recog 2.3.20 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (83) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +1 -1
  4. data/.github/workflows/verify.yml +89 -0
  5. data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
  6. data/.vscode/extensions.json +5 -0
  7. data/.vscode/settings.json +8 -0
  8. data/.vscode/tasks.json +77 -0
  9. data/CONTRIBUTING.md +8 -0
  10. data/README.md +17 -0
  11. data/bin/recog_standardize +28 -13
  12. data/bin/recog_verify +42 -8
  13. data/cpe-remap.yaml +62 -3
  14. data/features/data/schema_failure.xml +4 -0
  15. data/features/data/tests_with_failures.xml +6 -0
  16. data/features/support/hooks.rb +9 -0
  17. data/features/verify.feature +85 -21
  18. data/identifiers/fields.txt +6 -5
  19. data/identifiers/hw_device.txt +8 -0
  20. data/identifiers/hw_family.txt +8 -0
  21. data/identifiers/hw_product.txt +54 -0
  22. data/identifiers/os_device.txt +2 -0
  23. data/identifiers/os_family.txt +2 -0
  24. data/identifiers/os_product.txt +18 -2
  25. data/identifiers/service_product.txt +26 -0
  26. data/identifiers/vendor.txt +62 -1
  27. data/lib/recog/db.rb +2 -1
  28. data/lib/recog/fingerprint.rb +33 -6
  29. data/lib/recog/fingerprint_parse_error.rb +10 -0
  30. data/lib/recog/nizer.rb +1 -82
  31. data/lib/recog/verifier.rb +9 -9
  32. data/lib/recog/verify_reporter.rb +17 -6
  33. data/lib/recog/version.rb +1 -1
  34. data/requirements.txt +1 -1
  35. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  36. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  37. data/spec/data/external_example_fingerprint.xml +8 -0
  38. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  39. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  40. data/spec/lib/recog/db_spec.rb +84 -61
  41. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  42. data/spec/lib/recog/verify_reporter_spec.rb +73 -4
  43. data/tools/dev/hooks/pre-commit +21 -0
  44. data/update_cpes.py +130 -37
  45. data/xml/apache_os.xml +98 -56
  46. data/xml/architecture.xml +15 -1
  47. data/xml/dhcp_vendor_class.xml +206 -0
  48. data/xml/dns_versionbind.xml +26 -13
  49. data/xml/favicons.xml +236 -47
  50. data/xml/fingerprints.xsd +9 -1
  51. data/xml/ftp_banners.xml +213 -197
  52. data/xml/h323_callresp.xml +101 -101
  53. data/xml/hp_pjl_id.xml +84 -84
  54. data/xml/html_title.xml +715 -45
  55. data/xml/http_cookies.xml +143 -80
  56. data/xml/http_servers.xml +510 -310
  57. data/xml/http_wwwauth.xml +177 -75
  58. data/xml/imap_banners.xml +10 -10
  59. data/xml/mdns_device-info_txt.xml +421 -26
  60. data/xml/mysql_banners.xml +3 -2
  61. data/xml/nntp_banners.xml +12 -9
  62. data/xml/ntp_banners.xml +97 -97
  63. data/xml/operating_system.xml +98 -83
  64. data/xml/pop_banners.xml +27 -27
  65. data/xml/rsh_resp.xml +3 -3
  66. data/xml/sip_banners.xml +46 -8
  67. data/xml/sip_user_agents.xml +180 -27
  68. data/xml/smb_native_lm.xml +5 -5
  69. data/xml/smb_native_os.xml +28 -25
  70. data/xml/smtp_banners.xml +258 -254
  71. data/xml/smtp_ehlo.xml +1 -1
  72. data/xml/smtp_help.xml +11 -11
  73. data/xml/smtp_noop.xml +2 -2
  74. data/xml/snmp_sysdescr.xml +1554 -1429
  75. data/xml/snmp_sysobjid.xml +27 -27
  76. data/xml/ssh_banners.xml +27 -20
  77. data/xml/telnet_banners.xml +256 -57
  78. data/xml/tls_jarm.xml +48 -6
  79. data/xml/x11_banners.xml +3 -3
  80. data/xml/x509_issuers.xml +69 -2
  81. data/xml/x509_subjects.xml +144 -33
  82. metadata +24 -4
  83. data/lib/recog/verifier_factory.rb +0 -13
data/xml/tls_jarm.xml CHANGED
@@ -14,13 +14,33 @@
14
14
  <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
15
  </fingerprint>
16
16
 
