recog 2.3.21 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +42 -16
- data/Rakefile +2 -9
- data/lib/recog/db.rb +2 -1
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +0 -1
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +98 -56
- data/{xml → recog/xml}/architecture.xml +15 -1
- data/recog/xml/dhcp_vendor_class.xml +206 -0
- data/{xml → recog/xml}/dns_versionbind.xml +16 -13
- data/{xml → recog/xml}/favicons.xml +297 -47
- data/{xml → recog/xml}/fingerprints.xsd +9 -1
- data/{xml → recog/xml}/ftp_banners.xml +160 -156
- data/{xml → recog/xml}/h323_callresp.xml +101 -101
- data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
- data/{xml → recog/xml}/html_title.xml +727 -34
- data/{xml → recog/xml}/http_cookies.xml +160 -77
- data/{xml → recog/xml}/http_servers.xml +556 -283
- data/{xml → recog/xml}/http_wwwauth.xml +190 -75
- data/{xml → recog/xml}/imap_banners.xml +5 -5
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +1 -1
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +11 -8
- data/{xml → recog/xml}/ntp_banners.xml +97 -97
- data/{xml → recog/xml}/operating_system.xml +95 -80
- data/{xml → recog/xml}/pop_banners.xml +23 -23
- data/{xml → recog/xml}/rsh_resp.xml +3 -3
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +43 -5
- data/{xml → recog/xml}/sip_user_agents.xml +175 -27
- data/{xml → recog/xml}/smb_native_lm.xml +5 -5
- data/{xml → recog/xml}/smb_native_os.xml +25 -25
- data/{xml → recog/xml}/smtp_banners.xml +147 -146
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +11 -11
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +2 -2
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
- data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
- data/{xml → recog/xml}/ssh_banners.xml +16 -10
- data/{xml → recog/xml}/telnet_banners.xml +238 -21
- data/{xml → recog/xml}/tls_jarm.xml +56 -6
- data/{xml → recog/xml}/x11_banners.xml +3 -3
- data/{xml → recog/xml}/x509_issuers.xml +49 -1
- data/{xml → recog/xml}/x509_subjects.xml +139 -38
- data/recog.gemspec +9 -5
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/spec/spec_helper.rb +4 -0
- metadata +65 -134
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/workflows/ci.yml +0 -26
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/CONTRIBUTING.md +0 -270
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -148
- data/bin/recog_verify +0 -64
- data/cpe-remap.yaml +0 -343
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -20
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/verify.feature +0 -48
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -104
- data/identifiers/hw_device.txt +0 -78
- data/identifiers/hw_family.txt +0 -113
- data/identifiers/hw_product.txt +0 -410
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -75
- data/identifiers/os_family.txt +0 -233
- data/identifiers/os_product.txt +0 -340
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -752
- data/identifiers/vendor.txt +0 -798
- data/lib/recog/verifier_factory.rb +0 -13
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -174
- data/update_cpes.py +0 -250
@@ -655,7 +655,7 @@
|
|
655
655
|
<param pos="1" name="host.name"/>
|
656
656
|
</fingerprint>
|
657
657
|
|
658
|
-
<fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)
|
658
|
+
<fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+">
|
659
659
|
<description>HP Printer - Jet Direct</description>
|
660
660
|
<!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
|
661
661
|
|
@@ -1086,7 +1086,7 @@
|
|
1086
1086
|
<param pos="0" name="os.product" value="EDR G902 Firmware"/>
|
1087
1087
|
</fingerprint>
|
1088
1088
|
|
1089
|
-
<fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s
|
1089
|
+
<fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*">
|
1090
1090
|
<description>RedHat general purpose linux</description>
|
1091
1091
|
<!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
|
1092
1092
|
|
@@ -1095,7 +1095,7 @@
|
|
1095
1095
|
</example>
|
1096
1096
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
1097
1097
|
<param pos="0" name="os.family" value="Linux"/>
|
1098
|
-
<param pos="0" name="os.
