recog 2.3.21 → 3.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (120) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE +1 -1
  3. data/README.md +42 -16
  4. data/Rakefile +2 -9
  5. data/lib/recog/db.rb +2 -1
  6. data/lib/recog/db_manager.rb +1 -1
  7. data/lib/recog/fingerprint.rb +33 -6
  8. data/lib/recog/fingerprint_parse_error.rb +10 -0
  9. data/lib/recog/verifier.rb +9 -9
  10. data/lib/recog/verify_reporter.rb +17 -6
  11. data/lib/recog/version.rb +1 -1
  12. data/{bin → recog/bin}/recog_match +0 -1
  13. data/{xml → recog/xml}/apache_modules.xml +0 -0
  14. data/{xml → recog/xml}/apache_os.xml +98 -56
  15. data/{xml → recog/xml}/architecture.xml +15 -1
  16. data/recog/xml/dhcp_vendor_class.xml +206 -0
  17. data/{xml → recog/xml}/dns_versionbind.xml +16 -13
  18. data/{xml → recog/xml}/favicons.xml +297 -47
  19. data/{xml → recog/xml}/fingerprints.xsd +9 -1
  20. data/{xml → recog/xml}/ftp_banners.xml +160 -156
  21. data/{xml → recog/xml}/h323_callresp.xml +101 -101
  22. data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
  23. data/{xml → recog/xml}/html_title.xml +727 -34
  24. data/{xml → recog/xml}/http_cookies.xml +160 -77
  25. data/{xml → recog/xml}/http_servers.xml +556 -283
  26. data/{xml → recog/xml}/http_wwwauth.xml +190 -75
  27. data/{xml → recog/xml}/imap_banners.xml +5 -5
  28. data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
  29. data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
  30. data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
  31. data/{xml → recog/xml}/mysql_banners.xml +1 -1
  32. data/{xml → recog/xml}/mysql_error.xml +0 -0
  33. data/{xml → recog/xml}/nntp_banners.xml +11 -8
  34. data/{xml → recog/xml}/ntp_banners.xml +97 -97
  35. data/{xml → recog/xml}/operating_system.xml +95 -80
  36. data/{xml → recog/xml}/pop_banners.xml +23 -23
  37. data/{xml → recog/xml}/rsh_resp.xml +3 -3
  38. data/{xml → recog/xml}/rtsp_servers.xml +0 -0
  39. data/{xml → recog/xml}/sip_banners.xml +43 -5
  40. data/{xml → recog/xml}/sip_user_agents.xml +175 -27
  41. data/{xml → recog/xml}/smb_native_lm.xml +5 -5
  42. data/{xml → recog/xml}/smb_native_os.xml +25 -25
  43. data/{xml → recog/xml}/smtp_banners.xml +147 -146
  44. data/{xml → recog/xml}/smtp_debug.xml +0 -0
  45. data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
  46. data/{xml → recog/xml}/smtp_expn.xml +0 -0
  47. data/{xml → recog/xml}/smtp_help.xml +11 -11
  48. data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
  49. data/{xml → recog/xml}/smtp_noop.xml +2 -2
  50. data/{xml → recog/xml}/smtp_quit.xml +0 -0
  51. data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
  52. data/{xml → recog/xml}/smtp_rset.xml +0 -0
  53. data/{xml → recog/xml}/smtp_turn.xml +0 -0
  54. data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
  55. data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
  56. data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
  57. data/{xml → recog/xml}/ssh_banners.xml +16 -10
  58. data/{xml → recog/xml}/telnet_banners.xml +238 -21
  59. data/{xml → recog/xml}/tls_jarm.xml +56 -6
  60. data/{xml → recog/xml}/x11_banners.xml +3 -3
  61. data/{xml → recog/xml}/x509_issuers.xml +49 -1
  62. data/{xml → recog/xml}/x509_subjects.xml +139 -38
  63. data/recog.gemspec +9 -5
  64. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  65. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  66. data/spec/data/external_example_fingerprint.xml +8 -0
  67. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  68. data/spec/lib/recog/db_spec.rb +84 -61
  69. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  70. data/spec/lib/recog/verify_reporter_spec.rb +73 -4
  71. data/spec/spec_helper.rb +4 -0
  72. metadata +65 -134
  73. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
  74. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
  75. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
  76. data/.github/PULL_REQUEST_TEMPLATE +0 -24
  77. data/.github/SECURITY.md +0 -35
  78. data/.github/workflows/ci.yml +0 -26
  79. data/.gitignore +0 -23
  80. data/.rspec +0 -3
  81. data/.ruby-gemset +0 -1
  82. data/.ruby-version +0 -1
  83. data/.snyk +0 -10
  84. data/.travis.yml +0 -25
  85. data/CONTRIBUTING.md +0 -270
  86. data/bin/recog_cleanup +0 -16
  87. data/bin/recog_export +0 -81
  88. data/bin/recog_standardize +0 -148
  89. data/bin/recog_verify +0 -64
  90. data/cpe-remap.yaml +0 -343
  91. data/features/data/failing_banners_fingerprints.xml +0 -20
  92. data/features/data/matching_banners_fingerprints.xml +0 -23
  93. data/features/data/multiple_banners_fingerprints.xml +0 -32
  94. data/features/data/no_tests.xml +0 -3
  95. data/features/data/sample_banner.txt +0 -2
  96. data/features/data/successful_tests.xml +0 -18
  97. data/features/data/tests_with_failures.xml +0 -20
  98. data/features/data/tests_with_warnings.xml +0 -17
  99. data/features/match.feature +0 -36
  100. data/features/support/aruba.rb +0 -3
  101. data/features/support/env.rb +0 -6
  102. data/features/verify.feature +0 -48
  103. data/identifiers/README.md +0 -70
  104. data/identifiers/fields.txt +0 -104
  105. data/identifiers/hw_device.txt +0 -78
  106. data/identifiers/hw_family.txt +0 -113
  107. data/identifiers/hw_product.txt +0 -410
  108. data/identifiers/os_architecture.txt +0 -10
  109. data/identifiers/os_device.txt +0 -75
  110. data/identifiers/os_family.txt +0 -233
  111. data/identifiers/os_product.txt +0 -340
  112. data/identifiers/service_family.txt +0 -249
  113. data/identifiers/service_product.txt +0 -752
  114. data/identifiers/vendor.txt +0 -798
  115. data/lib/recog/verifier_factory.rb +0 -13
  116. data/misc/convert_mysql_err +0 -61
  117. data/misc/order.xsl +0 -17
  118. data/requirements.txt +0 -2
  119. data/spec/lib/fingerprint_self_test_spec.rb +0 -174
  120. data/update_cpes.py +0 -250
data/{xml → recog/xml}/telnet_banners.xml RENAMED
@@ -655,7 +655,7 @@
655
655
  <param pos="1" name="host.name"/>
656
656
  </fingerprint>
657
657
 
