recog 2.3.20 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +89 -0
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +8 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +42 -8
- data/cpe-remap.yaml +62 -3
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +85 -21
- data/identifiers/fields.txt +6 -5
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +54 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +18 -2
- data/identifiers/service_product.txt +26 -0
- data/identifiers/vendor.txt +62 -1
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +130 -37
- data/xml/apache_os.xml +98 -56
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +26 -13
- data/xml/favicons.xml +236 -47
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +213 -197
- data/xml/h323_callresp.xml +101 -101
- data/xml/hp_pjl_id.xml +84 -84
- data/xml/html_title.xml +715 -45
- data/xml/http_cookies.xml +143 -80
- data/xml/http_servers.xml +510 -310
- data/xml/http_wwwauth.xml +177 -75
- data/xml/imap_banners.xml +10 -10
- data/xml/mdns_device-info_txt.xml +421 -26
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +12 -9
- data/xml/ntp_banners.xml +97 -97
- data/xml/operating_system.xml +98 -83
- data/xml/pop_banners.xml +27 -27
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +46 -8
- data/xml/sip_user_agents.xml +180 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +28 -25
- data/xml/smtp_banners.xml +258 -254
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +11 -11
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +1554 -1429
- data/xml/snmp_sysobjid.xml +27 -27
- data/xml/ssh_banners.xml +27 -20
- data/xml/telnet_banners.xml +256 -57
- data/xml/tls_jarm.xml +48 -6
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +69 -2
- data/xml/x509_subjects.xml +144 -33
- metadata +24 -4
- data/lib/recog/verifier_factory.rb +0 -13
data/xml/http_cookies.xml
CHANGED
@@ -15,7 +15,7 @@
|
|
15
15
|
<param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
|
16
16
|
</fingerprint>
|
17
17
|
|
18
|
-
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)
|
18
|
+
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=">
|
19
19
|
<description>Amazon Application Load Balancer</description>
|
20
20
|
<example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
21
21
|
<example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
@@ -26,7 +26,7 @@
|
|
26
26
|
<param pos="0" name="service.product" value="Application Load Balancer"/>
|
27
27
|
</fingerprint>
|
28
28
|
|
29
|
-
<fingerprint pattern="^(AWSELB(?:CORS)?)
|
29
|
+
<fingerprint pattern="^(AWSELB(?:CORS)?)=">
|
30
30
|
<description>Amazon Elastic Load Balancer</description>
|
31
31
|
<example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
32
32
|
<example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
@@ -36,7 +36,7 @@
|
|
36
36
|
<param pos="0" name="service.product" value="Elastic Load Balancer"/>
|
37
37
|
</fingerprint>
|
38
38
|
|
39
|
-
<fingerprint pattern="^(PHPSESSI(?:D|ON))
|
39
|
+
<fingerprint pattern="^(PHPSESSI(?:D|ON))=">
|
40
40
|
<description>PHP - http://www.php.net/ref.session</description>
|
41
41
|
<example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
42
42
|
<example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
|
@@ -47,7 +47,7 @@
|
|
47
47
|
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
48
48
|
</fingerprint>
|
49
49
|
|
50
|
-
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)
|
50
|
+
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=">
|
51
51
|
<description>Microsoft IIS (ASP.NET)
|
52
52
|
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
53
53
|
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
@@ -66,7 +66,7 @@
|
|
66
66
|
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
67
67
|
</fingerprint>
|
68
68
|
|
69
|
-
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)
|
69
|
+
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=">
|
70
70
|
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
71
71
|
<example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
|
72
72
|
