recog 2.3.20 → 2.3.21

data/xml/html_title.xml

@@ -1,41 +1,62 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<fingerprints matches="html_title" database_type="service" preference="0.90">
+<fingerprints matches="html_title" protocol="http" database_type="service" preference="0.90">
   <!-- HTML Title elements found in HTTP response bodies are matched against these patterns to fingerprint HTTP servers. -->
 
   <fingerprint pattern="^301 Moved Permanently$">
     <description>301 Moved Permanently - generic -- assert nothing.</description>
     <example>301 Moved Permanently</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^302 Found$">
     <description>302 Found - generic -- assert nothing.</description>
     <example>302 Found</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^400 Bad Request$">
     <description>400 Bad Request - generic -- assert nothing.</description>
     <example>400 Bad Request</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^401 Unauthorized$">
     <description>401 Unauthorized - generic -- assert nothing.</description>
     <example>401 Unauthorized</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^403 Forbidden$">
     <description>403 Forbidden - generic -- assert nothing.</description>
     <example>403 Forbidden</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:404 )?Not Found$">
     <description>404 Not Found - generic -- assert nothing.</description>
     <example>404 Not Found</example>
     <example>Not Found</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Invalid URL$">
     <description>Invalid URL - generic -- assert nothing.</description>
     <example>Invalid URL</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^ERROR: The request could not be satisfied$">
@@ -353,7 +374,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)Default (?:Parallels )?Plesk (?:Panel )?Page$">
+  <fingerprint pattern="(?i)^Default (?:Parallels )?Plesk (?:Panel )?Page$">
     <description>Plesk web hosting platform with no version</description>
     <example>Default Parallels Plesk Panel Page</example>
     <example>Default Parallels Plesk Page</example>
@@ -378,7 +399,7 @@
     <param pos="0" name="hw.device" value="DVR"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)(?:Dell )?Sonicwall - Authentication$">
+  <fingerprint pattern="(?i)^(?:Dell )?Sonicwall - Authentication$">
     <description>Sonicwall firewalls</description>
     <example>SonicWall - Authentication</example>
     <param pos="0" name="os.vendor" value="SonicWall"/>
@@ -412,7 +433,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(.*).nbsp;-.nbsp;Synology.nbsp;DiskStation$">
+  <fingerprint pattern="^(.{0,512}).nbsp;-.nbsp;Synology.nbsp;DiskStation$">
     <description>Synology DiskStation</description>
     <example host.name="DiskStation">DiskStation&amp;nbsp;-&amp;nbsp;Synology&amp;nbsp;DiskStation</example>
     <example host.name="DS218">DS218&amp;nbsp;-&amp;nbsp;Synology&amp;nbsp;DiskStation</example>
@@ -699,7 +720,7 @@
     <param pos="0" name="hw.product" value="Prosafe Plus"/>
   </fingerprint>
 
-  <fingerprint pattern="^(.*).nbsp;Configuration and Management$">
+  <fingerprint pattern="^(.{0,256}).nbsp;Configuration and Management$">
     <description>Digi Terminal Servers</description>
     <example hw.product="Digi One SP">Digi One SP&amp;nbsp;Configuration and Management</example>
     <example hw.product="PortServer TS 4">PortServer TS 4&amp;nbsp;Configuration and Management</example>
@@ -820,7 +841,7 @@
     <param pos="0" name="hw.product" value="Rack PDU Card"/>
   </fingerprint>
 
