recog 2.3.21 → 2.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +13 -0
- data/features/verify.feature +14 -14
- data/identifiers/fields.txt +5 -4
- data/identifiers/hw_device.txt +6 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +51 -0
- data/identifiers/os_family.txt +1 -0
- data/identifiers/os_product.txt +10 -0
- data/identifiers/service_product.txt +12 -0
- data/identifiers/vendor.txt +49 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +1 -1
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/favicons.xml +148 -42
- data/xml/ftp_banners.xml +30 -16
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +502 -25
- data/xml/http_cookies.xml +64 -56
- data/xml/http_servers.xml +74 -14
- data/xml/http_wwwauth.xml +107 -38
- data/xml/imap_banners.xml +3 -3
- data/xml/mdns_device-info_txt.xml +389 -26
- data/xml/mysql_banners.xml +1 -1
- data/xml/nntp_banners.xml +3 -3
- data/xml/ntp_banners.xml +64 -64
- data/xml/operating_system.xml +3 -3
- data/xml/pop_banners.xml +7 -7
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +27 -0
- data/xml/sip_user_agents.xml +54 -1
- data/xml/smtp_banners.xml +15 -15
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +325 -200
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +7 -5
- data/xml/telnet_banners.xml +155 -20
- data/xml/tls_jarm.xml +26 -4
- data/xml/x509_issuers.xml +36 -0
- data/xml/x509_subjects.xml +136 -35
- metadata +7 -3
data/xml/http_cookies.xml
CHANGED
@@ -15,7 +15,7 @@
|
|
15
15
|
<param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
|
16
16
|
</fingerprint>
|
17
17
|
|
18
|
-
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)
|
18
|
+
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=">
|
19
19
|
<description>Amazon Application Load Balancer</description>
|
20
20
|
<example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
21
21
|
<example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
@@ -26,7 +26,7 @@
|
|
26
26
|
<param pos="0" name="service.product" value="Application Load Balancer"/>
|
27
27
|
</fingerprint>
|
28
28
|
|
29
|
-
<fingerprint pattern="^(AWSELB(?:CORS)?)
|
29
|
+
<fingerprint pattern="^(AWSELB(?:CORS)?)=">
|
30
30
|
<description>Amazon Elastic Load Balancer</description>
|
31
31
|
<example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
32
32
|
<example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
@@ -36,7 +36,7 @@
|
|
36
36
|
<param pos="0" name="service.product" value="Elastic Load Balancer"/>
|
37
37
|
</fingerprint>
|
38
38
|
|
39
|
-
<fingerprint pattern="^(PHPSESSI(?:D|ON))
|
39
|
+
<fingerprint pattern="^(PHPSESSI(?:D|ON))=">
|
40
40
|
<description>PHP - http://www.php.net/ref.session</description>
|
41
41
|
<example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
42
42
|
<example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
|
@@ -47,7 +47,7 @@
|
|
47
47
|
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
48
48
|
</fingerprint>
|
49
49
|
|
50
|
-
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)
|
50
|
+
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=">
|
51
51
|
<description>Microsoft IIS (ASP.NET)
|
52
52
|
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
53
53
|
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
@@ -66,7 +66,7 @@
|
|
66
66
|
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
67
67
|
</fingerprint>
|
68
68
|
|
69
|
-
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)
|
69
|
+
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=">
|
70
70
|
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
71
71
|
<example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
|
72
72
|
<example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
|
@@ -77,7 +77,7 @@
|
|
77
77
|
<param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
