recog 2.3.21 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (120) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE +1 -1
  3. data/README.md +42 -16
  4. data/Rakefile +2 -9
  5. data/lib/recog/db.rb +2 -1
  6. data/lib/recog/db_manager.rb +1 -1
  7. data/lib/recog/fingerprint.rb +33 -6
  8. data/lib/recog/fingerprint_parse_error.rb +10 -0
  9. data/lib/recog/verifier.rb +9 -9
  10. data/lib/recog/verify_reporter.rb +17 -6
  11. data/lib/recog/version.rb +1 -1
  12. data/{bin → recog/bin}/recog_match +0 -1
  13. data/{xml → recog/xml}/apache_modules.xml +0 -0
  14. data/{xml → recog/xml}/apache_os.xml +98 -56
  15. data/{xml → recog/xml}/architecture.xml +15 -1
  16. data/recog/xml/dhcp_vendor_class.xml +206 -0
  17. data/{xml → recog/xml}/dns_versionbind.xml +16 -13
  18. data/{xml → recog/xml}/favicons.xml +297 -47
  19. data/{xml → recog/xml}/fingerprints.xsd +9 -1
  20. data/{xml → recog/xml}/ftp_banners.xml +160 -156
  21. data/{xml → recog/xml}/h323_callresp.xml +101 -101
  22. data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
  23. data/{xml → recog/xml}/html_title.xml +727 -34
  24. data/{xml → recog/xml}/http_cookies.xml +160 -77
  25. data/{xml → recog/xml}/http_servers.xml +556 -283
  26. data/{xml → recog/xml}/http_wwwauth.xml +190 -75
  27. data/{xml → recog/xml}/imap_banners.xml +5 -5
  28. data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
  29. data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
  30. data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
  31. data/{xml → recog/xml}/mysql_banners.xml +1 -1
  32. data/{xml → recog/xml}/mysql_error.xml +0 -0
  33. data/{xml → recog/xml}/nntp_banners.xml +11 -8
  34. data/{xml → recog/xml}/ntp_banners.xml +97 -97
  35. data/{xml → recog/xml}/operating_system.xml +95 -80
  36. data/{xml → recog/xml}/pop_banners.xml +23 -23
  37. data/{xml → recog/xml}/rsh_resp.xml +3 -3
  38. data/{xml → recog/xml}/rtsp_servers.xml +0 -0
  39. data/{xml → recog/xml}/sip_banners.xml +43 -5
  40. data/{xml → recog/xml}/sip_user_agents.xml +175 -27
  41. data/{xml → recog/xml}/smb_native_lm.xml +5 -5
  42. data/{xml → recog/xml}/smb_native_os.xml +25 -25
  43. data/{xml → recog/xml}/smtp_banners.xml +147 -146
  44. data/{xml → recog/xml}/smtp_debug.xml +0 -0
  45. data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
  46. data/{xml → recog/xml}/smtp_expn.xml +0 -0
  47. data/{xml → recog/xml}/smtp_help.xml +11 -11
  48. data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
  49. data/{xml → recog/xml}/smtp_noop.xml +2 -2
  50. data/{xml → recog/xml}/smtp_quit.xml +0 -0
  51. data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
  52. data/{xml → recog/xml}/smtp_rset.xml +0 -0
  53. data/{xml → recog/xml}/smtp_turn.xml +0 -0
  54. data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
  55. data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
  56. data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
  57. data/{xml → recog/xml}/ssh_banners.xml +16 -10
  58. data/{xml → recog/xml}/telnet_banners.xml +238 -21
  59. data/{xml → recog/xml}/tls_jarm.xml +56 -6
  60. data/{xml → recog/xml}/x11_banners.xml +3 -3
  61. data/{xml → recog/xml}/x509_issuers.xml +49 -1
  62. data/{xml → recog/xml}/x509_subjects.xml +139 -38
  63. data/recog.gemspec +9 -5
  64. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  65. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  66. data/spec/data/external_example_fingerprint.xml +8 -0
  67. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  68. data/spec/lib/recog/db_spec.rb +84 -61
  69. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  70. data/spec/lib/recog/verify_reporter_spec.rb +73 -4
  71. data/spec/spec_helper.rb +4 -0
  72. metadata +65 -134
  73. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
  74. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
  75. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
  76. data/.github/PULL_REQUEST_TEMPLATE +0 -24
  77. data/.github/SECURITY.md +0 -35
  78. data/.github/workflows/ci.yml +0 -26
  79. data/.gitignore +0 -23
  80. data/.rspec +0 -3
  81. data/.ruby-gemset +0 -1
  82. data/.ruby-version +0 -1
  83. data/.snyk +0 -10
  84. data/.travis.yml +0 -25
  85. data/CONTRIBUTING.md +0 -270
  86. data/bin/recog_cleanup +0 -16
  87. data/bin/recog_export +0 -81
  88. data/bin/recog_standardize +0 -148
  89. data/bin/recog_verify +0 -64
  90. data/cpe-remap.yaml +0 -343
  91. data/features/data/failing_banners_fingerprints.xml +0 -20
  92. data/features/data/matching_banners_fingerprints.xml +0 -23
  93. data/features/data/multiple_banners_fingerprints.xml +0 -32
  94. data/features/data/no_tests.xml +0 -3
  95. data/features/data/sample_banner.txt +0 -2
  96. data/features/data/successful_tests.xml +0 -18
  97. data/features/data/tests_with_failures.xml +0 -20
  98. data/features/data/tests_with_warnings.xml +0 -17
  99. data/features/match.feature +0 -36
  100. data/features/support/aruba.rb +0 -3
  101. data/features/support/env.rb +0 -6
  102. data/features/verify.feature +0 -48
  103. data/identifiers/README.md +0 -70
  104. data/identifiers/fields.txt +0 -104
  105. data/identifiers/hw_device.txt +0 -78
  106. data/identifiers/hw_family.txt +0 -113
  107. data/identifiers/hw_product.txt +0 -410
  108. data/identifiers/os_architecture.txt +0 -10
  109. data/identifiers/os_device.txt +0 -75
  110. data/identifiers/os_family.txt +0 -233
  111. data/identifiers/os_product.txt +0 -340
  112. data/identifiers/service_family.txt +0 -249
  113. data/identifiers/service_product.txt +0 -752
  114. data/identifiers/vendor.txt +0 -798
  115. data/lib/recog/verifier_factory.rb +0 -13
  116. data/misc/convert_mysql_err +0 -61
  117. data/misc/order.xsl +0 -17
  118. data/requirements.txt +0 -2
  119. data/spec/lib/fingerprint_self_test_spec.rb +0 -174
  120. data/update_cpes.py +0 -250
data/{xml → recog/xml}/telnet_banners.xml RENAMED
@@ -655,7 +655,7 @@
655
655
  <param pos="1" name="host.name"/>
656
656
  </fingerprint>
657
657
 
