recog 2.3.21 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +42 -16
- data/Rakefile +2 -9
- data/lib/recog/db.rb +2 -1
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +0 -1
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +98 -56
- data/{xml → recog/xml}/architecture.xml +15 -1
- data/recog/xml/dhcp_vendor_class.xml +206 -0
- data/{xml → recog/xml}/dns_versionbind.xml +16 -13
- data/{xml → recog/xml}/favicons.xml +297 -47
- data/{xml → recog/xml}/fingerprints.xsd +9 -1
- data/{xml → recog/xml}/ftp_banners.xml +160 -156
- data/{xml → recog/xml}/h323_callresp.xml +101 -101
- data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
- data/{xml → recog/xml}/html_title.xml +727 -34
- data/{xml → recog/xml}/http_cookies.xml +160 -77
- data/{xml → recog/xml}/http_servers.xml +556 -283
- data/{xml → recog/xml}/http_wwwauth.xml +190 -75
- data/{xml → recog/xml}/imap_banners.xml +5 -5
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +1 -1
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +11 -8
- data/{xml → recog/xml}/ntp_banners.xml +97 -97
- data/{xml → recog/xml}/operating_system.xml +95 -80
- data/{xml → recog/xml}/pop_banners.xml +23 -23
- data/{xml → recog/xml}/rsh_resp.xml +3 -3
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +43 -5
- data/{xml → recog/xml}/sip_user_agents.xml +175 -27
- data/{xml → recog/xml}/smb_native_lm.xml +5 -5
- data/{xml → recog/xml}/smb_native_os.xml +25 -25
- data/{xml → recog/xml}/smtp_banners.xml +147 -146
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +11 -11
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +2 -2
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
- data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
- data/{xml → recog/xml}/ssh_banners.xml +16 -10
- data/{xml → recog/xml}/telnet_banners.xml +238 -21
- data/{xml → recog/xml}/tls_jarm.xml +56 -6
- data/{xml → recog/xml}/x11_banners.xml +3 -3
- data/{xml → recog/xml}/x509_issuers.xml +49 -1
- data/{xml → recog/xml}/x509_subjects.xml +139 -38
- data/recog.gemspec +9 -5
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/spec/spec_helper.rb +4 -0
- metadata +65 -134
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/workflows/ci.yml +0 -26
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/CONTRIBUTING.md +0 -270
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -148
- data/bin/recog_verify +0 -64
- data/cpe-remap.yaml +0 -343
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -20
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/verify.feature +0 -48
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -104
- data/identifiers/hw_device.txt +0 -78
- data/identifiers/hw_family.txt +0 -113
- data/identifiers/hw_product.txt +0 -410
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -75
- data/identifiers/os_family.txt +0 -233
- data/identifiers/os_product.txt +0 -340
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -752
- data/identifiers/vendor.txt +0 -798
- data/lib/recog/verifier_factory.rb +0 -13
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -174
- data/update_cpes.py +0 -250
@@ -15,7 +15,7 @@
|
|
15
15
|
<param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
|
16
16
|
</fingerprint>
|
17
17
|
|
18
|
-
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)
|
18
|
+
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=">
|
19
19
|
<description>Amazon Application Load Balancer</description>
|
20
20
|
<example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
21
21
|
<example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
@@ -26,7 +26,7 @@
|
|
26
26
|
<param pos="0" name="service.product" value="Application Load Balancer"/>
|
27
27
|
</fingerprint>
|
28
28
|
|
29
|
-
<fingerprint pattern="^(AWSELB(?:CORS)?)