658
- <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
658
+ <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+">
659
659
  <description>HP Printer - Jet Direct</description>
660
660
  <!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
661
661
 
@@ -1086,7 +1086,7 @@
1086
1086
  <param pos="0" name="os.product" value="EDR G902 Firmware"/>
1087
1087
  </fingerprint>
1088
1088
 
1089
- <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*.*$">
1089
+ <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*">
1090
1090
  <description>RedHat general purpose linux</description>
1091
1091
  <!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
1092
1092
 
@@ -1095,7 +1095,7 @@
1095
1095
  </example>
1096
1096
  <param pos="0" name="os.vendor" value="Red Hat"/>
1097
1097
  <param pos="0" name="os.family" value="Linux"/>
1098
- <param pos="0" name="os.device" value="Linux"/>
1098
+ <param pos="0" name="os.product" value="Linux"/>
1099
1099
  <param pos="1" name="os.version"/>
1100
1100
  </fingerprint>
1101
1101
 
@@ -1148,7 +1148,7 @@
1148
1148
  <param pos="3" name="os.arch"/>
1149
1149
  </fingerprint>
1150
1150
 
1151
- <fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
1151
+ <fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1152
1152
  <description>Fedora Core Release</description>
1153
1153
  <!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
1154
1154
 
@@ -1164,7 +1164,7 @@
1164
1164
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
1165
1165
  </fingerprint>
1166
1166
 
1167
- <fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
1167
+ <fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) ">
1168
1168
  <description>SuSE Linux</description>
1169
1169
  <!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
1170
1170
 
@@ -1180,7 +1180,7 @@
1180
1180
  <param pos="3" name="linux.kernel.version"/>
1181
1181
  </fingerprint>
1182
1182
 
1183
- <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+).*">
1183
+ <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+)">
1184
1184
  <description>Turbolinux ApplianceServer</description>
1185
1185
  <!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
1186
1186
 
@@ -1195,7 +1195,7 @@
1195
1195
  <param pos="1" name="os.version"/>
1196
1196
  </fingerprint>
1197
1197
 
1198
- <fingerprint pattern="^UnixWare ([^ ]+).*$">
1198
+ <fingerprint pattern="^UnixWare ([^ ]+)">
1199
1199
  <description>UnixWare</description>
1200
1200
  <!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
1201
1201
 
@@ -1209,7 +1209,7 @@
1209
1209
  <param pos="1" name="os.version"/>
1210
1210
  </fingerprint>
1211
1211
 
1212
- <fingerprint pattern="^Telnet Server Build (5.*)">
1212
+ <fingerprint pattern="(?m)^Telnet Server Build (5\.[.\d]+)">
1213
1213
  <description>Windows 2000</description>
1214
1214
  <!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
1215
1215
 
@@ -1241,7 +1241,7 @@
1241
1241
  <description>Arescom System</description>
1242
1242
  <!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
1243
1243
 