|
78
78
|
</fingerprint>
|
79
79
|
|
80
|
-
<fingerprint pattern="^ANsession\d+=(\S+)
|
80
|
+
<fingerprint pattern="^ANsession\d+=(\S+);">
|
81
81
|
<description>Array Networks Secure Access Gateway / SSL VPN</description>
|
82
82
|
<example>ANsession0002262072457555=IPMI; path=/;secure</example>
|
83
83
|
<param pos="1" name="cookie"/>
|
@@ -86,7 +86,7 @@
|
|
86
86
|
<param pos="0" name="hw.device" value="VPN"/>
|
87
87
|
</fingerprint>
|
88
88
|
|
89
|
-
<fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+)
|
89
|
+
<fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);">
|
90
90
|
<description>Apache</description>
|
91
91
|
<param pos="1" name="cookie"/>
|
92
92
|
<param pos="2" name="system.time.micros"/>
|
@@ -96,7 +96,7 @@
|
|
96
96
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
97
97
|
</fingerprint>
|
98
98
|
|
99
|
-
<fingerprint pattern="^JServSessionIdroot
|
99
|
+
<fingerprint pattern="^JServSessionIdroot=">
|
100
100
|
<description>Apache JServ</description>
|
101
101
|
<example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
|
102
102
|
<param pos="0" name="cookie" value="JServSessionIdroot"/>
|
@@ -105,7 +105,7 @@
|
|
105
105
|
<param pos="0" name="service.product" value="JServ"/>
|
106
106
|
</fingerprint>
|
107
107
|
|
108
|
-
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)
|
108
|
+
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=">
|
109
109
|
<description>ATG Dynamo</description>
|
110
110
|
<example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
|
111
111
|
<param pos="1" name="cookie"/>
|
@@ -114,7 +114,7 @@
|
|
114
114
|
<param pos="0" name="service.product" value="Dynamo"/>
|
115
115
|
</fingerprint>
|
116
116
|
|
117
|
-
<fingerprint pattern="^Bugzilla_login_request_cookie
|
117
|
+
<fingerprint pattern="^Bugzilla_login_request_cookie=">
|
118
118
|
<description>Bugzilla</description>
|
119
119
|
<example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
|
120
120
|
<param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
|
@@ -123,7 +123,7 @@
|
|
123
123
|
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
124
124
|
</fingerprint>
|
125
125
|
|
126
|
-
<fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+)
|
126
|
+
<fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);">
|
127
127
|
<description>BEA WebLogic (with timestamp)</description>
|
128
128
|
<param pos="1" name="cookie"/>
|
129
129
|
<param pos="2" name="system.time.millis"/>
|
@@ -133,7 +133,7 @@
|
|
133
133
|
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
134
134
|
</fingerprint>
|
135
135
|
|
136
|
-
<fingerprint pattern="^(WebLogicSession)
|
136
|
+
<fingerprint pattern="^(WebLogicSession)=">
|
137
137
|
<description>BEA WebLogic (no timestamp)</description>
|
138
138
|
<param pos="1" name="cookie"/>
|
139
139
|
<param pos="0" name="service.vendor" value="BEA"/>
|
@@ -142,7 +142,7 @@
|
|
142
142
|
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
143
143
|
</fingerprint>
|
144
144
|
|
145
|
-
<fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)
|
145
|
+
<fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=">
|
146
146
|
<description>BlueCoat Proxy</description>
|
147
147
|
<param pos="1" name="cookie"/>
|
148
148
|
<param pos="0" name="service.vendor" value="Blue Coat"/>
|
@@ -150,7 +150,7 @@
|
|
150
150
|
<param pos="0" name="service.product" value="Proxy"/>
|
151
151
|
</fingerprint>
|
152
152
|
|
153
|
-
<fingerprint pattern="^CAKEPHP
|
153
|
+
<fingerprint pattern="^CAKEPHP=">
|
154
154
|
<description>CakePHP - http://www.cakephp.org/</description>
|
155
155
|
<example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
|
156
156
|
<param pos="0" name="cookie" value="CAKEPHP"/>
|
@@ -165,7 +165,7 @@
|
|
165
165
|
actual break is between the pieces of data.
