recog 2.3.22 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +1 -1
  3. data/.github/workflows/verify.yml +1 -1
  4. data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
  5. data/.vscode/extensions.json +5 -0
  6. data/.vscode/settings.json +8 -0
  7. data/.vscode/tasks.json +77 -0
  8. data/CONTRIBUTING.md +2 -0
  9. data/bin/recog_verify +42 -7
  10. data/cpe-remap.yaml +20 -2
  11. data/features/data/schema_failure.xml +4 -0
  12. data/features/data/tests_with_failures.xml +6 -0
  13. data/features/support/hooks.rb +9 -0
  14. data/features/verify.feature +81 -17
  15. data/identifiers/hw_device.txt +2 -0
  16. data/identifiers/hw_product.txt +2 -0
  17. data/identifiers/os_device.txt +2 -0
  18. data/identifiers/os_family.txt +1 -0
  19. data/identifiers/os_product.txt +8 -1
  20. data/identifiers/service_product.txt +14 -0
  21. data/identifiers/vendor.txt +13 -1
  22. data/lib/recog/fingerprint.rb +21 -7
  23. data/lib/recog/fingerprint_parse_error.rb +10 -0
  24. data/lib/recog/verifier.rb +4 -4
  25. data/lib/recog/verify_reporter.rb +7 -6
  26. data/lib/recog/version.rb +1 -1
  27. data/requirements.txt +1 -1
  28. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  29. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  30. data/spec/data/external_example_fingerprint.xml +8 -0
  31. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  32. data/spec/lib/recog/db_spec.rb +84 -61
  33. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  34. data/spec/lib/recog/verify_reporter_spec.rb +8 -8
  35. data/update_cpes.py +129 -36
  36. data/xml/apache_os.xml +61 -19
  37. data/xml/architecture.xml +15 -1
  38. data/xml/dhcp_vendor_class.xml +1 -1
  39. data/xml/dns_versionbind.xml +16 -13
  40. data/xml/favicons.xml +87 -5
  41. data/xml/fingerprints.xsd +9 -1
  42. data/xml/ftp_banners.xml +131 -141
  43. data/xml/h323_callresp.xml +2 -2
  44. data/xml/hp_pjl_id.xml +81 -81
  45. data/xml/html_title.xml +178 -9
  46. data/xml/http_cookies.xml +83 -27
  47. data/xml/http_servers.xml +409 -269
  48. data/xml/http_wwwauth.xml +70 -37
  49. data/xml/imap_banners.xml +2 -2
  50. data/xml/nntp_banners.xml +8 -5
  51. data/xml/ntp_banners.xml +33 -33
  52. data/xml/operating_system.xml +92 -77
  53. data/xml/pop_banners.xml +17 -17
  54. data/xml/sip_banners.xml +16 -5
  55. data/xml/sip_user_agents.xml +122 -27
  56. data/xml/smb_native_lm.xml +5 -5
  57. data/xml/smb_native_os.xml +25 -25
  58. data/xml/smtp_banners.xml +132 -131
  59. data/xml/smtp_help.xml +1 -1
  60. data/xml/snmp_sysdescr.xml +1227 -1227
  61. data/xml/snmp_sysobjid.xml +2 -2
  62. data/xml/ssh_banners.xml +9 -5
  63. data/xml/telnet_banners.xml +49 -0
  64. data/xml/tls_jarm.xml +22 -2
  65. data/xml/x11_banners.xml +3 -3
  66. data/xml/x509_issuers.xml +3 -2
  67. data/xml/x509_subjects.xml +3 -3
  68. metadata +19 -3
  69. data/lib/recog/verifier_factory.rb +0 -13
@@ -6,7 +6,7 @@
6
6
 
7
7
  <!-- Windows begin -->
8
8
 
9
- <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
9
+ <fingerprint pattern="(?i)^(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?$">
10
10
  <description>Windows Server 2003 and later</description>
11
11
  <example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
12
12
  <example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
@@ -26,7 +26,7 @@
26
26
  <param pos="3" name="os.version"/>
27
27
  </fingerprint>
28
28
 