1244
- <example _encoding="base64" os.model="NDS1260HE-TLI">
1244
+ <example _encoding="base64" os.model="NDS1260HE-TLI" hw.model="NDS1260HE-TLI">
1245
1245
  TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
1246
1246
  </example>
1247
1247
  <param pos="0" name="os.vendor" value="Arescom"/>
@@ -1296,7 +1296,7 @@
1296
1296
  <param pos="0" name="os.family" value="VxWorks"/>
1297
1297
  </fingerprint>
1298
1298
 
1299
- <fingerprint pattern=".*Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*).*">
1299
+ <fingerprint pattern="Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*)">
1300
1300
  <description>Nortel Passport</description>
1301
1301
  <!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
1302
1302
 
@@ -1387,7 +1387,7 @@
1387
1387
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1388
1388
  </fingerprint>
1389
1389
 
1390
- <fingerprint pattern="Cobalt Linux release\W(.*)\W\(.*">
1390
+ <fingerprint pattern="Cobalt Linux release\W(.*)\W\(">
1391
1391
  <description>Cobalt Linux</description>
1392
1392
  <!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
1393
1393
 
@@ -1456,7 +1456,7 @@
1456
1456
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1457
1457
  </fingerprint>
1458
1458
 
1459
- <fingerprint pattern="^Digital UNIX \(([^)]+).*">
1459
+ <fingerprint pattern="^Digital UNIX \(([^)]+)">
1460
1460
  <description>Digital Unix</description>
1461
1461
  <!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
1462
1462
 
@@ -1469,7 +1469,7 @@
1469
1469
  <param pos="1" name="host.name"/>
1470
1470
  </fingerprint>
1471
1471
 
1472
- <fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1472
+ <fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) ">
1473
1473
  <description>Compaq Tru64 UNIX V</description>
1474
1474
  <!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
1475
1475
 
@@ -1484,7 +1484,7 @@
1484
1484
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1485
1485
  </fingerprint>
1486
1486
 
1487
- <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\)).*$">
1487
+ <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\))">
1488
1488
  <description>System HP-UX</description>
1489
1489
  <!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
1490
1490
 
@@ -1518,7 +1518,7 @@
1518
1518
  <param pos="0" name="hw.device" value="NAS"/>
1519
1519
  </fingerprint>
1520
1520
 
1521
- <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
1521
+ <fingerprint pattern="OpenVMS.*Version\sV([^\s]+)">
1522
1522
  <description>OpenVMS</description>
1523
1523
  <!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
1524
1524
 
@@ -1532,7 +1532,7 @@
1532
1532
  <param pos="1" name="os.version"/>
1533
1533
  </fingerprint>
1534
1534
 
1535
- <fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+).*$">
1535
+ <fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+)">
1536
1536
  <description>SCO OpenServer</description>
1537
1537
  <!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
1538
1538
 
@@ -1614,7 +1614,7 @@
1614
1614
  <param pos="0" name="hw.product" value="Vigor"/>
1615
1615
  </fingerprint>
1616
1616
 
1617
- <fingerprint pattern=".*Version\s(\d*.\d*)\/OpenBSD.*">
1617
+ <fingerprint pattern="Version\s(\d*.\d*)\/OpenBSD">
1618
1618
  <description>OpenBSD</description>
1619
1619
  <!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
1620
1620
 
@@ -1703,7 +1703,7 @@
1703
1703
  <param pos="3" name="os.version"/>
1704
1704
  </fingerprint>
1705
1705
 
1706
- <fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
1706
+ <fingerprint pattern="(?m)^HP ([^\s]+) ProCurve Switch">
1707
1707
  <description>HP ProCurve Switch</description>
1708
1708
  <!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
1709
1709
  Firmware revision v2.2.3\n\nCopyright (C) 1991-2004 Hewlett-Packard Co. All Rights Reserved.\n\n
@@ -1815,7 +1815,7 @@
1815
1815
  <param pos="2" name="os.version"/>
1816
1816
  </fingerprint>
1817
1817
 
1818
- <fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1818
+ <fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..)">
1819
1819
  <description>System is a Buffalo/MELCO Embedded Print Server</description>
1820
1820
  <!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
1821
1821
  \n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
@@ -1840,7 +1840,7 @@
1840
1840
  <param pos="4" name="host.mac"/>
1841
1841
  </fingerprint>
1842
1842
 
1843
- <fingerprint pattern="(?m)^AIX Version\W(\d).*">
1843
+ <fingerprint pattern="(?m)^AIX Version\W(\d)">
1844
1844
  <description>System is IBM AIX v</description>
1845
1845
  <!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
1846
1846
 
@@ -1854,7 +1854,7 @@
1854
1854
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1855
1855
  </fingerprint>
1856
1856
 
1857
- <fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1857
+ <fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+)">
1858
1858
  <description>System is Cisco UCS Device</description>
1859
1859
  <!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
1860
1860
 
@@ -2110,4 +2110,221 @@
2110
2110
  <param pos="0" name="hw.device" value="IP Camera"/>
2111
2111
  </fingerprint>
2112
2112
 
