recog 2.3.20 → 2.3.23

data/xml/pop_banners.xml

@@ -5,7 +5,7 @@
   matched against these patterns to fingerprint POP3 servers.
   -->
 
-  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
+  <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
     <description>OSX Cyrus POP</description>
     <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
     <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
@@ -20,7 +20,7 @@
     <param pos="1" name="host.domain"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
+  <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
     <description>CMU Cyrus POP</description>
     <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
     <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
@@ -31,7 +31,7 @@
     <param pos="1" name="host.domain"/>
   </fingerprint>
 
-  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
+  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on">
     <description>IBM Lotus Notes/Domino</description>
     <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
     <param pos="0" name="service.vendor" value="IBM"/>
@@ -40,7 +40,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
+  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on">
     <description>IBM Lotus Notes/Domino - Release variant</description>
     <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
     <param pos="0" name="service.vendor" value="IBM"/>
@@ -50,9 +50,9 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
+  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\.">
     <description>Qpopper with Sphera mods</description>
-    <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting.  &lt;xxx@domain&gt;</example>
+    <example service.version="4.0.3" host.domain="domain">Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting.  &lt;xxx@domain&gt;</example>
     <param pos="0" name="service.vendor" value="Sphera"/>
     <param pos="0" name="service.family" value="Qpopper"/>
     <param pos="0" name="service.product" value="Qpopper"/>
@@ -60,9 +60,9 @@
     <param pos="2" name="host.domain"/>
   </fingerprint>
 
-  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
+  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\.">
     <description>Qpopper with MySQL auth module</description>
-    <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting.  &lt;xxx@domain&gt;</example>
+    <example service.version="4.0.3" service.component.version="0.13" host.domain="domain">Qpopper (version 4.0.3-mysql-0.13) at domain starting.  &lt;xxx@domain&gt;</example>
     <param pos="0" name="service.vendor" value="Qualcomm"/>
     <param pos="0" name="service.family" value="Qpopper"/>
     <param pos="0" name="service.product" value="Qpopper"/>
@@ -73,11 +73,11 @@
     <param pos="3" name="host.domain"/>
   </fingerprint>
 
-  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
+  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (\S{1,512})(?: starting\.)?">
     <description>Qpopper missing version info</description>
-    <example>Qpopper (version 4.0.16) at foo.example.com</example>
-    <example>QPOP (version 2.53) at domain starting.  &lt;xxx@domain&gt;</example>
-    <example>Qpopper (version 4.0.3) at domain starting.  &lt;xxx@domain&gt;</example>
+    <example service.version="4.0.16" host.domain="foo.example.com">Qpopper (version 4.0.16) at foo.example.com</example>
+    <example service.version="2.53" host.domain="domain">QPOP (version 2.53) at domain starting.  &lt;xxx@domain&gt;</example>
+    <example service.version="4.0.3" host.domain="domain">Qpopper (version 4.0.3) at domain starting.  &lt;xxx@domain&gt;</example>
     <param pos="0" name="service.vendor" value="Qualcomm"/>
     <param pos="0" name="service.family" value="Qpopper"/>
     <param pos="0" name="service.product" value="Qpopper"/>
@@ -85,9 +85,9 @@
     <param pos="2" name="host.domain"/>
   </fingerprint>
 
-  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
+  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\.">
     <description>Qpopper with missing version info</description>
-    <example>QPOP (version ?) at domain starting.  &lt;xxx@domain&gt;</example>
+    <example qpopper.version="?" host.domain="domain">QPOP (version ?) at domain starting.  &lt;xxx@domain&gt;</example>
     <param pos="0" name="service.vendor" value="Qualcomm"/>
     <param pos="0" name="service.family" value="Qpopper"/>
     <param pos="0" name="service.product" value="Qpopper"/>
@@ -97,7 +97,7 @@
 
