recog 2.3.20 → 2.3.23

data/xml/architecture.xml

@@ -16,28 +16,42 @@
     <param pos="0" name="os.arch" value="x86"/>
   </fingerprint>
 
-  <fingerprint pattern="PowerPC|PPC|POWER|ppc">
+  <fingerprint pattern="PowerPC|PPC|POWER" flags="REG_ICASE">
     <description>PowerPC</description>
+    <example>PowerPC</example>
+    <example>PPC</example>
+    <example>POWER</example>
+    <example>ppc</example>
     <param pos="0" name="os.arch" value="PowerPC"/>
   </fingerprint>
 
   <fingerprint pattern="SPARC" flags="REG_ICASE">
     <description>SPARC</description>
+    <example>SPARC</example>
+    <example>sparc</example>
     <param pos="0" name="os.arch" value="Sparc"/>
   </fingerprint>
 
   <fingerprint pattern="mips" flags="REG_ICASE">
     <description>MIPS</description>
+    <example>MIPS</example>
+    <example>mips</example>
     <param pos="0" name="os.arch" value="MIPS"/>
   </fingerprint>
 
   <fingerprint pattern="arm64|aarch64" flags="REG_ICASE">
     <description>ARM64 (aarch64)</description>
+    <example>arm64</example>
+    <example>ARM64</example>
+    <example>aarch64</example>
+    <example>AARCH64</example>
     <param pos="0" name="os.arch" value="ARM64"/>
   </fingerprint>
 
   <fingerprint pattern="arm" flags="REG_ICASE">
     <description>ARM</description>
+    <example>arm</example>
+    <example>ARM</example>
     <param pos="0" name="os.arch" value="ARM"/>
   </fingerprint>
 