29
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows 10 Mobile(?:\s([a-z]+))?(?: Edition)?)$">
29
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows 10 Mobile(?:\s([a-z]+))??(?: Edition)?$">
30
30
  <description>Windows 10 Mobile</description>
31
31
  <example os.product="Windows 10 Mobile">Windows 10 Mobile Edition</example>
32
32
  <example os.product="Windows 10 Mobile" os.edition="Enterprise">Windows 10 Mobile Enterprise Edition</example>
@@ -38,7 +38,7 @@
38
38
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10_mobile:-"/>
39
39
  </fingerprint>
40
40
 
41
- <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:XP|Vista|7|8|8.1|10))(?:\s)?((?:[a-z]+|[a-z]+, )?(?:[a-z]+|[a-z]+\s[a-z]+)?)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
41
+ <fingerprint pattern="(?i)^(?:Microsoft )?(Windows (?:XP|Vista|7|8|8.1|10))(?:\s)?((?:[a-z]+|[a-z]+, )?(?:[a-z]+|[a-z]+\s[a-z]+)?)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?$">
42
42
  <description>Windows Desktop XP and later</description>
43
43
  <example os.product="Windows XP" os.edition="Professional">Windows XP Professional</example>
44
44
  <example os.product="Windows XP" os.edition="Tablet PC">Windows XP Tablet PC Edition</example>
@@ -56,9 +56,10 @@
56
56
  <param pos="3" name="os.version"/>
57
57
  </fingerprint>
58
58
 
59
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows 2000(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
59
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows 2000(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?(?:\s)?(SP\d|SP \d|Service Pack \d)?$">
60
60
  <description>Windows 2000</description>
61
61
  <example os.edition="Professional">Windows 2000 Professional</example>
62
+ <example os.edition="Professional" os.version="Service Pack 1">Windows 2000 Professional Service Pack 1</example>
62
63
  <example os.edition="Advanced Server">Windows 2000 Advanced Server</example>
63
64
  <param pos="0" name="os.vendor" value="Microsoft"/>
64
65
  <param pos="0" name="os.family" value="Windows"/>
@@ -68,7 +69,7 @@
68
69
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
69
70
  </fingerprint>
70
71
 
71
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?)$">
72
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?$">
72
73
  <description>Windows NT</description>
73
74
  <example os.version="3.51" os.edition="Server">Windows NT 3.51 Server</example>
74
75
  <example os.edition="Workstation">Windows NT Workstation</example>
@@ -82,7 +83,7 @@
82
83
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:{os.version}"/>
83
84
  </fingerprint>
84
85
 
85
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows Phone (\d|\d\.\d)?)$">
86
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows Phone (\d|\d\.\d)?$">
86
87
  <description>Windows Phone 7 and later</description>
87
88
  <example os.version="7.5">Windows Phone 7.5</example>
88
89
  <example os.version="8">Windows Phone 8</example>
@@ -93,7 +94,7 @@
93
94
  <param pos="0" name="os.device" value="Mobile"/>
94
95
  </fingerprint>
95
96
 
96
- <fingerprint pattern="^(?i:(?:Microsoft )?(Windows\s?(?:95|98|98SE|98 SE|98 Second Edition|ME|Millenium Edition)))$">
97
+ <fingerprint pattern="(?i)^(?:Microsoft )?(Windows\s?(?:95|98|98SE|98 SE|98 Second Edition|ME|Millenium Edition))$">
97
98
  <description>Windows 9x</description>
98
99
  <example os.product="Windows 98 SE">Windows 98 SE</example>
99
100
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -101,7 +102,7 @@
101
102
  <param pos="1" name="os.product"/>
102
103
  </fingerprint>
103
104
 
104
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.1)$">
105
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.1$">
105
106
  <description>Windows version 6.1 (Windows 7 or Windows Server 2008 R2)</description>
106
107
  <example>Windows 6.1</example>
107
108
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -109,7 +110,7 @@
109
110
  <param pos="0" name="os.product" value="Windows 7 or Windows Server 2008 R2"/>
110
111
  </fingerprint>
111
112
 
112
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.2)$">
113
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.2$">
113
114
  <description>Windows version 6.2 (Windows 8 or Windows Server 2012)</description>
114
115
  <example>Windows 6.2</example>
115
116
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -117,7 +118,7 @@
117
118
  <param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
118
119
  </fingerprint>
119
120
 
120
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.3)$">
121
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.3$">
121
122
  <description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
122
123
  <example>Windows 6.3</example>
123
124
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -125,7 +126,7 @@
125
126
  <param pos="0" name="os.product" value="Windows 8.1 or Windows Server 2012 R2"/>
126
127
  </fingerprint>
127
128
 
