recog 2.3.21 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +42 -16
- data/Rakefile +2 -9
- data/lib/recog/db.rb +2 -1
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +0 -1
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +98 -56
- data/{xml → recog/xml}/architecture.xml +15 -1
- data/recog/xml/dhcp_vendor_class.xml +206 -0
- data/{xml → recog/xml}/dns_versionbind.xml +16 -13
- data/{xml → recog/xml}/favicons.xml +297 -47
- data/{xml → recog/xml}/fingerprints.xsd +9 -1
- data/{xml → recog/xml}/ftp_banners.xml +160 -156
- data/{xml → recog/xml}/h323_callresp.xml +101 -101
- data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
- data/{xml → recog/xml}/html_title.xml +727 -34
- data/{xml → recog/xml}/http_cookies.xml +160 -77
- data/{xml → recog/xml}/http_servers.xml +556 -283
- data/{xml → recog/xml}/http_wwwauth.xml +190 -75
- data/{xml → recog/xml}/imap_banners.xml +5 -5
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +1 -1
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +11 -8
- data/{xml → recog/xml}/ntp_banners.xml +97 -97
- data/{xml → recog/xml}/operating_system.xml +95 -80
- data/{xml → recog/xml}/pop_banners.xml +23 -23
- data/{xml → recog/xml}/rsh_resp.xml +3 -3
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +43 -5
- data/{xml → recog/xml}/sip_user_agents.xml +175 -27
- data/{xml → recog/xml}/smb_native_lm.xml +5 -5
- data/{xml → recog/xml}/smb_native_os.xml +25 -25
- data/{xml → recog/xml}/smtp_banners.xml +147 -146
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +11 -11
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +2 -2
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
- data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
- data/{xml → recog/xml}/ssh_banners.xml +16 -10
- data/{xml → recog/xml}/telnet_banners.xml +238 -21
- data/{xml → recog/xml}/tls_jarm.xml +56 -6
- data/{xml → recog/xml}/x11_banners.xml +3 -3
- data/{xml → recog/xml}/x509_issuers.xml +49 -1
- data/{xml → recog/xml}/x509_subjects.xml +139 -38
- data/recog.gemspec +9 -5
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/spec/spec_helper.rb +4 -0
- metadata +65 -134
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/workflows/ci.yml +0 -26
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/CONTRIBUTING.md +0 -270
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -148
- data/bin/recog_verify +0 -64
- data/cpe-remap.yaml +0 -343
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -20
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/verify.feature +0 -48
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -104
- data/identifiers/hw_device.txt +0 -78
- data/identifiers/hw_family.txt +0 -113
- data/identifiers/hw_product.txt +0 -410
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -75
- data/identifiers/os_family.txt +0 -233
- data/identifiers/os_product.txt +0 -340
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -752
- data/identifiers/vendor.txt +0 -798
- data/lib/recog/verifier_factory.rb +0 -13
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -174
- data/update_cpes.py +0 -250
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
<param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
|
|
16
16
|
</fingerprint>
|
|
17
17
|
|
|
18
|
-
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)
|
|
18
|
+
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=">
|
|
19
19
|
<description>Amazon Application Load Balancer</description>
|
|
20
20
|
<example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
|
21
21
|
<example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
<param pos="0" name="service.product" value="Application Load Balancer"/>
|
|
27
27
|
</fingerprint>
|
|
28
28
|
|
|
29
|
-
<fingerprint pattern="^(AWSELB(?:CORS)?)