|
29
|
+
<fingerprint pattern="^(AWSELB(?:CORS)?)=">
|
30
30
|
<description>Amazon Elastic Load Balancer</description>
|
31
31
|
<example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
32
32
|
<example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
@@ -36,7 +36,7 @@
|
|
36
36
|
<param pos="0" name="service.product" value="Elastic Load Balancer"/>
|
37
37
|
</fingerprint>
|
38
38
|
|
39
|
-
<fingerprint pattern="^(PHPSESSI(?:D|ON))
|
39
|
+
<fingerprint pattern="^(PHPSESSI(?:D|ON))=">
|
40
40
|
<description>PHP - http://www.php.net/ref.session</description>
|
41
41
|
<example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
42
42
|
<example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
|
@@ -47,7 +47,7 @@
|
|
47
47
|
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
48
48
|
</fingerprint>
|
49
49
|
|
50
|
-
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)
|
50
|
+
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=">
|
51
51
|
<description>Microsoft IIS (ASP.NET)
|
52
52
|
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
53
53
|
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
@@ -66,7 +66,7 @@
|
|
66
66
|
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
67
67
|
</fingerprint>
|
68
68
|
|
69
|
-
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)
|
69
|
+
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=">
|
70
70
|
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
71
71
|
<example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
|
72
72
|
<example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
|
@@ -77,26 +77,40 @@
|
|
77
77
|
<param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
|
78
78
|
</fingerprint>
|
79
79
|
|
80
|
-
<fingerprint pattern="^ANsession\d+=(\S+)
|
80
|
+
<fingerprint pattern="^ANsession\d+=(\S+);">
|
81
81
|
<description>Array Networks Secure Access Gateway / SSL VPN</description>
|
82
|
-
<example>ANsession0002262072457555=IPMI; path=/;secure</example>
|
82
|
+
<example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
|
83
83
|
<param pos="1" name="cookie"/>
|
84
84
|
<param pos="0" name="service.vendor" value="Array Networks"/>
|
85
85
|
<param pos="0" name="service.family" value="Secure Access Gateway"/>
|
86
86
|
<param pos="0" name="hw.device" value="VPN"/>
|
87
87
|
</fingerprint>
|
88
88
|
|
89
|
-
<fingerprint pattern="^
|
90
|
-
<description>Apache</description>
|
91
|
-
<
|
92
|
-
<
|
89
|
+
<fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
|
90
|
+
<description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
|
91
|
+
<example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
|
92
|
+
<example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
|
93
|
+
<example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
|
94
|
+
<example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
|
95
|
+
<param pos="0" name="cookie" value="Apache"/>
|
96
|
+
<param pos="1" name="host.ip"/>
|
97
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
98
|
+
<param pos="0" name="service.family" value="Apache"/>
|
99
|
+
<param pos="0" name="service.product" value="HTTPD"/>
|
100
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
101
|
+
</fingerprint>
|
102
|
+
|
103
|
+
<fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
|
104
|
+
<description>Apache with opaque session ID</description>
|
105
|
+
<example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
|
106
|
+
<param pos="0" name="cookie" value="Apache"/>
|
93
107
|
<param pos="0" name="service.vendor" value="Apache"/>
|
94
108
|
<param pos="0" name="service.family" value="Apache"/>
|
95
109
|
<param pos="0" name="service.product" value="HTTPD"/>
|
96
110
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
97
111
|
</fingerprint>
|
98
112
|
|
99
|
-
<fingerprint pattern="^JServSessionIdroot
|
113
|
+
<fingerprint pattern="^JServSessionIdroot=">
|
100
114
|
<description>Apache JServ</description>
|
101
115
|
<example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
|
102
116
|
<param pos="0" name="cookie" value="JServSessionIdroot"/>
|
@@ -105,7 +119,7 @@
|
|
105
119
|
<param pos="0" name="service.product" value="JServ"/>
|
106
120
|
</fingerprint>
|
107
121
|
|
108
|
-
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)
|
122
|
+
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=">
|
109
123
|
<description>ATG Dynamo</description>
|
110
124