128
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 10.0)$">
129
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 10.0$">
129
130
  <description>Windows version 10.0 (Windows 10 or Windows Server 2016)</description>
130
131
  <example>Windows 10.0</example>
131
132
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -133,7 +134,7 @@
133
134
  <param pos="0" name="os.product" value="Windows 10 or Windows Server 2016"/>
134
135
  </fingerprint>
135
136
 
136
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows.*)$">
137
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows.*$">
137
138
  <description>Windows catch-all</description>
138
139
  <example>Windows for Workgroups 3.11</example>
139
140
  <example>Microsoft Windows</example>
@@ -148,7 +149,7 @@
148
149
 
149
150
  <!-- Liunx begin -->
150
151
 
151
- <fingerprint pattern="^(?i:Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?)$">
152
+ <fingerprint pattern="(?i)^Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?$">
152
153
  <description>Alpine Linux</description>
153
154
  <example os.version="3.4.0">Alpine Linux v3.4.0</example>
154
155
  <example os.version="2.7.0 rc6">Alpine Linux 2.7.0 rc6</example>
@@ -161,7 +162,7 @@
161
162
 
162
163
  <!-- Arch uses rolling releases where the version name just the date of an ISO release. -->
163
164
 
164
- <fingerprint pattern="^(?i:Arch Linux\s?(\d+?(?:\.\d+?)*?)?)$">
165
+ <fingerprint pattern="(?i)^Arch Linux\s?(\d+?(?:\.\d+?)*?)?$">
165
166
  <description>Arch Linux</description>
166
167
  <example os.version="2016.04.01">Arch Linux 2016.04.01</example>
167
168
  <param pos="0" name="os.vendor" value="Arch"/>
@@ -172,7 +173,7 @@
172
173
 
173
174
  <!-- Red Hat Enterprise Linux derivative -->
174
175
 
175
- <fingerprint pattern="^(?i:Amazon Linux(?: AMI)?\s?(\d+?(?:\.\d+?)*?)?)$">
176
+ <fingerprint pattern="(?i)^Amazon Linux(?: AMI)?\s?(\d+?(?:\.\d+?)*?)?$">
176
177
  <description>Amazon Linux AMI</description>
177
178
  <example os.version="5.11">Amazon Linux AMI 5.11</example>
178
179
  <example os.version="6.7">Amazon Linux 6.7</example>
@@ -185,7 +186,7 @@
185
186
 
186
187
  <!-- Red Hat Enterprise Linux derivative -->
187
188
 
188
- <fingerprint pattern="^(?i:CentOS(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?)(?:\s.*?)?$">
189
+ <fingerprint pattern="(?i)^CentOS(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?(?:\s.*?)?$">
189
190
  <description>Centos Linux</description>
190
191
  <example os.version="5.11">Centos Linux 5.11</example>
191
192
  <example os.version="6.7">CentOS 6.7</example>
@@ -198,7 +199,7 @@
198
199
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
199
200
  </fingerprint>
200
201
 
201
- <fingerprint pattern="^(?i:Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?)$">
202
+ <fingerprint pattern="(?i)^Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?$">
202
203
  <description>Debian Linux</description>
203
204
  <example os.version="6.0">Debian 6.0</example>
204
205
  <example os.version="7">Debian 7 (Wheezy)</example>
@@ -211,7 +212,7 @@
211
212
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
212
213
  </fingerprint>
213
214
 
214
- <fingerprint pattern="^(?i:Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?)$">
215
+ <fingerprint pattern="(?i)^Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?$">
215
216
  <description>Fedora Linux</description>
216
217
  <example os.version="6">Fedora Core 6</example>
217
218
  <example os.version="25">Fedora 25</example>
@@ -225,9 +226,10 @@
225
226
 
226
227
  <!-- Gentoo currently uses rolling releases with no version, but older versions were typically based on the year of release. -->
227
228
 
228
- <fingerprint pattern="^(?i:Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
229
+ <fingerprint pattern="(?i)^Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?$">
229
230
  <description>Gentoo Linux</description>
230
231
  <example>Gentoo Linux</example>
232
+ <example os.version="1.0">Gentoo Linux 1.0</example>
231
233
  <param pos="0" name="os.vendor" value="Gentoo"/>
232
234
  <param pos="0" name="os.family" value="Linux"/>
233
235
  <param pos="0" name="os.product" value="Linux"/>
@@ -237,7 +239,7 @@
237
239
 