<example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
|
@@ -77,26 +77,40 @@
|
|
77
77
|
<param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
|
78
78
|
</fingerprint>
|
79
79
|
|
80
|
-
<fingerprint pattern="^ANsession\d+=(\S+)
|
80
|
+
<fingerprint pattern="^ANsession\d+=(\S+);">
|
81
81
|
<description>Array Networks Secure Access Gateway / SSL VPN</description>
|
82
|
-
<example>ANsession0002262072457555=IPMI; path=/;secure</example>
|
82
|
+
<example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
|
83
83
|
<param pos="1" name="cookie"/>
|
84
84
|
<param pos="0" name="service.vendor" value="Array Networks"/>
|
85
85
|
<param pos="0" name="service.family" value="Secure Access Gateway"/>
|
86
86
|
<param pos="0" name="hw.device" value="VPN"/>
|
87
87
|
</fingerprint>
|
88
88
|
|
89
|
-
<fingerprint pattern="^
|
90
|
-
<description>Apache</description>
|
91
|
-
<
|
92
|
-
<
|
89
|
+
<fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
|
90
|
+
<description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
|
91
|
+
<example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
|
92
|
+
<example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
|
93
|
+
<example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
|
94
|
+
<example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
|
95
|
+
<param pos="0" name="cookie" value="Apache"/>
|
96
|
+
<param pos="1" name="host.ip"/>
|
97
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
98
|
+
<param pos="0" name="service.family" value="Apache"/>
|
99
|
+
<param pos="0" name="service.product" value="HTTPD"/>
|
100
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
101
|
+
</fingerprint>
|
102
|
+
|
103
|
+
<fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
|
104
|
+
<description>Apache with opaque session ID</description>
|
105
|
+
<example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
|
106
|
+
<param pos="0" name="cookie" value="Apache"/>
|
93
107
|
<param pos="0" name="service.vendor" value="Apache"/>
|
94
108
|
<param pos="0" name="service.family" value="Apache"/>
|
95
109
|
<param pos="0" name="service.product" value="HTTPD"/>
|
96
110
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
97
111
|
</fingerprint>
|
98
112
|
|
99
|
-
<fingerprint pattern="^JServSessionIdroot
|
113
|
+
<fingerprint pattern="^JServSessionIdroot=">
|
100
114
|
<description>Apache JServ</description>
|
101
115
|
<example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
|
102
116
|
<param pos="0" name="cookie" value="JServSessionIdroot"/>
|
@@ -105,7 +119,7 @@
|
|
105
119
|
<param pos="0" name="service.product" value="JServ"/>
|
106
120
|
</fingerprint>
|
107
121
|
|
108
|
-
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)
|
122
|
+
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=">
|
109
123
|
<description>ATG Dynamo</description>
|
110
124
|
<example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
|
111
125
|
<param pos="1" name="cookie"/>
|
@@ -114,7 +128,7 @@
|
|
114
128
|
<param pos="0" name="service.product" value="Dynamo"/>
|
115
129
|
</fingerprint>
|
116
130
|
|
117
|
-
<fingerprint pattern="^Bugzilla_login_request_cookie
|
131
|
+
<fingerprint pattern="^Bugzilla_login_request_cookie=">
|
118
132
|
<description>Bugzilla</description>
|
119
133
|
<example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
|
120
134
|
<param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
|
@@ -123,34 +137,27 @@
|
|
123
137
|
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
124
138
|
</fingerprint>
|
125
139
|
|
126
|
-
<fingerprint pattern="^
|
127
|
-
<description>BEA WebLogic (with timestamp)</description>
|
128
|
-
<param pos="1" name="cookie"/>
|
129
|
-
<param pos="2" name="system.time.millis"/>
|
130
|
-
<param pos="0" name="service.vendor" value="BEA"/>
|
131
|
-
<param pos="0" name="service.family" value="WebLogic"/>
|
132
|
-
<param pos="0" name="service.product" value="WebLogic"/>
|
133
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
134
|
-
</fingerprint>
|
135
|
-
|
136
|
-
<fingerprint pattern="^(WebLogicSession)=.*">
|
140
|
+