|
166
166
|
-->
|
167
167
|
|
168
|
-
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]
|
168
|
+
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+">
|
169
169
|
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
170
170
|
<example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
|
171
171
|
<param pos="0" name="cookie" value="ARPT"/>
|
@@ -176,7 +176,7 @@
|
|
176
176
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
177
177
|
</fingerprint>
|
178
178
|
|
179
|
-
<fingerprint pattern="^ARPT
|
179
|
+
<fingerprint pattern="^ARPT=">
|
180
180
|
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
181
181
|
<example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
|
182
182
|
<param pos="0" name="cookie" value="ARPT"/>
|
@@ -206,7 +206,7 @@
|
|
206
206
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
207
207
|
</fingerprint>
|
208
208
|
|
209
|
-
<fingerprint pattern="^st8id
|
209
|
+
<fingerprint pattern="^st8id=">
|
210
210
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
211
211
|
<param pos="0" name="cookie" value="st8id"/>
|
212
212
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
@@ -214,7 +214,7 @@
|
|
214
214
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
215
215
|
</fingerprint>
|
216
216
|
|
217
|
-
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)
|
217
|
+
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=">
|
218
218
|
<description>Citrix NetScaler</description>
|
219
219
|
<example>NSC_AAAC=xyz;</example>
|
220
220
|
<example>NSC_TEMP=xyz;</example>
|
@@ -242,7 +242,7 @@
|
|
242
242
|
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
243
243
|
</fingerprint>
|
244
244
|
|
245
|
-
<fingerprint pattern="^DokuWiki
|
245
|
+
<fingerprint pattern="^DokuWiki=">
|
246
246
|
<description>Dokuwiki</description>
|
247
247
|
<example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
|
248
248
|
<param pos="0" name="cookie" value="DokuWiki"/>
|
@@ -251,7 +251,7 @@
|
|
251
251
|
<param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
|
252
252
|
</fingerprint>
|
253
253
|
|
254
|
-
<fingerprint pattern="^(EktGUID|ecm)
|
254
|
+
<fingerprint pattern="^(EktGUID|ecm)=">
|
255
255
|
<description>Ektron CMS400.net</description>
|
256
256
|
<example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
|
257
257
|
<param pos="1" name="cookie"/>
|
@@ -269,7 +269,7 @@
|
|
269
269
|
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
|
270
270
|
</fingerprint>
|
271
271
|
|
272
|
-
<fingerprint pattern="(?i)^(BIGipServer([^=]+))
|
272
|
+
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
|
273
273
|
<description>F5 BIG-IP LTM - Server variant</description>
|
274
274
|
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
275
275
|
<param pos="1" name="cookie"/>
|
@@ -280,7 +280,7 @@
|
|
280
280
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
281
281
|
</fingerprint>
|
282
282
|
|
283
|
-
<fingerprint pattern="^i_like_gogits
|
283
|
+
<fingerprint pattern="^i_like_gogits=">
|
284
284
|
<description>Gogs</description>
|
285
285
|
<example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
|
286
286
|
<param pos="0" name="cookie" value="i_like_gogits"/>
|
@@ -289,7 +289,7 @@
|
|
289
289
|
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
290
290
|
</fingerprint>
|
291
291
|
|
292
|
-
<fingerprint pattern="^(BigIPCookie[^=]*)
|
292
|
+
<fingerprint pattern="^(BigIPCookie[^=]*)=">
|
293
293
|
<description>F5 BIG-IP LTM</description>
|
294
294
|
<example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
|
295
295
|
<example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
|
@@ -309,7 +309,7 @@
|
|
309
309
|
<param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
|
310
310
|
</fingerprint>
|
311
311
|
|
312
|
-
<fingerprint pattern="^i_like_gitea
|
312
|
+
<fingerprint pattern="^i_like_gitea=">
|
313
313
|
<description>Gitea</description>
|
314
314
|
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
315
315
|
<param pos="0" name="cookie" value="i_like_gitea"/>
|
@@ -319,7 +319,7 @@
|
|
319
319
|
<param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
|
320
320
|
</fingerprint>
|
321
321
|
|
322
|
-
<fingerprint pattern="^_gitlab_session
|
322
|
+
<fingerprint pattern="^_gitlab_session=">
|
323
323
|
<description>GitLab</description>
|
324
324
|
<example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
|
325
325
|
<param pos="0" name="cookie" value="_gitlab_session"/>
|
@@ -338,7 +338,7 @@
|
|
338
338
|
<param pos="0" name="service.product" value="HAProxy"/>
|
339
339
|
</fingerprint>
|
340
340
|
|
341
|
-
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))
|
341
|
+
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=">
|
342
342
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
343
343
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
344
344
|
</description>
|
@@ -351,7 +351,7 @@
|
|
351
351
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
352
352
|
</fingerprint>
|
353
353
|
|
354
|
-
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)
|
354
|
+
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=">
|
355
355
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
356
356
