RubyGems - recog - Versions diffs - 2.3.20 → 2.3.23 - Mend

recog 2.3.20 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +8 -0
data/.github/workflows/ci.yml +1 -1
data/.github/workflows/verify.yml +89 -0
data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
data/.vscode/extensions.json +5 -0
data/.vscode/settings.json +8 -0
data/.vscode/tasks.json +77 -0
data/CONTRIBUTING.md +8 -0
data/README.md +17 -0
data/bin/recog_standardize +28 -13
data/bin/recog_verify +42 -8
data/cpe-remap.yaml +62 -3
data/features/data/schema_failure.xml +4 -0
data/features/data/tests_with_failures.xml +6 -0
data/features/support/hooks.rb +9 -0
data/features/verify.feature +85 -21
data/identifiers/fields.txt +6 -5
data/identifiers/hw_device.txt +8 -0
data/identifiers/hw_family.txt +8 -0
data/identifiers/hw_product.txt +54 -0
data/identifiers/os_device.txt +2 -0
data/identifiers/os_family.txt +2 -0
data/identifiers/os_product.txt +18 -2
data/identifiers/service_product.txt +26 -0
data/identifiers/vendor.txt +62 -1
data/lib/recog/db.rb +2 -1
data/lib/recog/fingerprint.rb +33 -6
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/nizer.rb +1 -82
data/lib/recog/verifier.rb +9 -9
data/lib/recog/verify_reporter.rb +17 -6
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/fingerprint_self_test_spec.rb +1 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/verify_reporter_spec.rb +73 -4
data/tools/dev/hooks/pre-commit +21 -0
data/update_cpes.py +130 -37
data/xml/apache_os.xml +98 -56
data/xml/architecture.xml +15 -1
data/xml/dhcp_vendor_class.xml +206 -0
data/xml/dns_versionbind.xml +26 -13
data/xml/favicons.xml +236 -47
data/xml/fingerprints.xsd +9 -1
data/xml/ftp_banners.xml +213 -197
data/xml/h323_callresp.xml +101 -101
data/xml/hp_pjl_id.xml +84 -84
data/xml/html_title.xml +715 -45
data/xml/http_cookies.xml +143 -80
data/xml/http_servers.xml +510 -310
data/xml/http_wwwauth.xml +177 -75
data/xml/imap_banners.xml +10 -10
data/xml/mdns_device-info_txt.xml +421 -26
data/xml/mysql_banners.xml +3 -2
data/xml/nntp_banners.xml +12 -9
data/xml/ntp_banners.xml +97 -97
data/xml/operating_system.xml +98 -83
data/xml/pop_banners.xml +27 -27
data/xml/rsh_resp.xml +3 -3
data/xml/sip_banners.xml +46 -8
data/xml/sip_user_agents.xml +180 -27
data/xml/smb_native_lm.xml +5 -5
data/xml/smb_native_os.xml +28 -25
data/xml/smtp_banners.xml +258 -254
data/xml/smtp_ehlo.xml +1 -1
data/xml/smtp_help.xml +11 -11
data/xml/smtp_noop.xml +2 -2
data/xml/snmp_sysdescr.xml +1554 -1429
data/xml/snmp_sysobjid.xml +27 -27
data/xml/ssh_banners.xml +27 -20
data/xml/telnet_banners.xml +256 -57
data/xml/tls_jarm.xml +48 -6
data/xml/x11_banners.xml +3 -3
data/xml/x509_issuers.xml +69 -2
data/xml/x509_subjects.xml +144 -33
metadata +24 -4
data/lib/recog/verifier_factory.rb +0 -13

data/xml/http_cookies.xml CHANGED Viewed

@@ -15,7 +15,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
   </fingerprint>
-  <fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=.*$">
+  <fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=">
     <description>Amazon Application Load Balancer</description>
     <example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
     <example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
@@ -26,7 +26,7 @@
     <param pos="0" name="service.product" value="Application Load Balancer"/>
   </fingerprint>
-  <fingerprint pattern="^(AWSELB(?:CORS)?)=.*$">
+  <fingerprint pattern="^(AWSELB(?:CORS)?)=">
     <description>Amazon Elastic Load Balancer</description>
     <example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
     <example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
@@ -36,7 +36,7 @@
     <param pos="0" name="service.product" value="Elastic Load Balancer"/>
   </fingerprint>
-  <fingerprint pattern="^(PHPSESSI(?:D|ON))=.*">
+  <fingerprint pattern="^(PHPSESSI(?:D|ON))=">
     <description>PHP - http://www.php.net/ref.session</description>
     <example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
     <example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
@@ -47,7 +47,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
   </fingerprint>
-  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
+  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=">
     <description>Microsoft IIS (ASP.NET)
       http://msdn2.microsoft.com/en-us/library/ms953828.aspx
       http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
@@ -66,7 +66,7 @@
     <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
   </fingerprint>
-  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
+  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=">
     <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
     <example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