658
- <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
658
+ <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+">
659
659
  <description>HP Printer - Jet Direct</description>
660
660
  <!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
661
661
 
@@ -1086,7 +1086,7 @@
1086
1086
  <param pos="0" name="os.product" value="EDR G902 Firmware"/>
1087
1087
  </fingerprint>
1088
1088
 
1089
- <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*.*$">
1089
+ <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*">
1090
1090
  <description>RedHat general purpose linux</description>
1091
1091
  <!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
1092
1092
 
@@ -1095,7 +1095,7 @@
1095
1095
  </example>
1096
1096
  <param pos="0" name="os.vendor" value="Red Hat"/>
1097
1097
  <param pos="0" name="os.family" value="Linux"/>
1098
- <param pos="0" name="os.device" value="Linux"/>
1098
+ <param pos="0" name="os.product" value="Linux"/>
1099
1099
  <param pos="1" name="os.version"/>
1100
1100
  </fingerprint>
1101
1101
 
@@ -1148,7 +1148,7 @@
1148
1148
  <param pos="3" name="os.arch"/>
1149
1149
  </fingerprint>
1150
1150
 
1151
- <fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
1151
+ <fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1152
1152
  <description>Fedora Core Release</description>
1153
1153
  <!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
1154
1154
 
@@ -1164,7 +1164,7 @@
1164
1164
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
1165
1165
  </fingerprint>
1166
1166
 
1167
- <fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
1167
+ <fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) ">
1168
1168
  <description>SuSE Linux</description>
1169
1169
  <!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
1170
1170
 
@@ -1180,7 +1180,7 @@
1180
1180
  <param pos="3" name="linux.kernel.version"/>
1181
1181
  </fingerprint>
1182
1182
 
1183
- <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+).*">
1183
+ <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+)">
1184
1184
  <description>Turbolinux ApplianceServer</description>
1185
1185
  <!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
1186
1186
 
@@ -1195,7 +1195,7 @@
1195
1195
  <param pos="1" name="os.version"/>
1196
1196
  </fingerprint>
1197
1197
 
1198
- <fingerprint pattern="^UnixWare ([^ ]+).*$">
1198
+ <fingerprint pattern="^UnixWare ([^ ]+)">
1199
1199
  <description>UnixWare</description>
1200
1200
  <!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
1201
1201
 
@@ -1209,7 +1209,7 @@
1209
1209
  <param pos="1" name="os.version"/>
1210
1210
  </fingerprint>
1211
1211
 
1212
- <fingerprint pattern="^Telnet Server Build (5.*)">
1212
+ <fingerprint pattern="(?m)^Telnet Server Build (5\.[.\d]+)">
1213
1213
  <description>Windows 2000</description>
1214
1214
  <!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
1215
1215
 
@@ -1241,7 +1241,7 @@
1241
1241
  <description>Arescom System</description>
1242
1242
  <!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
1243
1243
 