|
|
29
|
+
<fingerprint pattern="^(AWSELB(?:CORS)?)=">
|
|
30
30
|
<description>Amazon Elastic Load Balancer</description>
|
|
31
31
|
<example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
|
32
32
|
<example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
<param pos="0" name="service.product" value="Elastic Load Balancer"/>
|
|
37
37
|
</fingerprint>
|
|
38
38
|
|
|
39
|
-
<fingerprint pattern="^(PHPSESSI(?:D|ON))
|
|
39
|
+
<fingerprint pattern="^(PHPSESSI(?:D|ON))=">
|
|
40
40
|
<description>PHP - http://www.php.net/ref.session</description>
|
|
41
41
|
<example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
|
42
42
|
<example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
|
48
48
|
</fingerprint>
|
|
49
49
|
|
|
50
|
-
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)
|
|
50
|
+
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=">
|
|
51
51
|
<description>Microsoft IIS (ASP.NET)
|
|
52
52
|
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
|
53
53
|
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
|
67
67
|
</fingerprint>
|
|
68
68
|
|
|
69
|
-
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)
|
|
69
|
+
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=">
|
|
70
70
|
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
|
71
71
|
<example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
|
|
72
72
|
<example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
|
|
@@ -77,26 +77,40 @@
|
|
|
77
77
|
<param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
|
|
78
78
|
</fingerprint>
|
|
79
79
|
|
|
80
|
-
<fingerprint pattern="^ANsession\d+=(\S+)
|
|
80
|
+
<fingerprint pattern="^ANsession\d+=(\S+);">
|
|
81
81
|
<description>Array Networks Secure Access Gateway / SSL VPN</description>
|
|
82
|
-
<example>ANsession0002262072457555=IPMI; path=/;secure</example>
|
|
82
|
+
<example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
|
|
83
83
|
<param pos="1" name="cookie"/>
|
|
84
84
|
<param pos="0" name="service.vendor" value="Array Networks"/>
|
|
85
85
|
<param pos="0" name="service.family" value="Secure Access Gateway"/>
|
|
86
86
|
<param pos="0" name="hw.device" value="VPN"/>
|
|
87
87
|
</fingerprint>
|
|
88
88
|
|
|
89
|
-
<fingerprint pattern="^
|
|
90
|
-
<description>Apache</description>
|
|
91
|
-
<
|
|
92
|
-
<
|
|
89
|
+
<fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
|
|
90
|
+
<description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
|
|
91
|
+
<example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
|
|
92
|
+
<example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
|
|
93
|
+
<example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
|
|
94
|
+
<example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
|
|
95
|
+
<param pos="0" name="cookie" value="Apache"/>
|
|
96
|
+
<param pos="1" name="host.ip"/>
|
|
97
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
|
98
|
+
<param pos="0" name="service.family" value="Apache"/>
|
|
99
|
+
<param pos="0" name="service.product" value="HTTPD"/>
|
|
100
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
|
101
|
+
</fingerprint>
|
|
102
|
+
|
|
103
|
+
<fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
|
|
104
|
+
<description>Apache with opaque session ID</description>
|
|
105
|
+
<example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
|
|
106
|
+
<param pos="0" name="cookie" value="Apache"/>
|
|
93
107
|
<param pos="0" name="service.vendor" value="Apache"/>
|
|
94
108
|
<param pos="0" name="service.family" value="Apache"/>
|
|
95
109
|
<param pos="0" name="service.product" value="HTTPD"/>
|
|
96
110
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
|
97
111
|
</fingerprint>
|
|
98
112
|
|
|
99
|
-
<fingerprint pattern="^JServSessionIdroot
|
|
113
|
+
<fingerprint pattern="^JServSessionIdroot=">
|
|
100
114
|
<description>Apache JServ</description>
|
|
101
115
|
<example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
|
|
102
116
|
<param pos="0" name="cookie" value="JServSessionIdroot"/>
|
|
@@ -105,7 +119,7 @@
|
|
|
105
119
|
<param pos="0" name="service.product" value="JServ"/>
|
|
106
120
|
</fingerprint>
|
|
107
121
|
|
|
108
|
-
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)
|
|
122
|
+
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=">
|
|
109
123
|
<description>ATG Dynamo</description>
|
|
110
124
|
<example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
|
|
111
125
|
<param pos="1" name="cookie"/>
|
|
@@ -114,7 +128,7 @@
|
|
|
114
128
|
<param pos="0" name="service.product" value="Dynamo"/>
|
|
115
129
|
</fingerprint>
|
|
116
130
|
|
|
117
|
-
<fingerprint pattern="^Bugzilla_login_request_cookie
|
|
131
|
+
<fingerprint pattern="^Bugzilla_login_request_cookie=">
|
|
118
132
|
<description>Bugzilla</description>
|
|
119
133
|
<example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
|
|
120
134
|