   <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
     <description>Microsoft Exchange Server 2003</description>
-    <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
+    <example service.version="6.5.6944.0" host.name="(host)">Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Exchange Server"/>
     <param pos="0" name="service.product" value="Exchange 2003 Server"/>
@@ -110,9 +110,9 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
+  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) \((\S{1,512})\) ready\.$">
     <description>Microsoft Exchange Server 2000</description>
-    <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
+    <example service.version="6.0.6603.0" host.name="host">Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Exchange Server"/>
     <param pos="0" name="service.product" value="Exchange 2000 Server"/>
@@ -127,7 +127,7 @@
 
   <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
     <description>Microsoft Exchange Server</description>
-    <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
+    <example service.version="5.5.2654.50">Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Exchange Server"/>
     <param pos="0" name="service.product" value="Exchange Server"/>
@@ -141,7 +141,7 @@
 
   <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
     <description>Microsoft POP3 Services on Windows 2003</description>
-    <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
+    <example host.name="host">Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="E-mail Services"/>
     <param pos="0" name="service.product" value="E-mail Services"/>
@@ -229,7 +229,7 @@
     <param pos="0" name="hw.product" value="Raspberry Pi"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
     <description>VMware Zimbra POP</description>
     <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>
@@ -238,9 +238,9 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
     <description>VMware Zimbra POP with version</description>
-    <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
+    <example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>
     <param pos="0" name="service.product" value="Zimbra"/>
     <param pos="2" name="service.version"/>
@@ -250,15 +250,15 @@
 
   <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
     <description>Generic masked POP3 server</description>
-    <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
-    <example>&lt;84427.1298535083@foo.example.com&gt;</example>
+    <example host.name="foo.example.com">POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
+    <example host.name="foo.example.com">&lt;84427.1298535083@foo.example.com&gt;</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
 
   <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
     <description>Apple Open Directory</description>
-    <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
-    <example>ApplePasswordServer 10.5.0.1 password serv</example>
+    <example os.version="10.6.0.0">ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
+    <example os.version="10.5.0.1">ApplePasswordServer 10.5.0.1 password serv</example>
     <param pos="0" name="service.vendor" value="Apple"/>
     <param pos="0" name="service.product" value="Open Directory"/>
     <param pos="0" name="os.vendor" value="Apple"/>
@@ -269,7 +269,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
+  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+),">
     <description>TCP/IP Services for OpenVMS POP server</description>
     <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
     <param pos="0" name="service.family" value="OpenVMS"/>

data/xml/rsh_resp.xml

@@ -41,7 +41,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
+  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\." flags="REG_DOT_NEWLINE">
     <description>A/UX rlogind</description>
     <example>xrlogind: Host name for your address (127.0.0.1) unknown.
       </example>
@@ -49,7 +49,7 @@
     <param pos="0" name="os.family" value="A/UX"/>
   </fingerprint>
 
-  <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
+  <fingerprint pattern="^.rexecd: Login incorrect\." flags="REG_DOT_NEWLINE">
     <description>HP-UX rexecd</description>
     <example>xrexecd: Login incorrect.
       </example>
@@ -59,7 +59,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
+  <fingerprint pattern="^.rexecd: [-\d]+" flags="REG_DOT_NEWLINE">
     <description>AIX rexecd</description>
     <example>xrexecd: 0-1 The login is not correct.
       </example>

data/xml/sip_banners.xml

@@ -62,7 +62,7 @@
 
   <!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
 
-  <fingerprint pattern="^(?:[\dA-F]+ )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
+  <fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
     <description>Linksys RT31P2</description>
     <example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
     <example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
@@ -184,7 +184,7 @@
     <description>Cisco/Tandberg TelePresence</description>
     <example os.version="TC7.0.2.aecf2d9" tandberg.model="519" hw.product="TANDBERG/519">TANDBERG/519 (TC7.0.2.aecf2d9)</example>
     <example os.version="X12.5.2" tandberg.model="4137" hw.product="TANDBERG/4137">TANDBERG/4137 (X12.5.2 (TEST SW))</example>
-    <example os.version="X8.2.1" hw.product="TANDBERG/4130">TANDBERG/4130 (X8.2.1)</example>
+    <example os.version="X8.2.1" hw.product="TANDBERG/4130" tandberg.model="4130">TANDBERG/4130 (X8.2.1)</example>
     <example os.version="XC2.2.1-b2bua-1.0" hw.product="TANDBERG/4353" tandberg.model="4353">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
     <example os.version="TC5.1.4.295090" hw.product="TANDBERG/516" tandberg.model="516">TANDBERG/516 (TC5.1.4.295090)</example>
     <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>
@@ -312,9 +312,9 @@
 