1244
- <example _encoding="base64" os.model="NDS1260HE-TLI">
1244
+ <example _encoding="base64" os.model="NDS1260HE-TLI" hw.model="NDS1260HE-TLI">
1245
1245
  TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
1246
1246
  </example>
1247
1247
  <param pos="0" name="os.vendor" value="Arescom"/>
@@ -1296,7 +1296,7 @@
1296
1296
  <param pos="0" name="os.family" value="VxWorks"/>
1297
1297
  </fingerprint>
1298
1298
 
1299
- <fingerprint pattern=".*Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*).*">
1299
+ <fingerprint pattern="Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*)">
1300
1300
  <description>Nortel Passport</description>
1301
1301
  <!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
1302
1302
 
@@ -1387,7 +1387,7 @@
1387
1387
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1388
1388
  </fingerprint>
1389
1389
 
1390
- <fingerprint pattern="Cobalt Linux release\W(.*)\W\(.*">
1390
+ <fingerprint pattern="Cobalt Linux release\W(.*)\W\(">
1391
1391
  <description>Cobalt Linux</description>
1392
1392
  <!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
1393
1393
 
@@ -1456,7 +1456,7 @@
1456
1456
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1457
1457
  </fingerprint>
1458
1458
 
1459
- <fingerprint pattern="^Digital UNIX \(([^)]+).*">
1459
+ <fingerprint pattern="^Digital UNIX \(([^)]+)">
1460
1460
  <description>Digital Unix</description>
1461
1461
  <!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
1462
1462
 
@@ -1469,7 +1469,7 @@
1469
1469
  <param pos="1" name="host.name"/>
1470
1470
  </fingerprint>
1471
1471
 
1472
- <fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1472
+ <fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) ">
1473
1473
  <description>Compaq Tru64 UNIX V</description>
1474
1474
  <!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
1475
1475
 
@@ -1484,7 +1484,7 @@
1484
1484
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1485
1485
  </fingerprint>
1486
1486
 
1487
- <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\)).*$">
1487
+ <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\))">
1488
1488
  <description>System HP-UX</description>
1489
1489
  <!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
1490
1490
 
@@ -1518,7 +1518,7 @@
1518
1518
  <param pos="0" name="hw.device" value="NAS"/>
1519
1519
  </fingerprint>
1520
1520
 
1521
- <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
1521
+ <fingerprint pattern="OpenVMS.*Version\sV([^\s]+)">
1522
1522
  <description>OpenVMS</description>
1523
1523
  <!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
1524
1524
 
@@ -1532,7 +1532,7 @@
1532
1532
  <param pos="1" name="os.version"/>
1533
1533
  </fingerprint>
1534
1534
 
1535
- <fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+).*$">
1535
+ <fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+)">
1536
1536
  <description>SCO OpenServer</description>
1537
1537
  <!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
1538
1538
 
@@ -1614,7 +1614,7 @@
1614
1614
  <param pos="0" name="hw.product" value="Vigor"/>
1615
1615
  </fingerprint>
1616
1616
 
1617
- <fingerprint pattern=".*Version\s(\d*.\d*)\/OpenBSD.*">
1617
+ <fingerprint pattern="Version\s(\d*.\d*)\/OpenBSD">
1618
1618
  <description>OpenBSD</description>
1619
1619
  <!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
1620
1620
 
@@ -1703,7 +1703,7 @@
1703
1703
  <param pos="3" name="os.version"/>
1704
1704
  </fingerprint>
1705
1705
 
1706
- <fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
1706
+ <fingerprint pattern="(?m)^HP ([^\s]+) ProCurve Switch">
1707
1707
  <description>HP ProCurve Switch</description>
1708
1708
  <!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
1709
1709
  Firmware revision v2.2.3\n\nCopyright (C) 1991-2004 Hewlett-Packard Co. All Rights Reserved.\n\n
@@ -1815,7 +1815,7 @@
1815
1815
  <param pos="2" name="os.version"/>
1816
1816
  </fingerprint>
1817
1817
 
1818
- <fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1818
+ <fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..)">
1819
1819
  <description>System is a Buffalo/MELCO Embedded Print Server</description>
1820
1820
  <!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
1821
1821
  \n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
@@ -1840,7 +1840,7 @@
1840
1840
  <param pos="4" name="host.mac"/>
1841
1841
  </fingerprint>
1842
1842
 
1843
- <fingerprint pattern="(?m)^AIX Version\W(\d).*">
1843
+ <fingerprint pattern="(?m)^AIX Version\W(\d)">
1844
1844
  <description>System is IBM AIX v</description>
1845
1845
  <!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
1846
1846
 
@@ -1854,7 +1854,7 @@
1854
1854
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1855
1855
  </fingerprint>
1856
1856
 
1857
- <fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1857
+ <fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+)">
1858
1858
  <description>System is Cisco UCS Device</description>
1859
1859
  <!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
1860
1860
 
@@ -2110,4 +2110,221 @@
2110
2110
  <param pos="0" name="hw.device" value="IP Camera"/>
2111
2111
  </fingerprint>
2112
2112
 