     <example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
@@ -77,26 +77,40 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
   </fingerprint>
-  <fingerprint pattern="^ANsession\d+=(\S+);.*">
+  <fingerprint pattern="^ANsession\d+=(\S+);">
     <description>Array Networks Secure Access Gateway / SSL VPN</description>
-    <example>ANsession0002262072457555=IPMI; path=/;secure</example>
+    <example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Array Networks"/>
     <param pos="0" name="service.family" value="Secure Access Gateway"/>
     <param pos="0" name="hw.device" value="VPN"/>
   </fingerprint>
-  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
-    <description>Apache</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.micros"/>
+  <fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
+    <description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
+    <example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
+    <example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
+    <example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
+    <example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
+    <param pos="0" name="cookie" value="Apache"/>
+    <param pos="1" name="host.ip"/>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.family" value="Apache"/>
+    <param pos="0" name="service.product" value="HTTPD"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
+    <description>Apache with opaque session ID</description>
+    <example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
+    <param pos="0" name="cookie" value="Apache"/>
     <param pos="0" name="service.vendor" value="Apache"/>
     <param pos="0" name="service.family" value="Apache"/>
     <param pos="0" name="service.product" value="HTTPD"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^JServSessionIdroot=.*">
+  <fingerprint pattern="^JServSessionIdroot=">
     <description>Apache JServ</description>
     <example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
     <param pos="0" name="cookie" value="JServSessionIdroot"/>
@@ -105,7 +119,7 @@
     <param pos="0" name="service.product" value="JServ"/>
   </fingerprint>
-  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
+  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=">
     <description>ATG Dynamo</description>
     <example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
     <param pos="1" name="cookie"/>
@@ -114,7 +128,7 @@
     <param pos="0" name="service.product" value="Dynamo"/>
   </fingerprint>
-  <fingerprint pattern="^Bugzilla_login_request_cookie=.*">
+  <fingerprint pattern="^Bugzilla_login_request_cookie=">
     <description>Bugzilla</description>
     <example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
     <param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
@@ -123,34 +137,27 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
   </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
-    <description>BEA WebLogic (with timestamp)</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.millis"/>
-    <param pos="0" name="service.vendor" value="BEA"/>
-    <param pos="0" name="service.family" value="WebLogic"/>
-    <param pos="0" name="service.product" value="WebLogic"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
-  </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=.*">
+  <fingerprint pattern="^WebLogicSession=">
     <description>BEA WebLogic (no timestamp)</description>
-    <param pos="1" name="cookie"/>
+    <example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
+    <example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
+    <param pos="0" name="cookie" value="WebLogicSession"/>
     <param pos="0" name="service.vendor" value="BEA"/>
     <param pos="0" name="service.family" value="WebLogic"/>
     <param pos="0" name="service.product" value="WebLogic"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
+  <fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
     <description>BlueCoat Proxy</description>
+    <example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Blue Coat"/>
     <param pos="0" name="service.family" value="Proxy"/>
     <param pos="0" name="service.product" value="Proxy"/>
   </fingerprint>
-  <fingerprint pattern="^CAKEPHP=.*">
+  <fingerprint pattern="^CAKEPHP=">
     <description>CakePHP - http://www.cakephp.org/</description>
     <example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
     <param pos="0" name="cookie" value="CAKEPHP"/>
@@ -163,21 +170,20 @@
       The cookie value breaks down to [box-id][service-id][timeout-value]
       unfortunately, there's no separator so it's hard to tell what the
       actual break is between the pieces of data.