17
- <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
18
- <description>Synology NAS</description>
17
+ <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
18
+ <description>Synology NAS DSM 6</description>
19
+ <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
20
+ <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
21
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
19
22
  <example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
20
23
  <param pos="0" name="os.device" value="NAS"/>
21
24
  <param pos="0" name="os.family" value="Linux"/>
22
25
  <param pos="0" name="os.product" value="DSM"/>
23
26
  <param pos="0" name="os.vendor" value="Synology"/>
27
+ <param pos="0" name="os.version" value="6"/>
28
+ <param pos="0" name="hw.vendor" value="Synology"/>
29
+ <param pos="0" name="hw.device" value="NAS"/>
30
+ </fingerprint>
31
+
32
+ <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
33
+ <description>Synology NAS DSM 7</description>
34
+ <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
35
+ <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
36
+ <example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
37
+ <example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
38
+ <example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
39
+ <param pos="0" name="os.device" value="NAS"/>
40
+ <param pos="0" name="os.family" value="Linux"/>
41
+ <param pos="0" name="os.product" value="DSM"/>
42
+ <param pos="0" name="os.vendor" value="Synology"/>
43
+ <param pos="0" name="os.version" value="7"/>
24
44
  <param pos="0" name="hw.vendor" value="Synology"/>
25
45
  <param pos="0" name="hw.device" value="NAS"/>
26
46
  </fingerprint>
@@ -36,9 +56,13 @@
36
56
  <param pos="0" name="os.device" value="Router"/>
37
57
  </fingerprint>
38
58
 
39
- <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
59
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
40
60
  <description>Metasploit listener</description>
61
+ <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
62
+ <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
63
+ <example>07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4</example>
41
64
  <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
65
+ <example>07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823</example>
42
66
  <param pos="0" name="service.vendor" value="Rapid7"/>
43
67
  <param pos="0" name="service.product" value="Metasploit"/>
44
68
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
@@ -47,9 +71,10 @@
47
71
  <!-- This fingerprint matches Java's TLS stack,
48
72
  see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
49
73
 
50
- <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
74
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
51
75
  <description>Cobalt Strike listener</description>
52
76
  <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
77
+ <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
53
78
  <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
54
79
  <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
55
80
  <param pos="0" name="service.certainty" value="0.3"/>
@@ -118,11 +143,13 @@
118
143
  <param pos="0" name="hw.device" value="Media Server"/>
119
144
  <param pos="0" name="hw.vendor" value="Google"/>
120
145
  <param pos="0" name="hw.product" value="Chromecast"/>
146
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
121
147
  </fingerprint>
122
148
 
123
- <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
124
- <description>VMWare ESXi</description>
149
+ <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
150
+ <description>VMware ESXi</description>
125
151
  <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
152
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
126
153
  <param pos="0" name="os.vendor" value="VMware"/>
127
154
  <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
128
155
  <param pos="0" name="os.product" value="VMware ESXi Server"/>
@@ -137,4 +164,19 @@
137
164
  <param pos="0" name="service.product" value="Merlin"/>
138
165
  </fingerprint>
139
166
 