2113
+ <fingerprint pattern="Novus Telnet Interface \(v(\S+)\)">
2114
+ <description>Alpha Technologies Novus UPS</description>
2115
+ <example hw.version="2.00.01">Novus Telnet Interface (v2.00.01)</example>
2116
+ <param pos="0" name="hw.vendor" value="Alpha Technologies"/>
2117
+ <param pos="0" name="hw.device" value="Power Device"/>
2118
+ <param pos="0" name="hw.product" value="Novus UPS"/>
2119
+ <param pos="1" name="hw.version"/>
2120
+ </fingerprint>
2121
+
2122
+ <fingerprint pattern="New Telnet Console Client Attached">
2123
+ <description>Psion Teklogix</description>
2124
+ <example>New Telnet Console Client Attached.</example>
2125
+ <param pos="0" name="hw.vendor" value="Psion Teklogix"/>
2126
+ <param pos="0" name="hw.device" value="Network Appliance"/>
2127
+ <param pos="0" name="hw.product" value="CommServer"/>
2128
+ </fingerprint>
2129
+
2130
+ <fingerprint pattern="UPS SYSTEMS SNMP/Web agent Configuration menu">
2131
+ <description>APC UPS Network Card</description>
2132
+ <example>UPS SYSTEMS SNMP/Web agent Configuration menu</example>
2133
+ <param pos="0" name="hw.vendor" value="APC"/>
2134
+ <param pos="0" name="hw.device" value="Power Device"/>
2135
+ <param pos="0" name="hw.product" value="UPS"/>
2136
+ <param pos="0" name="hw.certainty" value="0.5"/>
2137
+ </fingerprint>
2138
+
2139
+ <fingerprint pattern="(?i)Welcome to (\S+Dome [^\)]+) \d+\.\d+.\d+\.\d+ from">
2140
+ <description>Bosch Dome IP Cameras</description>
2141
+ <example hw.product="AutoDome 800 HD">Welcome to AutoDome 800 HD 1.2.3.4 from 5.6.7.8</example>
2142
+ <example hw.product="FLEXIDOME NDC-455-P">Welcome to FLEXIDOME NDC-455-P 1.2.3.4 from 5.6.7.8</example>
2143
+ <param pos="0" name="hw.vendor" value="Bosch"/>
2144
+ <param pos="0" name="hw.device" value="Web Cam"/>
2145
+ <param pos="1" name="hw.product"/>
2146
+ </fingerprint>
2147
+
2148
+ <fingerprint pattern="(?:RDL-\d+ Ellipse\s+|Connect-OWS?) .{0,1000} Copyright .{0,1000} Redline Communications Inc">
2149
+ <description>Redline Communication Radios</description>
2150
+ <example>RDL-3000 Ellipse (c) Copyright 2010-2016 Redline Communications Inc.</example>
2151
+ <example>Connect-OW (c) Copyright 2010-2016 Redline Communications Inc.</example>
2152
+ <example>Connect-OWS (c) Copyright 2010-2016 Redline Communications Inc.</example>
2153
+ <param pos="0" name="hw.vendor" value="Redline"/>
2154
+ <param pos="0" name="hw.device" value="WAP"/>
2155
+ <param pos="0" name="hw.product" value="Wireless Radio"/>
2156
+ <param pos="0" name="hw.certainty" value="0.5"/>
2157
+ </fingerprint>
2158
+
2159
+ <fingerprint pattern="Vaddio VNG (\S+) vaddio-doccam-([a-fA-F0-9-]{17})">
2160
+ <description>Vadio VNG DocCom</description>
2161
+ <example hw.version="1.6+snapshot-20170720" host.mac="54-10-EC-31-2A-19">Vaddio VNG 1.6+snapshot-20170720 vaddio-doccam-54-10-EC-31-2A-19</example>
2162
+ <param pos="0" name="hw.vendor" value="Vaddio"/>
2163
+ <param pos="0" name="hw.device" value="Web Cam"/>
2164
+ <param pos="0" name="hw.product" value="DocCam"/>
2165
+ <param pos="1" name="hw.version"/>
2166
+ <param pos="2" name="host.mac"/>
2167
+ </fingerprint>
2168
+
2169
+ <fingerprint pattern="\((FL WLAN \S+)\)">
2170
+ <description>Phoenix Contact Wireless Module</description>
2171
+ <example hw.product="FL WLAN 510X">(FL WLAN 510X)</example>
2172
+ <param pos="0" name="hw.vendor" value="Phoenix Contact"/>
2173
+ <param pos="0" name="hw.device" value="WAP"/>
2174
+ <param pos="1" name="hw.product"/>
2175
+ </fingerprint>
2176
+
2177
+ <fingerprint pattern="Welcome to i\.CanDoIt (.{0,1000}) v(\S+)">
2178
+ <description>Control Solutions i.CanDoIt PLC</description>
2179
+ <example hw.product="BAS-700 ReMOTE I/O" hw.version="2.47x">Welcome to i.CanDoIt BAS-700 ReMOTE I/O v2.47x</example>
2180
+ <param pos="0" name="hw.vendor" value="Control Solutions"/>
2181
+ <param pos="0" name="hw.device" value="PLC"/>
2182
+ <param pos="1" name="hw.product"/>
2183
+ <param pos="2" name="hw.version"/>
2184
+ <param pos="0" name="hw.certainty" value="0.75"/>
2185
+ </fingerprint>
2186
+
2187
+ <fingerprint pattern="Welcome to the MRV Communications' LX Series Server">
2188
+ <description>MRV Communications LX Series</description>
2189
+ <example>Welcome to the MRV Communications' LX Series Server</example>
2190
+ <param pos="0" name="hw.vendor" value="MRV Communications"/>
2191
+ <param pos="0" name="hw.device" value="Device Server"/>
2192
+ <param pos="0" name="hw.family" value="LX Series"/>
2193
+ </fingerprint>
2194
+
2195
+ <fingerprint pattern="(?m)\*\*\* Lantronix ([\S]+) Device Server \*\*\*(?:\r|\n)+MAC address ([a-fA-F0-9]{12})(?:\r|\n)+Software version V(\S+)">
2196
+ <description>Lantronix device server - w/o Serial</description>
2197
+ <!--
2198
+ *** Lantronix UDS1100-IAP Device Server ***
2199
+ MAC address 0080A3BD0000
2200
+ Software version V6.11.0.0 (150514) UDS1100
2201
+ Press Enter for Setup Mode
2202
+ -->
2203
+
2204
+ <example _encoding="base64" hw.product="UDS1100-IAP" hw.version="6.11.0.0" host.mac="0080A3BD0000">
2205
+ KioqIExhbnRyb25peCBVRFMxMTAwLUlBUCBEZXZpY2UgU2VydmVyICoqKgpN
2206
+ QUMgYWRkcmVzcyAwMDgwQTNCRDAwMDAKClNvZnR3YXJlIHZlcnNpb24gVjYu
2207
+ MTEuMC4wICgxNTA1MTQpIFVEUzExMDAKCgpQcmVzcyBFbnRlciBmb3IgU2V0
2208
+ dXAgTW9kZQo=
2209
+ </example>
2210
+ <param pos="0" name="hw.vendor" value="Lantronix"/>
2211
+ <param pos="0" name="hw.device" value="Device Server"/>
2212
+ <param pos="1" name="hw.product"/>
2213
+ <param pos="2" name="host.mac"/>
2214
+ <param pos="3" name="hw.version"/>
2215
+ </fingerprint>
2216
+
2217
+ <fingerprint pattern="(?m)\*\*\* Lantronix Universal Device Server \*\*\*(?:\r|\n)+Serial Number (\d+)\s+MAC address ([a-fA-F0-9:]{17})(?:\r|\n)+Software version (\S+)">
2218
+ <description>Lantronix device server - w/ Serial</description>
2219
+ <!--
2220
+ *** Lantronix Universal Device Server ***
2221
+ Serial Number 6451000 MAC address 00:20:4A:64:00:00
