)</description>
     <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
     <param pos="0" name="os.vendor" value="Sun"/>
@@ -320,7 +320,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
+  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S{1,512}) proftpd\[\d+\]: error: no valid servers configured">
     <description>ProFTPD no valid servers configured</description>
     <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
     <example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
@@ -443,6 +443,9 @@ more text</example>
   <fingerprint pattern="^Welcom to Serv-U FTP Server$">
     <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
     <example>Welcom to Serv-U FTP Server</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
@@ -515,7 +518,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^\s*APC FTP server ready\.$">
+  <fingerprint pattern="^\s{0,1024}APC FTP server ready\.$">
     <description>APC device</description>
     <example>APC FTP server ready.</example>
     <param pos="0" name="service.vendor" value="APC"/>
@@ -526,7 +529,7 @@ more text</example>
     <param pos="0" name="hw.device" value="Power Device"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
+  <fingerprint pattern="^(\S{1,64}) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
     <description>APC power/cooling device</description>
     <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
     <example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
@@ -543,7 +546,7 @@ more text</example>
     <param pos="0" name="hw.device" value="Power Device"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
     <description>EMC Celerra</description>
     <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
     <example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
@@ -612,7 +615,7 @@ more text</example>
     <param pos="0" name="service.product" value="Nepenthes"/>
   </fingerprint>
 
-  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
+  <fingerprint pattern="^[^ ]{1,512} IBM FTP CS (V1R\d+) at ([^,]*),.*">
     <description>IBM z/OS FTP Service</description>
     <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
     <param pos="0" name="service.vendor" value="IBM"/>
@@ -637,7 +640,7 @@ more text</example>
     <param pos="0" name="os.device" value="Point of Sale"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
+  <fingerprint pattern="^([^ ]{1,512}) NcFTPd Server \(licensed copy\) ready\.$">
     <description>NcFTPd Server
       http://www.ncftp.com/ncftpd/</description>
     <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
@@ -646,7 +649,7 @@ more text</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
+  <fingerprint pattern="^(\S{1,512}) DCS-2100 FTP server ready\.$">
     <description>D-Link DCS-2100 wireless internet camera</description>
     <example>hostname DCS-2100 FTP server ready.</example>
     <param pos="0" name="os.vendor" value="D-Link"/>
@@ -888,7 +891,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
+  <fingerprint pattern="^[\w\-\.]{0,128} FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
     <description>VxWorks 6 with version information</description>
     <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
     <example os.version="6.4">BVS-MR-BSC2 FTP server (VxWorks 6.4) ready.</example>
@@ -898,7 +901,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
+  <fingerprint pattern="^[\w&lt;&gt;]{1,32}\s{1,8}Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
     <description>VxWorks on Tenor MultiPath with version information</description>
     <example os.version="5.4.2">&lt;38785ca0&gt;  Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
@@ -1044,7 +1047,7 @@ more text</example>
     <param pos="2" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
+  <fingerprint pattern="^ET(\S{1,12}) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
     <description>Source Technologies ST9600 Series Secure Printer</description>
     <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
     <example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
@@ -1057,7 +1060,7 @@ more text</example>
     <param pos="3" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
+  <fingerprint pattern="^ET(\S{1,12}) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
     <description>Lexmark ProXXX Series of Printers</description>
     <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
     <param pos="0" name="os.vendor" value="Lexmark"/>
@@ -1070,7 +1073,7 @@ more text</example>
     <param pos="2" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
+  <fingerprint pattern="^ET(\S{1,12}) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Lexmark Forms Printer</description>
     <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
     <param pos="0" name="os.vendor" value="Lexmark"/>
@@ -1085,7 +1088,7 @@ more text</example>
     <param pos="2" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
+  <fingerprint pattern="^ET(\S{1,12}) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Toshiba e-STUDIO Printer with MAC address</description>
     <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
     <example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -1099,7 +1102,7 @@ more text</example>
     <param pos="0" name="hw.product" value="e-STUDIO"/>
   </fingerprint>
 
-  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
+  <fingerprint pattern="^\S{1,16} TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Toshiba e-STUDIO Printer</description>
     <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
     <param pos="0" name="os.vendor" value="Toshiba"/>
@@ -1297,7 +1300,7 @@ more text</example>
     <param pos="1" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
+  <fingerprint pattern="^(ET(\S{1,32})) Dell (\S+ Laser Printer) FTP Server">
     <description>Dell Laser Printer</description>
     <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
     <param pos="0" name="os.vendor" value="Dell"/>
@@ -1309,11 +1312,14 @@ more text</example>
     <param pos="3" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
     <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
     <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
     <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
     <param pos="1" name="host.name"/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
@@ -1332,7 +1338,7 @@ more text</example>
     <param pos="3" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -1343,7 +1349,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -1353,7 +1359,7 @@ more text</example>
     <param pos="2" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
     <description>MikroTik</description>
     <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
     <param pos="0" name="os.vendor" value="MikroTik"/>
@@ -1363,7 +1369,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
+  <fingerprint pattern="^.{0,1024} FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
     <description>MikroTik with description</description>
     <example os.version="6.43.16">Super Thing_Place-  FTP server (MikroTik 6.43.16) ready</example>
     <example os.version="6.43.16beta2">Super Thing_Place-  FTP server (MikroTik 6.43.16beta2) ready</example>
@@ -1541,7 +1547,7 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
+  <fingerprint pattern="^([\w.-]{1,512}) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
     <description>WS_FTP FTP Server on Windows - X2 variant</description>
     <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
     <example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
@@ -1624,11 +1630,11 @@ more text</example>
 
   <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+)  ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
     <description>Sofrel Remote Terminal Unit</description>
-    <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427  ready. Time is 00:11:39 01/11/16.</example>
+    <example hw.product="S500" hw.serial_number="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427  ready. Time is 00:11:39 01/11/16.</example>
     <param pos="0" name="hw.vendor" value="Sofrel"/>
     <param pos="0" name="hw.family" value="S500 Range"/>
     <param pos="1" name="hw.product"/>
-    <param pos="2" name="host.id"/>
+    <param pos="2" name="hw.serial_number"/>
     <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
@@ -1644,13 +1650,16 @@ more text</example>
     <param pos="2" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP server ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname</description>
     <example host.name="example.com">example.com FTP server ready.</example>
     <param pos="1" name="host.name"/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S{1,512}) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
     <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
     <example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
@@ -1666,6 +1675,9 @@ more text</example>
     <example>FTP-Server</example>
     <example>FTP Server</example>
     <example>FTP service ready.</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Welcom to ProRat Ftp Server$">
@@ -1675,7 +1687,7 @@ more text</example>
     <param pos="0" name="service.product" value="ProRat"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
+  <fingerprint pattern="^(?:(\S{1,512}) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
     <description>Vermillion FTP Daemon</description>
     <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
     <example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
@@ -1689,7 +1701,7 @@ more text</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
+  <fingerprint pattern="^(?:(\S{1,512}) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
     <description>QVT/Net FTP Server</description>
     <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
     <example host.name="qpc-qvtnet" service.version="4.1">qpc-qvtnet FTP server (QVT/Net 4.1) ready.</example>