<fingerprint pattern="^WebLogicSession=">
|
137
141
|
<description>BEA WebLogic (no timestamp)</description>
|
138
|
-
<
|
142
|
+
<example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
|
143
|
+
<example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
|
144
|
+
<param pos="0" name="cookie" value="WebLogicSession"/>
|
139
145
|
<param pos="0" name="service.vendor" value="BEA"/>
|
140
146
|
<param pos="0" name="service.family" value="WebLogic"/>
|
141
147
|
<param pos="0" name="service.product" value="WebLogic"/>
|
142
148
|
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
143
149
|
</fingerprint>
|
144
150
|
|
145
|
-
<fingerprint pattern="^(BCSI-
|
151
|
+
<fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
|
146
152
|
<description>BlueCoat Proxy</description>
|
153
|
+
<example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
|
147
154
|
<param pos="1" name="cookie"/>
|
148
155
|
<param pos="0" name="service.vendor" value="Blue Coat"/>
|
149
156
|
<param pos="0" name="service.family" value="Proxy"/>
|
150
157
|
<param pos="0" name="service.product" value="Proxy"/>
|
151
158
|
</fingerprint>
|
152
159
|
|
153
|
-
<fingerprint pattern="^CAKEPHP
|
160
|
+
<fingerprint pattern="^CAKEPHP=">
|
154
161
|
<description>CakePHP - http://www.cakephp.org/</description>
|
155
162
|
<example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
|
156
163
|
<param pos="0" name="cookie" value="CAKEPHP"/>
|
@@ -163,21 +170,20 @@
|
|
163
170
|
The cookie value breaks down to [box-id][service-id][timeout-value]
|
164
171
|
unfortunately, there's no separator so it's hard to tell what the
|
165
172
|
actual break is between the pieces of data.
|
166
|
-
http://www.cisco.com/warp/public/117/AP_cookies.html
|
167
173
|
-->
|
168
174
|
|
169
|
-
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]
|
175
|
+
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+">
|
170
176
|
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
171
|
-
<example host.
|
177
|
+
<example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
|
172
178
|
<param pos="0" name="cookie" value="ARPT"/>
|
173
|
-
<param pos="1" name="host.
|
179
|
+
<param pos="1" name="host.name"/>
|
174
180
|
<param pos="2" name="host.ip"/>
|
175
181
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
176
182
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
177
183
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
178
184
|
</fingerprint>
|
179
185
|
|
180
|
-
<fingerprint pattern="^ARPT
|
186
|
+
<fingerprint pattern="^ARPT=">
|
181
187
|
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
182
188
|
<example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
|
183
189
|
<param pos="0" name="cookie" value="ARPT"/>
|
@@ -207,15 +213,16 @@
|
|
207
213
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
208
214
|
</fingerprint>
|
209
215
|
|
210
|
-
<fingerprint pattern="^st8id
|
216
|
+
<fingerprint pattern="^st8id=">
|
211
217
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
218
|
+
<example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
|
212
219
|
<param pos="0" name="cookie" value="st8id"/>
|
213
220
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
214
221
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
215
222
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
216
223
|
</fingerprint>
|
217
224
|
|
218
|
-
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)
|
225
|
+
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=">
|
219
226
|
<description>Citrix NetScaler</description>
|
220
227
|
<example>NSC_AAAC=xyz;</example>
|
221
228
|
<example>NSC_TEMP=xyz;</example>
|
@@ -243,7 +250,7 @@
|
|
243
250
|
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
244
251
|
</fingerprint>
|
245
252
|
|
246
|
-
<fingerprint pattern="^DokuWiki
|
253
|
+
<fingerprint pattern="^DokuWiki=">
|
247
254
|
<description>Dokuwiki</description>
|
248
255
|
<example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
|
249
256
|
<param pos="0" name="cookie" value="DokuWiki"/>
|
@@ -252,7 +259,7 @@
|
|
252
259
|
<param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