2222
+ Software version 04.5 (011025)
2223
+ Press Enter to go into Setup Mode
2224
+ -->
2225
+
2226
+ <example _encoding="base64" hw.version="04.5" host.mac="00:20:4A:64:00:00" hw.serial_number="6451000" lantronix.serial_number="6451000">
2227
+ KioqIExhbnRyb25peCBVbml2ZXJzYWwgRGV2aWNlIFNlcnZlciAqKioKU2Vy
2228
+ aWFsIE51bWJlciA2NDUxMDAwICBNQUMgYWRkcmVzcyAwMDoyMDo0QTo2NDow
2229
+ MDowMAoKU29mdHdhcmUgdmVyc2lvbiAwNC41ICgwMTEwMjUpCgpQcmVzcyBF
2230
+ bnRlciB0byBnbyBpbnRvIFNldHVwIE1vZGUK
2231
+ </example>
2232
+ <param pos="0" name="hw.vendor" value="Lantronix"/>
2233
+ <param pos="0" name="hw.device" value="Device Server"/>
2234
+ <param pos="0" name="hw.product" value="UDS"/>
2235
+ <param pos="1" name="lantronix.serial_number"/>
2236
+ <param pos="1" name="hw.serial_number"/>
2237
+ <param pos="2" name="host.mac"/>
2238
+ <param pos="3" name="hw.version"/>
2239
+ </fingerprint>
2240
+
2241
+ <fingerprint pattern="^(TAU-\d+[A-Z]*(?:\.IP)?) login:$$">
2242
+ <description>Eltex TAU model VoIP gateway</description>
2243
+ <example hw.product="TAU-8">TAU-8 login:</example>
2244
+ <example hw.product="TAU-2M.IP">TAU-2M.IP login:</example>
2245
+ <param pos="0" name="os.vendor" value="Eltex"/>
2246
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2247
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
2248
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2249
+ <param pos="1" name="hw.product"/>
2250
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
2251
+ </fingerprint>
2252
+
2253
+ <fingerprint pattern="(?m)^\**(?:\r|\n)*\**\s*Welcome to (SMG-?\d+[A-Z]?)\s*\**(?:\r|\n)*\**(?:\r|\n)+(\S+) login:\s*$">
2254
+ <description>Eltex SMG model VoIP gateway - banner with model number</description>
2255
+ <!--
2256
+ ********************************************
2257
+ * Welcome to SMG1016M *
2258
+ ********************************************
2259
+
2260
+ foo.bar.baz login:
2261
+ -->
2262
+ <example hw.product="SMG1016M" host.name="foo.bar.baz" _encoding="base64">
2263
+ DQ0KDQoNKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCg0qI
2264
+ CAgICAgICAgICAgV2VsY29tZSB0byBTTUcxMDE2TSAgICAgICAgICAgKg0KDSoqKioqKioqKi
2265
+ oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqDQoNDQoNZm9vLmJhci5iYXogbG9
2266
+ naW46IA==
2267
+ </example>
2268
+ <param pos="0" name="os.vendor" value="Eltex"/>
2269
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2270
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
2271
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2272
+ <param pos="1" name="hw.product"/>
2273
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
2274
+ <param pos="2" name="host.name"/>
2275
+ </fingerprint>
2276
+
2277
+ <fingerprint pattern="^eltex-nv(\d+) login:$">
2278
+ <description>Eltex - NV model IPTV set top box</description>
2279
+ <example hw.model="101">eltex-nv101 login:</example>
2280
+ <example hw.product="NV102">eltex-nv102 login:</example>
2281
+ <param pos="0" name="os.vendor" value="Eltex"/>
2282
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2283
+ <param pos="0" name="os.device" value="IPTV"/>
2284
+ <param pos="1" name="hw.model"/>
2285
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2286
+ <param pos="0" name="hw.product" value="NV{hw.model}"/>
2287
+ <param pos="0" name="hw.device" value="IPTV"/>
2288
+ </fingerprint>
2289
+
2290
+ <fingerprint pattern="&quot;BeerTemp&quot;:.*&quot;FridgeTemp&quot;:">
2291
+ <description>Fermentrack Beer Brewing Monitor</description>
2292
+ <example>T:{"BeerTemp":null,"BeerSet":null,"BeerAnn":null,"FridgeTemp":null,"FridgeSet":null,"FridgeAnn":null,"State":0}</example>
2293
+ <param pos="0" name="hw.device" value="Device"/>
2294
+ <param pos="0" name="os.product" value="Fermentrack"/>
2295
+ </fingerprint>
2296
+
2297
+ <fingerprint pattern="(?m)^Welcome to the SIGMA Spectrum Diagnostic Terminal(?:\r|\n)*Wireless Battery Module \(802\.11[abgn\/]+\)(?:\r|\n)*MAC Address: ((?:[0-9a-f]{2}-?){6}) SW: \d+[\sD]*\d+\s*(?:\r|\n)*Sigma Spectrum SN: (\d+) SW: v([\d.]+)(?:\r|\n)*Radio up since: [\w\s:]+(?:\r|\n)*login:\s*$">
2298
+ <description>Baxter SIGMA Spectrum Infusion System with Wireless Battery Module</description>
2299
+ <!--
2300
+ Welcome to the SIGMA Spectrum Diagnostic Terminal
2301
+
2302
+ Wireless Battery Module (802.11a/b/g/n)
2303
+ MAC Address: 00-40-9d-12-34-56 SW: 20 D29
2304
+ Sigma Spectrum SN: 1234567 SW: v8.00.01
2305
+ Radio up since: Fri Mar 1 03:14:24 2019
2306
+
2307
+ login:
2308
+ -->
2309
+
2310
+ <example host.mac="00-40-9d-12-34-56" hw.serial_number="1234567" os.version="8.00.01" _encoding="base64">
2311
+ V2VsY29tZSB0byB0aGUgU0lHTUEgU3BlY3RydW0gRGlhZ25vc3RpYyBUZXJtaW5hbA0KDQpXa
2312
+ XJlbGVzcyBCYXR0ZXJ5IE1vZHVsZSAoODAyLjExYS9iL2cvbikNCk1BQyBBZGRyZXNzOiAwMC
2313
+ 00MC05ZC0xMi0zNC01NiBTVzogMjAgRDI5DQpTaWdtYSBTcGVjdHJ1bSBTTjogMTIzNDU2NyB
2314
+ TVzogdjguMDAuMDENClJhZGlvIHVwIHNpbmNlOiBGcmkgTWFyICAxIDAzOjE0OjI0IDIwMTkN
2315
+ Cg0KbG9naW46IA==
2316
+ </example>
2317
+ <param pos="0" name="os.vendor" value="Baxter"/>
2318
+ <param pos="0" name="os.product" value="SIGMA Spectrum Infusion System Firmware"/>
2319
+ <param pos="0" name="os.device" value="Medical"/>
2320
+ <param pos="3" name="os.version"/>
2321
+ <param pos="0" name="os.cpe23" value="cpe:/o:baxter:sigma_spectrum_infusion_system_firmware:{os.version}"/>
2322
+ <param pos="0" name="hw.vendor" value="Baxter"/>
2323
+ <param pos="0" name="hw.product" value="SIGMA Spectrum Infusion System"/>
2324
+ <param pos="0" name="hw.device" value="Medical"/>
2325
+ <param pos="2" name="hw.serial_number"/>
2326
+ <param pos="0" name="hw.cpe23" value="cpe:/h:baxter:sigma_spectrum_infusion_system:-"/>
2327
+ <param pos="1" name="host.mac"/>
2328
+ </fingerprint>
2329
+
2113
2330
  </fingerprints>
data/{xml → recog/xml}/tls_jarm.xml RENAMED
@@ -14,13 +14,33 @@
14
14
  <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
15
  </fingerprint>
16
16
 