-      http://www.cisco.com/warp/public/117/AP_cookies.html
   -->
-  <fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
+  <fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+">
     <description>Cisco 11000 Series Content Service Switch (CSS)</description>
-    <example host.id="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
+    <example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
     <param pos="0" name="cookie" value="ARPT"/>
-    <param pos="1" name="host.id"/>
+    <param pos="1" name="host.name"/>
     <param pos="2" name="host.ip"/>
     <param pos="0" name="service.vendor" value="Cisco"/>
     <param pos="0" name="service.family" value="Content Service Switch"/>
     <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
   </fingerprint>
-  <fingerprint pattern="^ARPT=.*">
+  <fingerprint pattern="^ARPT=">
     <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
     <example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
     <param pos="0" name="cookie" value="ARPT"/>
@@ -207,15 +213,16 @@
     <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
   </fingerprint>
-  <fingerprint pattern="^st8id=.*">
+  <fingerprint pattern="^st8id=">
     <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
+    <example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
     <param pos="0" name="cookie" value="st8id"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="Application Protection System"/>
     <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
   </fingerprint>
-  <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=.*">
+  <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=">
     <description>Citrix NetScaler</description>
     <example>NSC_AAAC=xyz;</example>
     <example>NSC_TEMP=xyz;</example>
@@ -243,7 +250,7 @@
     <param pos="0" name="os.product" value="Pulse Connect Secure"/>
   </fingerprint>
-  <fingerprint pattern="^DokuWiki=.*">
+  <fingerprint pattern="^DokuWiki=">
     <description>Dokuwiki</description>
     <example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
     <param pos="0" name="cookie" value="DokuWiki"/>
@@ -252,7 +259,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
   </fingerprint>
-  <fingerprint pattern="^(EktGUID|ecm)=.*">
+  <fingerprint pattern="^(EktGUID|ecm)=">
     <description>Ektron CMS400.net</description>
     <example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
     <param pos="1" name="cookie"/>
@@ -270,9 +277,9 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
   </fingerprint>
-  <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
+  <fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
     <description>F5 BIG-IP LTM - Server variant</description>
-    <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
+    <example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="2" name="loadbalancer.poolname"/>
     <param pos="0" name="service.vendor" value="F5"/>
@@ -281,7 +288,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
   </fingerprint>
-  <fingerprint pattern="^i_like_gogits=.*">
+  <fingerprint pattern="^i_like_gogits=">
     <description>Gogs</description>
     <example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
     <param pos="0" name="cookie" value="i_like_gogits"/>
@@ -290,7 +297,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
   </fingerprint>
-  <fingerprint pattern="^(BigIPCookie[^=]*)=.*">
+  <fingerprint pattern="^(BigIPCookie[^=]*)=">
     <description>F5 BIG-IP LTM</description>
     <example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
     <example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
@@ -310,7 +317,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
   </fingerprint>
-  <fingerprint pattern="^i_like_gitea=.*">
+  <fingerprint pattern="^i_like_gitea=">
     <description>Gitea</description>
     <example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
     <param pos="0" name="cookie" value="i_like_gitea"/>
@@ -320,7 +327,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
   </fingerprint>
-  <fingerprint pattern="^_gitlab_session=.*">
+  <fingerprint pattern="^_gitlab_session=">
     <description>GitLab</description>
     <example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
     <param pos="0" name="cookie" value="_gitlab_session"/>
@@ -339,7 +346,7 @@
     <param pos="0" name="service.product" value="HAProxy"/>
   </fingerprint>
-  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
+  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=">
     <description>IBM Tivoli Access Manager for e-business WebSEAL
       http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
     </description>
@@ -352,7 +359,7 @@
     <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
   </fingerprint>
-  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
+  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=">
     <description>IBM Tivoli Access Manager for e-business WebSeal
       http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