|
1098
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1099
1099
|
<param pos="1" name="os.version"/>
|
1100
1100
|
</fingerprint>
|
1101
1101
|
|
@@ -1148,7 +1148,7 @@
|
|
1148
1148
|
<param pos="3" name="os.arch"/>
|
1149
1149
|
</fingerprint>
|
1150
1150
|
|
1151
|
-
<fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)
|
1151
|
+
<fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
|
1152
1152
|
<description>Fedora Core Release</description>
|
1153
1153
|
<!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
|
1154
1154
|
|
@@ -1164,7 +1164,7 @@
|
|
1164
1164
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
|
1165
1165
|
</fingerprint>
|
1166
1166
|
|
1167
|
-
<fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*)
|
1167
|
+
<fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) ">
|
1168
1168
|
<description>SuSE Linux</description>
|
1169
1169
|
<!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
|
1170
1170
|
|
@@ -1180,7 +1180,7 @@
|
|
1180
1180
|
<param pos="3" name="linux.kernel.version"/>
|
1181
1181
|
</fingerprint>
|
1182
1182
|
|
1183
|
-
<fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+)
|
1183
|
+
<fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+)">
|
1184
1184
|
<description>Turbolinux ApplianceServer</description>
|
1185
1185
|
<!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
|
1186
1186
|
|
@@ -1195,7 +1195,7 @@
|
|
1195
1195
|
<param pos="1" name="os.version"/>
|
1196
1196
|
</fingerprint>
|
1197
1197
|
|
1198
|
-
<fingerprint pattern="^UnixWare ([^ ]+)
|
1198
|
+
<fingerprint pattern="^UnixWare ([^ ]+)">
|
1199
1199
|
<description>UnixWare</description>
|
1200
1200
|
<!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
|
1201
1201
|
|
@@ -1209,7 +1209,7 @@
|
|
1209
1209
|
<param pos="1" name="os.version"/>
|
1210
1210
|
</fingerprint>
|
1211
1211
|
|
1212
|
-
<fingerprint pattern="^Telnet Server Build (5
|
1212
|
+
<fingerprint pattern="(?m)^Telnet Server Build (5\.[.\d]+)">
|
1213
1213
|
<description>Windows 2000</description>
|
1214
1214
|
<!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
|
1215
1215
|
|
@@ -1241,7 +1241,7 @@
|
|
1241
1241
|
<description>Arescom System</description>
|
1242
1242
|
<!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
|
1243
1243
|
|
1244
|
-
<example _encoding="base64" os.model="NDS1260HE-TLI">
|
1244
|
+
<example _encoding="base64" os.model="NDS1260HE-TLI" hw.model="NDS1260HE-TLI">
|
1245
1245
|
TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
|
1246
1246
|
</example>
|
1247
1247
|
<param pos="0" name="os.vendor" value="Arescom"/>
|
@@ -1296,7 +1296,7 @@
|
|
1296
1296
|
<param pos="0" name="os.family" value="VxWorks"/>
|
1297
1297
|
</fingerprint>
|
1298
1298
|
|
1299
|
-
<fingerprint pattern="
|
1299
|
+
<fingerprint pattern="Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*)">
|
1300
1300
|
<description>Nortel Passport</description>
|
1301
1301
|
<!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
|
1302
1302
|
|
@@ -1387,7 +1387,7 @@
|
|
1387
1387
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1388
1388
|
</fingerprint>
|
1389
1389
|
|
1390
|
-
<fingerprint pattern="Cobalt Linux release\W(.*)\W\(
|
1390
|
+
<fingerprint pattern="Cobalt Linux release\W(.*)\W\(">
|
1391
1391
|
<description>Cobalt Linux</description>
|
1392
1392
|
<!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
|
1393
1393
|
|
@@ -1456,7 +1456,7 @@
|
|
1456
1456
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
1457
1457
|
</fingerprint>
|
1458
1458
|
|
1459
|
-
<fingerprint pattern="^Digital UNIX \(([^)]+)
|
1459
|
+
<fingerprint pattern="^Digital UNIX \(([^)]+)">
|
1460
1460
|
<description>Digital Unix</description>
|
1461
1461
|
<!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
|
1462
1462
|
|
@@ -1469,7 +1469,7 @@
|
|
1469
1469
|
<param pos="1" name="host.name"/>
|
1470
1470
|
</fingerprint>
|
1471
1471
|
|
1472
|
-
<fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\)
|
1472
|
+
<fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) ">
|
1473
1473
|
<description>Compaq Tru64 UNIX V</description>
|
1474
1474
|
<!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
|
1475
1475
|
|
@@ -1484,7 +1484,7 @@
|
|
1484
1484
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
|
1485
1485
|
</fingerprint>
|
1486
1486
|
|
1487
|
-
<fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\))
|
1487
|
+
<fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\))">
|
1488
1488
|
<description>System HP-UX</description>
|
1489
1489
|
<!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
|
1490
1490
|
|
@@ -1518,7 +1518,7 @@
|
|
1518
1518
|
<param pos="0" name="hw.device" value="NAS"/>
|
1519
1519
|
</fingerprint>
|
1520
1520
|
|
1521
|
-
<fingerprint pattern="OpenVMS.*Version\sV([^\s]+)
|
1521
|
+
<fingerprint pattern="OpenVMS.*Version\sV([^\s]+)">
|
1522
1522
|
<description>OpenVMS</description>
|
1523
1523
|
<!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
|
1524
1524
|
|
@@ -1532,7 +1532,7 @@
|
|
1532
1532
|
<param pos="1" name="os.version"/>
|
1533
1533
|
</fingerprint>
|
1534
1534
|
|
1535
|
-
<fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+)
|
1535
|
+
<fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+)">
|
1536
1536
|
<description>SCO OpenServer</description>
|
1537
1537
|
<!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
|
1538
1538
|
|
@@ -1614,7 +1614,7 @@
|
|
1614
1614
|
<param pos="0" name="hw.product" value="Vigor"/>
|
1615
1615
|
</fingerprint>
|
1616
1616
|
|
1617
|
-
<fingerprint pattern="
|
1617
|
+
<fingerprint pattern="Version\s(\d*.\d*)\/OpenBSD">
|
1618
1618
|
<description>OpenBSD</description>
|
1619
1619
|
<!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
|
1620
1620
|
|
@@ -1703,7 +1703,7 @@
|
|
1703
1703
|
<param pos="3" name="os.version"/>
|
1704
1704
|
</fingerprint>
|
1705
1705
|
|
1706
|
-
<fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
|
1706
|
+
<fingerprint pattern="(?m)^HP ([^\s]+) ProCurve Switch">
|
1707
1707
|
<description>HP ProCurve Switch</description>
|
1708
1708
|
<!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
|
1709
1709
|
Firmware revision v2.2.3\n\nCopyright (C) 1991-2004 Hewlett-Packard Co. All Rights Reserved.\n\n
|
@@ -1815,7 +1815,7 @@
|
|
1815
1815
|
<param pos="2" name="os.version"/>
|
1816
1816
|
</fingerprint>
|
1817
1817
|
|
1818
|
-
<fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..)