-  <fingerprint pattern="^(.*) IntelliSlot Web(?:/\d+)? Card?$">
+  <fingerprint pattern="^(.{0,256}) IntelliSlot Web(?:/\d+)? Card?$">
     <description>Emerson Network Power IntelliSlot Web Card and rebrands</description>
     <example hw.vendor="Emerson Network Power">Emerson Network Power IntelliSlot Web Card</example>
     <example hw.vendor="Emerson Network Power">Emerson Network Power IntelliSlot Web/485 Card</example>
@@ -1038,7 +1059,7 @@
     <param pos="0" name="hw.product" value="OpenManage Switch"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+)\s+-\s+ProCurve Switch (\S+) \((.*)\)$">
+  <fingerprint pattern="^(\S{1,512})\s{1,8}-\s{1,8}ProCurve Switch (\S+) \((.*)\)$">
     <description>HPE ProCurve Switch w/Hostname</description>
     <example host.name="SW1" hw.product="4204vl" procurve.model="J8770A">SW1 - ProCurve Switch 4204vl (J8770A)</example>
     <param pos="0" name="hw.vendor" value="HPE"/>
@@ -1134,20 +1155,22 @@
 
   <fingerprint pattern="^Agilent 33220A \((.*)\)$">
     <description>Agilent 33220A</description>
-    <example agilent.serial="MY44041111">Agilent 33220A (MY44041111)</example>
+    <example agilent.serial="MY44041111" hw.serial_number="MY44041111">Agilent 33220A (MY44041111)</example>
     <param pos="0" name="hw.vendor" value="Agilent"/>
     <param pos="0" name="hw.device" value="Test Instrument"/>
     <param pos="0" name="hw.product" value="33220A Waveform Generator"/>
     <param pos="1" name="agilent.serial"/>
+    <param pos="1" name="hw.serial_number"/>
   </fingerprint>
 
   <fingerprint pattern="^Agilent N5172B (?:EXG )?(MY\S+)$">
     <description>Agilent N5172B</description>
-    <example agilent.serial="MY44041111">Agilent N5172B EXG MY44041111</example>
+    <example agilent.serial="MY44041111" hw.serial_number="MY44041111">Agilent N5172B EXG MY44041111</example>
     <param pos="0" name="hw.vendor" value="Agilent"/>
     <param pos="0" name="hw.device" value="Test Instrument"/>
     <param pos="0" name="hw.product" value="N5172B Signal Generator"/>
     <param pos="1" name="agilent.serial"/>
+    <param pos="1" name="hw.serial_number"/>
   </fingerprint>
 
   <fingerprint pattern="^Polycom - Configuration Utility$">
@@ -1397,6 +1420,7 @@
     <param pos="0" name="hw.vendor" value="KACE"/>
     <param pos="0" name="hw.device" value="Support Appliance"/>
     <param pos="0" name="hw.product" value="K1000"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:dell:kace_k1000_systems_management_appliance:-"/>
     <param pos="0" name="os.vendor" value="KACE"/>
     <param pos="0" name="os.family" value="FreeBSD"/>
   </fingerprint>
@@ -1678,7 +1702,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^.* \[Jenkins\]$">
+  <fingerprint pattern="^.{0,1024} \[Jenkins\]$">
     <description>Jenkins Customized Dashboard</description>
     <example>Continuous Integrations [Jenkins]</example>
     <example>Dashboard [Jenkins]</example>
@@ -2341,7 +2365,7 @@
     <param pos="0" name="service.product" value="SonarQube"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) - Opengear Management Console$">
+  <fingerprint pattern="^(\S{1,512}) - Opengear Management Console$">
     <description>Opengear Management Console</description>
     <example host.name="server01">server01 - Opengear Management Console</example>
     <param pos="0" name="service.vendor" value="Opengear"/>
@@ -2607,7 +2631,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:zabbix:zabbix:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) \(build (\S+)\) - Info$">
+  <fingerprint pattern="^(\S{1,512}) \(build (\S+)\) - Info$">
     <description>DD-WRT</description>
     <example host.name="SubTerraVia-NUC" os.version="36104" os.build="36104">SubTerraVia-NUC (build 36104) - Info</example>
     <example host.name="DD-WRT" os.version="35030M" os.build="35030M">DD-WRT (build 35030M) - Info</example>

data/xml/http_cookies.xml

@@ -163,14 +163,13 @@
       The cookie value breaks down to [box-id][service-id][timeout-value]
       unfortunately, there's no separator so it's hard to tell what the
       actual break is between the pieces of data.
-      http://www.cisco.com/warp/public/117/AP_cookies.html
   -->
 