     </description>
@@ -364,15 +371,18 @@
     <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
   </fingerprint>
-  <fingerprint pattern="^IBMCBR=.*">
+  <fingerprint pattern="^IBMCBR=">
     <description>IBM WebSphere Load Balancer</description>
+    <!-- Replace with a valid example if one is discovered -->
+    <example>IBMCBR=fakevalue</example>
     <param pos="0" name="cookie" value="IBMCBR"/>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="WebSphere"/>
     <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
   </fingerprint>
-  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
+  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=">
     <description>Joom!Fish http://www.joomfish.net/</description>
     <example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
     <example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
@@ -383,12 +393,14 @@
   <fingerprint pattern="^_mastodon_session=">
     <description>Mastodon</description>
+    <example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
     <param pos="0" name="cookie" value="_mastodon_session"/>
     <param pos="0" name="service.product" value="Mastodon"/>
   </fingerprint>
-  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
+  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
     <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
+    <example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Commerce Server"/>
@@ -396,18 +408,18 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=.*">
+  <fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=">
     <description>Nextcloud</description>
     <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
     <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
-    <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
+    <example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Nextcloud"/>
     <param pos="0" name="service.product" value="Nextcloud Server"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^AlteonP=.*">
+  <fingerprint pattern="^AlteonP=">
     <description>Nortel Alteon Web Switch</description>
     <example>AlteonP=c46736793e45929dbaeebabb; path=</example>
     <param pos="0" name="cookie" value="AlteonP"/>
@@ -416,7 +428,7 @@
     <param pos="0" name="service.product" value="Alteon Web Switch"/>
   </fingerprint>
-  <fingerprint pattern="^OBSID=.*">
+  <fingerprint pattern="^OBSID=">
     <description>Observium</description>
     <example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
     <param pos="0" name="cookie" value="OBSID"/>
@@ -425,23 +437,26 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
   </fingerprint>
-  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
+  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
     <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
+    <example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
+    <example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="FatWire"/>
     <param pos="0" name="service.family" value="Content Server"/>
     <param pos="0" name="service.product" value="Content Server"/>
   </fingerprint>
-  <fingerprint pattern="^parkinglot=.*">
+  <fingerprint pattern="^parkinglot=">
     <description>Oversee Webserver</description>
+    <example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
     <param pos="0" name="cookie" value="parkinglot"/>
     <param pos="0" name="service.vendor" value="Oversee"/>
     <param pos="0" name="service.family" value="Webserver"/>
     <param pos="0" name="service.product" value="Webserver"/>
   </fingerprint>
-  <fingerprint pattern="^phsid=.*">
+  <fingerprint pattern="^phsid=">
     <description>Phabricator</description>
     <example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
     <param pos="0" name="cookie" value="phsid"/>
@@ -451,7 +466,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
   </fingerprint>
-  <fingerprint pattern="^RMID=.*">
+  <fingerprint pattern="^RMID=">
     <description>RealMedia OpenAdStream</description>
     <example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
     <param pos="0" name="cookie" value="RMID"/>
@@ -460,7 +475,7 @@
     <param pos="0" name="service.product" value="OpenAdStream"/>
   </fingerprint>
-  <fingerprint pattern="^RoxenUserID=.*">
+  <fingerprint pattern="^RoxenUserID=">
     <description>Roxen WebServer</description>
     <example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
     <param pos="0" name="cookie" value="RoxenUserID"/>
@@ -469,7 +484,7 @@
     <param pos="0" name="service.product" value="WebServer"/>
   </fingerprint>
-  <fingerprint pattern="^_sn=.*">
+  <fingerprint pattern="^_sn=">
     <description>Siebel CRM</description>
     <example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
     <param pos="0" name="cookie" value="_sn"/>
@@ -480,7 +495,7 @@
   <!-- This fingerprint is not specific enough. Multiple products are sold under
    the brand iPlanet/Sun ONE/Sun Java.