|
1818
|
+
<fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..)">
|
1819
1819
|
<description>System is a Buffalo/MELCO Embedded Print Server</description>
|
1820
1820
|
<!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
|
1821
1821
|
\n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
|
@@ -1840,7 +1840,7 @@
|
|
1840
1840
|
<param pos="4" name="host.mac"/>
|
1841
1841
|
</fingerprint>
|
1842
1842
|
|
1843
|
-
<fingerprint pattern="(?m)^AIX Version\W(\d)
|
1843
|
+
<fingerprint pattern="(?m)^AIX Version\W(\d)">
|
1844
1844
|
<description>System is IBM AIX v</description>
|
1845
1845
|
<!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
|
1846
1846
|
|
@@ -1854,7 +1854,7 @@
|
|
1854
1854
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
|
1855
1855
|
</fingerprint>
|
1856
1856
|
|
1857
|
-
<fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+)
|
1857
|
+
<fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+)">
|
1858
1858
|
<description>System is Cisco UCS Device</description>
|
1859
1859
|
<!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
|
1860
1860
|
|
@@ -2110,4 +2110,221 @@
|
|
2110
2110
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
2111
2111
|
</fingerprint>
|
2112
2112
|
|
2113
|
+
<fingerprint pattern="Novus Telnet Interface \(v(\S+)\)">
|
2114
|
+
<description>Alpha Technologies Novus UPS</description>
|
2115
|
+
<example hw.version="2.00.01">Novus Telnet Interface (v2.00.01)</example>
|
2116
|
+
<param pos="0" name="hw.vendor" value="Alpha Technologies"/>
|
2117
|
+
<param pos="0" name="hw.device" value="Power Device"/>
|
2118
|
+
<param pos="0" name="hw.product" value="Novus UPS"/>
|
2119
|
+
<param pos="1" name="hw.version"/>
|
2120
|
+
</fingerprint>
|
2121
|
+
|
2122
|
+
<fingerprint pattern="New Telnet Console Client Attached">
|
2123
|
+
<description>Psion Teklogix</description>
|
2124
|
+
<example>New Telnet Console Client Attached.</example>
|
2125
|
+
<param pos="0" name="hw.vendor" value="Psion Teklogix"/>
|
2126
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
2127
|
+
<param pos="0" name="hw.product" value="CommServer"/>
|
2128
|
+
</fingerprint>
|
2129
|
+
|
2130
|
+
<fingerprint pattern="UPS SYSTEMS SNMP/Web agent Configuration menu">
|
2131
|
+
<description>APC UPS Network Card</description>
|
2132
|
+
<example>UPS SYSTEMS SNMP/Web agent Configuration menu</example>
|
2133
|
+
<param pos="0" name="hw.vendor" value="APC"/>
|
2134
|
+
<param pos="0" name="hw.device" value="Power Device"/>
|
2135
|
+
<param pos="0" name="hw.product" value="UPS"/>
|
2136
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
2137
|
+
</fingerprint>
|
2138
|
+
|
2139
|
+
<fingerprint pattern="(?i)Welcome to (\S+Dome [^\)]+) \d+\.\d+.\d+\.\d+ from">
|
2140
|
+
<description>Bosch Dome IP Cameras</description>
|
2141
|
+
<example hw.product="AutoDome 800 HD">Welcome to AutoDome 800 HD 1.2.3.4 from 5.6.7.8</example>
|
2142
|
+
<example hw.product="FLEXIDOME NDC-455-P">Welcome to FLEXIDOME NDC-455-P 1.2.3.4 from 5.6.7.8</example>
|
2143
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
2144
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
2145
|
+
<param pos="1" name="hw.product"/>
|
2146
|
+
</fingerprint>
|
2147
|
+
|
2148
|
+
<fingerprint pattern="(?:RDL-\d+ Ellipse\s+|Connect-OWS?) .{0,1000} Copyright .{0,1000} Redline Communications Inc">
|
2149
|
+
<description>Redline Communication Radios</description>
|
2150
|
+
<example>RDL-3000 Ellipse (c) Copyright 2010-2016 Redline Communications Inc.</example>
|
2151
|
+
<example>Connect-OW (c) Copyright 2010-2016 Redline Communications Inc.</example>
|
2152
|
+
<example>Connect-OWS (c) Copyright 2010-2016 Redline Communications Inc.</example>
|
2153
|
+
<param pos="0" name="hw.vendor" value="Redline"/>
|
2154
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
2155
|
+
<param pos="0" name="hw.product" value="Wireless Radio"/>
|
2156
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
2157
|
+
</fingerprint>
|
2158
|
+
|
2159
|
+
<fingerprint pattern="Vaddio VNG (\S+) vaddio-doccam-([a-fA-F0-9-]{17})">
|
2160
|
+
<description>Vadio VNG DocCom</description>
