RubyGems - recog - Versions diffs - 2.3.20 → 2.3.23 - Mend

recog 2.3.20 → 2.3.23

Files changed (83) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +8 -0
data/.github/workflows/ci.yml +1 -1
data/.github/workflows/verify.yml +89 -0
data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
data/.vscode/extensions.json +5 -0
data/.vscode/settings.json +8 -0
data/.vscode/tasks.json +77 -0
data/CONTRIBUTING.md +8 -0
data/README.md +17 -0
data/bin/recog_standardize +28 -13
data/bin/recog_verify +42 -8
data/cpe-remap.yaml +62 -3
data/features/data/schema_failure.xml +4 -0
data/features/data/tests_with_failures.xml +6 -0
data/features/support/hooks.rb +9 -0
data/features/verify.feature +85 -21
data/identifiers/fields.txt +6 -5
data/identifiers/hw_device.txt +8 -0
data/identifiers/hw_family.txt +8 -0
data/identifiers/hw_product.txt +54 -0
data/identifiers/os_device.txt +2 -0
data/identifiers/os_family.txt +2 -0
data/identifiers/os_product.txt +18 -2
data/identifiers/service_product.txt +26 -0
data/identifiers/vendor.txt +62 -1
data/lib/recog/db.rb +2 -1
data/lib/recog/fingerprint.rb +33 -6
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/nizer.rb +1 -82
data/lib/recog/verifier.rb +9 -9
data/lib/recog/verify_reporter.rb +17 -6
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/fingerprint_self_test_spec.rb +1 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/verify_reporter_spec.rb +73 -4
data/tools/dev/hooks/pre-commit +21 -0
data/update_cpes.py +130 -37
data/xml/apache_os.xml +98 -56
data/xml/architecture.xml +15 -1
data/xml/dhcp_vendor_class.xml +206 -0
data/xml/dns_versionbind.xml +26 -13
data/xml/favicons.xml +236 -47
data/xml/fingerprints.xsd +9 -1
data/xml/ftp_banners.xml +213 -197
data/xml/h323_callresp.xml +101 -101
data/xml/hp_pjl_id.xml +84 -84
data/xml/html_title.xml +715 -45
data/xml/http_cookies.xml +143 -80
data/xml/http_servers.xml +510 -310
data/xml/http_wwwauth.xml +177 -75
data/xml/imap_banners.xml +10 -10
data/xml/mdns_device-info_txt.xml +421 -26
data/xml/mysql_banners.xml +3 -2
data/xml/nntp_banners.xml +12 -9
data/xml/ntp_banners.xml +97 -97
data/xml/operating_system.xml +98 -83
data/xml/pop_banners.xml +27 -27
data/xml/rsh_resp.xml +3 -3
data/xml/sip_banners.xml +46 -8
data/xml/sip_user_agents.xml +180 -27
data/xml/smb_native_lm.xml +5 -5
data/xml/smb_native_os.xml +28 -25
data/xml/smtp_banners.xml +258 -254
data/xml/smtp_ehlo.xml +1 -1
data/xml/smtp_help.xml +11 -11
data/xml/smtp_noop.xml +2 -2
data/xml/snmp_sysdescr.xml +1554 -1429
data/xml/snmp_sysobjid.xml +27 -27
data/xml/ssh_banners.xml +27 -20
data/xml/telnet_banners.xml +256 -57
data/xml/tls_jarm.xml +48 -6
data/xml/x11_banners.xml +3 -3
data/xml/x509_issuers.xml +69 -2
data/xml/x509_subjects.xml +144 -33
metadata +24 -4
data/lib/recog/verifier_factory.rb +0 -13

data/xml/snmp_sysobjid.xml CHANGED Viewed

@@ -13,7 +13,7 @@
       These are baseline patterns that map to sysObjectID with their associated sysDescr.
