recog 2.3.22 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +1 -1
  3. data/.github/workflows/verify.yml +1 -1
  4. data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
  5. data/.vscode/extensions.json +5 -0
  6. data/.vscode/settings.json +8 -0
  7. data/.vscode/tasks.json +77 -0
  8. data/CONTRIBUTING.md +2 -0
  9. data/bin/recog_verify +42 -7
  10. data/cpe-remap.yaml +20 -2
  11. data/features/data/schema_failure.xml +4 -0
  12. data/features/data/tests_with_failures.xml +6 -0
  13. data/features/support/hooks.rb +9 -0
  14. data/features/verify.feature +81 -17
  15. data/identifiers/hw_device.txt +2 -0
  16. data/identifiers/hw_product.txt +2 -0
  17. data/identifiers/os_device.txt +2 -0
  18. data/identifiers/os_family.txt +1 -0
  19. data/identifiers/os_product.txt +8 -1
  20. data/identifiers/service_product.txt +14 -0
  21. data/identifiers/vendor.txt +13 -1
  22. data/lib/recog/fingerprint.rb +21 -7
  23. data/lib/recog/fingerprint_parse_error.rb +10 -0
  24. data/lib/recog/verifier.rb +4 -4
  25. data/lib/recog/verify_reporter.rb +7 -6
  26. data/lib/recog/version.rb +1 -1
  27. data/requirements.txt +1 -1
  28. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  29. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  30. data/spec/data/external_example_fingerprint.xml +8 -0
  31. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  32. data/spec/lib/recog/db_spec.rb +84 -61
  33. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  34. data/spec/lib/recog/verify_reporter_spec.rb +8 -8
  35. data/update_cpes.py +129 -36
  36. data/xml/apache_os.xml +61 -19
  37. data/xml/architecture.xml +15 -1
  38. data/xml/dhcp_vendor_class.xml +1 -1
  39. data/xml/dns_versionbind.xml +16 -13
  40. data/xml/favicons.xml +87 -5
  41. data/xml/fingerprints.xsd +9 -1
  42. data/xml/ftp_banners.xml +131 -141
  43. data/xml/h323_callresp.xml +2 -2
  44. data/xml/hp_pjl_id.xml +81 -81
  45. data/xml/html_title.xml +178 -9
  46. data/xml/http_cookies.xml +83 -27
  47. data/xml/http_servers.xml +409 -269
  48. data/xml/http_wwwauth.xml +70 -37
  49. data/xml/imap_banners.xml +2 -2
  50. data/xml/nntp_banners.xml +8 -5
  51. data/xml/ntp_banners.xml +33 -33
  52. data/xml/operating_system.xml +92 -77
  53. data/xml/pop_banners.xml +17 -17
  54. data/xml/sip_banners.xml +16 -5
  55. data/xml/sip_user_agents.xml +122 -27
  56. data/xml/smb_native_lm.xml +5 -5
  57. data/xml/smb_native_os.xml +25 -25
  58. data/xml/smtp_banners.xml +132 -131
  59. data/xml/smtp_help.xml +1 -1
  60. data/xml/snmp_sysdescr.xml +1227 -1227
  61. data/xml/snmp_sysobjid.xml +2 -2
  62. data/xml/ssh_banners.xml +9 -5
  63. data/xml/telnet_banners.xml +49 -0
  64. data/xml/tls_jarm.xml +22 -2
  65. data/xml/x11_banners.xml +3 -3
  66. data/xml/x509_issuers.xml +3 -2
  67. data/xml/x509_subjects.xml +3 -3
  68. metadata +19 -3
  69. data/lib/recog/verifier_factory.rb +0 -13
data/xml/operating_system.xml CHANGED
@@ -6,7 +6,7 @@
6
6
 
7
7
  <!-- Windows begin -->
8
8
 
9
- <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
9
+ <fingerprint pattern="(?i)^(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?$">
10
10
  <description>Windows Server 2003 and later</description>
11
11
  <example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
12
12
  <example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
@@ -26,7 +26,7 @@
26
26
  <param pos="3" name="os.version"/>
27
27
  </fingerprint>
28
28
 