238
240
  <!-- Kali switched to rolling release in January 2016. -->
239
241
 
240
- <fingerprint pattern="^(?i:Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?)$">
242
+ <fingerprint pattern="(?i)^Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?$">
241
243
  <description>Kali Linux</description>
242
244
  <example os.version="1.0.0">Kali Linux 1.0.0</example>
243
245
  <example os.version="1.1.0a">Kali 1.1.0a</example>
@@ -251,9 +253,9 @@
251
253
 
252
254
  <!-- Ubuntu derivative -->
253
255
 
254
- <fingerprint pattern="^(?i:Kubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
256
+ <fingerprint pattern="(?i)^Kubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
255
257
  <description>Kubuntu Linux</description>
256
- <example os.version="12.04.4">Kubuntu 12.04.4 LTS</example>
258
+ <example os.version="12.04.4" os.edition="LTS">Kubuntu 12.04.4 LTS</example>
257
259
  <example os.version="14.04">Kubuntu Linux 14.04</example>
258
260
  <example os.version="16.04" os.edition="LTS">Kubuntu 16.04 LTS</example>
259
261
  <param pos="0" name="os.vendor" value="Kubuntu"/>
@@ -265,7 +267,7 @@
265
267
 
266
268
  <!-- Red Hat Enterprise Linux derivative -->
267
269
 
268
- <fingerprint pattern="^(?i:Oracle(?: Enterprise)? Linux\s?(?:Server\s?)?(\d+?(?:\.\d+?)*?)?)$">
270
+ <fingerprint pattern="(?i)^Oracle(?: Enterprise)? Linux\s?(?:Server\s?)?(\d+?(?:\.\d+?)*?)?$">
269
271
  <description>Oracle Enterprise Linux</description>
270
272
  <example os.version="5.11">Oracle Enterprise Linux 5.11</example>
271
273
  <example os.version="6.7">Oracle Linux 6.7</example>
@@ -276,7 +278,7 @@
276
278
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:linux:{os.version}"/>
277
279
  </fingerprint>
278
280
 
279
- <fingerprint pattern="^(?i:OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?)$">
281
+ <fingerprint pattern="(?i)^OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?$">
280
282
  <description>OpenSUSE Linux</description>
281
283
  <example os.version="10.1">OpenSUSE Linux 10.1</example>
282
284
  <example os.version="13.2">OpenSUSE 13.2</example>
@@ -287,7 +289,7 @@
287
289
  <param pos="1" name="os.version"/>
288
290
  </fingerprint>
289
291
 
290
- <fingerprint pattern="^(?i:(?:Red Hat|RedHat|Red-Hat|RHEL)(?: Enterprise)?(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?)$">
292
+ <fingerprint pattern="(?i)^(?:Red Hat|RedHat|Red-Hat|RHEL)(?: Enterprise)?(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?$">
291
293
  <description>Red Hat Enterprise Linux</description>
292
294
  <example>Red Hat Enterprise Linux AS</example>
293
295
  <example os.version="5.11">Red Hat Enterprise Linux 5.11</example>
@@ -303,7 +305,7 @@
303
305
 
304
306
  <!-- Red Hat Enterprise Linux derivative -->
305
307
 
306
- <fingerprint pattern="^(?i:Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?)$">
308
+ <fingerprint pattern="(?i)^Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?$">
307
309
  <description>Scientific Linux</description>
308
310
  <example os.version="5.11">Scientific Linux 5.11</example>
309
311
  <example os.version="6.7">Scientific 6.7</example>
@@ -314,7 +316,7 @@
314
316
  <param pos="1" name="os.version"/>
315
317
  </fingerprint>
316
318
 
317
- <fingerprint pattern="^(?i:Slackware(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
319
+ <fingerprint pattern="(?i)^Slackware(?: Linux)\s?(\d+?(?:\.\d+?)*?)?$">
318
320
  <description>Slackware Linux</description>
319
321
  <example os.version="14.1">Slackware Linux 14.1</example>
320
322
  <param pos="0" name="os.vendor" value="Slackware"/>
@@ -323,7 +325,7 @@
323
325
  <param pos="1" name="os.version"/>
324
326
  </fingerprint>
325
327
 