<param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
|
|
@@ -123,34 +137,27 @@
|
|
|
123
137
|
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
|
124
138
|
</fingerprint>
|
|
125
139
|
|
|
126
|
-
<fingerprint pattern="^
|
|
127
|
-
<description>BEA WebLogic (with timestamp)</description>
|
|
128
|
-
<param pos="1" name="cookie"/>
|
|
129
|
-
<param pos="2" name="system.time.millis"/>
|
|
130
|
-
<param pos="0" name="service.vendor" value="BEA"/>
|
|
131
|
-
<param pos="0" name="service.family" value="WebLogic"/>
|
|
132
|
-
<param pos="0" name="service.product" value="WebLogic"/>
|
|
133
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
|
134
|
-
</fingerprint>
|
|
135
|
-
|
|
136
|
-
<fingerprint pattern="^(WebLogicSession)=.*">
|
|
140
|
+
<fingerprint pattern="^WebLogicSession=">
|
|
137
141
|
<description>BEA WebLogic (no timestamp)</description>
|
|
138
|
-
<
|
|
142
|
+
<example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
|
|
143
|
+
<example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
|
|
144
|
+
<param pos="0" name="cookie" value="WebLogicSession"/>
|
|
139
145
|
<param pos="0" name="service.vendor" value="BEA"/>
|
|
140
146
|
<param pos="0" name="service.family" value="WebLogic"/>
|
|
141
147
|
<param pos="0" name="service.product" value="WebLogic"/>
|
|
142
148
|
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
|
143
149
|
</fingerprint>
|
|
144
150
|
|
|
145
|
-
<fingerprint pattern="^(BCSI-
|
|
151
|
+
<fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
|
|
146
152
|
<description>BlueCoat Proxy</description>
|
|
153
|
+
<example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
|
|
147
154
|
<param pos="1" name="cookie"/>
|
|
148
155
|
<param pos="0" name="service.vendor" value="Blue Coat"/>
|
|
149
156
|
<param pos="0" name="service.family" value="Proxy"/>
|
|
150
157
|
<param pos="0" name="service.product" value="Proxy"/>
|
|
151
158
|
</fingerprint>
|
|
152
159
|
|
|
153
|
-
<fingerprint pattern="^CAKEPHP
|
|
160
|
+
<fingerprint pattern="^CAKEPHP=">
|
|
154
161
|
<description>CakePHP - http://www.cakephp.org/</description>
|
|
155
162
|
<example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
|
|
156
163
|
<param pos="0" name="cookie" value="CAKEPHP"/>
|
|
@@ -165,7 +172,7 @@
|
|
|
165
172
|
actual break is between the pieces of data.
|
|
166
173
|
-->
|
|
167
174
|
|
|
168
|
-
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]
|
|
175
|
+
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+">
|
|
169
176
|
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
|
170
177
|
<example host.name="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
|
|
171
178
|
<param pos="0" name="cookie" value="ARPT"/>
|
|
@@ -176,7 +183,7 @@
|
|
|
176
183
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
|
177
184
|
</fingerprint>
|
|
178
185
|
|
|
179
|
-
<fingerprint pattern="^ARPT
|
|
186
|
+
<fingerprint pattern="^ARPT=">
|
|
180
187
|
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
|
181
188
|
<example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
|
|
182
189
|
<param pos="0" name="cookie" value="ARPT"/>
|
|
@@ -206,15 +213,16 @@
|
|
|
206
213
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
|
207
214
|
</fingerprint>
|
|
208
215
|
|
|
209
|
-
<fingerprint pattern="^st8id
|
|
216
|
+
<fingerprint pattern="^st8id=">
|
|
210
217
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
|
218
|
+
<example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
|
|
211
219
|
<param pos="0" name="cookie" value="st8id"/>
|
|
212
220
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
|
213
221
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
|
214
222
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
|
215
223
|
</fingerprint>
|
|
216
224
|
|
|
217
|
-
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)
|
|
225
|
+
<fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=">
|
|
218
226
|
<description>Citrix NetScaler</description>
|
|
219
227
|
<example>NSC_AAAC=xyz;</example>
|
|
220
228
|
<example>NSC_TEMP=xyz;</example>
|
|
@@ -242,7 +250,7 @@
|
|
|
242
250
|
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
|
243
251
|
</fingerprint>
|
|
244
252
|
|
|
245
|
-
<fingerprint pattern="^DokuWiki
|
|
253
|
+
<fingerprint pattern="^DokuWiki=">
|
|
246
254
|
<description>Dokuwiki</description>
|
|
247
255
|
<example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
|
|
248
256
|
<param pos="0" name="cookie" value="DokuWiki"/>
|
|
@@ -251,7 +259,7 @@
|
|
|
251
259
|
<param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
|
|
252
260
|
</fingerprint>
|
|
253
261
|
|
|
254
|
-
<fingerprint pattern="^(EktGUID|ecm)
|
|
262
|
+
<fingerprint pattern="^(EktGUID|ecm)=">
|
|
255
263
|
<description>Ektron CMS400.net</description>
|
|
256
264
|
<example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
|
|
257
265
|
<param pos="1" name="cookie"/>
|
|