|
2161
|
+
<example hw.version="1.6+snapshot-20170720" host.mac="54-10-EC-31-2A-19">Vaddio VNG 1.6+snapshot-20170720 vaddio-doccam-54-10-EC-31-2A-19</example>
|
2162
|
+
<param pos="0" name="hw.vendor" value="Vaddio"/>
|
2163
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
2164
|
+
<param pos="0" name="hw.product" value="DocCam"/>
|
2165
|
+
<param pos="1" name="hw.version"/>
|
2166
|
+
<param pos="2" name="host.mac"/>
|
2167
|
+
</fingerprint>
|
2168
|
+
|
2169
|
+
<fingerprint pattern="\((FL WLAN \S+)\)">
|
2170
|
+
<description>Phoenix Contact Wireless Module</description>
|
2171
|
+
<example hw.product="FL WLAN 510X">(FL WLAN 510X)</example>
|
2172
|
+
<param pos="0" name="hw.vendor" value="Phoenix Contact"/>
|
2173
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
2174
|
+
<param pos="1" name="hw.product"/>
|
2175
|
+
</fingerprint>
|
2176
|
+
|
2177
|
+
<fingerprint pattern="Welcome to i\.CanDoIt (.{0,1000}) v(\S+)">
|
2178
|
+
<description>Control Solutions i.CanDoIt PLC</description>
|
2179
|
+
<example hw.product="BAS-700 ReMOTE I/O" hw.version="2.47x">Welcome to i.CanDoIt BAS-700 ReMOTE I/O v2.47x</example>
|
2180
|
+
<param pos="0" name="hw.vendor" value="Control Solutions"/>
|
2181
|
+
<param pos="0" name="hw.device" value="PLC"/>
|
2182
|
+
<param pos="1" name="hw.product"/>
|
2183
|
+
<param pos="2" name="hw.version"/>
|
2184
|
+
<param pos="0" name="hw.certainty" value="0.75"/>
|
2185
|
+
</fingerprint>
|
2186
|
+
|
2187
|
+
<fingerprint pattern="Welcome to the MRV Communications' LX Series Server">
|
2188
|
+
<description>MRV Communications LX Series</description>
|
2189
|
+
<example>Welcome to the MRV Communications' LX Series Server</example>
|
2190
|
+
<param pos="0" name="hw.vendor" value="MRV Communications"/>
|
2191
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
2192
|
+
<param pos="0" name="hw.family" value="LX Series"/>
|
2193
|
+
</fingerprint>
|
2194
|
+
|
2195
|
+
<fingerprint pattern="(?m)\*\*\* Lantronix ([\S]+) Device Server \*\*\*(?:\r|\n)+MAC address ([a-fA-F0-9]{12})(?:\r|\n)+Software version V(\S+)">
|
2196
|
+
<description>Lantronix device server - w/o Serial</description>
|
2197
|
+
<!--
|
2198
|
+
*** Lantronix UDS1100-IAP Device Server ***
|
2199
|
+
MAC address 0080A3BD0000
|
2200
|
+
Software version V6.11.0.0 (150514) UDS1100
|
2201
|
+
Press Enter for Setup Mode
|
2202
|
+
-->
|
2203
|
+
|
2204
|
+
<example _encoding="base64" hw.product="UDS1100-IAP" hw.version="6.11.0.0" host.mac="0080A3BD0000">
|
2205
|
+
KioqIExhbnRyb25peCBVRFMxMTAwLUlBUCBEZXZpY2UgU2VydmVyICoqKgpN
|
2206
|
+
QUMgYWRkcmVzcyAwMDgwQTNCRDAwMDAKClNvZnR3YXJlIHZlcnNpb24gVjYu
|
2207
|
+
MTEuMC4wICgxNTA1MTQpIFVEUzExMDAKCgpQcmVzcyBFbnRlciBmb3IgU2V0
|
2208
|
+
dXAgTW9kZQo=
|
2209
|
+
</example>
|
2210
|
+
<param pos="0" name="hw.vendor" value="Lantronix"/>
|
2211
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
2212
|
+
<param pos="1" name="hw.product"/>
|
2213
|
+
<param pos="2" name="host.mac"/>
|
2214
|
+
<param pos="3" name="hw.version"/>
|
2215
|
+
</fingerprint>
|
2216
|
+
|
2217
|
+
<fingerprint pattern="(?m)\*\*\* Lantronix Universal Device Server \*\*\*(?:\r|\n)+Serial Number (\d+)\s+MAC address ([a-fA-F0-9:]{17})(?:\r|\n)+Software version (\S+)">
|
2218
|
+
<description>Lantronix device server - w/ Serial</description>
|
2219
|
+
<!--
|
2220
|
+
*** Lantronix Universal Device Server ***
|
2221
|
+
Serial Number 6451000 MAC address 00:20:4A:64:00:00
|
2222
|
+
Software version 04.5 (011025)
|
2223
|
+
Press Enter to go into Setup Mode
|
2224
|
+
-->
|
2225
|
+
|
2226
|
+
<example _encoding="base64" hw.version="04.5" host.mac="00:20:4A:64:00:00" hw.serial_number="6451000" lantronix.serial_number="6451000">
|
2227
|
+
KioqIExhbnRyb25peCBVbml2ZXJzYWwgRGV2aWNlIFNlcnZlciAqKioKU2Vy
|
2228
|
+
aWFsIE51bWJlciA2NDUxMDAwICBNQUMgYWRkcmVzcyAwMDoyMDo0QTo2NDow
|
2229
|
+
MDowMAoKU29mdHdhcmUgdmVyc2lvbiAwNC41ICgwMTEwMjUpCgpQcmVzcyBF
|
2230
|
+
bnRlciB0byBnbyBpbnRvIFNldHVwIE1vZGUK
|
2231
|
+
</example>
|
2232
|
+
<param pos="0" name="hw.vendor" value="Lantronix"/>
|
2233
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
2234
|
+