326
- <fingerprint pattern="^(?i:SUSE(?: SLED)?(?: Linux Enterprise Desktop)?\s?(\d+?(?:\.\d+?)*?)?)$">
328
+ <fingerprint pattern="(?i)^SUSE(?: SLED)?(?: Linux Enterprise Desktop)?\s?(\d+?(?:\.\d+?)*?)?$">
327
329
  <description>SUSE Linux Enterprise Desktop</description>
328
330
  <example os.version="11">SUSE SLED 11</example>
329
331
  <example os.version="12">SUSE Linux Enterprise Desktop 12</example>
@@ -334,7 +336,7 @@
334
336
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_desktop:{os.version}"/>
335
337
  </fingerprint>
336
338
 
337
- <fingerprint pattern="^(?i:SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
339
+ <fingerprint pattern="(?i)^SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?$">
338
340
  <description>SUSE Linux Enterprise Server</description>
339
341
  <example os.version="11">SUSE SLES 11</example>
340
342
  <example os.version="12">SUSE Linux Enterprise Server 12</example>
@@ -345,7 +347,7 @@
345
347
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
346
348
  </fingerprint>
347
349
 
348
- <fingerprint pattern="^(?i:SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
350
+ <fingerprint pattern="(?i)^SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?$">
349
351
  <description>SLES Linux Enterprise Server</description>
350
352
  <example os.version="11">SLES 11</example>
351
353
  <example os.version="12">SLES Linux Enterprise Server 12</example>
@@ -356,9 +358,9 @@
356
358
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
357
359
  </fingerprint>
358
360
 
359
- <fingerprint pattern="^(?i:Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
361
+ <fingerprint pattern="(?i)^Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
360
362
  <description>Ubuntu Linux</description>
361
- <example os.version="12.04.4">Ubuntu 12.04.4 LTS</example>
363
+ <example os.version="12.04.4" os.edition="LTS">Ubuntu 12.04.4 LTS</example>
362
364
  <example os.version="14.04">Ubuntu Linux 14.04</example>
363
365
  <example os.version="16.04" os.edition="LTS">Ubuntu 16.04 LTS</example>
364
366
  <example os.version="16.04" os.edition="LTS">Ubuntu-16.04 LTS</example>
@@ -372,9 +374,9 @@
372
374
 
373
375
  <!-- Ubuntu derivative -->
374
376
 
375
- <fingerprint pattern="^(?i:Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
377
+ <fingerprint pattern="(?i)^Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
376
378
  <description>Xubuntu Linux</description>
377
- <example os.version="12.04.4">Xubuntu 12.04.4 LTS</example>
379
+ <example os.version="12.04.4" os.edition="LTS">Xubuntu 12.04.4 LTS</example>
378
380
  <example os.version="14.04">Xubuntu Linux 14.04</example>
379
381
  <example os.version="16.04" os.edition="LTS">Xubuntu 16.04 LTS</example>
380
382
  <param pos="0" name="os.vendor" value="Xubuntu"/>
@@ -384,7 +386,7 @@
384
386
  <param pos="2" name="os.edition"/>
385
387
  </fingerprint>
386
388
 
387
- <fingerprint pattern="^(?i:VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?)$">
389
+ <fingerprint pattern="(?i)^VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?$">
388
390
  <description>Photon Linux</description>
389
391
  <example>VMware Photon Linux</example>
390
392
  <example os.version="1.0">VMWare Photon 1.0</example>
@@ -426,7 +428,7 @@
426
428
 
427
429
  <!-- Match Mac OS Classic first due to weak matching on Mac OS X -->
428
430
 
429
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?))$">
431
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?)$">
430
432
  <description>Mac OS 9</description>
431
433
  <example os.version="9">Mac OS 9</example>
432
434
  <example os.version="9.0.5">Mac OS 9.0.5</example>
@@ -437,7 +439,7 @@
437
439
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:{os.version}"/>
438
440
  </fingerprint>
439
441
 
440
- <fingerprint pattern="^(?i:(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?)$">
442
+ <fingerprint pattern="(?i)^(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?$">
441
443
  <description>Mac OS X with version number</description>
442
444
  <example os.version="10.10.5">Mac OS X 10.10.5</example>
443
445
  <example os.version="10">Mac OS X 10</example>
@@ -449,7 +451,7 @@
449
451
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
450
452
  </fingerprint>
451
453
 