29
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows 10 Mobile(?:\s([a-z]+))?(?: Edition)?)$">
29
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows 10 Mobile(?:\s([a-z]+))??(?: Edition)?$">
30
30
  <description>Windows 10 Mobile</description>
31
31
  <example os.product="Windows 10 Mobile">Windows 10 Mobile Edition</example>
32
32
  <example os.product="Windows 10 Mobile" os.edition="Enterprise">Windows 10 Mobile Enterprise Edition</example>
@@ -38,7 +38,7 @@
38
38
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10_mobile:-"/>
39
39
  </fingerprint>
40
40
 
41
- <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:XP|Vista|7|8|8.1|10))(?:\s)?((?:[a-z]+|[a-z]+, )?(?:[a-z]+|[a-z]+\s[a-z]+)?)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
41
+ <fingerprint pattern="(?i)^(?:Microsoft )?(Windows (?:XP|Vista|7|8|8.1|10))(?:\s)?((?:[a-z]+|[a-z]+, )?(?:[a-z]+|[a-z]+\s[a-z]+)?)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?$">
42
42
  <description>Windows Desktop XP and later</description>
43
43
  <example os.product="Windows XP" os.edition="Professional">Windows XP Professional</example>
44
44
  <example os.product="Windows XP" os.edition="Tablet PC">Windows XP Tablet PC Edition</example>
@@ -56,9 +56,10 @@
56
56
  <param pos="3" name="os.version"/>
57
57
  </fingerprint>
58
58
 
59
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows 2000(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
59
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows 2000(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?(?:\s)?(SP\d|SP \d|Service Pack \d)?$">
60
60
  <description>Windows 2000</description>
61
61
  <example os.edition="Professional">Windows 2000 Professional</example>
62
+ <example os.edition="Professional" os.version="Service Pack 1">Windows 2000 Professional Service Pack 1</example>
62
63
  <example os.edition="Advanced Server">Windows 2000 Advanced Server</example>
63
64
  <param pos="0" name="os.vendor" value="Microsoft"/>
64
65
  <param pos="0" name="os.family" value="Windows"/>
@@ -68,7 +69,7 @@
68
69
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
69
70
  </fingerprint>
70
71
 
71
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?)$">
72
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?$">
72
73
  <description>Windows NT</description>
73
74
  <example os.version="3.51" os.edition="Server">Windows NT 3.51 Server</example>
74
75
  <example os.edition="Workstation">Windows NT Workstation</example>
@@ -82,7 +83,7 @@
82
83
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:{os.version}"/>
83
84
  </fingerprint>
84
85
 
85
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows Phone (\d|\d\.\d)?)$">
86
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows Phone (\d|\d\.\d)?$">
86
87
  <description>Windows Phone 7 and later</description>
87
88
  <example os.version="7.5">Windows Phone 7.5</example>
88
89
  <example os.version="8">Windows Phone 8</example>
@@ -93,7 +94,7 @@
93
94
  <param pos="0" name="os.device" value="Mobile"/>
94
95
  </fingerprint>
95
96
 
96
- <fingerprint pattern="^(?i:(?:Microsoft )?(Windows\s?(?:95|98|98SE|98 SE|98 Second Edition|ME|Millenium Edition)))$">
97
+ <fingerprint pattern="(?i)^(?:Microsoft )?(Windows\s?(?:95|98|98SE|98 SE|98 Second Edition|ME|Millenium Edition))$">
97
98
  <description>Windows 9x</description>
98
99
  <example os.product="Windows 98 SE">Windows 98 SE</example>
99
100
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -101,7 +102,7 @@
101
102
  <param pos="1" name="os.product"/>
102
103
  </fingerprint>
103
104
 
104
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.1)$">
105
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.1$">
105
106
  <description>Windows version 6.1 (Windows 7 or Windows Server 2008 R2)</description>
106
107
  <example>Windows 6.1</example>
107
108
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -109,7 +110,7 @@
109
110
  <param pos="0" name="os.product" value="Windows 7 or Windows Server 2008 R2"/>
110
111
  </fingerprint>
111
112
 
112
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.2)$">
113
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.2$">
113
114
  <description>Windows version 6.2 (Windows 8 or Windows Server 2012)</description>
114
115
  <example>Windows 6.2</example>
115
116
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -117,7 +118,7 @@
117
118
  <param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
118
119
  </fingerprint>
119
120
 