   <fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
     <description>Grandstream UCM 6xxx series generic</description>
-    <example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
-    <example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
-    <example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
+    <example hw.product="UCM6102" os.version="1.0.6.10" hw.version="1.5A">Grandstream UCM6102V1.5A 1.0.6.10</example>
+    <example hw.product="UCM6302" hw.version="1.2B" os.version="1.0.3.10">Grandstream UCM6302V1.2B 1.0.3.10</example>
+    <example hw.product="UCM6510" os.version="1.0.14.23" hw.version="1.4B">Grandstream UCM6510V1.4B 1.0.14.23</example>
     <param pos="0" name="os.vendor" value="Grandstream"/>
     <param pos="3" name="os.version"/>
     <param pos="0" name="os.device" value="SIP Gateway"/>
@@ -418,7 +418,7 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
+  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
     <description>Audiocodes-Sip-Gateway</description>
     <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
     <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
@@ -575,7 +575,7 @@
     <param pos="0" name="os.arch" value="ARM"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i)OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
     <description>OpenSER OpenSER - Linux on Renesas SH4</description>
     <example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
     <param pos="0" name="service.vendor" value="OpenSER"/>
@@ -668,7 +668,7 @@
     <description>Fortinet FortiVoice</description>
     <example hw.product="200D">FortiVoice-200D</example>
     <example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
-    <example>FortiVoice-1000E</example>
+    <example hw.product="1000E">FortiVoice-1000E</example>
     <param pos="0" name="service.vendor" value="Fortinet"/>
     <param pos="0" name="service.product" value="FortiVoice"/>
     <param pos="0" name="service.device" value="SIP Gateway"/>
@@ -689,4 +689,42 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^(OpenStage|OpenScape)_(\d+)_(V\d \S+) ">
+    <description>Unify OpenStage VoIP Phone 1</description>
+    <example hw.family="OpenStage" unify.model="40" os.version="V3 R5.13.0">OpenStage_40_V3 R5.13.0      SIP  190111</example>
+    <param pos="0" name="os.vendor" value="Unify"/>
+    <param pos="0" name="os.product" value="{hw.family} {unify.model} Firmware"/>
+    <param pos="0" name="hw.vendor" value="Unify"/>
+    <param pos="0" name="hw.product" value="{hw.family} {unify.model}"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="2" name="unify.model"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Desk_Phone_IP_(CP\d+[EXT]?)_(V\d \S+) ">
+    <description>Unify OpenStage VoIP Phone 2</description>
+    <example unify.model="CP200" os.version="V1 R6.14.0">Desk_Phone_IP_CP200_V1 R6.14.0      SIP  190802</example>
+    <example unify.model="CP400" os.version="V1 R6.14.0">Desk_Phone_IP_CP400_V1 R6.14.0      SIP  190802</example>
+    <example unify.model="CP600" os.version="V1 R6.14.0">Desk_Phone_IP_CP600_V1 R6.14.0      SIP  190802</example>
+    <param pos="0" name="os.vendor" value="Unify"/>
+    <param pos="0" name="hw.vendor" value="Unify"/>
+    <param pos="0" name="hw.family" value="OpenScape Desk Phone"/>
+    <param pos="0" name="hw.product" value="{hw.family} {unify.model}"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="unify.model"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Eltex (ESR-\d\w{1,4})$">
+    <description>Eltex ESR model service gateway</description>
+    <example hw.product="ESR-12V">Eltex ESR-12V</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/sip_user_agents.xml