@@ -269,9 +277,9 @@
|
|
|
269
277
|
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
|
|
270
278
|
</fingerprint>
|
|
271
279
|
|
|
272
|
-
<fingerprint pattern="(?i)^(BIGipServer([^=]+))
|
|
280
|
+
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
|
|
273
281
|
<description>F5 BIG-IP LTM - Server variant</description>
|
|
274
|
-
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
|
282
|
+
<example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
|
275
283
|
<param pos="1" name="cookie"/>
|
|
276
284
|
<param pos="2" name="loadbalancer.poolname"/>
|
|
277
285
|
<param pos="0" name="service.vendor" value="F5"/>
|
|
@@ -280,7 +288,7 @@
|
|
|
280
288
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
|
281
289
|
</fingerprint>
|
|
282
290
|
|
|
283
|
-
<fingerprint pattern="^i_like_gogits
|
|
291
|
+
<fingerprint pattern="^i_like_gogits=">
|
|
284
292
|
<description>Gogs</description>
|
|
285
293
|
<example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
|
|
286
294
|
<param pos="0" name="cookie" value="i_like_gogits"/>
|
|
@@ -289,7 +297,7 @@
|
|
|
289
297
|
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
|
290
298
|
</fingerprint>
|
|
291
299
|
|
|
292
|
-
<fingerprint pattern="^(BigIPCookie[^=]*)
|
|
300
|
+
<fingerprint pattern="^(BigIPCookie[^=]*)=">
|
|
293
301
|
<description>F5 BIG-IP LTM</description>
|
|
294
302
|
<example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
|
|
295
303
|
<example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
|
|
@@ -309,7 +317,7 @@
|
|
|
309
317
|
<param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
|
|
310
318
|
</fingerprint>
|
|
311
319
|
|
|
312
|
-
<fingerprint pattern="^i_like_gitea
|
|
320
|
+
<fingerprint pattern="^i_like_gitea=">
|
|
313
321
|
<description>Gitea</description>
|
|
314
322
|
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
|
315
323
|
<param pos="0" name="cookie" value="i_like_gitea"/>
|
|
@@ -319,7 +327,7 @@
|
|
|
319
327
|
<param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
|
|
320
328
|
</fingerprint>
|
|
321
329
|
|
|
322
|
-
<fingerprint pattern="^_gitlab_session
|
|
330
|
+
<fingerprint pattern="^_gitlab_session=">
|
|
323
331
|
<description>GitLab</description>
|
|
324
332
|
<example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
|
|
325
333
|
<param pos="0" name="cookie" value="_gitlab_session"/>
|
|
@@ -338,7 +346,7 @@
|
|
|
338
346
|
<param pos="0" name="service.product" value="HAProxy"/>
|
|
339
347
|
</fingerprint>
|
|
340
348
|
|
|
341
|
-
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))
|
|
349
|
+
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=">
|
|
342
350
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
|
343
351
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
|
344
352
|
</description>
|
|
@@ -351,7 +359,7 @@
|
|
|
351
359
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
|
352
360
|
</fingerprint>
|
|
353
361
|
|
|
354
|
-
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)
|
|
362
|
+
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=">
|
|
355
363
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
|
356
364
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
|
357
365
|
</description>
|
|
@@ -363,15 +371,18 @@
|
|
|
363
371
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
|
364
372
|
</fingerprint>
|
|
365
373
|
|
|
366
|
-
<fingerprint pattern="^IBMCBR
|
|
374
|
+
<fingerprint pattern="^IBMCBR=">
|
|
367
375
|
<description>IBM WebSphere Load Balancer</description>
|
|
376
|
+
<!-- Replace with a valid example if one is discovered -->
|
|
377
|
+
|
|
378
|
+
<example>IBMCBR=fakevalue</example>
|
|
368
379
|
<param pos="0" name="cookie" value="IBMCBR"/>
|
|
369
380
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
370
381
|
<param pos="0" name="service.family" value="WebSphere"/>
|
|
371
382
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
|
372
383
|
</fingerprint>
|
|
373
384
|
|
|
374
|
-
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)
|
|
385
|
+
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=">
|
|
375
386
|
<description>Joom!Fish http://www.joomfish.net/</description>
|
|
376
387
|
<example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
|
377
388
|
<example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
|
|
@@ -382,12 +393,14 @@
|
|
|
382
393
|
|
|
383
394
|
<fingerprint pattern="^_mastodon_session=">
|
|
384
395
|
<description>Mastodon</description>
|
|
396
|
+
<example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
|
|
385
397
|
<param pos="0" name="cookie" value="_mastodon_session"/>
|
|
386
398
|
<param pos="0" name="service.product" value="Mastodon"/>
|
|
387
399
|
</fingerprint>
|
|
388
400
|
|
|
389
|
-
<fingerprint pattern="^(MSCSAuth|MSCSProfile)
|
|
401
|
+
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
|
|
390
402
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
|