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
357
357
|
</description>
|
@@ -363,7 +363,7 @@
|
|
363
363
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
364
364
|
</fingerprint>
|
365
365
|
|
366
|
-
<fingerprint pattern="^IBMCBR
|
366
|
+
<fingerprint pattern="^IBMCBR=">
|
367
367
|
<description>IBM WebSphere Load Balancer</description>
|
368
368
|
<param pos="0" name="cookie" value="IBMCBR"/>
|
369
369
|
<param pos="0" name="service.vendor" value="IBM"/>
|
@@ -371,7 +371,7 @@
|
|
371
371
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
372
372
|
</fingerprint>
|
373
373
|
|
374
|
-
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)
|
374
|
+
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=">
|
375
375
|
<description>Joom!Fish http://www.joomfish.net/</description>
|
376
376
|
<example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
377
377
|
<example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
|
@@ -386,7 +386,7 @@
|
|
386
386
|
<param pos="0" name="service.product" value="Mastodon"/>
|
387
387
|
</fingerprint>
|
388
388
|
|
389
|
-
<fingerprint pattern="^(MSCSAuth|MSCSProfile)
|
389
|
+
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
|
390
390
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
391
391
|
<param pos="1" name="cookie"/>
|
392
392
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -395,7 +395,7 @@
|
|
395
395
|
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
|
396
396
|
</fingerprint>
|
397
397
|
|
398
|
-
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)
|
398
|
+
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=">
|
399
399
|
<description>Nextcloud</description>
|
400
400
|
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
401
401
|
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
@@ -406,7 +406,7 @@
|
|
406
406
|
<param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
|
407
407
|
</fingerprint>
|
408
408
|
|
409
|
-
<fingerprint pattern="^AlteonP
|
409
|
+
<fingerprint pattern="^AlteonP=">
|
410
410
|
<description>Nortel Alteon Web Switch</description>
|
411
411
|
<example>AlteonP=c46736793e45929dbaeebabb; path=</example>
|
412
412
|
<param pos="0" name="cookie" value="AlteonP"/>
|
@@ -415,7 +415,7 @@
|
|
415
415
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
416
416
|
</fingerprint>
|
417
417
|
|
418
|
-
<fingerprint pattern="^OBSID
|
418
|
+
<fingerprint pattern="^OBSID=">
|
419
419
|
<description>Observium</description>
|
420
420
|
<example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
|
421
421
|
<param pos="0" name="cookie" value="OBSID"/>
|
@@ -424,7 +424,7 @@
|
|
424
424
|
<param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
|
425
425
|
</fingerprint>
|
426
426
|
|
427
|
-
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)
|
427
|
+
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
|
428
428
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
429
429
|
<param pos="1" name="cookie"/>
|
430
430
|
<param pos="0" name="service.vendor" value="FatWire"/>
|
@@ -432,7 +432,7 @@
|
|
432
432
|
<param pos="0" name="service.product" value="Content Server"/>
|
433
433
|
</fingerprint>
|
434
434
|
|
435
|
-
<fingerprint pattern="^parkinglot
|
435
|
+
<fingerprint pattern="^parkinglot=">
|
436
436
|
<description>Oversee Webserver</description>
|
437
437
|
<param pos="0" name="cookie" value="parkinglot"/>
|
438
438
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
@@ -440,7 +440,7 @@
|
|
440
440
|
<param pos="0" name="service.product" value="Webserver"/>
|
441
441
|
</fingerprint>
|
442
442
|
|
443
|
-
<fingerprint pattern="^phsid
|
443
|
+
<fingerprint pattern="^phsid=">
|
444
444
|
<description>Phabricator</description>
|
445
445
|
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
446
446
|
<param pos="0" name="cookie" value="phsid"/>
|
@@ -450,7 +450,7 @@
|
|
450
450
|
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
451
451
|
</fingerprint>
|
452
452
|
|
453
|
-
<fingerprint pattern="^RMID
|
453
|
+
<fingerprint pattern="^RMID=">
|
454
454
|
<description>RealMedia OpenAdStream</description>
|
455
455
|
<example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
|
456
456
|
<param pos="0" name="cookie" value="RMID"/>
|
@@ -459,7 +459,7 @@
|
|
459
459
|
<param pos="0" name="service.product" value="OpenAdStream"/>
|
460
460
|
</fingerprint>
|
461
461
|
|
462
|
-
<fingerprint pattern="^RoxenUserID
|
462
|
+
<fingerprint pattern="^RoxenUserID=">
|
463
463
|
<description>Roxen WebServer</description>
|
464
464
|
<example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
|
465
465
|
<param pos="0" name="cookie" value="RoxenUserID"/>
|
@@ -468,7 +468,7 @@
|
|
468
468
|
<param pos="0" name="service.product" value="WebServer"/>
|
469
469
|
</fingerprint>
|
470
470
|
|
471
|
-
<fingerprint pattern="^_sn
|
471
|
+
<fingerprint pattern="^_sn=">
|
472
472
|
<description>Siebel CRM</description>
|
473
473
|
<example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
|
474
474
|
<param pos="0" name="cookie" value="_sn"/>
|
@@ -479,7 +479,7 @@
|
|
479
479
|
|
480
480
|
<!-- This fingerprint is not specific enough. Multiple products are sold under
|
481
481
|
the brand iPlanet/Sun ONE/Sun Java.