120
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.3)$">
121
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 6.3$">
121
122
  <description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
122
123
  <example>Windows 6.3</example>
123
124
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -125,7 +126,7 @@
125
126
  <param pos="0" name="os.product" value="Windows 8.1 or Windows Server 2012 R2"/>
126
127
  </fingerprint>
127
128
 
128
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 10.0)$">
129
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows(?:\sNT)? 10.0$">
129
130
  <description>Windows version 10.0 (Windows 10 or Windows Server 2016)</description>
130
131
  <example>Windows 10.0</example>
131
132
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -133,7 +134,7 @@
133
134
  <param pos="0" name="os.product" value="Windows 10 or Windows Server 2016"/>
134
135
  </fingerprint>
135
136
 
136
- <fingerprint pattern="^(?i:(?:Microsoft )?Windows.*)$">
137
+ <fingerprint pattern="(?i)^(?:Microsoft )?Windows.*$">
137
138
  <description>Windows catch-all</description>
138
139
  <example>Windows for Workgroups 3.11</example>
139
140
  <example>Microsoft Windows</example>
@@ -148,7 +149,7 @@
148
149
 
149
150
  <!-- Liunx begin -->
150
151
 
151
- <fingerprint pattern="^(?i:Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?)$">
152
+ <fingerprint pattern="(?i)^Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?$">
152
153
  <description>Alpine Linux</description>
153
154
  <example os.version="3.4.0">Alpine Linux v3.4.0</example>
154
155
  <example os.version="2.7.0 rc6">Alpine Linux 2.7.0 rc6</example>
@@ -161,7 +162,7 @@
161
162
 
162
163
  <!-- Arch uses rolling releases where the version name just the date of an ISO release. -->
163
164
 
164
- <fingerprint pattern="^(?i:Arch Linux\s?(\d+?(?:\.\d+?)*?)?)$">
165
+ <fingerprint pattern="(?i)^Arch Linux\s?(\d+?(?:\.\d+?)*?)?$">
165
166
  <description>Arch Linux</description>
166
167
  <example os.version="2016.04.01">Arch Linux 2016.04.01</example>
167
168
  <param pos="0" name="os.vendor" value="Arch"/>
@@ -172,7 +173,7 @@
172
173
 
173
174
  <!-- Red Hat Enterprise Linux derivative -->
174
175
 
175
- <fingerprint pattern="^(?i:Amazon Linux(?: AMI)?\s?(\d+?(?:\.\d+?)*?)?)$">
176
+ <fingerprint pattern="(?i)^Amazon Linux(?: AMI)?\s?(\d+?(?:\.\d+?)*?)?$">
176
177
  <description>Amazon Linux AMI</description>
177
178
  <example os.version="5.11">Amazon Linux AMI 5.11</example>
178
179
  <example os.version="6.7">Amazon Linux 6.7</example>
@@ -185,7 +186,7 @@
185
186
 
186
187
  <!-- Red Hat Enterprise Linux derivative -->
187
188
 
188
- <fingerprint pattern="^(?i:CentOS(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?)(?:\s.*?)?$">
189
+ <fingerprint pattern="(?i)^CentOS(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?(?:\s.*?)?$">
189
190
  <description>Centos Linux</description>
190
191
  <example os.version="5.11">Centos Linux 5.11</example>
191
192
  <example os.version="6.7">CentOS 6.7</example>
@@ -198,7 +199,7 @@
198
199
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
199
200
  </fingerprint>
200
201
 
201
- <fingerprint pattern="^(?i:Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?)$">
202
+ <fingerprint pattern="(?i)^Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?$">
202
203
  <description>Debian Linux</description>
203
204
  <example os.version="6.0">Debian 6.0</example>
204
205
  <example os.version="7">Debian 7 (Wheezy)</example>
@@ -211,7 +212,7 @@
211
212
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
212
213
  </fingerprint>
213
214
 
214
- <fingerprint pattern="^(?i:Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?)$">
215
+ <fingerprint pattern="(?i)^Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?$">
215
216
  <description>Fedora Linux</description>
216
217
  <example os.version="6">Fedora Core 6</example>
217
218
  <example os.version="25">Fedora 25</example>
@@ -225,9 +226,10 @@
225
226
 
226
227
  <!-- Gentoo currently uses rolling releases with no version, but older versions were typically based on the year of release. -->
227
228
 
