recog 2.3.21 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/verify.yml +89 -0
  4. data/CONTRIBUTING.md +6 -0
  5. data/README.md +17 -0
  6. data/bin/recog_standardize +28 -13
  7. data/bin/recog_verify +1 -2
  8. data/cpe-remap.yaml +13 -0
  9. data/features/verify.feature +14 -14
  10. data/identifiers/fields.txt +5 -4
  11. data/identifiers/hw_device.txt +6 -0
  12. data/identifiers/hw_family.txt +8 -0
  13. data/identifiers/hw_product.txt +51 -0
  14. data/identifiers/os_family.txt +1 -0
  15. data/identifiers/os_product.txt +10 -0
  16. data/identifiers/service_product.txt +12 -0
  17. data/identifiers/vendor.txt +49 -0
  18. data/lib/recog/db.rb +2 -1
  19. data/lib/recog/fingerprint.rb +18 -5
  20. data/lib/recog/verifier.rb +5 -5
  21. data/lib/recog/verifier_factory.rb +3 -3
  22. data/lib/recog/verify_reporter.rb +14 -4
  23. data/lib/recog/version.rb +1 -1
  24. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  25. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  26. data/tools/dev/hooks/pre-commit +21 -0
  27. data/update_cpes.py +1 -1
  28. data/xml/apache_os.xml +38 -38
  29. data/xml/dhcp_vendor_class.xml +206 -0
  30. data/xml/favicons.xml +148 -42
  31. data/xml/ftp_banners.xml +30 -16
  32. data/xml/h323_callresp.xml +99 -99
  33. data/xml/hp_pjl_id.xml +3 -3
  34. data/xml/html_title.xml +502 -25
  35. data/xml/http_cookies.xml +64 -56
  36. data/xml/http_servers.xml +74 -14
  37. data/xml/http_wwwauth.xml +107 -38
  38. data/xml/imap_banners.xml +3 -3
  39. data/xml/mdns_device-info_txt.xml +389 -26
  40. data/xml/mysql_banners.xml +1 -1
  41. data/xml/nntp_banners.xml +3 -3
  42. data/xml/ntp_banners.xml +64 -64
  43. data/xml/operating_system.xml +3 -3
  44. data/xml/pop_banners.xml +7 -7
  45. data/xml/rsh_resp.xml +3 -3
  46. data/xml/sip_banners.xml +27 -0
  47. data/xml/sip_user_agents.xml +54 -1
  48. data/xml/smtp_banners.xml +15 -15
  49. data/xml/smtp_ehlo.xml +1 -1
  50. data/xml/smtp_help.xml +10 -10
  51. data/xml/smtp_noop.xml +2 -2
  52. data/xml/snmp_sysdescr.xml +325 -200
  53. data/xml/snmp_sysobjid.xml +25 -25
  54. data/xml/ssh_banners.xml +7 -5
  55. data/xml/telnet_banners.xml +155 -20
  56. data/xml/tls_jarm.xml +26 -4
  57. data/xml/x509_issuers.xml +36 -0
  58. data/xml/x509_subjects.xml +136 -35
  59. metadata +7 -3
data/lib/recog/fingerprint.rb CHANGED
@@ -31,7 +31,8 @@ class Fingerprint
31
31
  # @param xml [Nokogiri::XML::Element]
32
32
  # @param match_key [String] See Recog::DB
33
33
  # @param protocol [String] Protocol such as ftp, mssql, http, etc.
34
- def initialize(xml, match_key=nil, protocol=nil)
34
+ # @param filepath [String] Directory path for fingerprint example files
35
+ def initialize(xml, match_key=nil, protocol=nil, filepath=nil)
35
36
  @match_key = match_key
36
37
  @protocol = protocol
37
38
  @name = parse_description(xml)
@@ -40,7 +41,7 @@ class Fingerprint
40
41
  @tests = []
41
42
 