403
|
+
<example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
|
|
391
404
|
<param pos="1" name="cookie"/>
|
|
392
405
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
393
406
|
<param pos="0" name="service.family" value="Commerce Server"/>
|
|
@@ -395,18 +408,18 @@
|
|
|
395
408
|
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
|
|
396
409
|
</fingerprint>
|
|
397
410
|
|
|
398
|
-
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)
|
|
411
|
+
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=">
|
|
399
412
|
<description>Nextcloud</description>
|
|
400
413
|
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
|
401
414
|
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
|
402
|
-
<example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
|
415
|
+
<example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
|
403
416
|
<param pos="1" name="cookie"/>
|
|
404
417
|
<param pos="0" name="service.vendor" value="Nextcloud"/>
|
|
405
418
|
<param pos="0" name="service.product" value="Nextcloud Server"/>
|
|
406
419
|
<param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
|
|
407
420
|
</fingerprint>
|
|
408
421
|
|
|
409
|
-
<fingerprint pattern="^AlteonP
|
|
422
|
+
<fingerprint pattern="^AlteonP=">
|
|
410
423
|
<description>Nortel Alteon Web Switch</description>
|
|
411
424
|
<example>AlteonP=c46736793e45929dbaeebabb; path=</example>
|
|
412
425
|
<param pos="0" name="cookie" value="AlteonP"/>
|
|
@@ -415,7 +428,7 @@
|
|
|
415
428
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
|
416
429
|
</fingerprint>
|
|
417
430
|
|
|
418
|
-
<fingerprint pattern="^OBSID
|
|
431
|
+
<fingerprint pattern="^OBSID=">
|
|
419
432
|
<description>Observium</description>
|
|
420
433
|
<example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
|
|
421
434
|
<param pos="0" name="cookie" value="OBSID"/>
|
|
@@ -424,23 +437,26 @@
|
|
|
424
437
|
<param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
|
|
425
438
|
</fingerprint>
|
|
426
439
|
|
|
427
|
-
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)
|
|
440
|
+
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
|
|
428
441
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
|
442
|
+
<example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
|
|
443
|
+
<example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
|
|
429
444
|
<param pos="1" name="cookie"/>
|
|
430
445
|
<param pos="0" name="service.vendor" value="FatWire"/>
|
|
431
446
|
<param pos="0" name="service.family" value="Content Server"/>
|
|
432
447
|
<param pos="0" name="service.product" value="Content Server"/>
|
|
433
448
|
</fingerprint>
|
|
434
449
|
|
|
435
|
-
<fingerprint pattern="^parkinglot
|
|
450
|
+
<fingerprint pattern="^parkinglot=">
|
|
436
451
|
<description>Oversee Webserver</description>
|
|
452
|
+
<example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
|
|
437
453
|
<param pos="0" name="cookie" value="parkinglot"/>
|
|
438
454
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
|
439
455
|
<param pos="0" name="service.family" value="Webserver"/>
|
|
440
456
|
<param pos="0" name="service.product" value="Webserver"/>
|
|
441
457
|
</fingerprint>
|
|
442
458
|
|
|
443
|
-
<fingerprint pattern="^phsid
|
|
459
|
+
<fingerprint pattern="^phsid=">
|
|
444
460
|
<description>Phabricator</description>
|
|
445
461
|
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
|
446
462
|
<param pos="0" name="cookie" value="phsid"/>
|
|
@@ -450,7 +466,7 @@
|
|
|
450
466
|
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
|
451
467
|
</fingerprint>
|
|
452
468
|
|
|
453
|
-
<fingerprint pattern="^RMID
|
|
469
|
+
<fingerprint pattern="^RMID=">
|
|
454
470
|
<description>RealMedia OpenAdStream</description>
|
|
455
471
|
<example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
|
|
456
472
|
<param pos="0" name="cookie" value="RMID"/>
|
|
@@ -459,7 +475,7 @@
|
|
|
459
475
|
<param pos="0" name="service.product" value="OpenAdStream"/>
|
|
460
476
|
</fingerprint>
|
|
461
477
|
|
|
462
|
-
<fingerprint pattern="^RoxenUserID
|
|
478
|
+
<fingerprint pattern="^RoxenUserID=">
|
|
463
479
|
<description>Roxen WebServer</description>
|
|
464
480
|
<example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
|
|
465
481
|
<param pos="0" name="cookie" value="RoxenUserID"/>
|
|
@@ -468,7 +484,7 @@
|
|
|
468
484
|
<param pos="0" name="service.product" value="WebServer"/>
|
|
469
485
|
</fingerprint>
|
|
470
486
|
|
|
471
|
-
<fingerprint pattern="^_sn
|
|
487
|
+
<fingerprint pattern="^_sn=">
|
|
472
488
|
<description>Siebel CRM</description>
|
|
473
489
|
<example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
|
|
474
490
|
<param pos="0" name="cookie" value="_sn"/>
|
|
@@ -479,7 +495,7 @@
|
|
|
479
495
|
|
|
480
496
|
<!-- This fingerprint is not specific enough. Multiple products are sold under
|
|
481
497
|
the brand iPlanet/Sun ONE/Sun Java.