452
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Cheetah)$">
454
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Cheetah$">
453
455
  <description>Mac OS X Cheetah</description>
454
456
  <example os.version="10.0">Mac OS X Cheetah</example>
455
457
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -459,7 +461,7 @@
459
461
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.0"/>
460
462
  </fingerprint>
461
463
 
462
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Puma)$">
464
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Puma$">
463
465
  <description>Mac OS X Puma</description>
464
466
  <example os.version="10.1">Mac OS X Puma</example>
465
467
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -469,7 +471,7 @@
469
471
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.1"/>
470
472
  </fingerprint>
471
473
 
472
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Jaguar)$">
474
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Jaguar$">
473
475
  <description>Mac OS X Jaguar</description>
474
476
  <example os.version="10.2">Mac OS X Jaguar</example>
475
477
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -479,7 +481,7 @@
479
481
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.2"/>
480
482
  </fingerprint>
481
483
 
482
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Panther)$">
484
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Panther$">
483
485
  <description>Mac OS X Panther</description>
484
486
  <example os.version="10.3">Mac OS X Panther</example>
485
487
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -489,7 +491,7 @@
489
491
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.3"/>
490
492
  </fingerprint>
491
493
 
492
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Tiger)$">
494
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Tiger$">
493
495
  <description>Mac OS X Tiger</description>
494
496
  <example os.version="10.4">Mac OS X Tiger</example>
495
497
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -499,7 +501,7 @@
499
501
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.4"/>
500
502
  </fingerprint>
501
503
 
502
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Leopard)$">
504
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Leopard$">
503
505
  <description>Mac OS X Leopard</description>
504
506
  <example os.version="10.5">Mac OS X Leopard</example>
505
507
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -509,7 +511,7 @@
509
511
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
510
512
  </fingerprint>
511
513
 
512
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Snow Leopard)$">
514
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Snow Leopard$">
513
515
  <description>Mac OS X Snow Leopard</description>
514
516
  <example os.version="10.6">Mac OS X Snow Leopard</example>
515
517
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -519,7 +521,7 @@
519
521
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
520
522
  </fingerprint>
521
523
 
522
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Lion)$">
524
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Lion$">
523
525
  <description>Mac OS X Lion</description>
524
526
  <example os.version="10.7">Mac OS X Lion</example>
525
527
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -529,7 +531,7 @@
529
531
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.7"/>
530
532
  </fingerprint>
531
533
 
532
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mountain Lion)$">
534
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Mountain Lion$">
533
535
  <description>Mac OS X Mountain Lion</description>
534
536
  <example os.version="10.8">Mac OS X Mountain Lion</example>
535
537
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -539,7 +541,7 @@
539
541
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.8"/>
540
542
  </fingerprint>
541
543
 
542
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mavericks)$">
544
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Mavericks$">
543
545
  <description>Mac OS X Mavericks</description>
544
546
  <example os.version="10.9">Mac OS X Mavericks</example>
545
547
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -549,7 +551,7 @@
549
551
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.9"/>
550
552
  </fingerprint>
551
553
 
552
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Yosemite)$">
554
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Yosemite$">
553
555
  <description>Mac OS X Yosemite</description>
554
556
  <example os.version="10.10">Mac OS X Yosemite</example>
555
557
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -559,7 +561,7 @@
559
561
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
560
562
  </fingerprint>
561
563
 
562
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X El Capitan)$">
564
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X El Capitan$">
563
565
  <description>Mac OS X El Capitan</description>
564
566
  <example os.version="10.11">Mac OS X El Capitan</example>
565
567
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -571,7 +573,7 @@
571
573
 
572
574
  <!-- This can also match Cisco IOS if the vendor name is not present. -->
573
575
 
574
- <fingerprint pattern="^(?i:(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?)$">
576
+ <fingerprint pattern="(?i)^(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?$">
575
577
  <description>Apple iOS for iPhone and iPad</description>
576
578
  <example os.version="7.1.2">iOS 7.1.2</example>
577
579
  <example os.version="8">iOS 8</example>
@@ -590,11 +592,11 @@
590
592
 