42
43
  @protocol.downcase! if @protocol
43
- parse_examples(xml)
44
+ parse_examples(xml, filepath)
44
45
  parse_params(xml)
45
46
  end
46
47
 
@@ -176,6 +177,7 @@ class Fingerprint
176
177
  # out correctly and match the capture group values we expect.
177
178
  test.attributes.each do |k, v|
178
179
  next if k == '_encoding'
180
+ next if k == '_filename'
179
181
  if !result.has_key?(k) || result[k] != v
180
182
  message = "'#{@name}' failed to find expected capture group #{k} '#{v}'. Result was #{result[k]}"
181
183
  status = :fail
@@ -223,7 +225,7 @@ class Fingerprint
223
225
  capture_group_used.each do |param_name, param_used|
224
226
  if !param_used
225
227
  message = "'#{@name}' is missing an example that checks for parameter '#{param_name}' " +
226
- "messsage which is derived from a capture group"
228
+ "which is derived from a capture group"
227
229
  yield :warn, message
228
230
  end
229
231
  end
@@ -247,14 +249,25 @@ class Fingerprint
247
249
  end
248
250
 
249
251
  # @param xml [Nokogiri::XML::Element]
252
+ # @param filepath [String] Directory path for fingerprint example files
250
253
  # @return [void]
251
- def parse_examples(xml)
254
+ def parse_examples(xml, filepath)
252
255
  elements = xml.xpath('example')
253
256
 
254
257
  elements.each do |elem|
255
258
  # convert nokogiri Attributes into a hash of name => value
256
259
  attrs = elem.attributes.values.reduce({}) { |a,e| a.merge(e.name => e.value) }
257
- @tests << Test.new(elem.content, attrs)
260
+ if attrs["_filename"]
261
+ contents = ""
262
+ fn = File.join(filepath, attrs["_filename"])
263
+ File.open(fn, "rb") do |file|
264
+ contents = file.read
265
+ contents.force_encoding(Encoding::ASCII_8BIT)
266
+ end
267
+ @tests << Test.new(contents, attrs)
268
+ else
269
+ @tests << Test.new(elem.content, attrs)
270
+ end
258
271
  end
259
272
 
260
273
  nil
data/lib/recog/verifier.rb CHANGED
@@ -1,15 +1,15 @@
1
1
  module Recog
2
2
  class Verifier
3
- attr_reader :fingerprints, :reporter
3
+ attr_reader :db, :reporter
4
4
 
5
- def initialize(fingerprints, reporter)
6
- @fingerprints = fingerprints
5
+ def initialize(db, reporter)
6
+ @db = db
7
7
  @reporter = reporter
8
8
  end
9
9
 
10
10
  def verify
11
- reporter.report(fingerprints.count) do
12
- fingerprints.each do |fp|
11
+ reporter.report(db.fingerprints.count) do
12
+ db.fingerprints.each do |fp|
13
13
  reporter.print_name fp
14
14
 
15
15
  fp.verify_params do |status, message|
data/lib/recog/verifier_factory.rb CHANGED
@@ -4,10 +4,10 @@ require 'recog/verify_reporter'
4
4
 
5
5
  module Recog
6
6
  module VerifierFactory
7
- def self.build(options)
7
+ def self.build(options, db)
8
8
  formatter = Formatter.new(options, $stdout)
9
- reporter = VerifyReporter.new(options, formatter)
10
- Verifier.new(options.fingerprints, reporter)
9
+ reporter = VerifyReporter.new(options, formatter, db.path)
10
+ Verifier.new(db, reporter)
11
11
  end
12
12
  end
13
13
  end
data/lib/recog/verify_reporter.rb CHANGED
@@ -3,14 +3,18 @@ class VerifyReporter
3
3
  attr_reader :formatter
4
4
  attr_reader :success_count, :warning_count, :failure_count
5
5
 