2113
+ <fingerprint pattern="Novus Telnet Interface \(v(\S+)\)">
2114
+ <description>Alpha Technologies Novus UPS</description>
2115
+ <example hw.version="2.00.01">Novus Telnet Interface (v2.00.01)</example>
2116
+ <param pos="0" name="hw.vendor" value="Alpha Technologies"/>
2117
+ <param pos="0" name="hw.device" value="Power Device"/>
2118
+ <param pos="0" name="hw.product" value="Novus UPS"/>
2119
+ <param pos="1" name="hw.version"/>
2120
+ </fingerprint>
2121
+
2122
+ <fingerprint pattern="New Telnet Console Client Attached">
2123
+ <description>Psion Teklogix</description>
2124
+ <example>New Telnet Console Client Attached.</example>
2125
+ <param pos="0" name="hw.vendor" value="Psion Teklogix"/>
2126
+ <param pos="0" name="hw.device" value="Network Appliance"/>
2127
+ <param pos="0" name="hw.product" value="CommServer"/>
2128
+ </fingerprint>
2129
+
2130
+ <fingerprint pattern="UPS SYSTEMS SNMP/Web agent Configuration menu">
2131
+ <description>APC UPS Network Card</description>
2132
+ <example>UPS SYSTEMS SNMP/Web agent Configuration menu</example>
2133
+ <param pos="0" name="hw.vendor" value="APC"/>
2134
+ <param pos="0" name="hw.device" value="Power Device"/>
2135
+ <param pos="0" name="hw.product" value="UPS"/>
2136
+ <param pos="0" name="hw.certainty" value="0.5"/>
2137
+ </fingerprint>
2138
+
2139
+ <fingerprint pattern="(?i)Welcome to (\S+Dome [^\)]+) \d+\.\d+.\d+\.\d+ from">
2140
+ <description>Bosch Dome IP Cameras</description>
2141
+ <example hw.product="AutoDome 800 HD">Welcome to AutoDome 800 HD 1.2.3.4 from 5.6.7.8</example>
2142
+ <example hw.product="FLEXIDOME NDC-455-P">Welcome to FLEXIDOME NDC-455-P 1.2.3.4 from 5.6.7.8</example>
2143
+ <param pos="0" name="hw.vendor" value="Bosch"/>
2144
+ <param pos="0" name="hw.device" value="Web Cam"/>
2145
+ <param pos="1" name="hw.product"/>
2146
+ </fingerprint>
2147
+
2148
+ <fingerprint pattern="(?:RDL-\d+ Ellipse\s+|Connect-OWS?) .{0,1000} Copyright .{0,1000} Redline Communications Inc">
2149
+ <description>Redline Communication Radios</description>
2150
+ <example>RDL-3000 Ellipse (c) Copyright 2010-2016 Redline Communications Inc.</example>
2151
+ <example>Connect-OW (c) Copyright 2010-2016 Redline Communications Inc.</example>
2152
+ <example>Connect-OWS (c) Copyright 2010-2016 Redline Communications Inc.</example>
2153
+ <param pos="0" name="hw.vendor" value="Redline"/>
2154
+ <param pos="0" name="hw.device" value="WAP"/>
2155
+ <param pos="0" name="hw.product" value="Wireless Radio"/>
2156
+ <param pos="0" name="hw.certainty" value="0.5"/>
2157
+ </fingerprint>
2158
+
2159
+ <fingerprint pattern="Vaddio VNG (\S+) vaddio-doccam-([a-fA-F0-9-]{17})">
2160
+ <description>Vadio VNG DocCom</description>
2161
+ <example hw.version="1.6+snapshot-20170720" host.mac="54-10-EC-31-2A-19">Vaddio VNG 1.6+snapshot-20170720 vaddio-doccam-54-10-EC-31-2A-19</example>
2162
+ <param pos="0" name="hw.vendor" value="Vaddio"/>
2163
+ <param pos="0" name="hw.device" value="Web Cam"/>
2164
+ <param pos="0" name="hw.product" value="DocCam"/>
2165
+ <param pos="1" name="hw.version"/>
2166
+ <param pos="2" name="host.mac"/>
2167
+ </fingerprint>
2168
+
2169
+ <fingerprint pattern="\((FL WLAN \S+)\)">
2170
+ <description>Phoenix Contact Wireless Module</description>
2171
+ <example hw.product="FL WLAN 510X">(FL WLAN 510X)</example>
2172
+ <param pos="0" name="hw.vendor" value="Phoenix Contact"/>
2173
+ <param pos="0" name="hw.device" value="WAP"/>
2174
+ <param pos="1" name="hw.product"/>
2175
+ </fingerprint>
2176
+
2177
+ <fingerprint pattern="Welcome to i\.CanDoIt (.{0,1000}) v(\S+)">
2178
+ <description>Control Solutions i.CanDoIt PLC</description>
2179
+ <example hw.product="BAS-700 ReMOTE I/O" hw.version="2.47x">Welcome to i.CanDoIt BAS-700 ReMOTE I/O v2.47x</example>
2180
+ <param pos="0" name="hw.vendor" value="Control Solutions"/>
2181
+ <param pos="0" name="hw.device" value="PLC"/>
2182
+ <param pos="1" name="hw.product"/>
2183
+ <param pos="2" name="hw.version"/>
2184
+ <param pos="0" name="hw.certainty" value="0.75"/>
2185
+ </fingerprint>
2186
+
2187
+ <fingerprint pattern="Welcome to the MRV Communications' LX Series Server">
2188
+ <description>MRV Communications LX Series</description>
2189
+ <example>Welcome to the MRV Communications' LX Series Server</example>
2190
+ <param pos="0" name="hw.vendor" value="MRV Communications"/>
2191
+ <param pos="0" name="hw.device" value="Device Server"/>
2192
+ <param pos="0" name="hw.family" value="LX Series"/>
2193
+ </fingerprint>
2194
+
2195
+ <fingerprint pattern="(?m)\*\*\* Lantronix ([\S]+) Device Server \*\*\*(?:\r|\n)+MAC address ([a-fA-F0-9]{12})(?:\r|\n)+Software version V(\S+)">
2196
+ <description>Lantronix device server - w/o Serial</description>
2197
+ <!--
2198
+ *** Lantronix UDS1100-IAP Device Server ***
2199
+ MAC address 0080A3BD0000
2200
+ Software version V6.11.0.0 (150514) UDS1100
2201
+ Press Enter for Setup Mode
2202
+ -->
2203
+
2204
+ <example _encoding="base64" hw.product="UDS1100-IAP" hw.version="6.11.0.0" host.mac="0080A3BD0000">
2205
+ KioqIExhbnRyb25peCBVRFMxMTAwLUlBUCBEZXZpY2UgU2VydmVyICoqKgpN
2206
+ QUMgYWRkcmVzcyAwMDgwQTNCRDAwMDAKClNvZnR3YXJlIHZlcnNpb24gVjYu
2207
+ MTEuMC4wICgxNTA1MTQpIFVEUzExMDAKCgpQcmVzcyBFbnRlciBmb3IgU2V0
2208
+ dXAgTW9kZQo=
2209
+ </example>
2210
+ <param pos="0" name="hw.vendor" value="Lantronix"/>
2211
+ <param pos="0" name="hw.device" value="Device Server"/>
2212
+ <param pos="1" name="hw.product"/>
2213
+ <param pos="2" name="host.mac"/>
2214
+ <param pos="3" name="hw.version"/>
2215
+ </fingerprint>
2216
+
2217
+ <fingerprint pattern="(?m)\*\*\* Lantronix Universal Device Server \*\*\*(?:\r|\n)+Serial Number (\d+)\s+MAC address ([a-fA-F0-9:]{17})(?:\r|\n)+Software version (\S+)">
2218
+ <description>Lantronix device server - w/ Serial</description>
2219
+ <!--
2220
+ *** Lantronix Universal Device Server ***
2221
+ Serial Number 6451000 MAC address 00:20:4A:64:00:00