167
+ <fingerprint pattern="^21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893$">
168
+ <description>Covenant .NET C2 framework</description>
169
+ <example>21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893</example>
170
+ <param pos="0" name="service.product" value="Covenant"/>
171
+ </fingerprint>
172
+
173
+ <fingerprint pattern="^16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672$">
174
+ <description>HP Printer</description>
175
+ <example>16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672</example>
176
+ <param pos="0" name="hw.device" value="Printer"/>
177
+ <param pos="0" name="hw.vendor" value="HP"/>
178
+ <param pos="0" name="os.vendor" value="HP"/>
179
+ <param pos="0" name="os.device" value="Printer"/>
180
+ </fingerprint>
181
+
140
182
  </fingerprints>
data/xml/x11_banners.xml CHANGED
@@ -62,13 +62,13 @@
62
62
  <fingerprint pattern="^Fedora Project$">
63
63
  <description>Fedora Project</description>
64
64
  <example>Fedora Project</example>
65
- <param pos="0" name="os.vendor" value="Red Hat"/>
65
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
66
66
  <param pos="0" name="service.vendor" value="X.Org"/>
67
67
  <param pos="0" name="service.product" value="X.Org X11"/>
68
68
  <param pos="0" name="service.cpe23" value="cpe:/a:x.org:x11:-"/>
69
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
69
+ <param pos="0" name="os.product" value="Fedora Core"/>
70
70
  <param pos="0" name="os.family" value="Linux"/>
71
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
71
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
72
72
  </fingerprint>
73
73
 
74
74
  <fingerprint pattern="^freedesktop\.org$">
data/xml/x509_issuers.xml CHANGED
@@ -13,54 +13,84 @@
13
13
  <fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
14
14
  <description>Lets Encrypt R3 - generic -- assert nothing.</description>
15
15
  <example>CN=R3,O=Let's Encrypt,C=US</example>
16
+ <param pos="0" name="hw.certainty" value="0.0"/>
17
+ <param pos="0" name="os.certainty" value="0.0"/>
18
+ <param pos="0" name="service.certainty" value="0.0"/>
16
19
  </fingerprint>
17
20
 
18
21
  <fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
19
22
  <description>Lets Encrypt X3 - generic -- assert nothing.</description>
20
23
  <example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
24
+ <param pos="0" name="hw.certainty" value="0.0"/>
25
+ <param pos="0" name="os.certainty" value="0.0"/>
26
+ <param pos="0" name="service.certainty" value="0.0"/>
21
27
  </fingerprint>
22
28
 
23
29
  <fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
24
30
  <description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
25
31
  <example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
32
+ <param pos="0" name="hw.certainty" value="0.0"/>
33
+ <param pos="0" name="os.certainty" value="0.0"/>
34
+ <param pos="0" name="service.certainty" value="0.0"/>
26
35
  </fingerprint>
27
36
 
28
37
  <fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
29
38
  <description>DigiCert SHA2 - generic -- assert nothing.</description>
30
39
  <example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
40
+ <param pos="0" name="hw.certainty" value="0.0"/>
41
+ <param pos="0" name="os.certainty" value="0.0"/>
42
+ <param pos="0" name="service.certainty" value="0.0"/>
31
43
  </fingerprint>
32
44
 
33
45
  <fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
34
46
  <description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
35
47
  <example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
36
48
  <example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
49
+ <param pos="0" name="hw.certainty" value="0.0"/>
50
+ <param pos="0" name="os.certainty" value="0.0"/>
51
+ <param pos="0" name="service.certainty" value="0.0"/>
37
52
  </fingerprint>
38
53
 
39
54
  <fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
40
55
  <description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
41
56
  <example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
57
+ <param pos="0" name="hw.certainty" value="0.0"/>
58
+ <param pos="0" name="os.certainty" value="0.0"/>
59
+ <param pos="0" name="service.certainty" value="0.0"/>
42
60
  </fingerprint>
43
61
 
44
62
  <fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
45
63
  <description>DigiCert SHA2 EV - generic -- assert nothing.</description>
46
64
  <example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
47
65
  <example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
66
+ <param pos="0" name="hw.certainty" value="0.0"/>
67
+ <param pos="0" name="os.certainty" value="0.0"/>
68
+ <param pos="0" name="service.certainty" value="0.0"/>
48
69
  </fingerprint>
49
70
 
50
71
  <fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
51
72
  <description>Sectigo RSA - generic -- assert nothing.</description>
52
73
  <example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
53
74
  <example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
75
+ <param pos="0" name="hw.certainty" value="0.0"/>
76
+ <param pos="0" name="os.certainty" value="0.0"/>
77
+ <param pos="0" name="service.certainty" value="0.0"/>
54
78
  </fingerprint>
55
79
 