|
|
482
|
-
<fingerprint pattern="^(iPlanetUserId)
|
|
498
|
+
<fingerprint pattern="^(iPlanetUserId)=">
|
|
483
499
|
<description>Sun iPlanet</description>
|
|
484
500
|
<param pos="1" name="cookie"/>
|
|
485
501
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
@@ -489,8 +505,9 @@
|
|
|
489
505
|
|
|
490
506
|
-->
|
|
491
507
|
|
|
492
|
-
<fingerprint pattern="^NSES40Session
|
|
508
|
+
<fingerprint pattern="^NSES40Session=">
|
|
493
509
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
|
510
|
+
<example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
|
|
494
511
|
<param pos="0" name="cookie" value="NSES40Session"/>
|
|
495
512
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
496
513
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
|
@@ -499,7 +516,7 @@
|
|
|
499
516
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
|
500
517
|
</fingerprint>
|
|
501
518
|
|
|
502
|
-
<fingerprint pattern="^_redmine_session
|
|
519
|
+
<fingerprint pattern="^_redmine_session=">
|
|
503
520
|
<description>Redmine</description>
|
|
504
521
|
<example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
|
|
505
522
|
<param pos="0" name="cookie" value="_redmine_session"/>
|
|
@@ -517,8 +534,10 @@
|
|
|
517
534
|
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
|
518
535
|
</fingerprint>
|
|
519
536
|
|
|
520
|
-
<fingerprint pattern="^(
|
|
537
|
+
<fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
|
|
521
538
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
|
539
|
+
<example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
|
|
540
|
+
<example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
|
|
522
541
|
<param pos="1" name="cookie"/>
|
|
523
542
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
524
543
|
<param pos="0" name="service.family" value="Java System Application Server"/>
|
|
@@ -526,7 +545,7 @@
|
|
|
526
545
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
|
|
527
546
|
</fingerprint>
|
|
528
547
|
|
|
529
|
-
<fingerprint pattern="^fe_typo_user
|
|
548
|
+
<fingerprint pattern="^fe_typo_user=">
|
|
530
549
|
<description>TYPO3 CMS - http://typo3.com/</description>
|
|
531
550
|
<example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
|
|
532
551
|
<param pos="0" name="cookie" value="fe_typo_user"/>
|
|
@@ -535,7 +554,7 @@
|
|
|
535
554
|
<param pos="0" name="service.product" value="CMS"/>
|
|
536
555
|
</fingerprint>
|
|
537
556
|
|
|
538
|
-
<fingerprint pattern="^SaneID
|
|
557
|
+
<fingerprint pattern="^SaneID=">
|
|
539
558
|
<description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
|
|
540
559
|
<example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
|
|
541
560
|
<param pos="0" name="cookie" value="SaneID"/>
|
|
@@ -544,7 +563,7 @@
|
|
|
544
563
|
<param pos="0" name="service.product" value="NetTracker"/>
|
|
545
564
|
</fingerprint>
|
|
546
565
|
|
|
547
|
-
<fingerprint pattern="^(__utm[a-z])
|
|
566
|
+
<fingerprint pattern="^(__utm[a-z])=">
|
|
548
567
|
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
|
549
568
|
<example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
|
|
550
569
|
<param pos="1" name="cookie"/>
|
|
@@ -563,15 +582,16 @@
|
|
|
563
582
|
<param pos="0" name="hw.product" value="SD-WAN"/>
|
|
564
583
|
</fingerprint>
|
|
565
584
|
|
|
566
|
-
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)
|
|
585
|
+
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
|
|
567
586
|
<description>Vignette</description>
|
|
587
|
+
<example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
|
|
568
588
|
<param pos="1" name="cookie"/>
|
|
569
589
|
<param pos="0" name="service.vendor" value="Vignette"/>
|
|
570
590
|
<param pos="0" name="service.family" value="Vignette"/>
|
|
571
591
|
<param pos="0" name="service.product" value="Vignette"/>
|
|
572
592
|
</fingerprint>
|
|
573
593
|
|
|
574
|
-
<fingerprint pattern="^wgSession
|
|
594
|
+
<fingerprint pattern="^wgSession=">
|
|
575
595
|
<description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
|
|
576
596
|
<example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