17
- <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
18
- <description>Synology NAS</description>
17
+ <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
18
+ <description>Synology NAS DSM 6</description>
19
+ <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
20
+ <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
21
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
19
22
  <example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
20
23
  <param pos="0" name="os.device" value="NAS"/>
21
24
  <param pos="0" name="os.family" value="Linux"/>
22
25
  <param pos="0" name="os.product" value="DSM"/>
23
26
  <param pos="0" name="os.vendor" value="Synology"/>
27
+ <param pos="0" name="os.version" value="6"/>
28
+ <param pos="0" name="hw.vendor" value="Synology"/>
29
+ <param pos="0" name="hw.device" value="NAS"/>
30
+ </fingerprint>
31
+
32
+ <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
33
+ <description>Synology NAS DSM 7</description>
34
+ <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
35
+ <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
36
+ <example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
37
+ <example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
38
+ <example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
39
+ <param pos="0" name="os.device" value="NAS"/>
40
+ <param pos="0" name="os.family" value="Linux"/>
41
+ <param pos="0" name="os.product" value="DSM"/>
42
+ <param pos="0" name="os.vendor" value="Synology"/>
43
+ <param pos="0" name="os.version" value="7"/>
24
44
  <param pos="0" name="hw.vendor" value="Synology"/>
25
45
  <param pos="0" name="hw.device" value="NAS"/>
26
46
  </fingerprint>
@@ -36,9 +56,13 @@
36
56
  <param pos="0" name="os.device" value="Router"/>
37
57
  </fingerprint>
38
58
 