<param pos="0" name="hw.product" value="UDS"/>
|
2235
|
+
<param pos="1" name="lantronix.serial_number"/>
|
2236
|
+
<param pos="1" name="hw.serial_number"/>
|
2237
|
+
<param pos="2" name="host.mac"/>
|
2238
|
+
<param pos="3" name="hw.version"/>
|
2239
|
+
</fingerprint>
|
2240
|
+
|
2241
|
+
<fingerprint pattern="^(TAU-\d+[A-Z]*(?:\.IP)?) login:$$">
|
2242
|
+
<description>Eltex TAU model VoIP gateway</description>
|
2243
|
+
<example hw.product="TAU-8">TAU-8 login:</example>
|
2244
|
+
<example hw.product="TAU-2M.IP">TAU-2M.IP login:</example>
|
2245
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
2246
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
2247
|
+
<param pos="0" name="os.device" value="VoIP Gateway"/>
|
2248
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
2249
|
+
<param pos="1" name="hw.product"/>
|
2250
|
+
<param pos="0" name="hw.device" value="VoIP Gateway"/>
|
2251
|
+
</fingerprint>
|
2252
|
+
|
2253
|
+
<fingerprint pattern="(?m)^\**(?:\r|\n)*\**\s*Welcome to (SMG-?\d+[A-Z]?)\s*\**(?:\r|\n)*\**(?:\r|\n)+(\S+) login:\s*$">
|
2254
|
+
<description>Eltex SMG model VoIP gateway - banner with model number</description>
|
2255
|
+
<!--
|
2256
|
+
********************************************
|
2257
|
+
* Welcome to SMG1016M *
|
2258
|
+
********************************************
|
2259
|
+
|
2260
|
+
foo.bar.baz login:
|
2261
|
+
-->
|
2262
|
+
<example hw.product="SMG1016M" host.name="foo.bar.baz" _encoding="base64">
|
2263
|
+
DQ0KDQoNKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCg0qI
|
2264
|
+
CAgICAgICAgICAgV2VsY29tZSB0byBTTUcxMDE2TSAgICAgICAgICAgKg0KDSoqKioqKioqKi
|
2265
|
+
oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqDQoNDQoNZm9vLmJhci5iYXogbG9
|
2266
|
+
naW46IA==
|
2267
|
+
</example>
|
2268
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
2269
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
2270
|
+
<param pos="0" name="os.device" value="VoIP Gateway"/>
|
2271
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
2272
|
+
<param pos="1" name="hw.product"/>
|
2273
|
+
<param pos="0" name="hw.device" value="VoIP Gateway"/>
|
2274
|
+
<param pos="2" name="host.name"/>
|
2275
|
+
</fingerprint>
|
2276
|
+
|
2277
|
+
<fingerprint pattern="^eltex-nv(\d+) login:$">
|
2278
|
+
<description>Eltex - NV model IPTV set top box</description>
|
2279
|
+
<example hw.model="101">eltex-nv101 login:</example>
|
2280
|
+
<example hw.product="NV102">eltex-nv102 login:</example>
|
2281
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
2282
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
2283
|
+
<param pos="0" name="os.device" value="IPTV"/>
|
2284
|
+
<param pos="1" name="hw.model"/>
|
2285
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
2286
|
+
<param pos="0" name="hw.product" value="NV{hw.model}"/>
|
2287
|
+
<param pos="0" name="hw.device" value="IPTV"/>
|
2288
|
+
</fingerprint>
|
2289
|
+
|
2290
|
+
<fingerprint pattern=""BeerTemp":.*"FridgeTemp":">
|
2291
|
+
<description>Fermentrack Beer Brewing Monitor</description>
|
2292
|
+
<example>T:{"BeerTemp":null,"BeerSet":null,"BeerAnn":null,"FridgeTemp":null,"FridgeSet":null,"FridgeAnn":null,"State":0}</example>
|
2293
|
+
<param pos="0" name="hw.device" value="Device"/>
|
2294
|
+
<param pos="0" name="os.product" value="Fermentrack"/>
|
2295
|
+
</fingerprint>
|
2296
|
+
|
2297
|
+
<fingerprint pattern="(?m)^Welcome to the SIGMA Spectrum Diagnostic Terminal(?:\r|\n)*Wireless Battery Module \(802\.11[abgn\/]+\)(?:\r|\n)*MAC Address: ((?:[0-9a-f]{2}-?){6}) SW: \d+[\sD]*\d+\s*(?:\r|\n)*Sigma Spectrum SN: (\d+) SW: v([\d.]+)(?:\r|\n)*Radio up since: [\w\s:]+(?:\r|\n)*login:\s*$">
|
2298
|
+
<description>Baxter SIGMA Spectrum Infusion System with Wireless Battery Module</description>
|
2299
|
+
<!--
|
2300
|
+
Welcome to the SIGMA Spectrum Diagnostic Terminal
|
2301
|
+
|
2302
|
+
Wireless Battery Module (802.11a/b/g/n)
|
2303
|
+
MAC Address: 00-40-9d-12-34-56 SW: 20 D29
|
2304
|
+
Sigma Spectrum SN: 1234567 SW: v8.00.01
|
2305
|
+
Radio up since: Fri Mar 1 03:14:24 2019
|
2306
|
+
|
2307
|
+
login:
|
2308
|
+
-->
|
2309
|
+
|
2310
|
+