-   <fingerprint pattern="^(iPlanetUserId)=.*">
+   <fingerprint pattern="^(iPlanetUserId)=">
       <description>Sun iPlanet</description>
       <param pos="1" name="cookie"/>
       <param pos="0" name="service.vendor" value="Sun"/>
@@ -490,8 +505,9 @@
    -->
-  <fingerprint pattern="^NSES40Session=.*">
+  <fingerprint pattern="^NSES40Session=">
     <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
+    <example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
     <param pos="0" name="cookie" value="NSES40Session"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Web Server"/>
@@ -500,7 +516,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
   </fingerprint>
-  <fingerprint pattern="^_redmine_session=.*">
+  <fingerprint pattern="^_redmine_session=">
     <description>Redmine</description>
     <example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
     <param pos="0" name="cookie" value="_redmine_session"/>
@@ -518,8 +534,10 @@
     <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
   </fingerprint>
-  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
+  <fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
     <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
+    <example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
+    <example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Application Server"/>
@@ -527,7 +545,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^fe_typo_user=.*">
+  <fingerprint pattern="^fe_typo_user=">
     <description>TYPO3 CMS - http://typo3.com/</description>
     <example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
     <param pos="0" name="cookie" value="fe_typo_user"/>
@@ -536,7 +554,7 @@
     <param pos="0" name="service.product" value="CMS"/>
   </fingerprint>
-  <fingerprint pattern="^SaneID=.*">
+  <fingerprint pattern="^SaneID=">
     <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
     <example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
     <param pos="0" name="cookie" value="SaneID"/>
@@ -545,7 +563,7 @@
     <param pos="0" name="service.product" value="NetTracker"/>
   </fingerprint>
-  <fingerprint pattern="^(__utm[a-z])=.*">
+  <fingerprint pattern="^(__utm[a-z])=">
     <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
     <example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
     <param pos="1" name="cookie"/>
@@ -564,15 +582,16 @@
     <param pos="0" name="hw.product" value="SD-WAN"/>
   </fingerprint>
-  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
+  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
     <description>Vignette</description>
+    <example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Vignette"/>
     <param pos="0" name="service.family" value="Vignette"/>
     <param pos="0" name="service.product" value="Vignette"/>
   </fingerprint>
-  <fingerprint pattern="^wgSession=.*">
+  <fingerprint pattern="^wgSession=">
     <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
     <example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
     <param pos="0" name="cookie" value="wgSession"/>
@@ -581,7 +600,7 @@
     <param pos="0" name="service.product" value="WebGUI"/>
   </fingerprint>
-  <fingerprint pattern="^(WEBTRENDS_?ID)=.*">
+  <fingerprint pattern="^(WEBTRENDS_?ID)=">
     <description>WebTrends</description>
     <example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
     <param pos="1" name="cookie"/>
@@ -590,7 +609,7 @@
     <param pos="0" name="service.product" value="WebTrends"/>
   </fingerprint>
-  <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=.*">
+  <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
     <description>Zimbra</description>
     <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
     <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
@@ -600,7 +619,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
   </fingerprint>
-  <fingerprint pattern="^_ZopeId=.*">
+  <fingerprint pattern="^_ZopeId=">
     <description>Zope</description>
     <example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
     <param pos="0" name="cookie" value="_ZopeId"/>
@@ -608,17 +627,18 @@
     <param pos="0" name="service.product" value="Zope"/>
   </fingerprint>
-  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
+  <fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
     <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="service.version"/>
+    <example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
+    <param pos="0" name="cookie" value="portal"/>
+    <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="OracleAS"/>
     <param pos="0" name="service.product" value="Application Server Portal"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
+  <fingerprint pattern="^Compaq-HMMD=[^;]+;">
     <description>HP System Management Homepage (SMH)</description>
     <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
     <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
@@ -643,6 +663,40 @@
     <param pos="0" name="service.product" value="Arachni"/>
   </fingerprint>
+  <fingerprint pattern="^unraid_">
+    <description>Unraid</description>
+    <example>unraid_2e9e9f79999999999999999999r9b999=c5599999999999999999999999999e38; path=/; HttpOnly; SameSite=Lax</example>
+    <param pos="0" name="service.vendor" value="Lime Technologies"/>
+    <param pos="0" name="service.product" value="Unraid"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
+  <fingerprint pattern="^phpMyAdmin=">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(adminer_(?:sid|key))=">
+    <description>Adminer database management tool</description>
+    <example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
+    <example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+  <fingerprint pattern="^mongo-express=">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
   <!--
         Ignore various cookies that are very generic cookies for session IDs
         that are not necessarily indicative of any particular
@@ -651,24 +705,33 @@
         these and this is enforced by rspec.
     -->
-  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
-    <description>Ignore simple JSESSIONID and related cookies</description>
+  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
+    <description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
     <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
     <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
     <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
-  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
-    <description>Ignore simple SESSIONID and related cookies</description>
+  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
+    <description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
     <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
     <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
     <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
     <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
-  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
-    <description>Ignore simple SID and related cookies</description>
+  <fingerprint pattern="(?i)^sid=[^;]+;">
+    <description>Ignore simple SID and related cookies -- assert nothing</description>
     <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 </fingerprints>