6
- def initialize(options, formatter)
6
+ def initialize(options, formatter, path=nil)
7
7
  @options = options
8
8
  @formatter = formatter
9
+ @path = path
9
10
  reset_counts
10
11
  end
11
12
 
12
13
  def report(fingerprint_count)
13
14
  reset_counts
15
+ if detail? and !@path.to_s.empty?
16
+ formatter.status_message("\n#{@path}:\n")
17
+ end
14
18
  yield self
15
19
  summarize(fingerprint_count) unless @options.quiet
16
20
  end
@@ -23,12 +27,12 @@ class VerifyReporter
23
27
  def warning(text)
24
28
  return unless @options.warnings
25
29
  @warning_count += 1
26
- formatter.warning_message("#{padding}#{text}")
30
+ formatter.warning_message("#{path_label}#{padding}#{text}")
27
31
  end
28
32
 
29
33
  def failure(text)
30
34
  @failure_count += 1
31
- formatter.failure_message("#{padding}#{text}")
35
+ formatter.failure_message("#{path_label}#{padding}#{text}")
32
36
  end
33
37
 
34
38
  def print_name(fingerprint)
@@ -61,12 +65,18 @@ class VerifyReporter
61
65
  @options.detail
62
66
  end
63
67
 
68
+ def path_label
69
+ unless detail?
70
+ @path.to_s.empty? ? "" : "#{@path}: "
71
+ end
72
+ end
73
+
64
74
  def padding
65
75
  ' ' if @options.detail
66
76
  end
67
77
 
68
78
  def summary_line
69
- summary = "SUMMARY: Test completed with "
79
+ summary = "#{path_label}SUMMARY: Test completed with "
70
80
  summary << "#{@success_count} successful"
71
81
  summary << ", #{@warning_count} warnings"
72
82
  summary << ", and #{@failure_count} failures"
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.3.21'
2
+ VERSION = '2.3.22'
3
3
  end
data/spec/lib/fingerprint_self_test_spec.rb CHANGED
@@ -151,6 +151,7 @@ describe Recog::DB do
151
151
  # test any extractions specified in the example
152
152
  example.attributes.each_pair do |k,v|
153
153
  next if k == '_encoding'
154
+ next if k == '_filename'
154
155
  expect(match[k]).to eq(v), "Regex didn't extract expected value for fingerprint attribute #{k} -- got #{match[k]} instead of #{v}"
155
156
  end
156
157
  end
data/spec/lib/recog/verify_reporter_spec.rb CHANGED
@@ -7,6 +7,7 @@ describe Recog::VerifyReporter do
7
7
  let(:summary_line) do
8
8
  "SUMMARY: Test completed with 1 successful, 1 warnings, and 1 failures"
9
9
  end
10
+ let(:path) { "fingerprint.xml" }
10
11
 
11
12
  subject { Recog::VerifyReporter.new(double(detail: false, quiet: false, warnings: true), formatter) }
12
13
 