|
<example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
|
111
125
|
<param pos="1" name="cookie"/>
|
@@ -114,7 +128,7 @@
|
|
114
128
|
<param pos="0" name="service.product" value="Dynamo"/>
|
115
129
|
</fingerprint>
|
116
130
|
|
117
|
-
<fingerprint pattern="^Bugzilla_login_request_cookie
|
131
|
+
<fingerprint pattern="^Bugzilla_login_request_cookie=">
|
118
132
|
<description>Bugzilla</description>
|
119
133
|
<example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
|
120
134
|
<param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
|
@@ -123,34 +137,27 @@
|
|
123
137
|
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
124
138
|
</fingerprint>
|
125
139
|
|
126
|
-
<fingerprint pattern="^
|
127
|
-
<description>BEA WebLogic (with timestamp)</description>
|
128
|
-
<param pos="1" name="cookie"/>
|
129
|
-
<param pos="2" name="system.time.millis"/>
|
130
|
-
<param pos="0" name="service.vendor" value="BEA"/>
|
131
|
-
<param pos="0" name="service.family" value="WebLogic"/>
|
132
|
-
<param pos="0" name="service.product" value="WebLogic"/>
|
133
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
134
|
-
</fingerprint>
|
135
|
-
|
136
|
-
<fingerprint pattern="^(WebLogicSession)=.*">
|
140
|
+
<fingerprint pattern="^WebLogicSession=">
|
137
141
|
<description>BEA WebLogic (no timestamp)</description>
|
138
|
-
<
|
142
|
+
<example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
|
143
|
+
<example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
|
144
|
+
<param pos="0" name="cookie" value="WebLogicSession"/>
|
139
145
|
<param pos="0" name="service.vendor" value="BEA"/>
|
140
146
|
<param pos="0" name="service.family" value="WebLogic"/>
|
141
147
|
<param pos="0" name="service.product" value="WebLogic"/>
|
142
148
|
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
143
149
|
</fingerprint>
|
144
150
|
|
145
|
-
<fingerprint pattern="^(BCSI-
|
151
|
+
<fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
|
146
152
|
<description>BlueCoat Proxy</description>
|
153
|
+
<example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
|
147
154
|
<param pos="1" name="cookie"/>
|
148
155
|
<param pos="0" name="service.vendor" value="Blue Coat"/>
|
149
156
|
<param pos="0" name="service.family" value="Proxy"/>
|
150
157
|
<param pos="0" name="service.product" value="Proxy"/>
|
151
158
|
</fingerprint>
|
152
159
|
|
153
|
-
<fingerprint pattern="^CAKEPHP
|
160
|
+
<fingerprint pattern="^CAKEPHP=">
|
154
161
|
<description>CakePHP - http://www.cakephp.org/</description>
|
155
162
|
<example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
|
156
163
|
<param pos="0" name="cookie" value="CAKEPHP"/>
|
@@ -165,7 +172,7 @@
|
|
165
172
|
actual break is between the pieces of data.
|
166
173
|
-->
|
167
174
|
|
168
|
-
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]
|
175
|
+
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+">
|
169
176
|
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
170
177
|
<example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
|
171
178
|
<param pos="0" name="cookie" value="ARPT"/>
|
@@ -176,7 +183,7 @@
|
|
176
183
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
177
184
|
</fingerprint>
|
178
185
|
|
179
|
-
<fingerprint pattern="^ARPT
|
186
|
+
<fingerprint pattern="^ARPT=">
|
180
187
|
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
181
188
|
<example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
|
182
189
|
<param pos="0" name="cookie" value="ARPT"/>
|
@@ -206,15 +213,16 @@
|
|
206
213
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
207
214
|
</fingerprint>
|
208
215
|
|
209
|
-
<fingerprint pattern="^st8id
|
216
|
+
<fingerprint pattern="^st8id=">
|
210
217
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
218
|
+
<example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
|
211
219
|
<param pos="0" name="cookie" value="st8id"/>
|
212
220
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
213
221
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
214
222
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
215
223
|
</fingerprint>
|
216
224
|
|
217
|
-
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)
|
225
|
+
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=">
|
218
226
|
<description>Citrix NetScaler</description>
|
219
227
|
<example>NSC_AAAC=xyz;</example>
|
220
228
|
<example>NSC_TEMP=xyz;</example>