228
- <fingerprint pattern="^(?i:Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
229
+ <fingerprint pattern="(?i)^Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?$">
229
230
  <description>Gentoo Linux</description>
230
231
  <example>Gentoo Linux</example>
232
+ <example os.version="1.0">Gentoo Linux 1.0</example>
231
233
  <param pos="0" name="os.vendor" value="Gentoo"/>
232
234
  <param pos="0" name="os.family" value="Linux"/>
233
235
  <param pos="0" name="os.product" value="Linux"/>
@@ -237,7 +239,7 @@
237
239
 
238
240
  <!-- Kali switched to rolling release in January 2016. -->
239
241
 
240
- <fingerprint pattern="^(?i:Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?)$">
242
+ <fingerprint pattern="(?i)^Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?$">
241
243
  <description>Kali Linux</description>
242
244
  <example os.version="1.0.0">Kali Linux 1.0.0</example>
243
245
  <example os.version="1.1.0a">Kali 1.1.0a</example>
@@ -251,9 +253,9 @@
251
253
 
252
254
  <!-- Ubuntu derivative -->
253
255
 
254
- <fingerprint pattern="^(?i:Kubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
256
+ <fingerprint pattern="(?i)^Kubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
255
257
  <description>Kubuntu Linux</description>
256
- <example os.version="12.04.4">Kubuntu 12.04.4 LTS</example>
258
+ <example os.version="12.04.4" os.edition="LTS">Kubuntu 12.04.4 LTS</example>
257
259
  <example os.version="14.04">Kubuntu Linux 14.04</example>
258
260
  <example os.version="16.04" os.edition="LTS">Kubuntu 16.04 LTS</example>
259
261
  <param pos="0" name="os.vendor" value="Kubuntu"/>
@@ -265,7 +267,7 @@
265
267
 
266
268
  <!-- Red Hat Enterprise Linux derivative -->
267
269
 
268
- <fingerprint pattern="^(?i:Oracle(?: Enterprise)? Linux\s?(?:Server\s?)?(\d+?(?:\.\d+?)*?)?)$">
270
+ <fingerprint pattern="(?i)^Oracle(?: Enterprise)? Linux\s?(?:Server\s?)?(\d+?(?:\.\d+?)*?)?$">
269
271
  <description>Oracle Enterprise Linux</description>
270
272
  <example os.version="5.11">Oracle Enterprise Linux 5.11</example>
271
273
  <example os.version="6.7">Oracle Linux 6.7</example>
@@ -276,7 +278,7 @@
276
278
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:linux:{os.version}"/>
277
279
  </fingerprint>
278
280
 
279
- <fingerprint pattern="^(?i:OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?)$">
281
+ <fingerprint pattern="(?i)^OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?$">
280
282
  <description>OpenSUSE Linux</description>
281
283
  <example os.version="10.1">OpenSUSE Linux 10.1</example>
282
284
  <example os.version="13.2">OpenSUSE 13.2</example>
@@ -287,7 +289,7 @@
287
289
  <param pos="1" name="os.version"/>
288
290
  </fingerprint>
289
291
 
290
- <fingerprint pattern="^(?i:(?:Red Hat|RedHat|Red-Hat|RHEL)(?: Enterprise)?(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?)$">
292
+ <fingerprint pattern="(?i)^(?:Red Hat|RedHat|Red-Hat|RHEL)(?: Enterprise)?(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?$">
291
293
  <description>Red Hat Enterprise Linux</description>
292
294
  <example>Red Hat Enterprise Linux AS</example>
293
295
  <example os.version="5.11">Red Hat Enterprise Linux 5.11</example>
@@ -303,7 +305,7 @@
303
305
 
304
306
  <!-- Red Hat Enterprise Linux derivative -->
305
307
 
306
- <fingerprint pattern="^(?i:Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?)$">
308
+ <fingerprint pattern="(?i)^Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?$">
307
309
  <description>Scientific Linux</description>
308
310
  <example os.version="5.11">Scientific Linux 5.11</example>
309
311
  <example os.version="6.7">Scientific 6.7</example>
@@ -314,7 +316,7 @@
314
316
  <param pos="1" name="os.version"/>
315
317
  </fingerprint>
316
318
 