   <fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
     <description>Cisco 11000 Series Content Service Switch (CSS)</description>
-    <example host.id="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
+    <example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
     <param pos="0" name="cookie" value="ARPT"/>
-    <param pos="1" name="host.id"/>
+    <param pos="1" name="host.name"/>
     <param pos="2" name="host.ip"/>
     <param pos="0" name="service.vendor" value="Cisco"/>
     <param pos="0" name="service.family" value="Content Service Switch"/>

data/xml/http_servers.xml

@@ -840,7 +840,7 @@
   </fingerprint>
 
   <fingerprint pattern="^UOS$">
-    <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
+    <description>HTTP Server that appears unique to Management Console on HP TippingPoint IPS Devices</description>
     <example>UOS</example>
     <param pos="0" name="service.vendor" value="HP"/>
     <param pos="0" name="service.product" value="HTTP"/>
@@ -878,10 +878,10 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
+  <fingerprint pattern="^LiteSpeed\/?([\d.]+)?(?: \S+)?">
     <description>LiteSpeed</description>
     <example>LiteSpeed</example>
-    <example>LiteSpeed/5.2.8 Enterprise</example>
+    <example service.version="5.2.8">LiteSpeed/5.2.8 Enterprise</example>
     <param pos="0" name="service.vendor" value="LiteSpeed Technologies"/>
     <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
     <param pos="1" name="service.version"/>
@@ -897,7 +897,7 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
+  <fingerprint pattern="^openresty\/?([\d.]+)?$">
     <description>OpenResty OpenResty</description>
     <example>openresty</example>
     <example service.version="1.13.6.2">openresty/1.13.6.2</example>
@@ -945,7 +945,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
+  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
     <description>Sonos Bridge/ZoneBridge</description>
     <example hw.model="BR100" hw.version="47.2-59120">Linux UPnP/1.0 Sonos/47.2-59120 (BR100)</example>
     <param pos="0" name="hw.vendor" value="Sonos"/>
@@ -956,7 +956,7 @@
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
+  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
     <description>Sonos Subwoofer Speaker</description>
     <example>Linux UPnP/1.0 Sonos/31.3-22220 (ANVIL)</example>
     <param pos="0" name="hw.vendor" value="Sonos"/>
@@ -1000,7 +1000,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
+  <fingerprint pattern="^Tengine\/?([\d.]+)?$">
     <description>Tengine</description>
     <example>Tengine</example>
     <example service.version="2.0.0">Tengine/2.0.0</example>
@@ -1423,7 +1423,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:eclipse:jetty:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)squid/(\d+\.[\w.\-\+]+)$">
+  <fingerprint pattern="(?i)^squid/(\d+\.[\w.\-\+]+)$">
     <description>Squid Web Proxy with a version</description>
     <example service.version="2.3.STABLE1">Squid/2.3.STABLE1</example>
     <example service.version="4.4">squid/4.4</example>
@@ -1435,7 +1435,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)squid$">
+  <fingerprint pattern="(?i)^squid$">
     <description>Squid Web Proxy without a version</description>
     <example>Squid</example>
     <example>squid</example>
@@ -1492,7 +1492,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
+  <fingerprint pattern="^nginx\/?([\d.]+)?">
     <description>nginx with version info and/or mods</description>
     <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
     <example>nginx/0.8.53</example>
@@ -1993,11 +1993,11 @@
        this information useful and mappable to CPE
   -->
 