39
- <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
59
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
40
60
  <description>Metasploit listener</description>
61
+ <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
62
+ <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
63
+ <example>07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4</example>
41
64
  <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
65
+ <example>07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823</example>
42
66
  <param pos="0" name="service.vendor" value="Rapid7"/>
43
67
  <param pos="0" name="service.product" value="Metasploit"/>
44
68
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
@@ -47,9 +71,10 @@
47
71
  <!-- This fingerprint matches Java's TLS stack,
48
72
  see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
49
73
 
50
- <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
74
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
51
75
  <description>Cobalt Strike listener</description>
52
76
  <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
77
+ <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
53
78
  <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
54
79
  <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
55
80
  <param pos="0" name="service.certainty" value="0.3"/>
@@ -118,11 +143,13 @@
118
143
  <param pos="0" name="hw.device" value="Media Server"/>
119
144
  <param pos="0" name="hw.vendor" value="Google"/>
120
145
  <param pos="0" name="hw.product" value="Chromecast"/>
146
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
121
147
  </fingerprint>
122
148
 
123
- <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
124
- <description>VMWare ESXi</description>
149
+ <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
150
+ <description>VMware ESXi</description>
125
151
  <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
152
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
126
153
  <param pos="0" name="os.vendor" value="VMware"/>
127
154
  <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
128
155
  <param pos="0" name="os.product" value="VMware ESXi Server"/>
@@ -137,4 +164,27 @@
137
164
  <param pos="0" name="service.product" value="Merlin"/>
138
165
  </fingerprint>
139
166
 