@@ -77,6 +78,74 @@ describe Recog::VerifyReporter do
77
78
  end
78
79
  end
79
80
  end
81
+
82
+ context "with fingerprint path" do
83
+
84
+ subject { Recog::VerifyReporter.new(double(detail: false, quiet: false, warnings: true), formatter, path) }
85
+
86
+ it "prints warnings" do
87
+ expect(formatter).to receive(:warning_message).with("#{path}: a warning")
88
+ run_report
89
+ end
90
+
91
+ it "prints failures" do
92
+ expect(formatter).to receive(:failure_message).with("#{path}: a failure")
93
+ run_report
94
+ end
95
+
96
+ it "prints summary" do
97
+ expect(formatter).to receive(:failure_message).with("#{path}: #{summary_line}")
98
+ run_report
99
+ end
100
+ end
101
+
102
+ context "with fingerprint path and detail" do
103
+ subject { Recog::VerifyReporter.new(double(detail: true, quiet: false, warnings: true), formatter, path) }
104
+
105
+ it "prints the fingerprint path" do
106
+ expect(formatter).to receive(:status_message).with("\n#{path}:\n")
107
+ run_report
108
+ end
109
+
110
+ it "prints the fingerprint name" do
111
+ expect(formatter).to receive(:status_message).with("\na name")
112
+ run_report
113
+ end
114
+
115
+ it "prints successes" do
116
+ expect(formatter).to receive(:success_message).with(' passed')
117
+ run_report
118
+ end
119
+
120
+ it "prints warnings" do
121
+ expect(formatter).to receive(:warning_message).with(' a warning')
122
+ run_report
123
+ end
124
+
125
+ it "prints failures" do
126
+ expect(formatter).to receive(:failure_message).with(' a failure')
127
+ run_report
128
+ end
129
+
130
+ it "prints the fingerprint count" do
131
+ expect(formatter).to receive(:status_message).with("\nVerified 1 fingerprints:")
132
+ run_report
133
+ end
134
+
135
+ it "prints summary" do
136
+ expect(formatter).to receive(:failure_message).with(summary_line)
137
+ run_report
138
+ end
139
+
140
+ context "with no fingerprint tests" do
141
+ let(:tests) { [] }
142
+
143
+ it "does not print the name" do
144
+ expect(formatter).not_to receive(:status_message).with("\na name")
145
+ run_report
146
+ end
147
+ end
148
+ end
80
149
  end
81
150
 
82
151
  describe "#print_summary" do
data/tools/dev/hooks/pre-commit ADDED
@@ -0,0 +1,21 @@
1
+ #!/bin/sh
2
+ #
3
+ # Hook script to verify changes about to be committed.
4
+ # The hook should exit with non-zero status after issuing an appropriate
5
+ # message if it wants to stop the commit.
6
+
7
+ # Verify that each fingerprint asserts known identifiers.
8
+ git diff --cached --name-only --diff-filter=ACM -z xml/*.xml | xargs -0 ./bin/recog_standardize --write
9
+
10
+ # get status
11
+ status=$?
12
+
13
+ if [ $status -ne 0 ]; then
14
+ echo "Please review any new additions to the text files under 'identifiers/'."
15
+ echo "If any of these names are close to an existing name, update the offending"
16
+ echo "fingerprint to use the existing name instead. Once the fingerprints are fixed,"
17
+ echo "remove the 'extra' names from the identifiers files, and run the tool again."
18
+ exit 1
19
+ fi
20
+
21
+ exit 0
data/update_cpes.py CHANGED
@@ -64,7 +64,7 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
64
64
  these values to more correct values used by NIST.
65
65
 
66
66
  For example, the remapping might tell us that a value of 'alpine' for the
67
- vendor string should be 'aplinelinux' instead, or for product 'solaris'
67
+ vendor string should be 'alpinelinux' instead, or for product 'solaris'
68
68
  should be 'sunos'.
69
69
 
70
70
  This function should only emit values seen in the official NIST CPE list
data/xml/apache_os.xml CHANGED
@@ -6,7 +6,7 @@
6
6
  against the following patterns to extract OS information.
7
7
  -->
8
8
 
9
- <fingerprint pattern=".*\(iSeries\).*">
9
+ <fingerprint pattern="\(iSeries\)">
10
10
  <description>IBM i5/OS iSeries (OS/400)</description>
11
11
  <param pos="0" name="os.vendor" value="IBM"/>
12
12
  <param pos="0" name="os.family" value="OS/400"/>
@@ -14,7 +14,7 @@
14
14
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
15
15
  </fingerprint>
16
16
 
17
- <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.92mdk\).*">
17
+ <fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.92mdk\)">
18
18
  <description>Mandriva (formerly Mandrake) Linux 9.2</description>
19
19
  <param pos="0" name="os.certainty" value="0.9"/>
20
20
  <param pos="0" name="os.vendor" value="Mandriva"/>
@@ -24,7 +24,7 @@
24
24
  <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:9.2"/>
25
25
  </fingerprint>
26
26
 