|
482
|
-
<fingerprint pattern="^(iPlanetUserId)
|
482
|
+
<fingerprint pattern="^(iPlanetUserId)=">
|
483
483
|
<description>Sun iPlanet</description>
|
484
484
|
<param pos="1" name="cookie"/>
|
485
485
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -489,7 +489,7 @@
|
|
489
489
|
|
490
490
|
-->
|
491
491
|
|
492
|
-
<fingerprint pattern="^NSES40Session
|
492
|
+
<fingerprint pattern="^NSES40Session=">
|
493
493
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
494
494
|
<param pos="0" name="cookie" value="NSES40Session"/>
|
495
495
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -499,7 +499,7 @@
|
|
499
499
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
500
500
|
</fingerprint>
|
501
501
|
|
502
|
-
<fingerprint pattern="^_redmine_session
|
502
|
+
<fingerprint pattern="^_redmine_session=">
|
503
503
|
<description>Redmine</description>
|
504
504
|
<example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
|
505
505
|
<param pos="0" name="cookie" value="_redmine_session"/>
|
@@ -517,7 +517,7 @@
|
|
517
517
|
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
518
518
|
</fingerprint>
|
519
519
|
|
520
|
-
<fingerprint pattern="^(gx_session_id|JROUTE)
|
520
|
+
<fingerprint pattern="^(gx_session_id|JROUTE)=">
|
521
521
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
522
522
|
<param pos="1" name="cookie"/>
|
523
523
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -526,7 +526,7 @@
|
|
526
526
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
|
527
527
|
</fingerprint>
|
528
528
|
|
529
|
-
<fingerprint pattern="^fe_typo_user
|
529
|
+
<fingerprint pattern="^fe_typo_user=">
|
530
530
|
<description>TYPO3 CMS - http://typo3.com/</description>
|
531
531
|
<example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
|
532
532
|
<param pos="0" name="cookie" value="fe_typo_user"/>
|
@@ -535,7 +535,7 @@
|
|
535
535
|
<param pos="0" name="service.product" value="CMS"/>
|
536
536
|
</fingerprint>
|
537
537
|
|
538
|
-
<fingerprint pattern="^SaneID
|
538
|
+
<fingerprint pattern="^SaneID=">
|
539
539
|
<description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
|
540
540
|
<example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
|
541
541
|
<param pos="0" name="cookie" value="SaneID"/>
|
@@ -544,7 +544,7 @@
|
|
544
544
|
<param pos="0" name="service.product" value="NetTracker"/>
|
545
545
|
</fingerprint>
|
546
546
|
|
547
|
-
<fingerprint pattern="^(__utm[a-z])
|
547
|
+
<fingerprint pattern="^(__utm[a-z])=">
|
548
548
|
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
549
549
|
<example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
|
550
550
|
<param pos="1" name="cookie"/>
|
@@ -563,7 +563,7 @@
|
|
563
563
|
<param pos="0" name="hw.product" value="SD-WAN"/>
|
564
564
|
</fingerprint>
|
565
565
|
|
566
|
-
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)
|
566
|
+
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
|
567
567
|
<description>Vignette</description>
|
568
568
|
<param pos="1" name="cookie"/>
|
569
569
|
<param pos="0" name="service.vendor" value="Vignette"/>
|
@@ -571,7 +571,7 @@
|
|
571
571
|
<param pos="0" name="service.product" value="Vignette"/>
|
572
572
|
</fingerprint>
|
573
573
|
|
574
|
-
<fingerprint pattern="^wgSession
|
574
|
+
<fingerprint pattern="^wgSession=">
|
575
575
|
<description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
|
576
576
|
<example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
|
577
577
|
<param pos="0" name="cookie" value="wgSession"/>
|
@@ -580,7 +580,7 @@
|
|
580
580
|
<param pos="0" name="service.product" value="WebGUI"/>
|
581
581
|
</fingerprint>
|
582
582
|
|
583
|
-
<fingerprint pattern="^(WEBTRENDS_?ID)
|
583
|
+
<fingerprint pattern="^(WEBTRENDS_?ID)=">
|
584
584
|
<description>WebTrends</description>
|
585
585
|
<example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