<example host.mac="00-40-9d-12-34-56" hw.serial_number="1234567" os.version="8.00.01" _encoding="base64">
|
2311
|
+
V2VsY29tZSB0byB0aGUgU0lHTUEgU3BlY3RydW0gRGlhZ25vc3RpYyBUZXJtaW5hbA0KDQpXa
|
2312
|
+
XJlbGVzcyBCYXR0ZXJ5IE1vZHVsZSAoODAyLjExYS9iL2cvbikNCk1BQyBBZGRyZXNzOiAwMC
|
2313
|
+
00MC05ZC0xMi0zNC01NiBTVzogMjAgRDI5DQpTaWdtYSBTcGVjdHJ1bSBTTjogMTIzNDU2NyB
|
2314
|
+
TVzogdjguMDAuMDENClJhZGlvIHVwIHNpbmNlOiBGcmkgTWFyICAxIDAzOjE0OjI0IDIwMTkN
|
2315
|
+
Cg0KbG9naW46IA==
|
2316
|
+
</example>
|
2317
|
+
<param pos="0" name="os.vendor" value="Baxter"/>
|
2318
|
+
<param pos="0" name="os.product" value="SIGMA Spectrum Infusion System Firmware"/>
|
2319
|
+
<param pos="0" name="os.device" value="Medical"/>
|
2320
|
+
<param pos="3" name="os.version"/>
|
2321
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:baxter:sigma_spectrum_infusion_system_firmware:{os.version}"/>
|
2322
|
+
<param pos="0" name="hw.vendor" value="Baxter"/>
|
2323
|
+
<param pos="0" name="hw.product" value="SIGMA Spectrum Infusion System"/>
|
2324
|
+
<param pos="0" name="hw.device" value="Medical"/>
|
2325
|
+
<param pos="2" name="hw.serial_number"/>
|
2326
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:baxter:sigma_spectrum_infusion_system:-"/>
|
2327
|
+
<param pos="1" name="host.mac"/>
|
2328
|
+
</fingerprint>
|
2329
|
+
|
2113
2330
|
</fingerprints>
|
@@ -14,13 +14,33 @@
|
|
14
14
|
<param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
|
15
15
|
</fingerprint>
|
16
16
|
|
17
|
-
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
|
18
|
-
<description>Synology NAS</description>
|
17
|
+
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
|
18
|
+
<description>Synology NAS DSM 6</description>
|
19
|
+
<example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
|
20
|
+
<example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
|
21
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3</example>
|
19
22
|
<example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
|
20
23
|
<param pos="0" name="os.device" value="NAS"/>
|
21
24
|
<param pos="0" name="os.family" value="Linux"/>
|
22
25
|
<param pos="0" name="os.product" value="DSM"/>
|
23
26
|
<param pos="0" name="os.vendor" value="Synology"/>
|
27
|
+
<param pos="0" name="os.version" value="6"/>
|
28
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
29
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
30
|
+
</fingerprint>
|
31
|
+
|
32
|
+
<fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
|
33
|
+
<description>Synology NAS DSM 7</description>
|
34
|
+
<example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
|
35
|
+
<example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
|
36
|
+
<example>29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3</example>
|
37
|
+
<example>29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8</example>
|
38
|
+
<example>29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b</example>
|
39
|
+
<param pos="0" name="os.device" value="NAS"/>
|
40
|
+
<param pos="0" name="os.family" value="Linux"/>
|
41
|
+
<param pos="0" name="os.product" value="DSM"/>
|
42
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
43
|
+
<param pos="0" name="os.version" value="7"/>
|
24
44
|
<param pos="0" name="hw.vendor" value="Synology"/>
|
25
45
|
<param pos="0" name="hw.device" value="NAS"/>
|
26
46
|
</fingerprint>
|
@@ -36,9 +56,13 @@
|
|
36
56
|
<param pos="0" name="os.device" value="Router"/>
|
37
57
|
</fingerprint>
|
38
58
|
|
39
|
-
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
|
59
|
+
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
|
40
60
|
<description>Metasploit listener</description>
|
61
|
+
<example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
|
62
|
+
<example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
|
63
|
+
<example>07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4</example>
|
41
64
|
<example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
|
65
|
+
<example>07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823</example>
|
42
66
|
<param pos="0" name="service.vendor" value="Rapid7"/>
|
43
67
|