@@ -9,6 +9,9 @@
   <fingerprint pattern="^SIP/2.0$">
     <description>Generic SIP/2.0 response -- assert nothing.</description>
     <example>SIP/2.0</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^TP-Link SIP Stack V1.0.0$">
@@ -25,7 +28,7 @@
 
   <fingerprint pattern="^Home&amp;Life HUB/([\d.]+)$">
     <description>Zyxel home routers</description>
-    <example>Home&amp;Life HUB/1.1.26.00</example>
+    <example os.version="1.1.26.00">Home&amp;Life HUB/1.1.26.00</example>
     <param pos="0" name="os.vendor" value="Zyxel"/>
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.device" value="Router"/>
@@ -44,6 +47,7 @@
     <param pos="0" name="hw.vendor" value="Technicolor"/>
     <param pos="0" name="hw.product" value="TG789vac"/>
     <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Technicolor / VANT-6$">
@@ -54,17 +58,18 @@
     <param pos="0" name="hw.vendor" value="Technicolor"/>
     <param pos="0" name="hw.product" value="TG789vac"/>
     <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Technicolor|MediaAccess) (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
     <description>Technicolor TGxxx Router with build info</description>
     <example hw.product="TG784n" os.version="10.2.1.O">Technicolor TG784n v3 Build 10.2.1.O</example>
     <example hw.product="TG789vn" os.version="10.5.2.Z.EC">Technicolor TG789vn v3 Build 10.5.2.Z.EC</example>
-    <example>MediaAccess TG789vac v2 Build 10.5.8.Y.GX CP1916SAQHD</example>
+    <example os.version="10.5.8.Y.GX" hw.product="TG789vac">MediaAccess TG789vac v2 Build 10.5.8.Y.GX CP1916SAQHD</example>
     <example hw.product="TG799vn" os.version="10.5.2.T.JF">Technicolor TG799vn v2 Build 10.5.2.T.JF</example>
     <example hw.product="TG788vn" os.version="10.5.2.S.GD">MediaAccess TG788vn v2 Build 10.5.2.S.GD</example>
     <example hw.product="TG799vac" os.version="17.2.0405-1021">MediaAccess TG799vac Build 17.2.0405-1021</example>
-    <example hw.product="TG389">MediaAccess TG389 Build 10.5.2.T.AQ</example>
+    <example hw.product="TG389" os.version="10.5.2.T.AQ">MediaAccess TG389 Build 10.5.2.T.AQ</example>
     <param pos="0" name="os.vendor" value="Technicolor"/>
     <param pos="0" name="os.device" value="Router"/>
     <param pos="2" name="os.version"/>
@@ -117,13 +122,42 @@
 
   <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
     <description>Cisco SIPGateway</description>
-    <example>Cisco-SIPGateway/IOS-12.x</example>
+    <example os.version="12.x">Cisco-SIPGateway/IOS-12.x</example>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.product" value="IOS"/>
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Cisco-CP(39\d{2})/([\d.]+)$">
+    <description>Cisco Unified SIP Phone 3900 Series</description>
+    <example cisco.model="3905" hw.product="Unified SIP Phone 3905" os.version="9.4.1">Cisco-CP3905/9.4.1</example>
+    <param pos="1" name="cisco.model"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="Unified SIP Phone {cisco.model}"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="Unified SIP Phone 3900 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.certainty" value="0.95"/>
+    <param pos="0" name="os.certainty" value="0.95"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:unified_sip_phone_3900_firmware:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Cisco-ATA(\d{3})/([\d.]+)$">
+    <description>Cisco Analog Telephone Adapters (ATA)</description>
+    <example cisco.model="187" hw.product="ATA 187" os.version="9.2.3">Cisco-ATA187/9.2.3</example>
+    <param pos="1" name="cisco.model"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="ATA {cisco.model}"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="ATA {cisco.model} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.certainty" value="0.9"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+
   <!-- AVM.DE Devices -->
 
