recog 2.3.20 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +89 -0
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +8 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +42 -8
- data/cpe-remap.yaml +62 -3
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +85 -21
- data/identifiers/fields.txt +6 -5
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +54 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +18 -2
- data/identifiers/service_product.txt +26 -0
- data/identifiers/vendor.txt +62 -1
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +130 -37
- data/xml/apache_os.xml +98 -56
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +26 -13
- data/xml/favicons.xml +236 -47
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +213 -197
- data/xml/h323_callresp.xml +101 -101
- data/xml/hp_pjl_id.xml +84 -84
- data/xml/html_title.xml +715 -45
- data/xml/http_cookies.xml +143 -80
- data/xml/http_servers.xml +510 -310
- data/xml/http_wwwauth.xml +177 -75
- data/xml/imap_banners.xml +10 -10
- data/xml/mdns_device-info_txt.xml +421 -26
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +12 -9
- data/xml/ntp_banners.xml +97 -97
- data/xml/operating_system.xml +98 -83
- data/xml/pop_banners.xml +27 -27
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +46 -8
- data/xml/sip_user_agents.xml +180 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +28 -25
- data/xml/smtp_banners.xml +258 -254
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +11 -11
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +1554 -1429
- data/xml/snmp_sysobjid.xml +27 -27
- data/xml/ssh_banners.xml +27 -20
- data/xml/telnet_banners.xml +256 -57
- data/xml/tls_jarm.xml +48 -6
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +69 -2
- data/xml/x509_subjects.xml +144 -33
- metadata +24 -4
- data/lib/recog/verifier_factory.rb +0 -13
data/xml/tls_jarm.xml
CHANGED
@@ -14,13 +14,33 @@
|
|
14
14
|
<param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
|
15
15
|
</fingerprint>
|
16
16
|
|
17
|
-
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
|
18
|
-
<description>Synology NAS</description>
|
17
|
+
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
|
18
|
+
<description>Synology NAS DSM 6</description>
|
19
|
+
<example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
|
20
|
+
<example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
|
21
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
|
19
22
|
<example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
|
20
23
|
<param pos="0" name="os.device" value="NAS"/>
|
21
24
|
<param pos="0" name="os.family" value="Linux"/>
|
22
25
|
<param pos="0" name="os.product" value="DSM"/>
|
23
26
|
<param pos="0" name="os.vendor" value="Synology"/>
|
27
|
+
<param pos="0" name="os.version" value="6"/>
|
28
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
29
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
30
|
+
</fingerprint>
|
31
|
+
|
32
|
+
<fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
|
33
|
+
<description>Synology NAS DSM 7</description>
|
34
|
+
<example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
|
35
|
+
<example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
|
36
|
+
<example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
|
37
|
+
<example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
|
38
|
+
<example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
|
39
|
+
<param pos="0" name="os.device" value="NAS"/>
|
40
|
+
<param pos="0" name="os.family" value="Linux"/>
|
41
|
+
<param pos="0" name="os.product" value="DSM"/>
|
42
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
43
|
+
<param pos="0" name="os.version" value="7"/>
|
24
44
|
<param pos="0" name="hw.vendor" value="Synology"/>
|
25
45
|
<param pos="0" name="hw.device" value="NAS"/>
|
26
46
|
</fingerprint>
|
@@ -36,9 +56,13 @@
|
|
36
56
|
<param pos="0" name="os.device" value="Router"/>
|
37
57
|
</fingerprint>
|
38
58
|
|
39
|
-
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
|
59
|
+
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
|
40
60
|
<description>Metasploit listener</description>
|
61
|
+
<example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
|
62
|
+
<example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
|
63
|
+
<example>07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4</example>
|
41
64
|
<example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
|
65
|
+
<example>07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823</example>
|
42
66
|
<param pos="0" name="service.vendor" value="Rapid7"/>
|
43
67
|
<param pos="0" name="service.product" value="Metasploit"/>
|
44
68
|
<param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
|
@@ -47,9 +71,10 @@
|
|
47
71
|
<!-- This fingerprint matches Java's TLS stack,
|
48
72
|
see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
|
49
73
|
|
50
|
-
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
|
74
|
+
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
|
51
75
|
<description>Cobalt Strike listener</description>
|
52
76
|
<example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
|
77
|
+
<example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
|
53
78
|
<param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
|
54
79
|
<param pos="0" name="service.product" value="Cobalt Strike Listener"/>
|
55
80
|