|
253
260
|
</fingerprint>
|
254
261
|
|
255
|
-
<fingerprint pattern="^(EktGUID|ecm)
|
262
|
+
<fingerprint pattern="^(EktGUID|ecm)=">
|
256
263
|
<description>Ektron CMS400.net</description>
|
257
264
|
<example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
|
258
265
|
<param pos="1" name="cookie"/>
|
@@ -270,9 +277,9 @@
|
|
270
277
|
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
|
271
278
|
</fingerprint>
|
272
279
|
|
273
|
-
<fingerprint pattern="(?i)^(BIGipServer([^=]+))
|
280
|
+
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
|
274
281
|
<description>F5 BIG-IP LTM - Server variant</description>
|
275
|
-
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
282
|
+
<example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
276
283
|
<param pos="1" name="cookie"/>
|
277
284
|
<param pos="2" name="loadbalancer.poolname"/>
|
278
285
|
<param pos="0" name="service.vendor" value="F5"/>
|
@@ -281,7 +288,7 @@
|
|
281
288
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
282
289
|
</fingerprint>
|
283
290
|
|
284
|
-
<fingerprint pattern="^i_like_gogits
|
291
|
+
<fingerprint pattern="^i_like_gogits=">
|
285
292
|
<description>Gogs</description>
|
286
293
|
<example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
|
287
294
|
<param pos="0" name="cookie" value="i_like_gogits"/>
|
@@ -290,7 +297,7 @@
|
|
290
297
|
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
291
298
|
</fingerprint>
|
292
299
|
|
293
|
-
<fingerprint pattern="^(BigIPCookie[^=]*)
|
300
|
+
<fingerprint pattern="^(BigIPCookie[^=]*)=">
|
294
301
|
<description>F5 BIG-IP LTM</description>
|
295
302
|
<example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
|
296
303
|
<example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
|
@@ -310,7 +317,7 @@
|
|
310
317
|
<param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
|
311
318
|
</fingerprint>
|
312
319
|
|
313
|
-
<fingerprint pattern="^i_like_gitea
|
320
|
+
<fingerprint pattern="^i_like_gitea=">
|
314
321
|
<description>Gitea</description>
|
315
322
|
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
316
323
|
<param pos="0" name="cookie" value="i_like_gitea"/>
|
@@ -320,7 +327,7 @@
|
|
320
327
|
<param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
|
321
328
|
</fingerprint>
|
322
329
|
|
323
|
-
<fingerprint pattern="^_gitlab_session
|
330
|
+
<fingerprint pattern="^_gitlab_session=">
|
324
331
|
<description>GitLab</description>
|
325
332
|
<example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
|
326
333
|
<param pos="0" name="cookie" value="_gitlab_session"/>
|
@@ -339,7 +346,7 @@
|
|
339
346
|
<param pos="0" name="service.product" value="HAProxy"/>
|
340
347
|
</fingerprint>
|
341
348
|
|
342
|
-
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))
|
349
|
+
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=">
|
343
350
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
344
351
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
345
352
|
</description>
|
@@ -352,7 +359,7 @@
|
|
352
359
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
353
360
|
</fingerprint>
|
354
361
|
|
355
|
-
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)
|
362
|
+
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=">
|
356
363
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
357
364
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
358
365
|
</description>
|
@@ -364,15 +371,18 @@
|
|
364
371
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
365
372
|
</fingerprint>
|
366
373
|
|
367
|
-
<fingerprint pattern="^IBMCBR
|
374
|
+
<fingerprint pattern="^IBMCBR=">
|
368
375
|
<description>IBM WebSphere Load Balancer</description>
|
376
|
+
<!-- Replace with a valid example if one is discovered -->
|
377
|
+
|
378
|
+
<example>IBMCBR=fakevalue</example>
|
369
379
|
<param pos="0" name="cookie" value="IBMCBR"/>
|
370
380
|
<param pos="0" name="service.vendor" value="IBM"/>
|
371
381
|
<param pos="0" name="service.family" value="WebSphere"/>
|
372
382
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
373
383
|