|
|
577
597
|
<param pos="0" name="cookie" value="wgSession"/>
|
|
@@ -580,7 +600,7 @@
|
|
|
580
600
|
<param pos="0" name="service.product" value="WebGUI"/>
|
|
581
601
|
</fingerprint>
|
|
582
602
|
|
|
583
|
-
<fingerprint pattern="^(WEBTRENDS_?ID)
|
|
603
|
+
<fingerprint pattern="^(WEBTRENDS_?ID)=">
|
|
584
604
|
<description>WebTrends</description>
|
|
585
605
|
<example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
|
|
586
606
|
<param pos="1" name="cookie"/>
|
|
@@ -589,7 +609,7 @@
|
|
|
589
609
|
<param pos="0" name="service.product" value="WebTrends"/>
|
|
590
610
|
</fingerprint>
|
|
591
611
|
|
|
592
|
-
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)
|
|
612
|
+
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
|
|
593
613
|
<description>Zimbra</description>
|
|
594
614
|
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
|
595
615
|
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
|
@@ -599,7 +619,7 @@
|
|
|
599
619
|
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
|
600
620
|
</fingerprint>
|
|
601
621
|
|
|
602
|
-
<fingerprint pattern="^_ZopeId
|
|
622
|
+
<fingerprint pattern="^_ZopeId=">
|
|
603
623
|
<description>Zope</description>
|
|
604
624
|
<example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
|
|
605
625
|
<param pos="0" name="cookie" value="_ZopeId"/>
|
|
@@ -607,17 +627,18 @@
|
|
|
607
627
|
<param pos="0" name="service.product" value="Zope"/>
|
|
608
628
|
</fingerprint>
|
|
609
629
|
|
|
610
|
-
<fingerprint pattern="^
|
|
630
|
+
<fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
|
|
611
631
|
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
|
612
|
-
<
|
|
613
|
-
<param pos="
|
|
632
|
+
<example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
|
|
633
|
+
<param pos="0" name="cookie" value="portal"/>
|
|
634
|
+
<param pos="1" name="service.version"/>
|
|
614
635
|
<param pos="0" name="service.vendor" value="Oracle"/>
|
|
615
636
|
<param pos="0" name="service.family" value="OracleAS"/>
|
|
616
637
|
<param pos="0" name="service.product" value="Application Server Portal"/>
|
|
617
638
|
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
|
|
618
639
|
</fingerprint>
|
|
619
640
|
|
|
620
|
-
<fingerprint pattern="^Compaq-HMMD=[^;]
|
|
641
|
+
<fingerprint pattern="^Compaq-HMMD=[^;]+;">
|
|
621
642
|
<description>HP System Management Homepage (SMH)</description>
|
|
622
643
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
|
|
623
644
|
<example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
|
|
@@ -642,6 +663,59 @@
|
|
|
642
663
|
<param pos="0" name="service.product" value="Arachni"/>
|
|
643
664
|
</fingerprint>
|
|
644
665
|
|
|
666
|
+
<fingerprint pattern="^unraid_">
|
|
667
|
+
<description>Unraid</description>
|
|
668
|
+
<example>unraid_2e9e9f79999999999999999999r9b999=c5599999999999999999999999999e38; path=/; HttpOnly; SameSite=Lax</example>
|
|
669
|
+
<param pos="0" name="service.vendor" value="Lime Technologies"/>
|
|
670
|
+
<param pos="0" name="service.product" value="Unraid"/>
|
|
671
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
|
672
|
+
</fingerprint>
|
|
673
|
+
|
|
674
|
+
<fingerprint pattern="^phpMyAdmin=">
|
|
675
|
+
<description>phpMyAdmin web interface for MySQL and MariaDB</description>
|
|
676
|
+
<example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
|
|
677
|
+
<param pos="0" name="service.vendor" value="phpMyAdmin"/>
|
|
678
|
+
<param pos="0" name="service.product" value="phpMyAdmin"/>
|
|
679
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
|
|
680
|
+
</fingerprint>
|
|
681
|
+
|
|
682
|
+
<fingerprint pattern="^(adminer_(?:sid|key))=">
|
|
683
|
+
<description>Adminer database management tool</description>
|
|
684
|
+
<example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
|
|
685
|
+
<example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
|
|
686
|
+
<param pos="1" name="cookie"/>
|
|
687
|
+
<param pos="0" name="service.vendor" value="Adminer"/>
|
|
688
|
+
<param pos="0" name="service.product" value="Adminer"/>
|
|
689