56
80
  <fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
57
81
  <description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
58
82
  <example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
83
+ <param pos="0" name="hw.certainty" value="0.0"/>
84
+ <param pos="0" name="os.certainty" value="0.0"/>
85
+ <param pos="0" name="service.certainty" value="0.0"/>
59
86
  </fingerprint>
60
87
 
61
88
  <fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
62
89
  <description>Go Daddy G2 - generic -- assert nothing.</description>
63
90
  <example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
91
+ <param pos="0" name="hw.certainty" value="0.0"/>
92
+ <param pos="0" name="os.certainty" value="0.0"/>
93
+ <param pos="0" name="service.certainty" value="0.0"/>
64
94
  </fingerprint>
65
95
 
66
96
  <!-- Chromecast and various devices that support the Cast protocol -->
@@ -76,6 +106,7 @@
76
106
  <param pos="0" name="hw.vendor" value="Google"/>
77
107
  <param pos="0" name="hw.product" value="Chromecast"/>
78
108
  <param pos="0" name="hw.certainty" value="0.5"/>
109
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
79
110
  <param pos="0" name="chromecast.generation" value="1"/>
80
111
  </fingerprint>
81
112
 
@@ -97,6 +128,7 @@
97
128
  <param pos="0" name="hw.vendor" value="Google"/>
98
129
  <param pos="0" name="hw.product" value="Chromecast"/>
99
130
  <param pos="0" name="hw.certainty" value="0.5"/>
131
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
100
132
  <param pos="1" name="chromecast.generation"/>
101
133
  <param pos="2" name="chromecast.capabilities"/>
102
134
  </fingerprint>
@@ -304,10 +336,10 @@
304
336
  <param pos="0" name="service.vendor" value="Traefik Labs"/>
305
337
  <param pos="0" name="service.family" value="Traefik"/>
306
338
  <param pos="0" name="service.product" value="Traefik Proxy"/>
307
- <param pos="0" name="service.cpe23" value="cpe:/a:containous:traefik:-"/>
339
+ <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
308
340
  </fingerprint>
309
341
 
310
- <fingerprint pattern="^(?i)CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
342
+ <fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
311
343
  <description>WatchGuard Fireware</description>
312
344
  <example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
313
345
  <example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>
@@ -327,4 +359,39 @@
327
359
  <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
328
360
  </fingerprint>
329
361
 
362
+ <fingerprint pattern="^CN=Avaya cu360 (\S+)$">
363
+ <description>Avaya Video Conferencing Device - CU360</description>
364
+ <example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
365
+ <param pos="0" name="hw.vendor" value="Avaya"/>
366
+ <param pos="0" name="hw.device" value="Video Conference"/>
367
+ <param pos="0" name="hw.product" value="CU360"/>
368
+ <param pos="1" name="hw.serial_number"/>
369
+ </fingerprint>
370
+
371
+ <fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
372
+ <description>Roomba Device</description>
373
+ <example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
374
+ <param pos="0" name="hw.vendor" value="iRobot"/>
375
+ <param pos="0" name="hw.device" value="Device"/>
376
+ <param pos="0" name="hw.product" value="Roomba"/>
377
+ </fingerprint>
378
+
379
+ <fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
380
+ <description>FreshTomato Router Firmware</description>
381
+ <example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
382
+ <param pos="0" name="os.vendor" value="FreshTomato"/>
383
+ <param pos="0" name="os.family" value="Linux"/>
384
+ <param pos="0" name="os.product" value="FreshTomato"/>
385
+ <param pos="0" name="os.device" value="Router"/>
386
+ </fingerprint>
387
+
388
+ <fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
389
+ <description>Bosch Device</description>
390
+ <example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
391
+ <param pos="0" name="os.vendor" value="Bosch"/>
392
+ <param pos="0" name="hw.vendor" value="Bosch"/>
393
+ <param pos="1" name="hw.serial_number"/>
394
+ <param pos="2" name="host.mac"/>
395
+ </fingerprint>
396
+
330
397
  </fingerprints>