<param pos="0" name="service.product" value="Metasploit"/>
|
44
68
|
<param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
|
@@ -47,9 +71,10 @@
|
|
47
71
|
<!-- This fingerprint matches Java's TLS stack,
|
48
72
|
see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
|
49
73
|
|
50
|
-
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
|
74
|
+
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
|
51
75
|
<description>Cobalt Strike listener</description>
|
52
76
|
<example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
|
77
|
+
<example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
|
53
78
|
<param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
|
54
79
|
<param pos="0" name="service.product" value="Cobalt Strike Listener"/>
|
55
80
|
<param pos="0" name="service.certainty" value="0.3"/>
|
@@ -118,11 +143,13 @@
|
|
118
143
|
<param pos="0" name="hw.device" value="Media Server"/>
|
119
144
|
<param pos="0" name="hw.vendor" value="Google"/>
|
120
145
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
146
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
121
147
|
</fingerprint>
|
122
148
|
|
123
|
-
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
|
124
|
-
<description>
|
149
|
+
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
|
150
|
+
<description>VMware ESXi</description>
|
125
151
|
<example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
|
152
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
|
126
153
|
<param pos="0" name="os.vendor" value="VMware"/>
|
127
154
|
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
128
155
|
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
@@ -137,4 +164,27 @@
|
|
137
164
|
<param pos="0" name="service.product" value="Merlin"/>
|
138
165
|
</fingerprint>
|
139
166
|
|
167
|
+
<fingerprint pattern="^21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893$">
|
168
|
+
<description>Covenant .NET C2 framework</description>
|
169
|
+
<example>21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893</example>
|
170
|
+
<param pos="0" name="service.product" value="Covenant"/>
|
171
|
+
</fingerprint>
|
172
|
+
|
173
|
+
<fingerprint pattern="^16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672$">
|
174
|
+
<description>HP Printer</description>
|
175
|
+
<example>16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672</example>
|
176
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
177
|
+
<param pos="0" name="hw.vendor" value="HP"/>
|
178
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
179
|
+
<param pos="0" name="os.device" value="Printer"/>
|
180
|
+
</fingerprint>
|
181
|
+
|
182
|
+
<fingerprint pattern="^27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd$">
|
183
|
+
<description>openHAB - open-source home automation</description>
|
184
|
+
<example>27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd</example>
|
185
|
+
<param pos="0" name="service.vendor" value="openHAB"/>
|
186
|
+
<param pos="0" name="service.product" value="openHAB"/>
|
187
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:openhab:openhab:-"/>
|
188
|
+
</fingerprint>
|
189
|
+
|
140
190
|
</fingerprints>
|
@@ -62,13 +62,13 @@
|
|
62
62
|
<fingerprint pattern="^Fedora Project$">
|
63
63
|
<description>Fedora Project</description>
|
64
64
|
<example>Fedora Project</example>
|
65
|
-
<param pos="0" name="os.vendor" value="
|
65
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
66
66
|
<param pos="0" name="service.vendor" value="X.Org"/>
|
67
67
|
<param pos="0" name="service.product" value="X.Org X11"/>
|
68
68
|
<param pos="0" name="service.cpe23" value="cpe:/a:x.org:x11:-"/>
|
69
|
-
<param pos="0" name="os.product" value="Fedora Core
|
69
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
70
70
|
<param pos="0" name="os.family" value="Linux"/>
|
71
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
71
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
|
72
72
|
</fingerprint>
|
73
73
|
|
74
74
|
<fingerprint pattern="^freedesktop\.org$">
|
@@ -106,6 +106,7 @@
|
|
106
106
|
<param pos="0" name="hw.vendor" value="Google"/>
|
107
107