27
- <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.100mdk\).*">
27
+ <fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.100mdk\)">
28
28
  <description>Mandriva (formerly Mandrake) Linux 10.0</description>
29
29
  <param pos="0" name="os.certainty" value="0.9"/>
30
30
  <param pos="0" name="os.vendor" value="Mandriva"/>
@@ -34,7 +34,7 @@
34
34
  <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:10.0"/>
35
35
  </fingerprint>
36
36
 
37
- <fingerprint pattern=".*\((?:Mandrake|Mandriva) Linux/.*">
37
+ <fingerprint pattern="\((?:Mandrake|Mandriva) Linux/">
38
38
  <description>Mandriva (formerly Mandrake) Linux unknown version</description>
39
39
  <param pos="0" name="os.vendor" value="Mandriva"/>
40
40
  <param pos="0" name="os.family" value="Linux"/>
@@ -42,7 +42,7 @@
42
42
  <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
43
43
  </fingerprint>
44
44
 
45
- <fingerprint pattern=".*\(Mandrakelinux/.*">
45
+ <fingerprint pattern="\(Mandrakelinux/">
46
46
  <description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
47
47
  <param pos="0" name="os.vendor" value="Mandriva"/>
48
48
  <param pos="0" name="os.family" value="Linux"/>
@@ -50,14 +50,14 @@
50
50
  <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
51
51
  </fingerprint>
52
52
 
53
- <fingerprint pattern=".*\(PalmOS\).*">
53
+ <fingerprint pattern="\(PalmOS\)">
54
54
  <description>PalmOS</description>
55
55
  <param pos="0" name="os.vendor" value="Palm"/>
56
56
  <param pos="0" name="os.family" value="PalmOS"/>
57
57
  <param pos="0" name="os.product" value="PalmOS"/>
58
58
  </fingerprint>
59
59
 
60
- <fingerprint pattern=".*\(Win32\).*">
60
+ <fingerprint pattern="\(Win32\)">
61
61
  <description>Microsoft Windows</description>
62
62
  <param pos="0" name="os.certainty" value="0.75"/>
63
63
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -66,7 +66,7 @@
66
66
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
67
67
  </fingerprint>
68
68
 
69
- <fingerprint pattern=".*\(Darwin\).*">
69
+ <fingerprint pattern="\(Darwin\)">
70
70
  <description>Apple Mac OS X</description>
71
71
  <param pos="0" name="os.vendor" value="Apple"/>
72
72
  <param pos="0" name="os.family" value="Mac OS X"/>
@@ -74,7 +74,7 @@
74
74
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
75
75
  </fingerprint>
76
76
 
77
- <fingerprint pattern=".*\(Ubuntu\).*">
77
+ <fingerprint pattern="\(Ubuntu\)">
78
78
  <description>Ubuntu</description>
79
79
  <param pos="0" name="os.vendor" value="Ubuntu"/>
80
80
  <param pos="0" name="os.family" value="Linux"/>
@@ -82,21 +82,21 @@
82
82
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
83
83
  </fingerprint>
84
84
 
85
- <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?.*">
85
+ <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?">
86
86
  <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
87
87
  <param pos="0" name="os.vendor" value="Sun"/>
88
88
  <param pos="0" name="os.family" value="Linux"/>
89
89
  <param pos="0" name="os.product" value="Cobalt RaQ"/>
90
90
  </fingerprint>
91
91
 
92
- <fingerprint pattern=".*\(BlueQuartz\).*">
92
+ <fingerprint pattern="\(BlueQuartz\)">
93
93
  <description>Blue Quartz is created by a Cobalt RaQ UG</description>
94
94
  <param pos="0" name="os.vendor" value="Sun"/>
95
95
  <param pos="0" name="os.family" value="Linux"/>
96
96
  <param pos="0" name="os.product" value="Cobalt RaQ"/>
97
97
  </fingerprint>
98
98
 