<param pos="0" name="service.certainty" value="0.3"/>
|
@@ -118,11 +143,13 @@
|
|
118
143
|
<param pos="0" name="hw.device" value="Media Server"/>
|
119
144
|
<param pos="0" name="hw.vendor" value="Google"/>
|
120
145
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
146
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
121
147
|
</fingerprint>
|
122
148
|
|
123
|
-
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
|
124
|
-
<description>
|
149
|
+
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
|
150
|
+
<description>VMware ESXi</description>
|
125
151
|
<example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
|
152
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
|
126
153
|
<param pos="0" name="os.vendor" value="VMware"/>
|
127
154
|
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
128
155
|
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
@@ -137,4 +164,19 @@
|
|
137
164
|
<param pos="0" name="service.product" value="Merlin"/>
|
138
165
|
</fingerprint>
|
139
166
|
|
167
|
+
<fingerprint pattern="^21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893$">
|
168
|
+
<description>Covenant .NET C2 framework</description>
|
169
|
+
<example>21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893</example>
|
170
|
+
<param pos="0" name="service.product" value="Covenant"/>
|
171
|
+
</fingerprint>
|
172
|
+
|
173
|
+
<fingerprint pattern="^16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672$">
|
174
|
+
<description>HP Printer</description>
|
175
|
+
<example>16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672</example>
|
176
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
177
|
+
<param pos="0" name="hw.vendor" value="HP"/>
|
178
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
179
|
+
<param pos="0" name="os.device" value="Printer"/>
|
180
|
+
</fingerprint>
|
181
|
+
|
140
182
|
</fingerprints>
|
data/xml/x11_banners.xml
CHANGED
@@ -62,13 +62,13 @@
|
|
62
62
|
<fingerprint pattern="^Fedora Project$">
|
63
63
|
<description>Fedora Project</description>
|
64
64
|
<example>Fedora Project</example>
|
65
|
-
<param pos="0" name="os.vendor" value="
|
65
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
66
66
|
<param pos="0" name="service.vendor" value="X.Org"/>
|
67
67
|
<param pos="0" name="service.product" value="X.Org X11"/>
|
68
68
|
<param pos="0" name="service.cpe23" value="cpe:/a:x.org:x11:-"/>
|
69
|
-
<param pos="0" name="os.product" value="Fedora Core
|
69
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
70
70
|
<param pos="0" name="os.family" value="Linux"/>
|
71
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
71
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
|
72
72
|
</fingerprint>
|
73
73
|
|
74
74
|
<fingerprint pattern="^freedesktop\.org$">
|
data/xml/x509_issuers.xml
CHANGED
@@ -13,54 +13,84 @@
|
|
13
13
|
<fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
|
14
14
|
<description>Lets Encrypt R3 - generic -- assert nothing.</description>
|
15
15
|
<example>CN=R3,O=Let's Encrypt,C=US</example>
|
16
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
17
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
18
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
16
19
|
</fingerprint>
|
17
20
|
|
18
21
|
<fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
|
19
22
|
<description>Lets Encrypt X3 - generic -- assert nothing.</description>
|
20
23
|
<example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
|
24
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
25
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
26
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
21
27
|
</fingerprint>
|
22
28
|
|
23
29
|
<fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
|
24
30
|
<description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
|
25
31
|
<example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
|
32
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
33
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
34
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
26
35
|
</fingerprint>
|
27
36
|
|
28
37
|
<fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
|
29
38
|
<description>DigiCert SHA2 - generic -- assert nothing.</description>
|
30
39
|
<example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
|
40
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
41
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
42
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
31
43
|
</fingerprint>
|
32
44
|
|
33
45
|
<fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
|
34
46
|
<description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
|
35
47
|
<example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
|
36
48
|
<example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
|
49
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
50
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
51
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
37
52
|
</fingerprint>
|
38
53
|
|
39
54
|
<fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
40
55
|
<description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
|
41
56
|
<example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
57
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
58
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
59
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