    -->
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.[23] Hardware: x86.*Software: Windows NT Version 4\.0.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.[23] Hardware: x86.*Software: Windows NT Version 4\.0">
     <description>Windows NT 4 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 6 Model 8 Stepping 3 AT/AT COMPATIBLE  - Software: Windows NT Version 4.0  (Build Number: 1381 Uniprocessor Free )</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 6 Model 8 Stepping 3 AT/AT COMPATIBLE  - Software: Windows NT Version 4.0  (Build Number: 1381 Uniprocessor Free )</example>
@@ -25,7 +25,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:4.0"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows 2000 Version 5\.0.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows 2000 Version 5\.0">
     <description>Windows 2000 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 15 Model 4 Stepping 8 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -35,7 +35,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows 2000 Version 5\.0.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows 2000 Version 5\.0">
     <description>Windows 2000 Datacenter on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 4 Stepping 8 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -45,7 +45,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 5\.2.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 5\.2">
     <description>Windows Server 2003 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 15 Model 4 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -55,7 +55,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 5\.2.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 5\.2">
     <description>Windows Server 2003 Datacenter on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 4 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -65,7 +65,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 5\.2.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 5\.2">
     <description>Windows Server 2003 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 15 Model 4 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 6 Model 15 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
@@ -76,7 +76,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 5\.2.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 5\.2">
     <description>Windows Server 2003 Datacenter on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 15 Model 4 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 6 Model 15 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
@@ -87,10 +87,10 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
-  <fingerprint pattern="^Microsoft Windows CE Version ([\d.]+).*$">
+  <fingerprint pattern="^Microsoft Windows CE Version ([\d.]+)">
     <description>Windows CE</description>
-    <example>Microsoft Windows CE Version 4.20 (Build 0)</example>
-    <example>Microsoft Windows CE Version 4.20 (Build 1088)</example>
+    <example os.version="4.20">Microsoft Windows CE Version 4.20 (Build 0)</example>
+    <example os.version="4.20">Microsoft Windows CE Version 4.20 (Build 1088)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows CE"/>
@@ -98,7 +98,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:{os.version}"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6001.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6001">
     <description>Windows Server 2008 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -108,7 +108,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6001.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6001">
     <description>Windows Server 2008 Datacenter on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -118,7 +118,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001">
     <description>Windows Server 2008 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
@@ -129,7 +129,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001">
     <description>Windows Server 2008 Datacenter on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
@@ -140,7 +140,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6002.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6002">
     <description>Windows Server 2008 SP2 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -151,7 +151,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP2"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6002.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.0 \(Build 6002">
     <description>Windows Server 2008 Datacenter SP2 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -162,7 +162,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP2"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002">
     <description>Windows Server 2008 SP2 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
@@ -174,7 +174,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP2"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002">
     <description>Windows Server 2008 Datacenter SP2 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
@@ -186,7 +186,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP2"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600">
     <description>Windows Server 2008 R2 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -196,7 +196,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600">
     <description>Windows Server 2008 Datacenter R2 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -206,7 +206,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600">
     <description>Windows Server 2008 R2 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
@@ -217,7 +217,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600">
     <description>Windows Server 2008 Datacenter R2 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