317
- <fingerprint pattern="^(?i:Slackware(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
319
+ <fingerprint pattern="(?i)^Slackware(?: Linux)\s?(\d+?(?:\.\d+?)*?)?$">
318
320
  <description>Slackware Linux</description>
319
321
  <example os.version="14.1">Slackware Linux 14.1</example>
320
322
  <param pos="0" name="os.vendor" value="Slackware"/>
@@ -323,7 +325,7 @@
323
325
  <param pos="1" name="os.version"/>
324
326
  </fingerprint>
325
327
 
326
- <fingerprint pattern="^(?i:SUSE(?: SLED)?(?: Linux Enterprise Desktop)?\s?(\d+?(?:\.\d+?)*?)?)$">
328
+ <fingerprint pattern="(?i)^SUSE(?: SLED)?(?: Linux Enterprise Desktop)?\s?(\d+?(?:\.\d+?)*?)?$">
327
329
  <description>SUSE Linux Enterprise Desktop</description>
328
330
  <example os.version="11">SUSE SLED 11</example>
329
331
  <example os.version="12">SUSE Linux Enterprise Desktop 12</example>
@@ -334,7 +336,7 @@
334
336
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_desktop:{os.version}"/>
335
337
  </fingerprint>
336
338
 
337
- <fingerprint pattern="^(?i:SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
339
+ <fingerprint pattern="(?i)^SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?$">
338
340
  <description>SUSE Linux Enterprise Server</description>
339
341
  <example os.version="11">SUSE SLES 11</example>
340
342
  <example os.version="12">SUSE Linux Enterprise Server 12</example>
@@ -345,7 +347,7 @@
345
347
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
346
348
  </fingerprint>
347
349
 
348
- <fingerprint pattern="^(?i:SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
350
+ <fingerprint pattern="(?i)^SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?$">
349
351
  <description>SLES Linux Enterprise Server</description>
350
352
  <example os.version="11">SLES 11</example>
351
353
  <example os.version="12">SLES Linux Enterprise Server 12</example>
@@ -356,9 +358,9 @@
356
358
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
357
359
  </fingerprint>
358
360
 
359
- <fingerprint pattern="^(?i:Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
361
+ <fingerprint pattern="(?i)^Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
360
362
  <description>Ubuntu Linux</description>
361
- <example os.version="12.04.4">Ubuntu 12.04.4 LTS</example>
363
+ <example os.version="12.04.4" os.edition="LTS">Ubuntu 12.04.4 LTS</example>
362
364
  <example os.version="14.04">Ubuntu Linux 14.04</example>
363
365
  <example os.version="16.04" os.edition="LTS">Ubuntu 16.04 LTS</example>
364
366
  <example os.version="16.04" os.edition="LTS">Ubuntu-16.04 LTS</example>
@@ -372,9 +374,9 @@
372
374
 
373
375
  <!-- Ubuntu derivative -->
374
376
 
375
- <fingerprint pattern="^(?i:Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
377
+ <fingerprint pattern="(?i)^Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?$">
376
378
  <description>Xubuntu Linux</description>
377
- <example os.version="12.04.4">Xubuntu 12.04.4 LTS</example>
379
+ <example os.version="12.04.4" os.edition="LTS">Xubuntu 12.04.4 LTS</example>
378
380
  <example os.version="14.04">Xubuntu Linux 14.04</example>
379
381
  <example os.version="16.04" os.edition="LTS">Xubuntu 16.04 LTS</example>
380
382
  <param pos="0" name="os.vendor" value="Xubuntu"/>
@@ -384,7 +386,7 @@
384
386
  <param pos="2" name="os.edition"/>
385
387
  </fingerprint>
386
388
 
387
- <fingerprint pattern="^(?i:VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?)$">
389
+ <fingerprint pattern="(?i)^VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?$">
388
390
  <description>Photon Linux</description>
389
391
  <example>VMware Photon Linux</example>
390
392
  <example os.version="1.0">VMWare Photon 1.0</example>
@@ -426,7 +428,7 @@
426
428
 
427
429
  <!-- Match Mac OS Classic first due to weak matching on Mac OS X -->
428
430
 
429
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?))$">
431
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?)$">
430
432
  <description>Mac OS 9</description>
431
433
  <example os.version="9">Mac OS 9</example>
432
434
  <example os.version="9.0.5">Mac OS 9.0.5</example>
@@ -437,7 +439,7 @@
437
439
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:{os.version}"/>
438
440
  </fingerprint>
439
441
 