167
+ <fingerprint pattern="^21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893$">
168
+ <description>Covenant .NET C2 framework</description>
169
+ <example>21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893</example>
170
+ <param pos="0" name="service.product" value="Covenant"/>
171
+ </fingerprint>
172
+
173
+ <fingerprint pattern="^16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672$">
174
+ <description>HP Printer</description>
175
+ <example>16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672</example>
176
+ <param pos="0" name="hw.device" value="Printer"/>
177
+ <param pos="0" name="hw.vendor" value="HP"/>
178
+ <param pos="0" name="os.vendor" value="HP"/>
179
+ <param pos="0" name="os.device" value="Printer"/>
180
+ </fingerprint>
181
+
182
+ <fingerprint pattern="^27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd$">
183
+ <description>openHAB - open-source home automation</description>
184
+ <example>27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd</example>
185
+ <param pos="0" name="service.vendor" value="openHAB"/>
186
+ <param pos="0" name="service.product" value="openHAB"/>
187
+ <param pos="0" name="service.cpe23" value="cpe:/a:openhab:openhab:-"/>
188
+ </fingerprint>
189
+
140
190
  </fingerprints>
data/{xml → recog/xml}/x11_banners.xml RENAMED
@@ -62,13 +62,13 @@
62
62
  <fingerprint pattern="^Fedora Project$">
63
63
  <description>Fedora Project</description>
64
64
  <example>Fedora Project</example>
65
- <param pos="0" name="os.vendor" value="Red Hat"/>
65
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
66
66
  <param pos="0" name="service.vendor" value="X.Org"/>
67
67
  <param pos="0" name="service.product" value="X.Org X11"/>
68
68
  <param pos="0" name="service.cpe23" value="cpe:/a:x.org:x11:-"/>
69
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
69
+ <param pos="0" name="os.product" value="Fedora Core"/>
70
70
  <param pos="0" name="os.family" value="Linux"/>
71
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
71
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
72
72
  </fingerprint>
73
73
 
74
74
  <fingerprint pattern="^freedesktop\.org$">
data/{xml → recog/xml}/x509_issuers.xml RENAMED
@@ -106,6 +106,7 @@
106
106
  <param pos="0" name="hw.vendor" value="Google"/>
107
107
  <param pos="0" name="hw.product" value="Chromecast"/>
108
108
  <param pos="0" name="hw.certainty" value="0.5"/>
109
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
109
110
  <param pos="0" name="chromecast.generation" value="1"/>
110
111
  </fingerprint>
111
112
 
@@ -127,6 +128,7 @@
127
128
  <param pos="0" name="hw.vendor" value="Google"/>
128
129
  <param pos="0" name="hw.product" value="Chromecast"/>
129
130
  <param pos="0" name="hw.certainty" value="0.5"/>
131
+ <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
130
132
  <param pos="1" name="chromecast.generation"/>
131
133
  <param pos="2" name="chromecast.capabilities"/>
132
134
  </fingerprint>
@@ -225,7 +227,7 @@
225
227
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
226
228
  <description>Cisco Video Communication Server</description>
227
229
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
228
- <param pos="0" name="hw.device" value="Video Conference"/>
230
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
229
231
  <param pos="0" name="hw.vendor" value="Cisco"/>
230
232
  <param pos="0" name="hw.product" value="TelePresence"/>
231
233
  </fingerprint>
@@ -357,4 +359,50 @@
357
359
  <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
358
360
  </fingerprint>
359
361
 
362
+ <fingerprint pattern="^CN=Avaya cu360 (\S+)$">
363
+ <description>Avaya Video Conferencing Device - CU360</description>
364
+ <example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
365
+ <param pos="0" name="hw.vendor" value="Avaya"/>
366
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
367
+ <param pos="0" name="hw.product" value="CU360"/>
368
+ <param pos="1" name="hw.serial_number"/>
369
+ </fingerprint>
370
+
371
+ <fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
372
+ <description>Roomba Device</description>
373
+ <example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
374
+ <param pos="0" name="hw.vendor" value="iRobot"/>
375
+ <param pos="0" name="hw.device" value="Device"/>
376
+ <param pos="0" name="hw.product" value="Roomba"/>
377
+ </fingerprint>
378
+
379
+ <fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
380
+ <description>FreshTomato Router Firmware</description>
381
+ <example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
382
+ <param pos="0" name="os.vendor" value="FreshTomato"/>
383
+ <param pos="0" name="os.family" value="Linux"/>
384
+ <param pos="0" name="os.product" value="FreshTomato"/>
385
+ <param pos="0" name="os.device" value="Router"/>
386
+ </fingerprint>
387
+
388
+ <fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
389
+ <description>Bosch Device</description>
390
+ <example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
391
+ <param pos="0" name="os.vendor" value="Bosch"/>
392
+ <param pos="0" name="hw.vendor" value="Bosch"/>
393
+ <param pos="1" name="hw.serial_number"/>
394
+ <param pos="2" name="host.mac"/>
395
+ </fingerprint>
396
+
397
+ <fingerprint pattern="^CN=Proxmox Virtual Environment,OU=[a-f0-9-]+,O=PVE Cluster Manager CA$">
398
+ <description>Proxmox open-source virtualization platform</description>
399
+ <example>CN=Proxmox Virtual Environment,OU=dd69676f-e203-490e-b040-79b75ed6a9d7,O=PVE Cluster Manager CA</example>
400
+ <param pos="0" name="service.vendor" value="Proxmox"/>
401
+ <param pos="0" name="service.product" value="Virtual Environment"/>
402
+ <param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
403
+ <param pos="0" name="os.vendor" value="Proxmox"/>
404
+ <param pos="0" name="os.family" value="Linux"/>
405
+ <param pos="0" name="os.product" value="Proxmox"/>
406
+ </fingerprint>
407
+
360
408
  </fingerprints>