-  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
+  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)[^;]+; Serial Number: ([^;]+);">
     <description>HP Printer</description>
-    <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
-    <example os.product="Officejet 6500" os.family="Officejet">HP HTTP Server; HP Officejet 6500 E709n - CB057A; Serial Number: abc123; Rainbow Built:Sat Dec 13, 2008 10:58:21AM {abc123, ASIC id 0x00ffc2105}</example>
-    <example os.product="Designjet T520" os.family="Designjet">HP HTTP Server; Hewlett-Packard HP Designjet T520 36in - ABC123; Serial Number: 0123456789; Built:Tue Sep 09, 2014 08:32:54AM {012345678901}</example>
+    <example os.product="Photosmart C309a" os.family="Photosmart" hw.serial_number="abc123">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
+    <example os.product="Officejet 6500" os.family="Officejet" hw.serial_number="abc123">HP HTTP Server; HP Officejet 6500 E709n - CB057A; Serial Number: abc123; Rainbow Built:Sat Dec 13, 2008 10:58:21AM {abc123, ASIC id 0x00ffc2105}</example>
+    <example os.product="Designjet T520" os.family="Designjet" hw.serial_number="0123456789">HP HTTP Server; Hewlett-Packard HP Designjet T520 36in - ABC123; Serial Number: 0123456789; Built:Tue Sep 09, 2014 08:32:54AM {012345678901}</example>
     <param pos="0" name="service.vendor" value="HP"/>
     <param pos="0" name="service.product" value="JetDirect"/>
     <param pos="0" name="service.family" value="JetDirect"/>
@@ -2009,6 +2009,7 @@
     <param pos="0" name="hw.family" value="JetDirect"/>
     <param pos="0" name="hw.product" value="JetDirect"/>
     <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="3" name="hw.serial_number"/>
   </fingerprint>
 
   <fingerprint pattern="^HTTP/1\.0$">
@@ -2650,7 +2651,7 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
+  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?([\d.]+)?$">
     <description>Embedthis AppWeb</description>
     <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
     <example>Embedthis-http</example>
@@ -2964,29 +2965,28 @@
     <param pos="0" name="service.product" value="2wire"/>
   </fingerprint>
 
-  <!-- junit says,
-     "Example pattern '' from http_servers.xml didn't match pattern '^$'"
-     Figure out if we have a way to support matching empty strings later.
-   <fingerprint pattern="^?">
-      <example></example>
-      <description>A blank banner; assert nothing.</description>
-   </fingerprint>
-
-   -->
-
   <fingerprint pattern="^(?:(?:\d{1,3}\.){3}\d{1,3}):\d{1,4}$">
     <description>A banner consisting of an IPv4 address and port -- assert nothing.</description>
     <example>192.168.0.4:9999</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
     <description>Obfuscated web server -- assert nothing.</description>
     <example>Web-Server/3.0</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^httpd$">
     <description>httpd - generic -- assert nothing.</description>
     <example>httpd</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <!-- Service provider equipment (CDNs, etc) -->
@@ -3283,7 +3283,7 @@
     <param pos="0" name="service.product" value="Node"/>
   </fingerprint>
 
-  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
+  <fingerprint pattern="(?i)^(.{0,256}) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
     <description>AVM FRITZ! devices of various types</description>
     <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
     <param pos="0" name="os.vendor" value="AVM"/>
@@ -3680,7 +3680,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnpd:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
+  <fingerprint pattern="^(\S{1,16}) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
     <description>TVersity Media Server UPnP Server with Service Pack</description>
     <example>5.2.3790 2/Service Pack 1, UPnP/1.0, TVersity Media Server</example>
     <example>5.1.2600 2/Service Pack 3, UPnP/1.0, TVersity Media Server</example>
@@ -3689,7 +3689,7 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) 2/, UPnP/\S+, TVersity Media Server$">
+  <fingerprint pattern="^(\S{1,16}) 2/, UPnP/\S+, TVersity Media Server$">
     <description>TVersity Media Server UPnP Server</description>
     <example>6.2.8400 2/, UPnP/1.0, TVersity Media Server</example>
     <example>6.2.9200 2/, UPnP/1.0, TVersity Media Server</example>

data/xml/http_wwwauth.xml

@@ -419,7 +419,7 @@
     <param pos="0" name="service.product" value="SWAT"/>
   </fingerprint>
 