2222
+ Software version 04.5 (011025)
2223
+ Press Enter to go into Setup Mode
2224
+ -->
2225
+
2226
+ <example _encoding="base64" hw.version="04.5" host.mac="00:20:4A:64:00:00" hw.serial_number="6451000" lantronix.serial_number="6451000">
2227
+ KioqIExhbnRyb25peCBVbml2ZXJzYWwgRGV2aWNlIFNlcnZlciAqKioKU2Vy
2228
+ aWFsIE51bWJlciA2NDUxMDAwICBNQUMgYWRkcmVzcyAwMDoyMDo0QTo2NDow
2229
+ MDowMAoKU29mdHdhcmUgdmVyc2lvbiAwNC41ICgwMTEwMjUpCgpQcmVzcyBF
2230
+ bnRlciB0byBnbyBpbnRvIFNldHVwIE1vZGUK
2231
+ </example>
2232
+ <param pos="0" name="hw.vendor" value="Lantronix"/>
2233
+ <param pos="0" name="hw.device" value="Device Server"/>
2234
+ <param pos="0" name="hw.product" value="UDS"/>
2235
+ <param pos="1" name="lantronix.serial_number"/>
2236
+ <param pos="1" name="hw.serial_number"/>
2237
+ <param pos="2" name="host.mac"/>
2238
+ <param pos="3" name="hw.version"/>
2239
+ </fingerprint>
2240
+
2241
+ <fingerprint pattern="^(TAU-\d+[A-Z]*(?:\.IP)?) login:$$">
2242
+ <description>Eltex TAU model VoIP gateway</description>
2243
+ <example hw.product="TAU-8">TAU-8 login:</example>
2244
+ <example hw.product="TAU-2M.IP">TAU-2M.IP login:</example>
2245
+ <param pos="0" name="os.vendor" value="Eltex"/>
2246
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2247
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
2248
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2249
+ <param pos="1" name="hw.product"/>
2250
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
2251
+ </fingerprint>
2252
+
2253
+ <fingerprint pattern="(?m)^\**(?:\r|\n)*\**\s*Welcome to (SMG-?\d+[A-Z]?)\s*\**(?:\r|\n)*\**(?:\r|\n)+(\S+) login:\s*$">
2254
+ <description>Eltex SMG model VoIP gateway - banner with model number</description>
2255
+ <!--
2256
+ ********************************************
2257
+ * Welcome to SMG1016M *
2258
+ ********************************************
2259
+
2260
+ foo.bar.baz login:
2261
+ -->
2262
+ <example hw.product="SMG1016M" host.name="foo.bar.baz" _encoding="base64">
2263
+ DQ0KDQoNKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCg0qI
2264
+ CAgICAgICAgICAgV2VsY29tZSB0byBTTUcxMDE2TSAgICAgICAgICAgKg0KDSoqKioqKioqKi
2265
+ oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqDQoNDQoNZm9vLmJhci5iYXogbG9
2266
+ naW46IA==
2267
+ </example>
2268
+ <param pos="0" name="os.vendor" value="Eltex"/>
2269
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2270
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
2271
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2272
+ <param pos="1" name="hw.product"/>
2273
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
2274
+ <param pos="2" name="host.name"/>
2275
+ </fingerprint>
2276
+
2277
+ <fingerprint pattern="^eltex-nv(\d+) login:$">
2278
+ <description>Eltex - NV model IPTV set top box</description>
2279
+ <example hw.model="101">eltex-nv101 login:</example>
2280
+ <example hw.product="NV102">eltex-nv102 login:</example>
2281
+ <param pos="0" name="os.vendor" value="Eltex"/>
2282
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2283
+ <param pos="0" name="os.device" value="IPTV"/>
2284
+ <param pos="1" name="hw.model"/>
2285
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2286
+ <param pos="0" name="hw.product" value="NV{hw.model}"/>
2287
+ <param pos="0" name="hw.device" value="IPTV"/>
2288
+ </fingerprint>
2289
+
2290
+ <fingerprint pattern="&quot;BeerTemp&quot;:.*&quot;FridgeTemp&quot;:">
2291
+ <description>Fermentrack Beer Brewing Monitor</description>
2292
+ <example>T:{"BeerTemp":null,"BeerSet":null,"BeerAnn":null,"FridgeTemp":null,"FridgeSet":null,"FridgeAnn":null,"State":0}</example>
2293
+ <param pos="0" name="hw.device" value="Device"/>
2294
+ <param pos="0" name="os.product" value="Fermentrack"/>
2295
+ </fingerprint>
2296
+
2297
+ <fingerprint pattern="(?m)^Welcome to the SIGMA Spectrum Diagnostic Terminal(?:\r|\n)*Wireless Battery Module \(802\.11[abgn\/]+\)(?:\r|\n)*MAC Address: ((?:[0-9a-f]{2}-?){6}) SW: \d+[\sD]*\d+\s*(?:\r|\n)*Sigma Spectrum SN: (\d+) SW: v([\d.]+)(?:\r|\n)*Radio up since: [\w\s:]+(?:\r|\n)*login:\s*$">
2298
+ <description>Baxter SIGMA Spectrum Infusion System with Wireless Battery Module</description>
2299
+ <!--
2300
+ Welcome to the SIGMA Spectrum Diagnostic Terminal
2301
+
2302
+ Wireless Battery Module (802.11a/b/g/n)
2303
+ MAC Address: 00-40-9d-12-34-56 SW: 20 D29
2304
+ Sigma Spectrum SN: 1234567 SW: v8.00.01
2305
+ Radio up since: Fri Mar 1 03:14:24 2019
2306
+
2307
+ login:
2308
+ -->
2309
+
2310
+ <example host.mac="00-40-9d-12-34-56" hw.serial_number="1234567" os.version="8.00.01" _encoding="base64">
2311
+ V2VsY29tZSB0byB0aGUgU0lHTUEgU3BlY3RydW0gRGlhZ25vc3RpYyBUZXJtaW5hbA0KDQpXa
2312
+ XJlbGVzcyBCYXR0ZXJ5IE1vZHVsZSAoODAyLjExYS9iL2cvbikNCk1BQyBBZGRyZXNzOiAwMC
2313
+ 00MC05ZC0xMi0zNC01NiBTVzogMjAgRDI5DQpTaWdtYSBTcGVjdHJ1bSBTTjogMTIzNDU2NyB
2314
+ TVzogdjguMDAuMDENClJhZGlvIHVwIHNpbmNlOiBGcmkgTWFyICAxIDAzOjE0OjI0IDIwMTkN
2315
+ Cg0KbG9naW46IA==
2316
+ </example>
2317
+ <param pos="0" name="os.vendor" value="Baxter"/>
2318
+ <param pos="0" name="os.product" value="SIGMA Spectrum Infusion System Firmware"/>
2319
+ <param pos="0" name="os.device" value="Medical"/>
2320
+ <param pos="3" name="os.version"/>
2321
+ <param pos="0" name="os.cpe23" value="cpe:/o:baxter:sigma_spectrum_infusion_system_firmware:{os.version}"/>
2322
+ <param pos="0" name="hw.vendor" value="Baxter"/>
2323
+ <param pos="0" name="hw.product" value="SIGMA Spectrum Infusion System"/>
2324
+ <param pos="0" name="hw.device" value="Medical"/>
2325
+ <param pos="2" name="hw.serial_number"/>
2326
+ <param pos="0" name="hw.cpe23" value="cpe:/h:baxter:sigma_spectrum_infusion_system:-"/>
2327
+ <param pos="1" name="host.mac"/>
2328
+ </fingerprint>
2329
+
2113
2330
  </fingerprints>
data/{xml → recog/xml}/tls_jarm.xml RENAMED
@@ -14,13 +14,33 @@
14
14
  <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
15
  </fingerprint>
16
16
 