@@ -228,7 +228,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7601.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7601">
     <description>Windows Server 2008 R2 SP1 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: x86 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -239,7 +239,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP1"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7601.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7601">
     <description>Windows Server 2008 Datacenter R2 SP1 on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -250,7 +250,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP1"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601">
     <description>Windows Server 2008 R2 SP1 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
@@ -262,7 +262,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP1"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601">
     <description>Windows Server 2008 Datacenter R2 SP1 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
@@ -274,7 +274,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:SP1"/>
   </fingerprint>
-  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.2 \(Build 9200.*$">
+  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.2 \(Build 9200">
     <description>Windows Server 2012 on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 6 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.2 (Build 9200 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>

data/xml/ssh_banners.xml CHANGED Viewed

@@ -59,7 +59,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:ws_ftp:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="IPSSH[-_]([\d\.p]+).*$">
+  <fingerprint pattern="IPSSH[-_]([\d\.p]+)">
     <description>VxWorks with version information</description>
     <example os.version="6.9.0">IPSSH-6.9.0</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
@@ -653,7 +653,7 @@
   <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
     <description>OpenSSH running on Ubuntu 6.04</description>
     <example service.version="4.2p1" openssh.comment="Debian-7ubuntu3.1">OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
-    <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
+    <example service.version="4.2p1" openssh.comment="Debian-7ubuntu3.2">OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
     <param pos="1" name="service.version"/>
     <param pos="2" name="openssh.comment"/>
     <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -686,9 +686,9 @@
   <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
     <description>OpenSSH running on Ubuntu 7.10</description>
     <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0.2">OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
-    <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
-    <example>OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
-    <example>OpenSSH_4.6p1 Debian-5ubuntu0</example>
+    <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0.5">OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
+    <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0.6">OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
+    <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0">OpenSSH_4.6p1 Debian-5ubuntu0</example>
     <param pos="1" name="service.version"/>
     <param pos="2" name="openssh.comment"/>
     <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -858,7 +858,7 @@
   <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
     <description>OpenSSH running on Ubuntu 12.10</description>
     <example service.version="6.0p1" openssh.comment="Debian-3ubuntu1">OpenSSH_6.0p1 Debian-3ubuntu1</example>
-    <example>OpenSSH_6.0p1 Debian-3ubuntu1.2</example>
+    <example service.version="6.0p1" openssh.comment="Debian-3ubuntu1.2">OpenSSH_6.0p1 Debian-3ubuntu1.2</example>
     <param pos="1" name="service.version"/>
     <param pos="2" name="openssh.comment"/>
     <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1491,6 +1491,7 @@
   <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-\d\d?\+deb9u\d+)$">
     <description>OpenSSH running on Raspbian (Debian 9 "Stretch" based)</description>
     <example service.version="7.4p1" openssh.comment="Raspbian-10+deb9u1">OpenSSH_7.4p1 Raspbian-10+deb9u1</example>
+    <example service.version="7.4p1" openssh.comment="Raspbian-10+deb9u7">OpenSSH_7.4p1 Raspbian-10+deb9u7</example>
     <example service.version="7.4p1" openssh.comment="Raspbian-9+deb9u1">OpenSSH_7.4p1 Raspbian-9+deb9u1</example>
     <param pos="1" name="service.version"/>
     <param pos="2" name="openssh.comment"/>
@@ -1505,10 +1506,11 @@
     <param pos="0" name="hw.product" value="Raspberry Pi"/>
   </fingerprint>
-  <fingerprint pattern="^OpenSSH_(7\.9p1)\s+(Raspbian-(?:10|\d\d?\+deb10u\d+))$">
+  <fingerprint pattern="^OpenSSH_(7\.9p1)\s+(Raspbian-(?:10|\d\d?\+deb10u\d+)(?:\+rpt\d)?)$">
     <description>OpenSSH running on Raspbian (Debian 10 "Buster" based)</description>
     <example service.version="7.9p1" openssh.comment="Raspbian-10">OpenSSH_7.9p1 Raspbian-10</example>
     <example service.version="7.9p1" openssh.comment="Raspbian-10+deb10u1">OpenSSH_7.9p1 Raspbian-10+deb10u1</example>
+    <example service.version="7.9p1" openssh.comment="Raspbian-10+deb10u2+rpt1">OpenSSH_7.9p1 Raspbian-10+deb10u2+rpt1</example>
     <param pos="1" name="service.version"/>
     <param pos="2" name="openssh.comment"/>
     <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1730,6 +1732,7 @@
   <fingerprint pattern="^SSH Protocol Compatible Server SCS (.*)$">
     <description>Netscreen with version</description>
+    <example service.version="2.0">SSH Protocol Compatible Server SCS 2.0</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Juniper"/>
     <param pos="0" name="service.family" value="NetScreen"/>
@@ -1784,7 +1787,7 @@
     <param pos="1" name="os.version"/>
   </fingerprint>