|
@@ -242,7 +250,7 @@
|
|
242
250
|
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
243
251
|
</fingerprint>
|
244
252
|
|
245
|
-
<fingerprint pattern="^DokuWiki
|
253
|
+
<fingerprint pattern="^DokuWiki=">
|
246
254
|
<description>Dokuwiki</description>
|
247
255
|
<example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
|
248
256
|
<param pos="0" name="cookie" value="DokuWiki"/>
|
@@ -251,7 +259,7 @@
|
|
251
259
|
<param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
|
252
260
|
</fingerprint>
|
253
261
|
|
254
|
-
<fingerprint pattern="^(EktGUID|ecm)
|
262
|
+
<fingerprint pattern="^(EktGUID|ecm)=">
|
255
263
|
<description>Ektron CMS400.net</description>
|
256
264
|
<example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
|
257
265
|
<param pos="1" name="cookie"/>
|
@@ -269,9 +277,9 @@
|
|
269
277
|
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
|
270
278
|
</fingerprint>
|
271
279
|
|
272
|
-
<fingerprint pattern="(?i)^(BIGipServer([^=]+))
|
280
|
+
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
|
273
281
|
<description>F5 BIG-IP LTM - Server variant</description>
|
274
|
-
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
282
|
+
<example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
275
283
|
<param pos="1" name="cookie"/>
|
276
284
|
<param pos="2" name="loadbalancer.poolname"/>
|
277
285
|
<param pos="0" name="service.vendor" value="F5"/>
|
@@ -280,7 +288,7 @@
|
|
280
288
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
281
289
|
</fingerprint>
|
282
290
|
|
283
|
-
<fingerprint pattern="^i_like_gogits
|
291
|
+
<fingerprint pattern="^i_like_gogits=">
|
284
292
|
<description>Gogs</description>
|
285
293
|
<example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
|
286
294
|
<param pos="0" name="cookie" value="i_like_gogits"/>
|
@@ -289,7 +297,7 @@
|
|
289
297
|
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
290
298
|
</fingerprint>
|
291
299
|
|
292
|
-
<fingerprint pattern="^(BigIPCookie[^=]*)
|
300
|
+
<fingerprint pattern="^(BigIPCookie[^=]*)=">
|
293
301
|
<description>F5 BIG-IP LTM</description>
|
294
302
|
<example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
|
295
303
|
<example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
|
@@ -309,7 +317,7 @@
|
|
309
317
|
<param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
|
310
318
|
</fingerprint>
|
311
319
|
|
312
|
-
<fingerprint pattern="^i_like_gitea
|
320
|
+
<fingerprint pattern="^i_like_gitea=">
|
313
321
|
<description>Gitea</description>
|
314
322
|
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
315
323
|
<param pos="0" name="cookie" value="i_like_gitea"/>
|
@@ -319,7 +327,7 @@
|
|
319
327
|
<param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
|
320
328
|
</fingerprint>
|
321
329
|
|
322
|
-
<fingerprint pattern="^_gitlab_session
|
330
|
+
<fingerprint pattern="^_gitlab_session=">
|
323
331
|
<description>GitLab</description>
|
324
332
|
<example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
|
325
333
|
<param pos="0" name="cookie" value="_gitlab_session"/>
|
@@ -338,7 +346,7 @@
|
|
338
346
|
<param pos="0" name="service.product" value="HAProxy"/>
|
339
347
|
</fingerprint>
|
340
348
|
|
341
|
-
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))
|
349
|
+
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=">
|
342
350
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
343
351
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
344
352
|
</description>
|
@@ -351,7 +359,7 @@
|
|
351
359
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
352
360
|
</fingerprint>
|
353
361
|
|
354
|
-
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)
|
362
|
+
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=">
|
355
363
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
356
364
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
357
365
|
</description>
|
@@ -363,15 +371,18 @@
|
|
363
371
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
364
372
|
</fingerprint>
|
365
373
|
|
366
|
-
<fingerprint pattern="^IBMCBR
|
374
|
+
<fingerprint pattern="^IBMCBR=">
|
367
375
|
<description>IBM WebSphere Load Balancer</description>
|
376
|
+
<!-- Replace with a valid example if one is discovered -->
|
377
|
+
|
378
|
+
<example>IBMCBR=fakevalue</example>
|
368
379
|
<param pos="0" name="cookie" value="IBMCBR"/>
|
369
380
|
<param pos="0" name="service.vendor" value="IBM"/>