</fingerprint>
|
374
384
|
|
375
|
-
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)
|
385
|
+
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=">
|
376
386
|
<description>Joom!Fish http://www.joomfish.net/</description>
|
377
387
|
<example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
378
388
|
<example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
|
@@ -383,12 +393,14 @@
|
|
383
393
|
|
384
394
|
<fingerprint pattern="^_mastodon_session=">
|
385
395
|
<description>Mastodon</description>
|
396
|
+
<example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
|
386
397
|
<param pos="0" name="cookie" value="_mastodon_session"/>
|
387
398
|
<param pos="0" name="service.product" value="Mastodon"/>
|
388
399
|
</fingerprint>
|
389
400
|
|
390
|
-
<fingerprint pattern="^(MSCSAuth|MSCSProfile)
|
401
|
+
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
|
391
402
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
403
|
+
<example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
|
392
404
|
<param pos="1" name="cookie"/>
|
393
405
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
394
406
|
<param pos="0" name="service.family" value="Commerce Server"/>
|
@@ -396,18 +408,18 @@
|
|
396
408
|
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
|
397
409
|
</fingerprint>
|
398
410
|
|
399
|
-
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)
|
411
|
+
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=">
|
400
412
|
<description>Nextcloud</description>
|
401
413
|
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
402
414
|
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
403
|
-
<example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
415
|
+
<example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
404
416
|
<param pos="1" name="cookie"/>
|
405
417
|
<param pos="0" name="service.vendor" value="Nextcloud"/>
|
406
418
|
<param pos="0" name="service.product" value="Nextcloud Server"/>
|
407
419
|
<param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
|
408
420
|
</fingerprint>
|
409
421
|
|
410
|
-
<fingerprint pattern="^AlteonP
|
422
|
+
<fingerprint pattern="^AlteonP=">
|
411
423
|
<description>Nortel Alteon Web Switch</description>
|
412
424
|
<example>AlteonP=c46736793e45929dbaeebabb; path=</example>
|
413
425
|
<param pos="0" name="cookie" value="AlteonP"/>
|
@@ -416,7 +428,7 @@
|
|
416
428
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
417
429
|
</fingerprint>
|
418
430
|
|
419
|
-
<fingerprint pattern="^OBSID
|
431
|
+
<fingerprint pattern="^OBSID=">
|
420
432
|
<description>Observium</description>
|
421
433
|
<example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
|
422
434
|
<param pos="0" name="cookie" value="OBSID"/>
|
@@ -425,23 +437,26 @@
|
|
425
437
|
<param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
|
426
438
|
</fingerprint>
|
427
439
|
|
428
|
-
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)
|
440
|
+
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
|
429
441
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
442
|
+
<example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
|
443
|
+
<example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
|
430
444
|
<param pos="1" name="cookie"/>
|
431
445
|
<param pos="0" name="service.vendor" value="FatWire"/>
|
432
446
|
<param pos="0" name="service.family" value="Content Server"/>
|
433
447
|
<param pos="0" name="service.product" value="Content Server"/>
|
434
448
|
</fingerprint>
|
435
449
|
|
436
|
-
<fingerprint pattern="^parkinglot
|
450
|
+
<fingerprint pattern="^parkinglot=">
|
437
451
|
<description>Oversee Webserver</description>
|
452
|
+
<example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
|
438
453
|
<param pos="0" name="cookie" value="parkinglot"/>
|
439
454
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
440
455
|
<param pos="0" name="service.family" value="Webserver"/>
|
441
456
|
<param pos="0" name="service.product" value="Webserver"/>
|
442
457
|
</fingerprint>
|
443
458
|
|
444
|
-
<fingerprint pattern="^phsid
|
459
|
+
<fingerprint pattern="^phsid=">