591
593
  <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
592
594
  <description>Many BSD family OSes</description>
593
- <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
594
- <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
595
- <example os.version="7.0" os.product="NetBSD">NetBSD 7.0</example>
596
- <example os.version="5.9" os.product="OpenBSD">OpenBSD 5.9</example>
597
- <example os.product="PC-BSD">PC-BSD</example>
595
+ <example os.version="10.3-RELEASE" os.product="FreeBSD" os.vendor="FreeBSD" os.family="FreeBSD">FreeBSD 10.3-RELEASE</example>
596
+ <example os.version="10.3-RELEASE-p4" os.product="FreeBSD" os.vendor="FreeBSD" os.family="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
597
+ <example os.version="7.0" os.product="NetBSD" os.vendor="NetBSD" os.family="NetBSD">NetBSD 7.0</example>
598
+ <example os.version="5.9" os.product="OpenBSD" os.vendor="OpenBSD" os.family="OpenBSD">OpenBSD 5.9</example>
599
+ <example os.product="PC-BSD" os.vendor="PC-BSD" os.family="PC-BSD">PC-BSD</example>
598
600
  <param pos="1" name="os.vendor"/>
599
601
  <param pos="1" name="os.family"/>
600
602
  <param pos="1" name="os.product"/>
@@ -615,7 +617,7 @@
615
617
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
616
618
  </fingerprint>
617
619
 
618
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?)$">
620
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?$">
619
621
  <description>Solaris 11 and up</description>
620
622
  <example os.version="11.3">Solaris 11.3</example>
621
623
  <example os.version="11">Solaris 11</example>
@@ -626,7 +628,7 @@
626
628
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
627
629
  </fingerprint>
628
630
 
629
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?)$">
631
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?$">
630
632
  <description>Solaris 7-10</description>
631
633
  <example os.version="7">Solaris 7</example>
632
634
  <example os.version="7.3">Solaris 7.3</example>
@@ -639,7 +641,7 @@
639
641
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
640
642
  </fingerprint>
641
643
 
642
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?)$">
644
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?$">
643
645
  <description>SunOS/Solaris 5.7-5.10</description>
644
646
  <example os.version="7">SunOS 5.7</example>
645
647
  <example os.version="10">SunOS 5.10</example>
@@ -650,7 +652,7 @@
650
652
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
651
653
  </fingerprint>
652
654
 
653
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?)$">
655
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?$">
654
656
  <description>Oracle/Solaris 5.11 and upwards</description>
655
657
  <example os.version="11">SunOS 5.11</example>
656
658
  <param pos="0" name="os.vendor" value="Oracle"/>
@@ -660,26 +662,33 @@
660
662
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
661
663
  </fingerprint>
662
664
 
663
- <fingerprint pattern="^(?i:(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?)$">
665
+ <fingerprint pattern="(?i)^(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?$">
664
666
  <description>IBM OSes</description>
665
- <example os.product="AIX">AIX</example>
666
- <example os.product="MVS">IBM MVS</example>
667
- <example os.product="OS/2">IBM OS/2</example>
668
- <example os.product="OS/390">IBM OS/390</example>
669
- <example os.product="OS/400">OS/400</example>
670
- <example os.product="VM/CMS">IBM VM/CMS</example>
671
- <example os.product="VM/ESA">IBM VM/ESA</example>
672
- <example os.product="z/OS">IBM z/OS</example>
667
+ <example os.product="AIX" os.family="AIX">AIX</example>
668
+ <example os.product="MVS" os.family="MVS">IBM MVS</example>
669
+ <example os.product="OS/2" os.family="OS/2">IBM OS/2</example>
670
+ <example os.product="OS/390" os.family="OS/390">IBM OS/390</example>
671
+ <example os.product="OS/400" os.family="OS/400">OS/400</example>
672
+ <example os.product="VM/CMS" os.family="VM/CMS">IBM VM/CMS</example>
673
+ <example os.product="VM/ESA" os.family="VM/ESA">IBM VM/ESA</example>
674
+ <example os.product="z/OS" os.family="z/OS">IBM z/OS</example>
675
+ <example os.product="z/OS" os.family="z/OS" os.version="1.0">IBM z/OS 1.0</example>
673
676
  <param pos="0" name="os.vendor" value="IBM"/>
674
677
  <param pos="1" name="os.family"/>
675
678
  <param pos="1" name="os.product"/>
676
679
  <param pos="2" name="os.version"/>
677
680
  </fingerprint>
678
681
 