|
370
381
|
<param pos="0" name="service.family" value="WebSphere"/>
|
371
382
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
372
383
|
</fingerprint>
|
373
384
|
|
374
|
-
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)
|
385
|
+
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=">
|
375
386
|
<description>Joom!Fish http://www.joomfish.net/</description>
|
376
387
|
<example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
377
388
|
<example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
|
@@ -382,12 +393,14 @@
|
|
382
393
|
|
383
394
|
<fingerprint pattern="^_mastodon_session=">
|
384
395
|
<description>Mastodon</description>
|
396
|
+
<example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
|
385
397
|
<param pos="0" name="cookie" value="_mastodon_session"/>
|
386
398
|
<param pos="0" name="service.product" value="Mastodon"/>
|
387
399
|
</fingerprint>
|
388
400
|
|
389
|
-
<fingerprint pattern="^(MSCSAuth|MSCSProfile)
|
401
|
+
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
|
390
402
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
403
|
+
<example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
|
391
404
|
<param pos="1" name="cookie"/>
|
392
405
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
393
406
|
<param pos="0" name="service.family" value="Commerce Server"/>
|
@@ -395,18 +408,18 @@
|
|
395
408
|
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
|
396
409
|
</fingerprint>
|
397
410
|
|
398
|
-
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)
|
411
|
+
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=">
|
399
412
|
<description>Nextcloud</description>
|
400
413
|
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
401
414
|
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
402
|
-
<example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
415
|
+
<example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
403
416
|
<param pos="1" name="cookie"/>
|
404
417
|
<param pos="0" name="service.vendor" value="Nextcloud"/>
|
405
418
|
<param pos="0" name="service.product" value="Nextcloud Server"/>
|
406
419
|
<param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
|
407
420
|
</fingerprint>
|
408
421
|
|
409
|
-
<fingerprint pattern="^AlteonP
|
422
|
+
<fingerprint pattern="^AlteonP=">
|
410
423
|
<description>Nortel Alteon Web Switch</description>
|
411
424
|
<example>AlteonP=c46736793e45929dbaeebabb; path=</example>
|
412
425
|
<param pos="0" name="cookie" value="AlteonP"/>
|
@@ -415,7 +428,7 @@
|
|
415
428
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
416
429
|
</fingerprint>
|
417
430
|
|
418
|
-
<fingerprint pattern="^OBSID
|
431
|
+
<fingerprint pattern="^OBSID=">
|
419
432
|
<description>Observium</description>
|
420
433
|
<example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
|
421
434
|
<param pos="0" name="cookie" value="OBSID"/>
|
@@ -424,23 +437,26 @@
|
|
424
437
|
<param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
|
425
438
|
</fingerprint>
|
426
439
|
|
427
|
-
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)
|
440
|
+
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
|
428
441
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
442
|
+
<example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
|
443
|
+
<example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
|
429
444
|
<param pos="1" name="cookie"/>
|
430
445
|
<param pos="0" name="service.vendor" value="FatWire"/>
|
431
446
|
<param pos="0" name="service.family" value="Content Server"/>
|
432
447
|
<param pos="0" name="service.product" value="Content Server"/>
|
433
448
|
</fingerprint>
|
434
449
|
|
435
|
-
<fingerprint pattern="^parkinglot
|
450
|
+
<fingerprint pattern="^parkinglot=">
|
436
451
|
<description>Oversee Webserver</description>
|
452
|
+
<example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
|
437
453
|
<param pos="0" name="cookie" value="parkinglot"/>
|
438
454
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
439
455
|
<param pos="0" name="service.family" value="Webserver"/>
|
440
456
|
<param pos="0" name="service.product" value="Webserver"/>
|
441
457
|
</fingerprint>
|
442
458
|
|
443
|
-
<fingerprint pattern="^phsid
|
459
|
+
<fingerprint pattern="^phsid=">
|
444
460
|
<description>Phabricator</description>
|
445
461
|
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
446