   <fingerprint pattern="^FRITZ!OS$">
@@ -137,18 +171,18 @@
 
   <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
     <description>AVM FritzBox</description>
-    <example>AVM FRITZ!Box Fon 06.03.13</example>
-    <example>AVM FRITZ!Box Fon 06.03.65 (Jun  7 2005)</example>
-    <example>AVM FRITZ!Box Fon 5010 Annex A (ITA) 48.04.46 (Sep 14 2007)</example>
-    <example>AVM FRITZ!Box Fon 5012 (UI) 25.03.90 (3.01.03 tested by accredited T-Com test lab) (Oct 28 2005)</example>
-    <example>AVM FRITZ!Box Fon 5113 Annex A 83.04.69 (Dec  2 2008)</example>
-    <example>AVM FRITZ!Box Fon 5124 56.04.77 (Feb 14 2014)</example>
-    <example>AVM FRITZ!Box Fon 7170 Annex A.B ML Speedport W701V 58.04.67 (Dec 18 2008)</example>
-    <example>AVM FRITZ!Box 3272 126.05.50 (Feb 27 2013)</example>
-    <example>AVM FRITZ!Box 7170 Annex A 58.04.85 (Apr  4 2011)</example>
-    <example>AVM FRITZ!Box 7312 117.05.23 TAL (Jun  1 2012)</example>
-    <example>AVM FRITZ!Box WLAN 3270 v3 Edition Italia 125.05.52 (Feb  7 2014)</example>
-    <example>AVM FRITZ!Box Speedport W701V Annex A 58.04.82 (May 12 2010)</example>
+    <example os.product="FRITZ!Box Fon" os.version="06.03.13">AVM FRITZ!Box Fon 06.03.13</example>
+    <example os.product="FRITZ!Box Fon" os.version="06.03.65">AVM FRITZ!Box Fon 06.03.65 (Jun  7 2005)</example>
+    <example os.product="FRITZ!Box Fon 5010 Annex A (ITA)" os.version="48.04.46">AVM FRITZ!Box Fon 5010 Annex A (ITA) 48.04.46 (Sep 14 2007)</example>
+    <example os.product="FRITZ!Box Fon 5012 (UI)" os.version="25.03.90">AVM FRITZ!Box Fon 5012 (UI) 25.03.90 (3.01.03 tested by accredited T-Com test lab) (Oct 28 2005)</example>
+    <example os.product="FRITZ!Box Fon 5113 Annex A" os.version="83.04.69">AVM FRITZ!Box Fon 5113 Annex A 83.04.69 (Dec  2 2008)</example>
+    <example os.product="FRITZ!Box Fon 5124" os.version="56.04.77">AVM FRITZ!Box Fon 5124 56.04.77 (Feb 14 2014)</example>
+    <example os.product="FRITZ!Box Fon 7170 Annex A.B ML Speedport W701V" os.version="58.04.67">AVM FRITZ!Box Fon 7170 Annex A.B ML Speedport W701V 58.04.67 (Dec 18 2008)</example>
+    <example os.product="FRITZ!Box 3272" os.version="126.05.50">AVM FRITZ!Box 3272 126.05.50 (Feb 27 2013)</example>
+    <example os.product="FRITZ!Box 7170 Annex A" os.version="58.04.85">AVM FRITZ!Box 7170 Annex A 58.04.85 (Apr  4 2011)</example>
+    <example os.product="FRITZ!Box 7312" os.version="117.05.23">AVM FRITZ!Box 7312 117.05.23 TAL (Jun  1 2012)</example>
+    <example os.product="FRITZ!Box WLAN 3270 v3 Edition Italia" os.version="125.05.52">AVM FRITZ!Box WLAN 3270 v3 Edition Italia 125.05.52 (Feb  7 2014)</example>
+    <example os.product="FRITZ!Box Speedport W701V Annex A" os.version="58.04.82">AVM FRITZ!Box Speedport W701V Annex A 58.04.82 (May 12 2010)</example>
     <param pos="0" name="os.vendor" value="AVM"/>
     <param pos="0" name="os.family" value="FRITZ!Box"/>
     <param pos="1" name="os.product"/>
@@ -159,8 +193,8 @@
 