42
60
|
</fingerprint>
|
43
61
|
|
44
62
|
<fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
45
63
|
<description>DigiCert SHA2 EV - generic -- assert nothing.</description>
|
46
64
|
<example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
47
65
|
<example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
66
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
67
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
68
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
48
69
|
</fingerprint>
|
49
70
|
|
50
71
|
<fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
|
51
72
|
<description>Sectigo RSA - generic -- assert nothing.</description>
|
52
73
|
<example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
|
53
74
|
<example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
|
75
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
76
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
77
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
54
78
|
</fingerprint>
|
55
79
|
|
56
80
|
<fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
57
81
|
<description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
|
58
82
|
<example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
83
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
84
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
85
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
59
86
|
</fingerprint>
|
60
87
|
|
61
88
|
<fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
|
62
89
|
<description>Go Daddy G2 - generic -- assert nothing.</description>
|
63
90
|
<example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
|
91
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
92
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
93
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
64
94
|
</fingerprint>
|
65
95
|
|
66
96
|
<!-- Chromecast and various devices that support the Cast protocol -->
|
@@ -76,6 +106,7 @@
|
|
76
106
|
<param pos="0" name="hw.vendor" value="Google"/>
|
77
107
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
78
108
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
109
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
79
110
|
<param pos="0" name="chromecast.generation" value="1"/>
|
80
111
|
</fingerprint>
|
81
112
|
|
@@ -97,6 +128,7 @@
|
|
97
128
|
<param pos="0" name="hw.vendor" value="Google"/>
|
98
129
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
99
130
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
131
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
100
132
|
<param pos="1" name="chromecast.generation"/>
|
101
133
|
<param pos="2" name="chromecast.capabilities"/>
|
102
134
|
</fingerprint>
|
@@ -304,10 +336,10 @@
|
|
304
336
|
<param pos="0" name="service.vendor" value="Traefik Labs"/>
|
305
337
|
<param pos="0" name="service.family" value="Traefik"/>
|
306
338
|
<param pos="0" name="service.product" value="Traefik Proxy"/>
|
307
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
339
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
|
308
340
|
</fingerprint>
|
309
341
|
|
310
|
-
<fingerprint pattern="
|
342
|
+
<fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
|
311
343
|
<description>WatchGuard Fireware</description>
|
312
344
|
<example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
|
313
345
|
<example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>
|
@@ -327,4 +359,39 @@
|
|
327
359
|
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
328
360
|
</fingerprint>
|
329
361
|
|
362
|
+
<fingerprint pattern="^CN=Avaya cu360 (\S+)$">
|
363
|
+
<description>Avaya Video Conferencing Device - CU360</description>
|
364
|
+
<example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
|
365
|
+
<param pos="0" name="hw.vendor" value="Avaya"/>
|
366
|
+
<param pos="0" name="hw.device" value="Video Conference"/>
|
367
|
+
<param pos="0" name="hw.product" value="CU360"/>
|
368
|
+
<param pos="1" name="hw.serial_number"/>
|
369
|
+
</fingerprint>
|
370
|
+
|
371
|
+
<fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
|
372
|
+
<description>Roomba Device</description>
|
373
|
+
<example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
|
374
|
+
<param pos="0" name="hw.vendor" value="iRobot"/>
|
375
|
+
<param pos="0" name="hw.device" value="Device"/>
|
376
|
+
<param pos="0" name="hw.product" value="Roomba"/>
|
377
|
+
</fingerprint>
|
378
|
+
|
379
|
+
<fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
|
380
|
+
<description>FreshTomato Router Firmware</description>
|
381
|
+
<example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
|
382
|
+
<param pos="0" name="os.vendor" value="FreshTomato"/>
|
383
|
+
<param pos="0" name="os.family" value="Linux"/>
|
384
|
+
<param pos="0" name="os.product" value="FreshTomato"/>
|
385
|
+
<param pos="0" name="os.device" value="Router"/>
|
386
|
+
</fingerprint>
|
387
|
+
|
388
|
+
<fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
|
389
|
+
<description>Bosch Device</description>
|
390
|
+
<example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
|
391
|
+
<param pos="0" name="os.vendor" value="Bosch"/>
|
392
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
393
|
+
<param pos="1" name="hw.serial_number"/>
|
394
|
+
<param pos="2" name="host.mac"/>
|
395
|
+
</fingerprint>
|
396
|
+
|
330
397
|
</fingerprints>
|