|
586
586
|
<param pos="1" name="cookie"/>
|
@@ -589,7 +589,7 @@
|
|
589
589
|
<param pos="0" name="service.product" value="WebTrends"/>
|
590
590
|
</fingerprint>
|
591
591
|
|
592
|
-
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)
|
592
|
+
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
|
593
593
|
<description>Zimbra</description>
|
594
594
|
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
595
595
|
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
@@ -599,7 +599,7 @@
|
|
599
599
|
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
600
600
|
</fingerprint>
|
601
601
|
|
602
|
-
<fingerprint pattern="^_ZopeId
|
602
|
+
<fingerprint pattern="^_ZopeId=">
|
603
603
|
<description>Zope</description>
|
604
604
|
<example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
|
605
605
|
<param pos="0" name="cookie" value="_ZopeId"/>
|
@@ -607,7 +607,7 @@
|
|
607
607
|
<param pos="0" name="service.product" value="Zope"/>
|
608
608
|
</fingerprint>
|
609
609
|
|
610
|
-
<fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+)
|
610
|
+
<fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+)">
|
611
611
|
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
612
612
|
<param pos="1" name="cookie"/>
|
613
613
|
<param pos="2" name="service.version"/>
|
@@ -617,7 +617,7 @@
|
|
617
617
|
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
|
618
618
|
</fingerprint>
|
619
619
|
|
620
|
-
<fingerprint pattern="^Compaq-HMMD=[^;]
|
620
|
+
<fingerprint pattern="^Compaq-HMMD=[^;]+;">
|
621
621
|
<description>HP System Management Homepage (SMH)</description>
|
622
622
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
|
623
623
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
|
@@ -642,6 +642,14 @@
|
|
642
642
|
<param pos="0" name="service.product" value="Arachni"/>
|
643
643
|
</fingerprint>
|
644
644
|
|
645
|
+
<fingerprint pattern="^unraid_">
|
646
|
+
<description>Unraid</description>
|
647
|
+
<example>unraid_2e9e9f79999999999999999999r9b999=c5599999999999999999999999999e38; path=/; HttpOnly; SameSite=Lax</example>
|
648
|
+
<param pos="0" name="service.vendor" value="Lime Technologies"/>
|
649
|
+
<param pos="0" name="service.product" value="Unraid"/>
|
650
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
651
|
+
</fingerprint>
|
652
|
+
|
645
653
|
<!--
|
646
654
|
Ignore various cookies that are very generic cookies for session IDs
|
647
655
|
that are not necessarily indicative of any particular
|
@@ -650,14 +658,14 @@
|
|
650
658
|
these and this is enforced by rspec.
|
651
659
|
-->
|
652
660
|
|
653
|
-
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]
|
661
|
+
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
|
654
662
|
<description>Ignore simple JSESSIONID and related cookies</description>
|
655
663
|
<example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
|
656
664
|
<example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
|
657
665
|
<example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
|
658
666
|
</fingerprint>
|
659
667
|
|
660
|
-
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]
|
668
|
+
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
|
661
669
|
<description>Ignore simple SESSIONID and related cookies</description>
|
662
670
|
<example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
|
663
671
|
<example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
|
@@ -665,7 +673,7 @@
|
|
665
673
|
<example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
|
666
674
|
</fingerprint>
|
667
675
|
|
668
|
-
<fingerprint pattern="(?i)^sid=[^;]
|
676
|
+
<fingerprint pattern="(?i)^sid=[^;]+;">
|
669
677
|
<description>Ignore simple SID and related cookies</description>
|
670
678
|
<example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
|
671
679
|
</fingerprint>
|