462
|
<param pos="0" name="cookie" value="phsid"/>
|
@@ -450,7 +466,7 @@
|
|
450
466
|
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
451
467
|
</fingerprint>
|
452
468
|
|
453
|
-
<fingerprint pattern="^RMID
|
469
|
+
<fingerprint pattern="^RMID=">
|
454
470
|
<description>RealMedia OpenAdStream</description>
|
455
471
|
<example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
|
456
472
|
<param pos="0" name="cookie" value="RMID"/>
|
@@ -459,7 +475,7 @@
|
|
459
475
|
<param pos="0" name="service.product" value="OpenAdStream"/>
|
460
476
|
</fingerprint>
|
461
477
|
|
462
|
-
<fingerprint pattern="^RoxenUserID
|
478
|
+
<fingerprint pattern="^RoxenUserID=">
|
463
479
|
<description>Roxen WebServer</description>
|
464
480
|
<example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
|
465
481
|
<param pos="0" name="cookie" value="RoxenUserID"/>
|
@@ -468,7 +484,7 @@
|
|
468
484
|
<param pos="0" name="service.product" value="WebServer"/>
|
469
485
|
</fingerprint>
|
470
486
|
|
471
|
-
<fingerprint pattern="^_sn
|
487
|
+
<fingerprint pattern="^_sn=">
|
472
488
|
<description>Siebel CRM</description>
|
473
489
|
<example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
|
474
490
|
<param pos="0" name="cookie" value="_sn"/>
|
@@ -479,7 +495,7 @@
|
|
479
495
|
|
480
496
|
<!-- This fingerprint is not specific enough. Multiple products are sold under
|
481
497
|
the brand iPlanet/Sun ONE/Sun Java.
|
482
|
-
<fingerprint pattern="^(iPlanetUserId)
|
498
|
+
<fingerprint pattern="^(iPlanetUserId)=">
|
483
499
|
<description>Sun iPlanet</description>
|
484
500
|
<param pos="1" name="cookie"/>
|
485
501
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -489,8 +505,9 @@
|
|
489
505
|
|
490
506
|
-->
|
491
507
|
|
492
|
-
<fingerprint pattern="^NSES40Session
|
508
|
+
<fingerprint pattern="^NSES40Session=">
|
493
509
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
510
|
+
<example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
|
494
511
|
<param pos="0" name="cookie" value="NSES40Session"/>
|
495
512
|
<param pos="0" name="service.vendor" value="Sun"/>
|
496
513
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
@@ -499,7 +516,7 @@
|
|
499
516
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
500
517
|
</fingerprint>
|
501
518
|
|
502
|
-
<fingerprint pattern="^_redmine_session
|
519
|
+
<fingerprint pattern="^_redmine_session=">
|
503
520
|
<description>Redmine</description>
|
504
521
|
<example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
|
505
522
|
<param pos="0" name="cookie" value="_redmine_session"/>
|
@@ -517,8 +534,10 @@
|
|
517
534
|
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
518
535
|
</fingerprint>
|
519
536
|
|
520
|
-
<fingerprint pattern="^(
|
537
|
+
<fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
|
521
538
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
539
|
+
<example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
|
540
|
+
<example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
|
522
541
|
<param pos="1" name="cookie"/>
|
523
542
|
<param pos="0" name="service.vendor" value="Sun"/>
|
524
543
|
<param pos="0" name="service.family" value="Java System Application Server"/>
|
@@ -526,7 +545,7 @@
|
|
526
545
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
|
527
546
|
</fingerprint>
|
528
547
|
|
529
|
-
<fingerprint pattern="^fe_typo_user
|
548
|
+
<fingerprint pattern="^fe_typo_user=">
|
530
549
|
<description>TYPO3 CMS - http://typo3.com/</description>
|
531
550
|
<example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
|
532
551
|
<param pos="0" name="cookie" value="fe_typo_user"/>
|
@@ -535,7 +554,7 @@
|
|
535
554
|
<param pos="0" name="service.product" value="CMS"/>
|
536
555
|
</fingerprint>
|
537
556
|
|
538
|
-
<fingerprint pattern="^SaneID
|
557
|
+
<fingerprint pattern="^SaneID=">
|
539
558
|
<description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
|
540
559
|
<example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
|
541
560
|
<param pos="0" name="cookie" value="SaneID"/>
|
@@ -544,7 +563,7 @@
|
|
544
563
|
<param pos="0" name="service.product" value="NetTracker"/>
|
545
564
|
</fingerprint>
|
546
565
|
|
547
|
-
<fingerprint pattern="^(__utm[a-z])
|
566
|
+
<fingerprint pattern="^(__utm[a-z])=">
|
548
567
|
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
549
568
|
<example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