440
- <fingerprint pattern="^(?i:(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?)$">
442
+ <fingerprint pattern="(?i)^(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?$">
441
443
  <description>Mac OS X with version number</description>
442
444
  <example os.version="10.10.5">Mac OS X 10.10.5</example>
443
445
  <example os.version="10">Mac OS X 10</example>
@@ -449,7 +451,7 @@
449
451
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
450
452
  </fingerprint>
451
453
 
452
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Cheetah)$">
454
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Cheetah$">
453
455
  <description>Mac OS X Cheetah</description>
454
456
  <example os.version="10.0">Mac OS X Cheetah</example>
455
457
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -459,7 +461,7 @@
459
461
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.0"/>
460
462
  </fingerprint>
461
463
 
462
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Puma)$">
464
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Puma$">
463
465
  <description>Mac OS X Puma</description>
464
466
  <example os.version="10.1">Mac OS X Puma</example>
465
467
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -469,7 +471,7 @@
469
471
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.1"/>
470
472
  </fingerprint>
471
473
 
472
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Jaguar)$">
474
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Jaguar$">
473
475
  <description>Mac OS X Jaguar</description>
474
476
  <example os.version="10.2">Mac OS X Jaguar</example>
475
477
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -479,7 +481,7 @@
479
481
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.2"/>
480
482
  </fingerprint>
481
483
 
482
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Panther)$">
484
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Panther$">
483
485
  <description>Mac OS X Panther</description>
484
486
  <example os.version="10.3">Mac OS X Panther</example>
485
487
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -489,7 +491,7 @@
489
491
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.3"/>
490
492
  </fingerprint>
491
493
 
492
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Tiger)$">
494
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Tiger$">
493
495
  <description>Mac OS X Tiger</description>
494
496
  <example os.version="10.4">Mac OS X Tiger</example>
495
497
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -499,7 +501,7 @@
499
501
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.4"/>
500
502
  </fingerprint>
501
503
 
502
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Leopard)$">
504
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Leopard$">
503
505
  <description>Mac OS X Leopard</description>
504
506
  <example os.version="10.5">Mac OS X Leopard</example>
505
507
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -509,7 +511,7 @@
509
511
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
510
512
  </fingerprint>
511
513
 
512
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Snow Leopard)$">
514
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Snow Leopard$">
513
515
  <description>Mac OS X Snow Leopard</description>
514
516
  <example os.version="10.6">Mac OS X Snow Leopard</example>
515
517
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -519,7 +521,7 @@
519
521
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
520
522
  </fingerprint>
521
523
 
522
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Lion)$">
524
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Lion$">
523
525
  <description>Mac OS X Lion</description>
524
526
  <example os.version="10.7">Mac OS X Lion</example>
525
527
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -529,7 +531,7 @@
529
531
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.7"/>
530
532
  </fingerprint>
531
533
 
532
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mountain Lion)$">
534
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Mountain Lion$">
533
535
  <description>Mac OS X Mountain Lion</description>
534
536
  <example os.version="10.8">Mac OS X Mountain Lion</example>
535
537
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -539,7 +541,7 @@
539
541
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.8"/>
540
542
  </fingerprint>
541
543
 
542
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mavericks)$">
544
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Mavericks$">
543
545
  <description>Mac OS X Mavericks</description>
544
546
  <example os.version="10.9">Mac OS X Mavericks</example>
545
547
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -549,7 +551,7 @@
549
551
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.9"/>
550
552
  </fingerprint>
551
553
 
552
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X Yosemite)$">
554
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X Yosemite$">
553
555
  <description>Mac OS X Yosemite</description>
554
556
  <example os.version="10.10">Mac OS X Yosemite</example>
555
557
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -559,7 +561,7 @@
559
561
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
560
562
  </fingerprint>
561
563
 
562
- <fingerprint pattern="^(?i:(?:Apple )?Mac OS X El Capitan)$">
564
+ <fingerprint pattern="(?i)^(?:Apple )?Mac OS X El Capitan$">
563
565
  <description>Mac OS X El Capitan</description>
564
566
  <example os.version="10.11">Mac OS X El Capitan</example>
565
567
  <param pos="0" name="os.vendor" value="Apple"/>
@@ -571,7 +573,7 @@
571
573
 
572
574
  <!-- This can also match Cisco IOS if the vendor name is not present. -->
573
575
 