99
- <fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\).*">
99
+ <fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)">
100
100
  <description>Red Hat Fedora 11</description>
101
101
  <param pos="0" name="os.vendor" value="Red Hat"/>
102
102
  <param pos="0" name="os.family" value="Linux"/>
@@ -105,7 +105,7 @@
105
105
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
106
106
  </fingerprint>
107
107
 
108
- <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\).*">
108
+ <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)">
109
109
  <description>Red Hat Fedora 13</description>
110
110
  <param pos="0" name="os.vendor" value="Red Hat"/>
111
111
  <param pos="0" name="os.family" value="Linux"/>
@@ -114,7 +114,7 @@
114
114
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
115
115
  </fingerprint>
116
116
 
117
- <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\).*">
117
+ <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)">
118
118
  <description>Red Hat Fedora 14</description>
119
119
  <param pos="0" name="os.vendor" value="Red Hat"/>
120
120
  <param pos="0" name="os.family" value="Linux"/>
@@ -123,7 +123,7 @@
123
123
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
124
124
  </fingerprint>
125
125
 
126
- <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\).*">
126
+ <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)">
127
127
  <description>Red Hat Fedora 17</description>
128
128
  <param pos="0" name="os.vendor" value="Red Hat"/>
129
129
  <param pos="0" name="os.family" value="Linux"/>
@@ -132,7 +132,7 @@
132
132
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
133
133
  </fingerprint>
134
134
 
135
- <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\).*">
135
+ <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)">
136
136
  <description>Red Hat Fedora 18</description>
137
137
  <param pos="0" name="os.vendor" value="Red Hat"/>
138
138
  <param pos="0" name="os.family" value="Linux"/>
@@ -141,7 +141,7 @@
141
141
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
142
142
  </fingerprint>
143
143
 
144
- <fingerprint pattern=".*\(Fedora\).*">
144
+ <fingerprint pattern="\(Fedora\)">
145
145
  <description>Red Hat Fedora</description>
146
146
  <param pos="0" name="os.vendor" value="Red Hat"/>
147
147
  <param pos="0" name="os.family" value="Linux"/>
@@ -149,7 +149,7 @@
149
149
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
150
150
  </fingerprint>
151
151
 
152
- <fingerprint pattern=".*\(RHEL\).*">
152
+ <fingerprint pattern="\(RHEL\)">
153
153
  <description>Red Hat Enterprise Linux</description>
154
154
  <param pos="0" name="os.vendor" value="Red Hat"/>
155
155
  <param pos="0" name="os.family" value="Linux"/>
@@ -157,7 +157,7 @@
157
157
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
158
158
  </fingerprint>
159
159
 
160
- <fingerprint pattern=".*\(Red[ -]Hat(?:[/ ]Linux)?\).*">
160
+ <fingerprint pattern="\(Red[ -]Hat(?:[/ ]Linux)?\)">
161
161
  <description>Red Hat Linux</description>
162
162
  <param pos="0" name="os.vendor" value="Red Hat"/>
163
163
  <param pos="0" name="os.family" value="Linux"/>
@@ -165,7 +165,7 @@
165
165
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
166
166
  </fingerprint>
167
167
 
168
- <fingerprint pattern=".*\(Red Hat Enterprise (?:Linux)?\).*">
168
+ <fingerprint pattern="\(Red Hat Enterprise (?:Linux)?\)">
169
169
  <description>Apache OS: Red Hat Enterprise Linux</description>
170
170
  <example os.vendor="Red Hat">Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips</example>
171
171
  <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -174,7 +174,7 @@
174
174
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
175
175
  </fingerprint>
176
176
 