17
- <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
18
- <description>Synology NAS</description>
17
+ <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
18
+ <description>Synology NAS DSM 6</description>
19
+ <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
20
+ <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
21
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
19
22
  <example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
20
23
  <param pos="0" name="os.device" value="NAS"/>
21
24
  <param pos="0" name="os.family" value="Linux"/>
22
25
  <param pos="0" name="os.product" value="DSM"/>
23
26
  <param pos="0" name="os.vendor" value="Synology"/>
27
+ <param pos="0" name="os.version" value="6"/>
28
+ <param pos="0" name="hw.vendor" value="Synology"/>
29
+ <param pos="0" name="hw.device" value="NAS"/>
30
+ </fingerprint>
31
+
32
+ <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
33
+ <description>Synology NAS DSM 7</description>
34
+ <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
35
+ <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
36
+ <example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
37
+ <example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
38
+ <example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
39
+ <param pos="0" name="os.device" value="NAS"/>
40
+ <param pos="0" name="os.family" value="Linux"/>
41
+ <param pos="0" name="os.product" value="DSM"/>
42
+ <param pos="0" name="os.vendor" value="Synology"/>
43
+ <param pos="0" name="os.version" value="7"/>
24
44
  <param pos="0" name="hw.vendor" value="Synology"/>
25
45
  <param pos="0" name="hw.device" value="NAS"/>
26
46
  </fingerprint>
@@ -36,9 +56,13 @@
36
56
  <param pos="0" name="os.device" value="Router"/>
37
57
  </fingerprint>
38
58
 