574
- <fingerprint pattern="^(?i:(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?)$">
576
+ <fingerprint pattern="(?i)^(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?$">
575
577
  <description>Apple iOS for iPhone and iPad</description>
576
578
  <example os.version="7.1.2">iOS 7.1.2</example>
577
579
  <example os.version="8">iOS 8</example>
@@ -590,11 +592,11 @@
590
592
 
591
593
  <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
592
594
  <description>Many BSD family OSes</description>
593
- <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
594
- <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
595
- <example os.version="7.0" os.product="NetBSD">NetBSD 7.0</example>
596
- <example os.version="5.9" os.product="OpenBSD">OpenBSD 5.9</example>
597
- <example os.product="PC-BSD">PC-BSD</example>
595
+ <example os.version="10.3-RELEASE" os.product="FreeBSD" os.vendor="FreeBSD" os.family="FreeBSD">FreeBSD 10.3-RELEASE</example>
596
+ <example os.version="10.3-RELEASE-p4" os.product="FreeBSD" os.vendor="FreeBSD" os.family="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
597
+ <example os.version="7.0" os.product="NetBSD" os.vendor="NetBSD" os.family="NetBSD">NetBSD 7.0</example>
598
+ <example os.version="5.9" os.product="OpenBSD" os.vendor="OpenBSD" os.family="OpenBSD">OpenBSD 5.9</example>
599
+ <example os.product="PC-BSD" os.vendor="PC-BSD" os.family="PC-BSD">PC-BSD</example>
598
600
  <param pos="1" name="os.vendor"/>
599
601
  <param pos="1" name="os.family"/>
600
602
  <param pos="1" name="os.product"/>
@@ -615,7 +617,7 @@
615
617
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
616
618
  </fingerprint>
617
619
 
618
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?)$">
620
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?$">
619
621
  <description>Solaris 11 and up</description>
620
622
  <example os.version="11.3">Solaris 11.3</example>
621
623
  <example os.version="11">Solaris 11</example>
@@ -626,7 +628,7 @@
626
628
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
627
629
  </fingerprint>
628
630
 
629
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?)$">
631
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?$">
630
632
  <description>Solaris 7-10</description>
631
633
  <example os.version="7">Solaris 7</example>
632
634
  <example os.version="7.3">Solaris 7.3</example>
@@ -639,7 +641,7 @@
639
641
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
640
642
  </fingerprint>
641
643
 
642
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?)$">
644
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?$">
643
645
  <description>SunOS/Solaris 5.7-5.10</description>
644
646
  <example os.version="7">SunOS 5.7</example>
645
647
  <example os.version="10">SunOS 5.10</example>
@@ -650,7 +652,7 @@
650
652
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
651
653
  </fingerprint>
652
654
 
653
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?)$">
655
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?$">
654
656
  <description>Oracle/Solaris 5.11 and upwards</description>
655
657
  <example os.version="11">SunOS 5.11</example>
656
658
  <param pos="0" name="os.vendor" value="Oracle"/>
@@ -660,26 +662,33 @@
660
662
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
661
663
  </fingerprint>
662
664
 
663
- <fingerprint pattern="^(?i:(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?)$">
665
+ <fingerprint pattern="(?i)^(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?$">
664
666
  <description>IBM OSes</description>
665
- <example os.product="AIX">AIX</example>
666
- <example os.product="MVS">IBM MVS</example>
667
- <example os.product="OS/2">IBM OS/2</example>
668
- <example os.product="OS/390">IBM OS/390</example>
669
- <example os.product="OS/400">OS/400</example>
670
- <example os.product="VM/CMS">IBM VM/CMS</example>
671
- <example os.product="VM/ESA">IBM VM/ESA</example>
672
- <example os.product="z/OS">IBM z/OS</example>
667
+ <example os.product="AIX" os.family="AIX">AIX</example>
668
+ <example os.product="MVS" os.family="MVS">IBM MVS</example>
669
+ <example os.product="OS/2" os.family="OS/2">IBM OS/2</example>
670
+ <example os.product="OS/390" os.family="OS/390">IBM OS/390</example>
671
+ <example os.product="OS/400" os.family="OS/400">OS/400</example>
672
+ <example os.product="VM/CMS" os.family="VM/CMS">IBM VM/CMS</example>
673
+ <example os.product="VM/ESA" os.family="VM/ESA">IBM VM/ESA</example>
674
+ <example os.product="z/OS" os.family="z/OS">IBM z/OS</example>
675
+ <example os.product="z/OS" os.family="z/OS" os.version="1.0">IBM z/OS 1.0</example>
673
676
  <param pos="0" name="os.vendor" value="IBM"/>
674
677
  <param pos="1" name="os.family"/>
675
678
  <param pos="1" name="os.product"/>
676
679
  <param pos="2" name="os.version"/>
677
680
  </fingerprint>
678
681
 