|
550
569
|
<param pos="1" name="cookie"/>
|
@@ -563,15 +582,16 @@
|
|
563
582
|
<param pos="0" name="hw.product" value="SD-WAN"/>
|
564
583
|
</fingerprint>
|
565
584
|
|
566
|
-
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)
|
585
|
+
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
|
567
586
|
<description>Vignette</description>
|
587
|
+
<example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
|
568
588
|
<param pos="1" name="cookie"/>
|
569
589
|
<param pos="0" name="service.vendor" value="Vignette"/>
|
570
590
|
<param pos="0" name="service.family" value="Vignette"/>
|
571
591
|
<param pos="0" name="service.product" value="Vignette"/>
|
572
592
|
</fingerprint>
|
573
593
|
|
574
|
-
<fingerprint pattern="^wgSession
|
594
|
+
<fingerprint pattern="^wgSession=">
|
575
595
|
<description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
|
576
596
|
<example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
|
577
597
|
<param pos="0" name="cookie" value="wgSession"/>
|
@@ -580,7 +600,7 @@
|
|
580
600
|
<param pos="0" name="service.product" value="WebGUI"/>
|
581
601
|
</fingerprint>
|
582
602
|
|
583
|
-
<fingerprint pattern="^(WEBTRENDS_?ID)
|
603
|
+
<fingerprint pattern="^(WEBTRENDS_?ID)=">
|
584
604
|
<description>WebTrends</description>
|
585
605
|
<example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
|
586
606
|
<param pos="1" name="cookie"/>
|
@@ -589,7 +609,7 @@
|
|
589
609
|
<param pos="0" name="service.product" value="WebTrends"/>
|
590
610
|
</fingerprint>
|
591
611
|
|
592
|
-
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)
|
612
|
+
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
|
593
613
|
<description>Zimbra</description>
|
594
614
|
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
595
615
|
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
@@ -599,7 +619,7 @@
|
|
599
619
|
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
600
620
|
</fingerprint>
|
601
621
|
|
602
|
-
<fingerprint pattern="^_ZopeId
|
622
|
+
<fingerprint pattern="^_ZopeId=">
|
603
623
|
<description>Zope</description>
|
604
624
|
<example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
|
605
625
|
<param pos="0" name="cookie" value="_ZopeId"/>
|
@@ -607,17 +627,18 @@
|
|
607
627
|
<param pos="0" name="service.product" value="Zope"/>
|
608
628
|
</fingerprint>
|
609
629
|
|
610
|
-
<fingerprint pattern="^
|
630
|
+
<fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
|
611
631
|
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
612
|
-
<
|
613
|
-
<param pos="
|
632
|
+
<example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
|
633
|
+
<param pos="0" name="cookie" value="portal"/>
|
634
|
+
<param pos="1" name="service.version"/>
|
614
635
|
<param pos="0" name="service.vendor" value="Oracle"/>
|
615
636
|
<param pos="0" name="service.family" value="OracleAS"/>
|
616
637
|
<param pos="0" name="service.product" value="Application Server Portal"/>
|
617
638
|
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
|
618
639
|
</fingerprint>
|
619
640
|
|
620
|
-
<fingerprint pattern="^Compaq-HMMD=[^;]
|
641
|
+
<fingerprint pattern="^Compaq-HMMD=[^;]+;">
|
621
642
|
<description>HP System Management Homepage (SMH)</description>
|
622
643
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
|
623
644
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
|
@@ -642,6 +663,59 @@
|
|
642
663
|
<param pos="0" name="service.product" value="Arachni"/>
|
643
664
|
</fingerprint>
|
644
665
|
|
666
|
+
<fingerprint pattern="^unraid_">
|
667
|
+
<description>Unraid</description>
|
668
|
+
<example>unraid_2e9e9f79999999999999999999r9b999=c5599999999999999999999999999e38; path=/; HttpOnly; SameSite=Lax</example>
|
669
|
+
<param pos="0" name="service.vendor" value="Lime Technologies"/>
|
670
|
+
<param pos="0" name="service.product" value="Unraid"/>
|
671
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
672
|
+
</fingerprint>
|
673
|
+
|
674
|
+
<fingerprint pattern="^phpMyAdmin=">
|
675
|
+
<description>phpMyAdmin web interface for MySQL and MariaDB</description>
|
676
|
+
<example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
|
677
|
+
<param pos="0" name="service.vendor" value="phpMyAdmin"/>
|
678
|
+
<param pos="0" name="service.product" value="phpMyAdmin"/>
|
679
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
|
680
|
+
</fingerprint>
|