177
- <fingerprint pattern=".*Debian(?:[/ ]GNU)?(?:/Linux)?.*">
177
+ <fingerprint pattern="Debian(?:[/ ]GNU)?(?:/Linux)?">
178
178
  <description>Debian Linux</description>
179
179
  <param pos="0" name="os.vendor" value="Debian"/>
180
180
  <param pos="0" name="os.family" value="Linux"/>
@@ -182,7 +182,7 @@
182
182
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
183
183
  </fingerprint>
184
184
 
185
- <fingerprint pattern=".*\((?:Linux/)?S[uU]SE(?:/Linux)?\).*">
185
+ <fingerprint pattern="\((?:Linux/)?S[uU]SE(?:/Linux)?\)">
186
186
  <description>Novell SuSE Linux</description>
187
187
  <param pos="0" name="os.vendor" value="SuSE"/>
188
188
  <param pos="0" name="os.family" value="Linux"/>
@@ -190,7 +190,7 @@
190
190
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:-"/>
191
191
  </fingerprint>
192
192
 
193
- <fingerprint pattern=".*\(NETWARE\).*">
193
+ <fingerprint pattern="\(NETWARE\)">
194
194
  <description>Novell NetWare</description>
195
195
  <param pos="0" name="os.vendor" value="Novell"/>
196
196
  <param pos="0" name="os.family" value="NetWare"/>
@@ -198,7 +198,7 @@
198
198
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
199
199
  </fingerprint>
200
200
 
201
- <fingerprint pattern=".*HP-UX_Apache-based_Web_Server.*">
201
+ <fingerprint pattern="HP-UX_Apache-based_Web_Server">
202
202
  <description>HP HP-UX</description>
203
203
  <param pos="0" name="os.vendor" value="HP"/>
204
204
  <param pos="0" name="os.family" value="HP-UX"/>
@@ -206,7 +206,7 @@
206
206
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
207
207
  </fingerprint>
208
208
 
209
- <fingerprint pattern=".*\(CentOS\).*">
209
+ <fingerprint pattern="\(CentOS\)">
210
210
  <description>CentOS Linux</description>
211
211
  <param pos="0" name="os.vendor" value="CentOS"/>
212
212
  <param pos="0" name="os.family" value="Linux"/>
@@ -214,14 +214,14 @@
214
214
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
215
215
  </fingerprint>
216
216
 
217
- <fingerprint pattern=".*\(Turbolinux\).*">
217
+ <fingerprint pattern="\(Turbolinux\)">
218
218
  <description>Turbolinux</description>
219
219
  <param pos="0" name="os.vendor" value="Turbolinux"/>
220
220
  <param pos="0" name="os.family" value="Linux"/>
221
221
  <param pos="0" name="os.product" value="Linux"/>
222
222
  </fingerprint>
223
223
 
224
- <fingerprint pattern=".*\(FreeBSD\).*">
224
+ <fingerprint pattern="\(FreeBSD\)">
225
225
  <description>FreeBSD</description>
226
226
  <param pos="0" name="os.vendor" value="FreeBSD"/>
227
227
  <param pos="0" name="os.family" value="FreeBSD"/>
@@ -229,14 +229,14 @@
229
229
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
230
230
  </fingerprint>
231
231
 
232
- <fingerprint pattern=".*\(Asianux\).*">
232
+ <fingerprint pattern="\(Asianux\)">
233
233
  <description>Asianux Linux</description>
234
234
  <param pos="0" name="os.vendor" value="Asianux"/>
235
235
  <param pos="0" name="os.family" value="Linux"/>
236
236
  <param pos="0" name="os.product" value="Linux"/>
237
237
  </fingerprint>
238
238
 
239
- <fingerprint pattern=".*\(Gentoo(?:/Linux)?\).*">
239
+ <fingerprint pattern="\(Gentoo(?:/Linux)?\)">
240
240
  <description>Gentoo Linux</description>
241
241
  <param pos="0" name="os.vendor" value="Gentoo"/>
242
242
  <param pos="0" name="os.family" value="Linux"/>
@@ -244,7 +244,7 @@
244
244
  <param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
245
245
  </fingerprint>
246
246
 