39
- <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
59
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
40
60
  <description>Metasploit listener</description>
61
+ <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
62
+ <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
63
+ <example>07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4</example>
41
64
  <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
65
+ <example>07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823</example>
42
66
  <param pos="0" name="service.vendor" value="Rapid7"/>
43
67
  <param pos="0" name="service.product" value="Metasploit"/>
44
68
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
@@ -47,9 +71,10 @@
47
71
  <!-- This fingerprint matches Java's TLS stack,
48
72
  see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
49
73
 
50
- <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
74
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
51
75
  <description>Cobalt Strike listener</description>
52
76
  <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
77
+ <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
53
78
  <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
54
79
  <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
55
80
  <param pos="0" name="service.certainty" value="0.3"/>
@@ -118,11 +143,13 @@
118
143
  <param pos="0" name="hw.device" value="Media Server"/>
119
144
  <param pos="0" name="hw.vendor" value="Google"/>
120
145
  <param pos="0" name="hw.product" value="Chromecast"/>
146
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
121
147
  </fingerprint>
122
148
 
123
- <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
124
- <description>VMWare ESXi</description>
149
+ <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
150
+ <description>VMware ESXi</description>
125
151
  <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
152
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
126
153
  <param pos="0" name="os.vendor" value="VMware"/>
127
154
  <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
128
155
  <param pos="0" name="os.product" value="VMware ESXi Server"/>
@@ -137,4 +164,27 @@
137
164
  <param pos="0" name="service.product" value="Merlin"/>
138
165
  </fingerprint>
139
166
 