data/xml/dhcp_vendor_class.xml

@@ -0,0 +1,206 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<fingerprints matches="dhcp_vendor_class" protocol="dhcp" database_type="service">
+  <!--
+    Fingerprint definitions that are matched against the string values in the
+    dhcp message vi_vendor_class field
+    This field is Option 60 as defined in RFC 2132 section 9.13.
+    The vi_vendor_class field can be found in client discover (1), request (3)
+    and inform (8) messages.
+  -->
+
+  <fingerprint pattern="^Mfg=(?:Fuji)?(?i:Xerox);Typ=(?:MFP|printer);Mod=(?:Xerox )?(\S+) ([a-zA-Z0-9]+).*;Ser=([A-Z0-9]{9})(?:;Loc=.*)?$">
+    <description>Xerox Multifunction Printer</description>
+    <example hw.family="VersaLink" hw.model="C405" hw.serial_number="ABC123456">Mfg=Xerox;Typ=MFP;Mod=VersaLink C405;Ser=ABC123456;Loc=Print Room</example>
+    <example hw.family="AltaLink" hw.model="C8055" hw.serial_number="1AB234567">Mfg=Xerox;Typ=MFP;Mod=Xerox AltaLink C8055 Multifunction Printer;Ser=1AB234567;Loc=Print Room2</example>
+    <example hw.family="WorkCentre" hw.model="3345" hw.serial_number="1AB234567">Mfg=XEROX;Typ=MFP;Mod=WorkCentre 3345;Ser=1AB234567;Loc=</example>
+    <example hw.family="WorkCentre" hw.model="7845" hw.serial_number="AB1234567">Mfg=Xerox;Typ=MFP;Mod=Xerox WorkCentre 7845 v1 Multifunction System;Ser=AB1234567;Loc=</example>
+    <example hw.family="Phaser" hw.model="6500DN" hw.serial_number="ABC123456">Mfg=FujiXerox;Typ=printer;Mod=Phaser 6500DN;Ser=ABC123456</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Xerox"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="Xerox"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Mfg=Hewlett Packard;Typ=Printer;Mod=HP (LaserJet 200|LaserJet 400) (?:color |colorMFP |MFP )?(M\d+\S+);Ser=([A-Z0-9]{10});$">
+    <description>HP Multifunction Printer</description>
+    <example hw.family="LaserJet 200" hw.model="M276nw" hw.serial_number="ABC1DE2F3G">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 200 colorMFP M276nw;Ser=ABC1DE2F3G;</example>
+    <example hw.family="LaserJet 400" hw.model="M401dne" hw.serial_number="ABCDE12345">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 M401dne;Ser=ABCDE12345;</example>
+    <example hw.family="LaserJet 400" hw.model="M401dw" hw.serial_number="ABCDE12345">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 M401dw;Ser=ABCDE12345;</example>
+    <example hw.family="LaserJet 400" hw.model="M401n" hw.serial_number="ABCDE12345">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 M401n;Ser=ABCDE12345;</example>
+    <example hw.family="LaserJet 400" hw.model="M425dn" hw.serial_number="ABC1D23E4E">Mfg=Hewlett Packard;Typ=Printer;Mod=HP LaserJet 400 MFP M425dn;Ser=ABC1D23E4E;</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="HP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.serial_number"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Hewlett-Packard|HP) (OfficeJet|LaserJet|Printer|JetDirect)$">
+    <description>HP Printer</description>
+    <example hw.family="LaserJet">Hewlett-Packard LaserJet</example>
+    <example hw.family="OfficeJet">Hewlett-Packard OfficeJet</example>
+    <example hw.family="LaserJet">HP LaserJet</example>
+    <example hw.family="Printer">HP Printer</example>
+    <example hw.family="JetDirect">Hewlett-Packard JetDirect</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="HP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Mfg=LEXMARK;Typ=(?:MFP|Printer);Mod=Lexmark (\S+);Ser=([A-Z0-9]{13});$">
+    <description>Lexmark Printer</description>
+    <example hw.model="MX410de" hw.serial_number="12345ABC6D7EF">Mfg=LEXMARK;Typ=MFP;Mod=Lexmark MX410de;Ser=12345ABC6D7EF;</example>
+    <example hw.model="MS310dn" hw.serial_number="123456AB7C8DE">Mfg=LEXMARK;Typ=Printer;Mod=Lexmark MS310dn;Ser=123456AB7C8DE;</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Lexmark"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.serial_number"/>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Canon iR-ADV (C?\d+ ?\S*)$">
+    <description>Canon imageRunner Printer</description>
+    <example hw.model="C5535 III">Canon iR-ADV C5535 III</example>
+    <example hw.model="C350">Canon iR-ADV C350</example>
+    <example hw.model="4545 III">Canon iR-ADV 4545 III</example>
+    <example hw.model="525">Canon iR-ADV 525</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Canon"/>
+    <param pos="0" name="hw.family" value="imageRunner"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="Canon"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Canon (D\d+) Series$">
+    <description>Canon imageClass Printer</description>
+    <example hw.model="D1600">Canon D1600 Series</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Canon"/>
+    <param pos="0" name="hw.family" value="imageClass"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="0" name="os.vendor" value="Canon"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Polycom-(VVX\d{3})$">
+    <description>Polycom IP Phone</description>
+    <example hw.product="VVX410" hw.model="VVX410">Polycom-VVX410</example>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="VVX"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="{hw.model}"/>
+    <param pos="0" name="os.vendor" value="Polycom"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Aruba\s(JL\d+A)\s(\d+[A-Z]?)\S+\sSwitch(?:\sdslforum.org)?$">
+    <description>HP Aruba Network Switch</description>
+    <example hw.product="JL075A" hw.family="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
+    <example hw.product="JL253A" hw.family="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
+    <example hw.product="JL256A" hw.family="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
+    <example hw.product="JL258A" hw.family="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
+    <example hw.product="JL357A" hw.family="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
+    <param pos="0" name="hw.device" value="Switch"/>
+    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.family"/>
+    <param pos="0" name="os.vendor" value="Aruba Networks"/>
+  </fingerprint>
+
+  <fingerprint pattern="^AXIS,(?:PTZ Dome )?Network Camera,(.*),([\d\.]+)$">
+    <description>Axis Network Camera</description>
+    <example hw.model="P3343" os.version="5.20.3">AXIS,Network Camera,P3343,5.20.3</example>
+    <example hw.model="M5014" os.version="5.50.3.7">AXIS,PTZ Dome Network Camera,M5014,5.50.3.7</example>
+    <example hw.model="P3225-LV Mk II" os.version="9.70.1.5">AXIS,Network Camera,P3225-LV Mk II,9.70.1.5</example>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+    <param pos="0" name="hw.vendor" value="AXIS"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^AXIS,(?:Network Video Encoder|Video Server),(\S+),([\d\.]+)$">
+    <description>Axis Video Encoder</description>
+    <example hw.model="M7011" os.version="5.90.1">AXIS,Network Video Encoder,M7011,5.90.1</example>
+    <param pos="0" name="hw.device" value="Video Encoder"/>
+    <param pos="0" name="hw.vendor" value="AXIS"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^AXIS,Network IO Audio Module,(\S+),([\d\.]+)$">
+    <description>Axis IO Audio Module</description>
+    <example hw.model="P8221" os.version="5.10.2">AXIS,Network IO Audio Module,P8221,5.10.2</example>
+    <param pos="0" name="hw.device" value="Audio Encoder"/>
+    <param pos="0" name="hw.vendor" value="AXIS"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^PCoIP Endpoint$">
+    <description>PCoIP Endpoint Device</description>
+    <example>PCoIP Endpoint</example>
+    <param pos="0" name="hw.device" value="Thin Client"/>
+    <param pos="0" name="hw.product" value="PCoIP Endpoint Device"/>
+    <param pos="0" name="os.vendor" value="Teradici"/>
+    <param pos="0" name="os.family" value="Teradici"/>
+  </fingerprint>
+
+  <fingerprint pattern="^android-dhcp-([\d\.]*)$">
+    <description>Android Device</description>
+    <example os.version="7.1.1">android-dhcp-7.1.1</example>
+    <param pos="0" name="os.vendor" value="Google"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Android"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:google:android:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^dhcpcd-(?:[\d\.]+):Linux-([\d\.]+).*:(\S*):">
+    <description>Linux</description>
+    <example os.version="4.14.78" os.arch="armv7l">dhcpcd-6.11.5:Linux-4.14.78:armv7l:Freescale</example>
+    <example os.version="4.19.155" os.arch="x86_64">dhcpcd-6.8.2:Linux-4.19.155-10581-g8bdb5ed8e80c:x86_64:GenuineIntel</example>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.arch"/>
+  </fingerprint>
+
+  <fingerprint pattern="^SAMSUNG Network Printer$">
+    <description>Samsung Network Printer</description>
+    <example>SAMSUNG Network Printer</example>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Samsung"/>
+    <param pos="0" name="os.vendor" value="Samsung"/>
+  </fingerprint>
+
+  <fingerprint pattern="^MERAKI$">
+    <description>MERAKI Device</description>
+    <example>MERAKI</example>
+    <param pos="0" name="hw.vendor" value="Meraki"/>
+    <param pos="0" name="os.vendor" value="Meraki"/>
+  </fingerprint>
+
+  <fingerprint pattern="^MSFT 5.0$">
+    <description>Microsoft Windows Device</description>
+    <example>MSFT 5.0</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+  </fingerprint>
+
+</fingerprints>