-  <fingerprint pattern="^.*(?:Basic|Digest) realm=&quot;SPIP Configuration&quot;.*$">
+  <fingerprint pattern="^.{0,1024}(?:Basic|Digest) realm=&quot;SPIP Configuration&quot;.*$">
     <description>SPIP publishing system (www.spip.net)</description>
     <example>Basic realm="SPIP Configuration", Digest realm="SPIP Configuration", nonce="116761147", algorithm="MD5"</example>
     <param pos="0" name="service.vendor" value="SPIP"/>
@@ -427,7 +427,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:spip:spip:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;HP ISEE @ ([^&quot;]+)&quot;.*$">
+  <fingerprint pattern="^.{0,1024}(?:Basic|Digest) .*realm=&quot;HP ISEE @ ([^&quot;]+)&quot;.*$">
     <description>HP Instant Support Enterprise Edition with a hostname</description>
     <example host.name="blah">Basic realm="HP ISEE @ blah"</example>
     <param pos="0" name="service.vendor" value="HP"/>
@@ -435,7 +435,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;BIG-IP&quot;.*$">
+  <fingerprint pattern="^.{0,1024}(?:Basic|Digest) .*realm=&quot;BIG-IP&quot;.*$">
     <description>Generic F5 Big-IP</description>
     <example>Basic realm="BIG-IP"</example>
     <param pos="0" name="service.vendor" value="F5"/>

data/xml/imap_banners.xml

@@ -166,7 +166,7 @@
     <param pos="0" name="service.product" value="Courier IMAP"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
     <description>Nortel CallPilot</description>
     <example>nottest.localdomain CallPilot IMAP4rev1 v42.02.05.22 server ready.</example>
     <example>test.localdomain CallPilot IMAP4rev1 v43.03.19.22 server ready.</example>
@@ -177,7 +177,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) Zimbra IMAP4rev1 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra IMAP4rev1 server ready\.?$">
     <description>VMware Zimbra IMAP</description>
     <example host.name="foo.bar">foo.bar Zimbra IMAP4rev1 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>
@@ -186,7 +186,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) Zimbra (\S+) IMAP4rev1 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) IMAP4rev1 server ready\.?$">
     <description>VMware Zimbra IMAP with service version</description>
     <example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 IMAP4rev1 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>
@@ -196,7 +196,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(.+) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
+  <fingerprint pattern="^(\S{1,512}) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
     <description>CMU Cyrus IMAP on Mac OS X</description>
     <example host.name="example.com" service.version="2.2.12" os.version="10.4.0">example.com Cyrus IMAP4 v2.2.12-OS X 10.4.0 server ready</example>
     <example host.name="example.com" service.version="2.3.8" os.version="10.5">example.com Cyrus IMAP4 v2.3.8-OS X Server 10.5: 9A562 server ready</example>
@@ -213,7 +213,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(.+) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
+  <fingerprint pattern="^(\S{1,512}) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
     <description>CMU Cyrus IMAP</description>
     <example host.name="example.com" service.version="2.3.7">example.com Cyrus IMAP4 v2.3.7 server ready</example>
     <example host.name="example.com" service.version="2.4.8-Invoca-RPM-2.4.8-1">example.com Cyrus IMAP Murder v2.4.8-Invoca-RPM-2.4.8-1 server ready</example>