   <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
     <description>AVM FritzFon</description>
-    <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
-    <example>AVM FRITZ!Fon WLAN 7150 Annex A 58.04.84 (Apr  4 2011)</example>
+    <example os.product="FRITZ!Fon 7150 (fs)" os.version="38.04.56">AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
+    <example os.product="FRITZ!Fon WLAN 7150 Annex A" os.version="58.04.84">AVM FRITZ!Fon WLAN 7150 Annex A 58.04.84 (Apr  4 2011)</example>
     <param pos="0" name="os.vendor" value="AVM"/>
     <param pos="0" name="os.family" value="FRITZ!Fon"/>
     <param pos="1" name="os.product"/>
@@ -171,7 +205,7 @@
 
   <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
     <description>AVM Multibox - Generic</description>
-    <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
+    <example os.product="Multibox 7390 NGN" os.version="84.05.09" hw.product="Multibox 7390 NGN">AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
     <param pos="0" name="os.vendor" value="AVM"/>
     <param pos="0" name="os.family" value="Multibox"/>
     <param pos="1" name="os.product"/>
@@ -235,10 +269,10 @@
 
   <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
     <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
-    <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
-    <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
-    <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
-    <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
+    <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350" hw.model="350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
+    <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506" hw.model="400">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
+    <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501" hw.model="501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
+    <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670" hw.model="670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
     <example hw.version="4.0.8.1608" hw.model="7000" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
     <param pos="0" name="hw.vendor" value="Polycom"/>
     <param pos="0" name="hw.device" value="VoIP"/>
@@ -251,9 +285,10 @@
 