data/xml/dns_versionbind.xml

@@ -17,30 +17,40 @@
   <fingerprint pattern="^$">
     <description>empty string -- assert nothing.</description>
     <example/>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^none$">
     <description>bare 'none' -- assert nothing.</description>
     <example>none</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^null$">
     <description>bare 'null' -- assert nothing.</description>
     <example>null</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="(?i)^unknown$">
     <description>bare 'unknown' -- assert nothing.</description>
     <example>unknown</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^no version$">
     <description>bare 'no version' -- assert nothing.</description>
     <example>no version</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
@@ -58,8 +68,8 @@
     <example service.version="9.3.6-P1" os.version="5" os.version.version="11">9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12</example>
     <example service.version="9.9.1-P3" os.version="6">9.9.1-P3-RedHat-9.9.1.P3.el6</example>
     <example service.version="9.9.3-rpz2+rl.13208.13-P2" os.version="6">9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6</example>
-    <example os.version="6" os.version.version="1">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
-    <example os.version="6" os.version.version="">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
+    <example os.version="6" os.version.version="1" service.version="9.7.3-P3">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
+    <example os.version="6" os.version.version="" service.version="9.8.2rc1">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
@@ -75,21 +85,21 @@
 
   <fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
     <description>ISC BIND: Fedora</description>
-    <example service.version="9.10.4-P8">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
+    <example service.version="9.10.4-P8" os.version="25">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
     <!-- The '-rl' in the example below indicates a rate limiting patch -->
 
-    <example service.version="9.9.3-rl.13207.22-P2">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
-    <example os.version="10">9.5.2-RedHat-9.5.2-1.fc10</example>
+    <example service.version="9.9.3-rl.13207.22-P2" os.version="19">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
+    <example os.version="10" service.version="9.5.2">9.5.2-RedHat-9.5.2-1.fc10</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="2" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
@@ -709,8 +719,11 @@
   -->
 
   <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
-    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
+    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something -- assert nothing.</description>
     <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
@@ -833,8 +846,8 @@
 
   <fingerprint pattern="^ALU DNS ([\d\.]+) Build (\d+)$">
     <description>ALU (Alcatel Lucent?) DNS</description>
-    <example service.version="6.2">ALU DNS 6.2 Build 22</example>
-    <example service.version.version="9">ALU DNS 6.2 Build 9</example>
+    <example service.version="6.2" service.version.version="22">ALU DNS 6.2 Build 22</example>
+    <example service.version.version="9" service.version="6.2">ALU DNS 6.2 Build 9</example>
     <param pos="0" name="service.vendor" value="ALU"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
@@ -900,8 +913,8 @@
 
   <fingerprint pattern="^Meta IP[\s\/]DNS (?:V[\d\.]+ )?- BIND V([\d\.]+(?:-REL)?) \(Build (\d+)\s?\)$">
     <description>Check Point Meta IP</description>
-    <example service.version="8.2.7-REL">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
-    <example service.version.version="4704">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
+    <example service.version="8.2.7-REL" service.version.version="31">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
+    <example service.version.version="4704" service.version="8.1.2">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
     <param pos="0" name="service.vendor" value="Check Point"/>
     <param pos="0" name="service.family" value="META IP"/>
     <param pos="0" name="service.product" value="DNS"/>