167
+ <fingerprint pattern="^21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893$">
168
+ <description>Covenant .NET C2 framework</description>
169
+ <example>21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893</example>
170
+ <param pos="0" name="service.product" value="Covenant"/>
171
+ </fingerprint>
172
+
173
+ <fingerprint pattern="^16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672$">
174
+ <description>HP Printer</description>
175
+ <example>16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672</example>
176
+ <param pos="0" name="hw.device" value="Printer"/>
177
+ <param pos="0" name="hw.vendor" value="HP"/>
178
+ <param pos="0" name="os.vendor" value="HP"/>
179
+ <param pos="0" name="os.device" value="Printer"/>
180
+ </fingerprint>
181
+
182
+ <fingerprint pattern="^27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd$">
183
+ <description>openHAB - open-source home automation</description>
184
+ <example>27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd</example>
185
+ <param pos="0" name="service.vendor" value="openHAB"/>
186
+ <param pos="0" name="service.product" value="openHAB"/>
187
+ <param pos="0" name="service.cpe23" value="cpe:/a:openhab:openhab:-"/>
188
+ </fingerprint>
189
+
140
190
  </fingerprints>
data/{xml → recog/xml}/x11_banners.xml RENAMED
@@ -62,13 +62,13 @@
62
62
  <fingerprint pattern="^Fedora Project$">
63
63
  <description>Fedora Project</description>
64
64
  <example>Fedora Project</example>
65
- <param pos="0" name="os.vendor" value="Red Hat"/>
65
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
66
66
  <param pos="0" name="service.vendor" value="X.Org"/>
67
67
  <param pos="0" name="service.product" value="X.Org X11"/>
68
68
  <param pos="0" name="service.cpe23" value="cpe:/a:x.org:x11:-"/>
69
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
69
+ <param pos="0" name="os.product" value="Fedora Core"/>
70
70
  <param pos="0" name="os.family" value="Linux"/>
71
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
71
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
72
72
  </fingerprint>
73
73
 
74
74
  <fingerprint pattern="^freedesktop\.org$">
data/{xml → recog/xml}/x509_issuers.xml RENAMED
@@ -106,6 +106,7 @@
106
106
  <param pos="0" name="hw.vendor" value="Google"/>
107
107
  <param pos="0" name="hw.product" value="Chromecast"/>
108
108
  <param pos="0" name="hw.certainty" value="0.5"/>
109
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
109
110
  <param pos="0" name="chromecast.generation" value="1"/>
110
111
  </fingerprint>
111
112
 
@@ -127,6 +128,7 @@
127
128
  <param pos="0" name="hw.vendor" value="Google"/>
128
129
  <param pos="0" name="hw.product" value="Chromecast"/>
129
130
  <param pos="0" name="hw.certainty" value="0.5"/>
131
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
130
132
  <param pos="1" name="chromecast.generation"/>
131
133
  <param pos="2" name="chromecast.capabilities"/>
132
134
  </fingerprint>
@@ -225,7 +227,7 @@
225
227
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
226
228
  <description>Cisco Video Communication Server</description>
227
229
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
228
- <param pos="0" name="hw.device" value="Video Conference"/>
230
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
229
231
  <param pos="0" name="hw.vendor" value="Cisco"/>
230
232
  <param pos="0" name="hw.product" value="TelePresence"/>
231
233
  </fingerprint>
@@ -357,4 +359,50 @@
357
359
  <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
358
360
  </fingerprint>
359
361
 
362
+ <fingerprint pattern="^CN=Avaya cu360 (\S+)$">
363
+ <description>Avaya Video Conferencing Device - CU360</description>
364
+ <example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
365
+ <param pos="0" name="hw.vendor" value="Avaya"/>
366
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
367
+ <param pos="0" name="hw.product" value="CU360"/>
368
+ <param pos="1" name="hw.serial_number"/>
369
+ </fingerprint>
370
+
371
+ <fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
372
+ <description>Roomba Device</description>
373
+ <example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
374
+ <param pos="0" name="hw.vendor" value="iRobot"/>
375
+ <param pos="0" name="hw.device" value="Device"/>
376
+ <param pos="0" name="hw.product" value="Roomba"/>
377
+ </fingerprint>
378
+
379
+ <fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
380
+ <description>FreshTomato Router Firmware</description>
381
+ <example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
382
+ <param pos="0" name="os.vendor" value="FreshTomato"/>
383
+ <param pos="0" name="os.family" value="Linux"/>
384
+ <param pos="0" name="os.product" value="FreshTomato"/>
385
+ <param pos="0" name="os.device" value="Router"/>
386
+ </fingerprint>
387
+
388
+ <fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
389
+ <description>Bosch Device</description>
390
+ <example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
391
+ <param pos="0" name="os.vendor" value="Bosch"/>
392
+ <param pos="0" name="hw.vendor" value="Bosch"/>
393
+ <param pos="1" name="hw.serial_number"/>
394
+ <param pos="2" name="host.mac"/>
395
+ </fingerprint>
396
+
397
+ <fingerprint pattern="^CN=Proxmox Virtual Environment,OU=[a-f0-9-]+,O=PVE Cluster Manager CA$">
398
+ <description>Proxmox open-source virtualization platform</description>
399
+ <example>CN=Proxmox Virtual Environment,OU=dd69676f-e203-490e-b040-79b75ed6a9d7,O=PVE Cluster Manager CA</example>
400
+ <param pos="0" name="service.vendor" value="Proxmox"/>
401
+ <param pos="0" name="service.product" value="Virtual Environment"/>
402
+ <param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
403
+ <param pos="0" name="os.vendor" value="Proxmox"/>
404
+ <param pos="0" name="os.family" value="Linux"/>
405
+ <param pos="0" name="os.product" value="Proxmox"/>
406
+ </fingerprint>
407
+
360
408
  </fingerprints>