679
- <fingerprint pattern="^(?i:(?:HP\s?)?(Digital UNIX|HP-UX|iLO|OpenVMS|ProLiant|Tru64 UNIX)\s?(\d+?(?:\.\d+?)*?)?)$">
682
+ <fingerprint pattern="(?i)^(?:HP\s?)?(Digital UNIX|HP-UX|iLO|OpenVMS|ProLiant|Tru64 UNIX)\s?V?(\d+(?:\.\d+)*(?:-[\dA-Z]+)?)?$">
680
683
  <description>HP OSes</description>
681
- <example os.product="HP-UX">HP-UX</example>
682
- <example os.product="OpenVMS">OpenVMS</example>
684
+ <example os.product="HP-UX" os.family="HP-UX">HP-UX</example>
685
+ <example os.product="OpenVMS" os.family="OpenVMS">OpenVMS</example>
686
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="6.2">OpenVMS 6.2</example>
687
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="7.3-2">OpenVMS V7.3-2</example>
688
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.2-1">OpenVMS V8.2-1</example>
689
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.3">OpenVMS V8.3</example>
690
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.3-1H1">OpenVMS V8.3-1H1</example>
691
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.4-2L1">OpenVMS V8.4-2L1</example>
683
692
  <param pos="0" name="os.vendor" value="HP"/>
684
693
  <param pos="1" name="os.family"/>
685
694
  <param pos="1" name="os.product"/>
@@ -690,10 +699,12 @@
690
699
 
691
700
  <!-- Network equipment begin -->
692
701
 
693
- <fingerprint pattern="^(?i:(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+?(?:\.\d+?)*?)?)$">
702
+ <fingerprint pattern="(?i)^(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+(?:\.\d+?)*(?:X\d{2})?)?$">
694
703
  <description>Juniper</description>
695
- <example>Junos</example>
696
- <example>ScreenOS</example>
704
+ <example os.family="Junos" os.product="Junos">Junos</example>
705
+ <example os.family="Junos" os.product="Junos" os.version="4.4">Junos 4.4</example>
706
+ <example os.family="Junos" os.product="Junos" os.version="12.1X44">Junos 12.1X44</example>
707
+ <example os.family="ScreenOS" os.product="ScreenOS">ScreenOS</example>
697
708
  <param pos="0" name="os.vendor" value="Juniper"/>
698
709
  <param pos="1" name="os.family"/>
699
710
  <param pos="1" name="os.product"/>
@@ -702,10 +713,14 @@
702
713
 
703
714
  <!-- This needs to be improved if it's not how one would generally present a Cisco OS version. -->
704
715
 
705
- <fingerprint pattern="^(?i:(?:Cisco\s?)?(ASA|Adaptive Security Appliance|IOS|IOS-XE|IOS-XR|NX-OS|PIX-OS|SAN-OS)\s?(?:Version (\S+))?)$">
716
+ <fingerprint pattern="(?i)^(?:Cisco\s?)?(ASA|Adaptive Security Appliance|IOS|IOS-XE|IOS-XR|NX-OS|PIX-OS|SAN-OS)\s?(?:Version (\d+(?:\.\d+)*(?:\(\d+(?:\.\d+)*\))?))?$">
706
717
  <description>Cisco</description>
707
- <example>Cisco ASA</example>
708
- <example>Cisco IOS</example>
718
+ <example os.family="ASA" os.product="ASA">Cisco ASA</example>
719
+ <example os.family="IOS" os.product="IOS">Cisco IOS</example>
720
+ <example os.family="ASA" os.product="ASA" os.version="7.0(1)">Cisco ASA Version 7.0(1)</example>
721
+ <example os.family="ASA" os.product="ASA" os.version="8.2(4.4)">Cisco ASA Version 8.2(4.4)</example>
722
+ <example os.family="ASA" os.product="ASA" os.version="8.3(2.25)">Cisco ASA Version 8.3(2.25)</example>
723
+ <example os.family="ASA" os.product="ASA" os.version="9.5(2.200)">Cisco ASA Version 9.5(2.200)</example>
709
724
  <param pos="0" name="os.vendor" value="Cisco"/>
710
725
  <param pos="1" name="os.family"/>
711
726
  <param pos="1" name="os.product"/>