|
445
460
|
<description>Phabricator</description>
|
446
461
|
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
447
462
|
<param pos="0" name="cookie" value="phsid"/>
|
@@ -451,7 +466,7 @@
|
|
451
466
|
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
452
467
|
</fingerprint>
|
453
468
|
|
454
|
-
<fingerprint pattern="^RMID
|
469
|
+
<fingerprint pattern="^RMID=">
|
455
470
|
<description>RealMedia OpenAdStream</description>
|
456
471
|
<example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
|
457
472
|
<param pos="0" name="cookie" value="RMID"/>
|
@@ -460,7 +475,7 @@
|
|
460
475
|
<param pos="0" name="service.product" value="OpenAdStream"/>
|
461
476
|
</fingerprint>
|
462
477
|
|
463
|
-
<fingerprint pattern="^RoxenUserID
|
478
|
+
<fingerprint pattern="^RoxenUserID=">
|
464
479
|
<description>Roxen WebServer</description>
|
465
480
|
<example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
|
466
481
|
<param pos="0" name="cookie" value="RoxenUserID"/>
|
@@ -469,7 +484,7 @@
|
|
469
484
|
<param pos="0" name="service.product" value="WebServer"/>
|
470
485
|
</fingerprint>
|
471
486
|
|
472
|
-
<fingerprint pattern="^_sn
|
487
|
+
<fingerprint pattern="^_sn=">
|
473
488
|
<description>Siebel CRM</description>
|
474
489
|
<example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
|
475
490
|
<param pos="0" name="cookie" value="_sn"/>
|
@@ -480,7 +495,7 @@
|
|
480
495
|
|
481
496
|
<!-- This fingerprint is not specific enough. Multiple products are sold under
|
482
497
|
the brand iPlanet/Sun ONE/Sun Java.
|
483
|
-
<fingerprint pattern="^(iPlanetUserId)
|
498
|
+
<fingerprint pattern="^(iPlanetUserId)=">
|
484
499
|
<description>Sun iPlanet</description>
|
485
500
|
<param pos="1" name="cookie"/>
|
486
501
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -490,8 +505,9 @@
|
|
490
505
|
|
491
506
|
-->
|
492
507
|
|
493
|
-
<fingerprint pattern="^NSES40Session
|
508
|
+
<fingerprint pattern="^NSES40Session=">
|
494
509
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
510
|
+
<example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
|
495
511
|
<param pos="0" name="cookie" value="NSES40Session"/>
|
496
512
|
<param pos="0" name="service.vendor" value="Sun"/>
|
497
513
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
@@ -500,7 +516,7 @@
|
|
500
516
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
501
517
|
</fingerprint>
|
502
518
|
|
503
|
-
<fingerprint pattern="^_redmine_session
|
519
|
+
<fingerprint pattern="^_redmine_session=">
|
504
520
|
<description>Redmine</description>
|
505
521
|
<example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
|
506
522
|
<param pos="0" name="cookie" value="_redmine_session"/>
|
@@ -518,8 +534,10 @@
|
|
518
534
|
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
519
535
|
</fingerprint>
|
520
536
|
|
521
|
-
<fingerprint pattern="^(
|
537
|
+
<fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
|
522
538
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
539
|
+
<example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
|
540
|
+
<example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
|
523
541
|
<param pos="1" name="cookie"/>
|
524
542
|
<param pos="0" name="service.vendor" value="Sun"/>
|
525
543
|
<param pos="0" name="service.family" value="Java System Application Server"/>
|
@@ -527,7 +545,7 @@
|
|
527
545
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
|
528
546
|
</fingerprint>
|
529
547
|
|
530
|
-
<fingerprint pattern="^fe_typo_user
|
548
|
+
<fingerprint pattern="^fe_typo_user=">
|
531
549
|
<description>TYPO3 CMS - http://typo3.com/</description>
|
532
550
|
<example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
|
533
551
|
<param pos="0" name="cookie" value="fe_typo_user"/>
|
@@ -536,7 +554,7 @@
|
|
536
554
|
<param pos="0" name="service.product" value="CMS"/>
|
537
555
|
</fingerprint>
|
538
556
|
|
539
|
-
<fingerprint pattern="^SaneID
|
557
|
+
<fingerprint pattern="^SaneID=">
|
540
558
|
<description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
|
541
559
|