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
108
108
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
109
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
109
110
|
<param pos="0" name="chromecast.generation" value="1"/>
|
110
111
|
</fingerprint>
|
111
112
|
|
@@ -127,6 +128,7 @@
|
|
127
128
|
<param pos="0" name="hw.vendor" value="Google"/>
|
128
129
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
129
130
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
131
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
130
132
|
<param pos="1" name="chromecast.generation"/>
|
131
133
|
<param pos="2" name="chromecast.capabilities"/>
|
132
134
|
</fingerprint>
|
@@ -225,7 +227,7 @@
|
|
225
227
|
<fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
|
226
228
|
<description>Cisco Video Communication Server</description>
|
227
229
|
<example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
|
228
|
-
<param pos="0" name="hw.device" value="Video
|
230
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
229
231
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
230
232
|
<param pos="0" name="hw.product" value="TelePresence"/>
|
231
233
|
</fingerprint>
|
@@ -357,4 +359,50 @@
|
|
357
359
|
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
358
360
|
</fingerprint>
|
359
361
|
|
362
|
+
<fingerprint pattern="^CN=Avaya cu360 (\S+)$">
|
363
|
+
<description>Avaya Video Conferencing Device - CU360</description>
|
364
|
+
<example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
|
365
|
+
<param pos="0" name="hw.vendor" value="Avaya"/>
|
366
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
367
|
+
<param pos="0" name="hw.product" value="CU360"/>
|
368
|
+
<param pos="1" name="hw.serial_number"/>
|
369
|
+
</fingerprint>
|
370
|
+
|
371
|
+
<fingerprint pattern="^CN=Roomba CA,OU=\S+,O=iRobot,L=Bedford,ST=MA,C=US$">
|
372
|
+
<description>Roomba Device</description>
|
373
|
+
<example hw.product="Roomba" hw.vendor="iRobot">CN=Roomba CA,OU=HBU,O=iRobot,L=Bedford,ST=MA,C=US</example>
|
374
|
+
<param pos="0" name="hw.vendor" value="iRobot"/>
|
375
|
+
<param pos="0" name="hw.device" value="Device"/>
|
376
|
+
<param pos="0" name="hw.product" value="Roomba"/>
|
377
|
+
</fingerprint>
|
378
|
+
|
379
|
+
<fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
|
380
|
+
<description>FreshTomato Router Firmware</description>
|
381
|
+
<example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
|
382
|
+
<param pos="0" name="os.vendor" value="FreshTomato"/>
|
383
|
+
<param pos="0" name="os.family" value="Linux"/>
|
384
|
+
<param pos="0" name="os.product" value="FreshTomato"/>
|
385
|
+
<param pos="0" name="os.device" value="Router"/>
|
386
|
+
</fingerprint>
|
387
|
+
|
388
|
+
<fingerprint pattern="(?i)^SERIALNUMBER=(\d+),CN=(\S+),OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE">
|
389
|
+
<description>Bosch Device</description>
|
390
|
+
<example hw.serial_number="111111111111111111" host.mac="00-07-5f-11-11-11">SERIALNUMBER=111111111111111111,CN=00-07-5f-11-11-11,OU=ST-VS,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,C=DE</example>
|
391
|
+
<param pos="0" name="os.vendor" value="Bosch"/>
|
392
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
393
|
+
<param pos="1" name="hw.serial_number"/>
|
394
|
+
<param pos="2" name="host.mac"/>
|
395
|
+
</fingerprint>
|
396
|
+
|
397
|
+
<fingerprint pattern="^CN=Proxmox Virtual Environment,OU=[a-f0-9-]+,O=PVE Cluster Manager CA$">
|
398
|
+
<description>Proxmox open-source virtualization platform</description>
|
399
|
+
<example>CN=Proxmox Virtual Environment,OU=dd69676f-e203-490e-b040-79b75ed6a9d7,O=PVE Cluster Manager CA</example>
|
400
|
+
<param pos="0" name="service.vendor" value="Proxmox"/>
|
401
|
+
<param pos="0" name="service.product" value="Virtual Environment"/>
|
402
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
|
403
|
+
<param pos="0" name="os.vendor" value="Proxmox"/>
|
404
|
+
<param pos="0" name="os.family" value="Linux"/>
|
405
|
+
<param pos="0" name="os.product" value="Proxmox"/>
|
406
|
+
</fingerprint>
|
407
|
+
|
360
408
|
</fingerprints>
|