data/xml/mdns_device-info_txt.xml

@@ -259,6 +259,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (13-inch, M1, 2020)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro16,1$">
@@ -272,6 +273,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (16-inch, 2019)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro16,[23]$">
@@ -286,6 +288,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (13-inch, 2020)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro15,4$">
@@ -299,6 +302,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro15,3$">
@@ -312,6 +316,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (15-inch, 2019)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro15,2$">
@@ -325,6 +330,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro15,1$">
@@ -338,6 +344,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (15-inch, 2018)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro14,3$">
@@ -429,6 +436,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (Retina, 13-inch, Early 2015)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro11,[45]$">
@@ -443,6 +451,7 @@
     <param pos="0" name="hw.family" value="MacBook Pro"/>
     <param pos="0" name="hw.product" value="MacBook Pro (Retina, 15-inch, Mid 2015)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_pro:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookPro11,3$">
@@ -746,6 +755,7 @@
     <param pos="0" name="hw.family" value="MacBook"/>
     <param pos="0" name="hw.product" value="MacBook Air (M1, 2020)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_air:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookAir9,1$">
@@ -759,6 +769,7 @@
     <param pos="0" name="hw.family" value="MacBook"/>
     <param pos="0" name="hw.product" value="MacBook Air (Retina, 13-inch, 2020)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_air:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookAir8,2$">
@@ -772,6 +783,7 @@
     <param pos="0" name="hw.family" value="MacBook"/>
     <param pos="0" name="hw.product" value="MacBook Air (Retina, 13-inch, 2019)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_air:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookAir8,1$">
@@ -785,6 +797,7 @@
     <param pos="0" name="hw.family" value="MacBook"/>
     <param pos="0" name="hw.product" value="MacBook Air (Retina, 13-inch, 2018)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_air:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookAir7,2$">
@@ -798,6 +811,7 @@
     <param pos="0" name="hw.family" value="MacBook"/>
     <param pos="0" name="hw.product" value="MacBook Air (13-inch, 2017)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:macbook_air:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=MacBookAir7,1$">
@@ -1236,6 +1250,7 @@
     <param pos="0" name="hw.family" value="iMac"/>
     <param pos="0" name="hw.product" value="iMac (Retina 5K, 27-inch, 2020)"/>
     <param pos="0" name="hw.device" value="Desktop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:imac:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=iMac19,1$">
@@ -1249,6 +1264,7 @@
     <param pos="0" name="hw.family" value="iMac"/>
     <param pos="0" name="hw.product" value="iMac (Retina 5K, 27-inch, 2019)"/>
     <param pos="0" name="hw.device" value="Desktop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:imac:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=iMac19,2$">
@@ -1262,6 +1278,7 @@
     <param pos="0" name="hw.family" value="iMac"/>
     <param pos="0" name="hw.product" value="iMac (Retina 4K, 21.5-inch, 2019)"/>
     <param pos="0" name="hw.device" value="Desktop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:imac:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=iMacPro1,1$">
@@ -1288,6 +1305,7 @@
     <param pos="0" name="hw.family" value="iMac"/>
     <param pos="0" name="hw.product" value="iMac (Retina 5K, 27-inch, 2017)"/>
     <param pos="0" name="hw.device" value="Desktop"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:apple:imac:-"/>
   </fingerprint>
 
   <fingerprint pattern="^model=iMac18,2$">
@@ -1817,6 +1835,20 @@
 
   <!-- Apple TV -->
 
+  <fingerprint pattern="^model=(?:J305AP|AppleTV11,1)$">
+    <description>Apple TV 4K (2nd generation)</description>
+    <example>model=J305AP</example>
+    <example>model=AppleTV11,1</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="tvOS"/>
+    <param pos="0" name="os.product" value="tvOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:tvos:-"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+    <param pos="0" name="hw.family" value="Apple TV"/>
+    <param pos="0" name="hw.product" value="Apple TV 4K (2nd generation)"/>
+    <param pos="0" name="hw.device" value="Media Server"/>
+  </fingerprint>
+
   <fingerprint pattern="^model=(?:J105aAP|AppleTV6,2)$">
     <description>Apple TV 4K</description>
     <example>model=J105aAP</example>