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
|
|
690
|
+
</fingerprint>
|
|
691
|
+
|
|
692
|
+
<fingerprint pattern="^mongo-express=">
|
|
693
|
+
<description>mongo-express web-based MongoDB admin interface</description>
|
|
694
|
+
<example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
|
|
695
|
+
<param pos="0" name="service.vendor" value="mongo-express Project"/>
|
|
696
|
+
<param pos="0" name="service.product" value="mongo-express"/>
|
|
697
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
|
|
698
|
+
</fingerprint>
|
|
699
|
+
|
|
700
|
+
<fingerprint pattern="^adscsrf=">
|
|
701
|
+
<description>ManageEngine ADSelfService Plus</description>
|
|
702
|
+
<example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
|
|
703
|
+
<param pos="0" name="service.vendor" value="ManageEngine"/>
|
|
704
|
+
<param pos="0" name="service.product" value="ADSelfService Plus"/>
|
|
705
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
|
|
706
|
+
</fingerprint>
|
|
707
|
+
|
|
708
|
+
<fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
|
|
709
|
+
<description>dotCMS Content Management Platform</description>
|
|
710
|
+
<example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
|
|
711
|
+
<example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
|
|
712
|
+
<example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
|
|
713
|
+
<param pos="1" name="cookie"/>
|
|
714
|
+
<param pos="0" name="service.vendor" value="dotCMS"/>
|
|
715
|
+
<param pos="0" name="service.product" value="dotCMS"/>
|
|
716
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
|
|
717
|
+
</fingerprint>
|
|
718
|
+
|
|
645
719
|
<!--
|
|
646
720
|
Ignore various cookies that are very generic cookies for session IDs
|
|
647
721
|
that are not necessarily indicative of any particular
|
|
@@ -650,24 +724,33 @@
|
|
|
650
724
|
these and this is enforced by rspec.
|
|
651
725
|
-->
|
|
652
726
|
|
|
653
|
-
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]
|
|
654
|
-
<description>Ignore simple JSESSIONID and related cookies</description>
|
|
727
|
+
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
|
|
728
|
+
<description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
|
|
655
729
|
<example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
|
|
656
730
|
<example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
|
|
657
731
|
<example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
|
|
732
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
|
733
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
|
734
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
|
658
735
|
</fingerprint>
|
|
659
736
|
|
|
660
|
-
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]
|
|
661
|
-
<description>Ignore simple SESSIONID and related cookies</description>
|
|
737
|
+
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
|
|
738
|
+
<description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
|
|
662
739
|
<example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
|
|
663
740
|
<example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
|
|
664
741
|
<example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
|
|
665
742
|
<example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
|
|
743
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
|
744
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
|
745
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
|
666
746
|
</fingerprint>
|
|
667
747
|
|
|
668
|
-
<fingerprint pattern="(?i)^sid=[^;]
|
|
669
|
-
<description>Ignore simple SID and related cookies</description>
|
|
748
|
+
<fingerprint pattern="(?i)^sid=[^;]+;">
|
|
749
|
+
<description>Ignore simple SID and related cookies -- assert nothing</description>
|
|
670
750
|
<example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
|
|
751
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
|
752
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
|
753
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
|
671
754
|
</fingerprint>
|
|
672
755
|
|
|
673
756
|
</fingerprints>
|