681
|
+
|
682
|
+
<fingerprint pattern="^(adminer_(?:sid|key))=">
|
683
|
+
<description>Adminer database management tool</description>
|
684
|
+
<example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
|
685
|
+
<example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
|
686
|
+
<param pos="1" name="cookie"/>
|
687
|
+
<param pos="0" name="service.vendor" value="Adminer"/>
|
688
|
+
<param pos="0" name="service.product" value="Adminer"/>
|
689
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
|
690
|
+
</fingerprint>
|
691
|
+
|
692
|
+
<fingerprint pattern="^mongo-express=">
|
693
|
+
<description>mongo-express web-based MongoDB admin interface</description>
|
694
|
+
<example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
|
695
|
+
<param pos="0" name="service.vendor" value="mongo-express Project"/>
|
696
|
+
<param pos="0" name="service.product" value="mongo-express"/>
|
697
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
|
698
|
+
</fingerprint>
|
699
|
+
|
700
|
+
<fingerprint pattern="^adscsrf=">
|
701
|
+
<description>ManageEngine ADSelfService Plus</description>
|
702
|
+
<example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
|
703
|
+
<param pos="0" name="service.vendor" value="ManageEngine"/>
|
704
|
+
<param pos="0" name="service.product" value="ADSelfService Plus"/>
|
705
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
|
706
|
+
</fingerprint>
|
707
|
+
|
708
|
+
<fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
|
709
|
+
<description>dotCMS Content Management Platform</description>
|
710
|
+
<example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
|
711
|
+
<example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
|
712
|
+
<example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
|
713
|
+
<param pos="1" name="cookie"/>
|
714
|
+
<param pos="0" name="service.vendor" value="dotCMS"/>
|
715
|
+
<param pos="0" name="service.product" value="dotCMS"/>
|
716
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
|
717
|
+
</fingerprint>
|
718
|
+
|
645
719
|
<!--
|
646
720
|
Ignore various cookies that are very generic cookies for session IDs
|
647
721
|
that are not necessarily indicative of any particular
|
@@ -650,24 +724,33 @@
|
|
650
724
|
these and this is enforced by rspec.
|
651
725
|
-->
|
652
726
|
|
653
|
-
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]
|
654
|
-
<description>Ignore simple JSESSIONID and related cookies</description>
|
727
|
+
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
|
728
|
+
<description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
|
655
729
|
<example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
|
656
730
|
<example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
|
657
731
|
<example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
|
732
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
733
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
734
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
658
735
|
</fingerprint>
|
659
736
|
|
660
|
-
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]
|
661
|
-
<description>Ignore simple SESSIONID and related cookies</description>
|
737
|
+
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
|
738
|
+
<description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
|
662
739
|
<example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
|
663
740
|
<example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
|
664
741
|
<example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
|
665
742
|
<example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
|
743
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
744
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
745
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
666
746
|
</fingerprint>
|
667
747
|
|
668
|
-
<fingerprint pattern="(?i)^sid=[^;]
|
669
|
-
<description>Ignore simple SID and related cookies</description>
|
748
|
+
<fingerprint pattern="(?i)^sid=[^;]+;">
|
749
|
+
<description>Ignore simple SID and related cookies -- assert nothing</description>
|
670
750
|
<example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
|
751
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
752
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
753
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
671
754
|
</fingerprint>
|
672
755
|
|
673
756
|
</fingerprints>
|