247
- <fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
247
+ <fingerprint pattern="\(Conectiva(?:/Linux)?\)">
248
248
  <description>Conectiva Linux</description>
249
249
  <param pos="0" name="os.vendor" value="Conectiva"/>
250
250
  <param pos="0" name="os.family" value="Linux"/>
@@ -252,7 +252,7 @@
252
252
  <param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
253
253
  </fingerprint>
254
254
 
255
- <fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
255
+ <fingerprint pattern="\(Trustix Secure Linux(?:/Linux)?\)">
256
256
  <description>Trustix Linux</description>
257
257
  <param pos="0" name="os.vendor" value="Trustix"/>
258
258
  <param pos="0" name="os.family" value="Linux"/>
@@ -260,49 +260,49 @@
260
260
  <param pos="0" name="os.cpe23" value="cpe:/o:trustix:secure_linux:-"/>
261
261
  </fingerprint>
262
262
 
263
- <fingerprint pattern=".*\(White Box\).*">
263
+ <fingerprint pattern="\(White Box\)">
264
264
  <description>White Box Enterprise Linux</description>
265
265
  <param pos="0" name="os.vendor" value="White Box"/>
266
266
  <param pos="0" name="os.family" value="Linux"/>
267
267
  <param pos="0" name="os.product" value="Enterprise Linux"/>
268
268
  </fingerprint>
269
269
 
270
- <fingerprint pattern=".*\(UnitedLinux\).*">
270
+ <fingerprint pattern="\(UnitedLinux\)">
271
271
  <description>UnitedLinux</description>
272
272
  <param pos="0" name="os.vendor" value="UnitedLinux"/>
273
273
  <param pos="0" name="os.family" value="Linux"/>
274
274
  <param pos="0" name="os.product" value="Linux"/>
275
275
  </fingerprint>
276
276
 
277
- <fingerprint pattern=".*\(PLD/Linux\).*">
277
+ <fingerprint pattern="\(PLD/Linux\)">
278
278
  <description>PLD Linux</description>
279
279
  <param pos="0" name="os.vendor" value="PLD"/>
280
280
  <param pos="0" name="os.family" value="Linux"/>
281
281
  <param pos="0" name="os.product" value="Linux"/>
282
282
  </fingerprint>
283
283
 
284
- <fingerprint pattern=".*\(Vine/Linux\).*">
284
+ <fingerprint pattern="\(Vine/Linux\)">
285
285
  <description>Vine Linux</description>
286
286
  <param pos="0" name="os.vendor" value="Vine"/>
287
287
  <param pos="0" name="os.family" value="Linux"/>
288
288
  <param pos="0" name="os.product" value="Linux"/>
289
289
  </fingerprint>
290
290
 
291
- <fingerprint pattern=".*\(rPath\).*">
291
+ <fingerprint pattern="\(rPath\)">
292
292
  <description>rPath Linux</description>
293
293
  <param pos="0" name="os.vendor" value="rPath"/>
294
294
  <param pos="0" name="os.family" value="Linux"/>
295
295
  <param pos="0" name="os.product" value="Linux"/>
296
296
  </fingerprint>
297
297
 
298
- <fingerprint pattern=".*\(StartCom Linux\).*">
298
+ <fingerprint pattern="\(StartCom Linux\)">
299
299
  <description>StartCom Linux</description>
300
300
  <param pos="0" name="os.vendor" value="StartCom"/>
301
301
  <param pos="0" name="os.family" value="Linux"/>
302
302
  <param pos="0" name="os.product" value="Linux"/>
303
303
  </fingerprint>
304
304
 
305
- <fingerprint pattern=".*Linux.*">
305
+ <fingerprint pattern="Linux">
306
306
  <description>Generic Linux fallback</description>
307
307
  <param pos="0" name="os.certainty" value="0.75"/>
308
308
  <param pos="0" name="os.family" value="Linux"/>