<example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
|
542
560
|
<param pos="0" name="cookie" value="SaneID"/>
|
@@ -545,7 +563,7 @@
|
|
545
563
|
<param pos="0" name="service.product" value="NetTracker"/>
|
546
564
|
</fingerprint>
|
547
565
|
|
548
|
-
<fingerprint pattern="^(__utm[a-z])
|
566
|
+
<fingerprint pattern="^(__utm[a-z])=">
|
549
567
|
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
550
568
|
<example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
|
551
569
|
<param pos="1" name="cookie"/>
|
@@ -564,15 +582,16 @@
|
|
564
582
|
<param pos="0" name="hw.product" value="SD-WAN"/>
|
565
583
|
</fingerprint>
|
566
584
|
|
567
|
-
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)
|
585
|
+
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
|
568
586
|
<description>Vignette</description>
|
587
|
+
<example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
|
569
588
|
<param pos="1" name="cookie"/>
|
570
589
|
<param pos="0" name="service.vendor" value="Vignette"/>
|
571
590
|
<param pos="0" name="service.family" value="Vignette"/>
|
572
591
|
<param pos="0" name="service.product" value="Vignette"/>
|
573
592
|
</fingerprint>
|
574
593
|
|
575
|
-
<fingerprint pattern="^wgSession
|
594
|
+
<fingerprint pattern="^wgSession=">
|
576
595
|
<description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
|
577
596
|
<example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
|
578
597
|
<param pos="0" name="cookie" value="wgSession"/>
|
@@ -581,7 +600,7 @@
|
|
581
600
|
<param pos="0" name="service.product" value="WebGUI"/>
|
582
601
|
</fingerprint>
|
583
602
|
|
584
|
-
<fingerprint pattern="^(WEBTRENDS_?ID)
|
603
|
+
<fingerprint pattern="^(WEBTRENDS_?ID)=">
|
585
604
|
<description>WebTrends</description>
|
586
605
|
<example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
|
587
606
|
<param pos="1" name="cookie"/>
|
@@ -590,7 +609,7 @@
|
|
590
609
|
<param pos="0" name="service.product" value="WebTrends"/>
|
591
610
|
</fingerprint>
|
592
611
|
|
593
|
-
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)
|
612
|
+
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
|
594
613
|
<description>Zimbra</description>
|
595
614
|
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
596
615
|
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
@@ -600,7 +619,7 @@
|
|
600
619
|
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
601
620
|
</fingerprint>
|
602
621
|
|
603
|
-
<fingerprint pattern="^_ZopeId
|
622
|
+
<fingerprint pattern="^_ZopeId=">
|
604
623
|
<description>Zope</description>
|
605
624
|
<example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
|
606
625
|
<param pos="0" name="cookie" value="_ZopeId"/>
|
@@ -608,17 +627,18 @@
|
|
608
627
|
<param pos="0" name="service.product" value="Zope"/>
|
609
628
|
</fingerprint>
|
610
629
|
|
611
|
-
<fingerprint pattern="^
|
630
|
+
<fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
|
612
631
|
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
613
|
-
<
|
614
|
-
<param pos="
|
632
|
+
<example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
|
633
|
+
<param pos="0" name="cookie" value="portal"/>
|
634
|
+
<param pos="1" name="service.version"/>
|
615
635
|
<param pos="0" name="service.vendor" value="Oracle"/>
|
616
636
|
<param pos="0" name="service.family" value="OracleAS"/>
|
617
637
|
<param pos="0" name="service.product" value="Application Server Portal"/>
|
618
638
|
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
|
619
639
|
</fingerprint>
|
620
640
|
|
621
|
-
<fingerprint pattern="^Compaq-HMMD=[^;]
|
641
|
+
<fingerprint pattern="^Compaq-HMMD=[^;]+;">
|
622
642
|
<description>HP System Management Homepage (SMH)</description>
|
623
643
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
|
624
644
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
|
@@ -643,6 +663,40 @@
|
|
643
663
|
<param pos="0" name="service.product" value="Arachni"/>
|
644
664
|
</fingerprint>
|
645
665
|
|
666
|
+
<fingerprint pattern="^unraid_">
|
667
|
+
<description>Unraid</description>
|
668
|
+