-  <fingerprint pattern="^([\d.]+)[ _]sshlib:? (?i:GlobalScape)$">
+  <fingerprint pattern="^([\d.]{1,8})[ _]sshlib:? (?i:GlobalScape)$">
     <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
     <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
     <example service.component.version="1.82">1.82_sshlib Globalscape</example>
@@ -1802,7 +1805,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
-  <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
+  <fingerprint pattern="^([\d.]{1,8}) sshlib: WinSSHD ([\w.-]*)$">
     <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
     <example service.component.version="1.78" service.version="4.15a">1.78 sshlib: WinSSHD 4.15a</example>
     <param pos="1" name="service.component.version"/>
@@ -1819,7 +1822,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
-  <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
+  <fingerprint pattern="^([\d.]{1,8}) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?">
     <description>Bitvise WinSSHD (which uses Bitvise flowssh) with version</description>
     <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
     <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
@@ -1838,7 +1841,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
-  <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD)(?: :.*)?$">
+  <fingerprint pattern="^([\d.]{1,8}) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD)(?: :.*)?$">
     <description>Bitvise WinSSHD (which uses Bitvise flowssh) without version</description>
     <example service.component.version="9.99">9.99 FlowSsh: Bitvise SSH Server (WinSSHD)</example>
     <example service.component.version="9.99">9.99 FlowSsh: Bitvise SSH Server (WinSSHD) : free only for personal non-commercial use</example>
@@ -1855,8 +1858,9 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
-  <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
+  <fingerprint pattern="^([\d.]{1,8}) sshlib: MOVEit DMZ SSH (.*)$">
     <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
+    <example service.component.version="1.29" service.version="3.0.5.0">1.29 sshlib: MOVEit DMZ SSH 3.0.5.0</example>
     <param pos="1" name="service.component.version"/>
     <param pos="2" name="service.version"/>
     <param pos="0" name="service.component.vendor" value="Bitvise"/>
@@ -1872,7 +1876,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
-  <fingerprint pattern="^paramiko_([\d\.]+).*$">
+  <fingerprint pattern="^paramiko_([\d\.]+)">
     <description>Paramiko</description>
     <example service.version="2.1.3">paramiko_2.1.3 501 command not implemented ERROR</example>
     <example service.version="2.1.4">paramiko_2.1.4</example>
@@ -1884,6 +1888,7 @@
   <fingerprint pattern="^Pragma SecureShell\s*(.*)$">
     <description>Pragma SecureShell</description>
+    <example service.version="3.0">Pragma SecureShell 3.0</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Pragma Systems"/>
     <param pos="0" name="service.family" value="FortressSSH Server"/>
@@ -1938,8 +1943,9 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^([\s]*)\s*VShell$">
+  <fingerprint pattern="^([\d.]{0,8})\s{1,8}VShell$">
     <description>VanDyke VShell</description>
+    <example service.version="1.0.2">1.0.2 VShell</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="VanDyke Software"/>
     <param pos="0" name="service.family" value="VShell"/>
@@ -1958,7 +1964,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:attachmate:reflection_for_secure_it:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
+  <fingerprint pattern="^(\S{0,256})\s{0,256}F-Secure SSH ">
     <description>Attachmate Reflection (formerly F-Secure SSH)</description>
     <example service.version="3.2.3">3.2.3 F-Secure SSH Windows NT Server</example>
     <param pos="1" name="service.version"/>
@@ -1967,7 +1973,7 @@
     <param pos="0" name="service.product" value="Reflection"/>
   </fingerprint>
-  <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
+  <fingerprint pattern="^(\S{0,256})\s{0,256}SSH Tectia Server$">
     <description>SSH Communications Security Tectia Server - branded</description>
     <example service.version="6.4.12.353">6.4.12.353 SSH Tectia Server</example>
     <param pos="1" name="service.version"/>
@@ -1977,7 +1983,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
+  <fingerprint pattern="^([0-9\.]{1,8}) SSH Secure Shell(?: \(non-commercial\))?$">
     <description>SSH Communications Security Tectia Server</description>
     <example service.version="3.2.9.1">3.2.9.1 SSH Secure Shell (non-commercial)</example>
     <example service.version="4.0.3">4.0.3 SSH Secure Shell</example>
@@ -1989,7 +1995,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
+  <fingerprint pattern="^([0-9\.]{1,8}) SSH Secure Shell Windows NT Server$">
     <description>Unknown Windows SSH server</description>
     <example service.version="4.0.3">4.0.3 SSH Secure Shell Windows NT Server</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -2042,8 +2048,9 @@
     <param pos="0" name="os.product" value="NetVanta"/>
   </fingerprint>
-  <fingerprint pattern="^.*MultiNet.*$">
+  <fingerprint pattern="MultiNet">
     <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
+    <example>Process Software SSH 6.1.5.0 MultiNet</example>
     <param pos="0" name="service.vendor" value="Process Software"/>
     <param pos="0" name="service.family" value="MultiNet"/>
     <param pos="0" name="service.product" value="MultiNet"/>
@@ -2157,7 +2164,7 @@
     <param pos="0" name="os.certainty" value="0.75"/>
   </fingerprint>
-  <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
+  <fingerprint pattern="^\S{1,16} SSH Secure Shell Tru64 UNIX$">
     <description>Digital/Compaq/HP Tru64 Unix</description>
     <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
     <param pos="0" name="os.vendor" value="HP"/>