   <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
     <description>Polycom RealPresence Trio Phones</description>
-    <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
-    <example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
-    <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
+    <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800" hw.model="8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
+    <example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+" hw.model="Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
+    <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800" hw.model="8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
+    <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800" hw.model="8800" host.mac="DEADBEEF0000">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389_DEADBEEF0000</example>
     <param pos="0" name="hw.vendor" value="Polycom"/>
     <param pos="0" name="hw.device" value="VoIP"/>
     <param pos="0" name="hw.family" value="RealPresence"/>
@@ -298,10 +333,11 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
+  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel [\d\.]+\)$">
     <description>ShoreTel VoIP Switch</description>
     <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
     <example hw.version="22.11.4900.0">ShoreGear/22.11.4900.0 (ShoreTel 15)</example>
+    <example hw.version="19.48.2600.0">ShoreGear/19.48.2600.0 (ShoreTel 14.2)</example>
     <param pos="0" name="hw.vendor" value="ShoreTel"/>
     <param pos="0" name="hw.device" value="VoIP Switch"/>
     <param pos="1" name="hw.version"/>
@@ -559,4 +595,121 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Valcom (VIP-\w+) sw([\d.]+)">
+    <description>Valcom SIP device with version</description>
+    <example os.version="1.50.28" hw.product="VIP-204">Valcom VIP-204 sw1.50.28</example>
+    <param pos="0" name="os.vendor" value="Valcom"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="hw.vendor" value="Valcom"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+  </fingerprint>
+
+  <fingerprint pattern="^DX800A/([\d.]+)$">
+    <description>Gigaset SIP Phones</description>
+    <example os.version="41.175.00.000.000">DX800A/41.175.00.000.000</example>
+    <param pos="0" name="hw.vendor" value="Gigaset"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="DX800A"/>
+    <param pos="0" name="os.vendor" value="Gigaset"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(TAU-\d+[A-Z]*(?:\.IP)?)/([\d.]+) SN/(VI[0-9A-Z]+)$">
+    <description>Eltex TAU model VoIP gateway - with serial number</description>
+    <example hw.product="TAU-8.IP" os.version="2.6.3">TAU-8.IP/2.6.3 SN/VI12345678</example>
+    <example os.version="2.0.0.229" hw.serial_number="VI4D012345">TAU-4M.IP/2.0.0.229 SN/VI4D012345</example>
+    <example hw.product="TAU-2M.IP" os.version="2.3.1.11" hw.serial_number="VI12345678">TAU-2M.IP/2.3.1.11 SN/VI12345678</example>
+    <example hw.product="TAU-1M.IP" os.version="2.0.0.229" hw.serial_number="VI3A012345">TAU-1M.IP/2.0.0.229 SN/VI3A012345</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.device" value="VoIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(TAU-\d+[A-Z]*(?:\.IP)?)/([\d.]+) SN/(VI[0-9A-Z]+) (?:SHA/[0-9a-f]+ )?sofia-sip/([\d.]+)$">
+    <description>Eltex TAU model VoIP gateway - with serial number and sofia version</description>
+    <example hw.product="TAU-8.IP" hw.serial_number="VI12345678">TAU-8.IP/2.3.0 SN/VI12345678 sofia-sip/1.12.10</example>
+    <example os.version="1.9.1" service.component.version="1.12.10">TAU-8.IP/1.9.1 SN/VI12345678 SHA/7404bd4 sofia-sip/1.12.10</example>
+    <example hw.product="TAU-2M.IP" os.version="1.13.3.5" hw.serial_number="VI12345678" service.component.version="1.12.10">TAU-2M.IP/1.13.3.5 SN/VI12345678 sofia-sip/1.12.10</example>
+    <example hw.product="TAU-1M.IP" os.version="1.9.3" hw.serial_number="VI3A012345" service.component.version="1.12.10">TAU-1M.IP/1.9.3 SN/VI3A012345 sofia-sip/1.12.10</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
+    <param pos="0" name="service.component.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.component.product" value="sofia-sip"/>
+    <param pos="4" name="service.component.version"/>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.device" value="VoIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(TAU-\d{1,2}) (?:build |v)([\d.]+) (?:with )?sofia-sip/([\d.]+)$">
+    <description>Eltex TAU model VoIP gateway - build variant with sofia version</description>
+    <example hw.product="TAU-72" os.version="2.18.0.35">TAU-72 build 2.18.0.35 sofia-sip/1.12.10</example>
+    <example service.component.version="1.12.10">TAU-1 v1.2 with sofia-sip/1.12.10</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
+    <param pos="0" name="service.component.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.component.product" value="sofia-sip"/>
+    <param pos="3" name="service.component.version"/>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="VoIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Eltex )?(?:smg_pa_sip[ -]){1,2}([\d.]+)$">
+    <description>Eltex SMG model VoIP gateway - no model number</description>
+    <example os.version="3.9.1.50">Eltex smg_pa_sip smg_pa_sip-3.9.1.50</example>
+    <example os.version="3.10.1.22">smg_pa_sip smg_pa_sip-3.10.1.22</example>
+    <example os.version="3.18.0.67">smg_pa_sip 3.18.0.67</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="SMG Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="0" name="hw.device" value="VoIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(RG-\d[\w-]+)/([\d.]+) SN/(VI\w+) (?:SHA/[0-9a-f]+ )?sofia-sip/([\d.]+)$">
+    <description>Eltex - NTP / NTU model broadband router - with serial number and sofia version</description>
+    <example hw.product="RG-5421G-Wac" hw.serial_number="VI12E45678">RG-5421G-Wac/2.4.2.87 SN/VI12E45678 sofia-sip/1.12.10</example>
+    <example os.version="1.11.0">RG-1404GF/1.11.0 SN/VI12E45678 sofia-sip/1.12.10</example>
+    <example service.component.version="1.12.1">RG-1404GF/1.8.0 SN/VI12E45678 SHA/0270864 sofia-sip/1.12.1</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
+    <param pos="0" name="service.component.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.component.product" value="sofia-sip"/>
+    <param pos="4" name="service.component.version"/>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+  </fingerprint>
+
 </fingerprints>