<example>unraid_2e9e9f79999999999999999999r9b999=c5599999999999999999999999999e38; path=/; HttpOnly; SameSite=Lax</example>
|
669
|
+
<param pos="0" name="service.vendor" value="Lime Technologies"/>
|
670
|
+
<param pos="0" name="service.product" value="Unraid"/>
|
671
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
672
|
+
</fingerprint>
|
673
|
+
|
674
|
+
<fingerprint pattern="^phpMyAdmin=">
|
675
|
+
<description>phpMyAdmin web interface for MySQL and MariaDB</description>
|
676
|
+
<example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
|
677
|
+
<param pos="0" name="service.vendor" value="phpMyAdmin"/>
|
678
|
+
<param pos="0" name="service.product" value="phpMyAdmin"/>
|
679
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
|
680
|
+
</fingerprint>
|
681
|
+
|
682
|
+
<fingerprint pattern="^(adminer_(?:sid|key))=">
|
683
|
+
<description>Adminer database management tool</description>
|
684
|
+
<example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
|
685
|
+
<example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
|
686
|
+
<param pos="1" name="cookie"/>
|
687
|
+
<param pos="0" name="service.vendor" value="Adminer"/>
|
688
|
+
<param pos="0" name="service.product" value="Adminer"/>
|
689
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
|
690
|
+
</fingerprint>
|
691
|
+
|
692
|
+
<fingerprint pattern="^mongo-express=">
|
693
|
+
<description>mongo-express web-based MongoDB admin interface</description>
|
694
|
+
<example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
|
695
|
+
<param pos="0" name="service.vendor" value="mongo-express Project"/>
|
696
|
+
<param pos="0" name="service.product" value="mongo-express"/>
|
697
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
|
698
|
+
</fingerprint>
|
699
|
+
|
646
700
|
<!--
|
647
701
|
Ignore various cookies that are very generic cookies for session IDs
|
648
702
|
that are not necessarily indicative of any particular
|
@@ -651,24 +705,33 @@
|
|
651
705
|
these and this is enforced by rspec.
|
652
706
|
-->
|
653
707
|
|
654
|
-
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]
|
655
|
-
<description>Ignore simple JSESSIONID and related cookies</description>
|
708
|
+
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
|
709
|
+
<description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
|
656
710
|
<example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
|
657
711
|
<example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
|
658
712
|
<example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
|
713
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
714
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
715
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
659
716
|
</fingerprint>
|
660
717
|
|
661
|
-
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]
|
662
|
-
<description>Ignore simple SESSIONID and related cookies</description>
|
718
|
+
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
|
719
|
+
<description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
|
663
720
|
<example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
|
664
721
|
<example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
|
665
722
|
<example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
|
666
723
|
<example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
|
724
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
725
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
726
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
667
727
|
</fingerprint>
|
668
728
|
|
669
|
-
<fingerprint pattern="(?i)^sid=[^;]
|
670
|
-
<description>Ignore simple SID and related cookies</description>
|
729
|
+
<fingerprint pattern="(?i)^sid=[^;]+;">
|
730
|
+
<description>Ignore simple SID and related cookies -- assert nothing</description>
|
671
731
|
<example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
|
732
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
733
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
734
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
672
735
|
</fingerprint>
|
673
736
|
|
674
737
|
</fingerprints>
|