679
- <fingerprint pattern="^(?i:(?:HP\s?)?(Digital UNIX|HP-UX|iLO|OpenVMS|ProLiant|Tru64 UNIX)\s?(\d+?(?:\.\d+?)*?)?)$">
682
+ <fingerprint pattern="(?i)^(?:HP\s?)?(Digital UNIX|HP-UX|iLO|OpenVMS|ProLiant|Tru64 UNIX)\s?V?(\d+(?:\.\d+)*(?:-[\dA-Z]+)?)?$">
680
683
  <description>HP OSes</description>
681
- <example os.product="HP-UX">HP-UX</example>
682
- <example os.product="OpenVMS">OpenVMS</example>
684
+ <example os.product="HP-UX" os.family="HP-UX">HP-UX</example>
685
+ <example os.product="OpenVMS" os.family="OpenVMS">OpenVMS</example>
686
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="6.2">OpenVMS 6.2</example>
687
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="7.3-2">OpenVMS V7.3-2</example>
688
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.2-1">OpenVMS V8.2-1</example>
689
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.3">OpenVMS V8.3</example>
690
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.3-1H1">OpenVMS V8.3-1H1</example>
691
+ <example os.product="OpenVMS" os.family="OpenVMS" os.version="8.4-2L1">OpenVMS V8.4-2L1</example>
683
692
  <param pos="0" name="os.vendor" value="HP"/>
684
693
  <param pos="1" name="os.family"/>
685
694
  <param pos="1" name="os.product"/>
@@ -690,10 +699,12 @@
690
699
 
691
700
  <!-- Network equipment begin -->
692
701
 
693
- <fingerprint pattern="^(?i:(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+?(?:\.\d+?)*?)?)$">
702
+ <fingerprint pattern="(?i)^(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+(?:\.\d+?)*(?:X\d{2})?)?$">
694
703
  <description>Juniper</description>
695
- <example>Junos</example>
696
- <example>ScreenOS</example>
704
+ <example os.family="Junos" os.product="Junos">Junos</example>
705
+ <example os.family="Junos" os.product="Junos" os.version="4.4">Junos 4.4</example>
706
+ <example os.family="Junos" os.product="Junos" os.version="12.1X44">Junos 12.1X44</example>
707
+ <example os.family="ScreenOS" os.product="ScreenOS">ScreenOS</example>
697
708
  <param pos="0" name="os.vendor" value="Juniper"/>
698
709
  <param pos="1" name="os.family"/>
699
710
  <param pos="1" name="os.product"/>
@@ -702,10 +713,14 @@
702
713
 
703
714
  <!-- This needs to be improved if it's not how one would generally present a Cisco OS version. -->
704
715
 
705
- <fingerprint pattern="^(?i:(?:Cisco\s?)?(ASA|Adaptive Security Appliance|IOS|IOS-XE|IOS-XR|NX-OS|PIX-OS|SAN-OS)\s?(?:Version (\S+))?)$">
716
+ <fingerprint pattern="(?i)^(?:Cisco\s?)?(ASA|Adaptive Security Appliance|IOS|IOS-XE|IOS-XR|NX-OS|PIX-OS|SAN-OS)\s?(?:Version (\d+(?:\.\d+)*(?:\(\d+(?:\.\d+)*\))?))?$">
706
717
  <description>Cisco</description>
707
- <example>Cisco ASA</example>
708
- <example>Cisco IOS</example>
718
+ <example os.family="ASA" os.product="ASA">Cisco ASA</example>
719
+ <example os.family="IOS" os.product="IOS">Cisco IOS</example>
720
+ <example os.family="ASA" os.product="ASA" os.version="7.0(1)">Cisco ASA Version 7.0(1)</example>
721
+ <example os.family="ASA" os.product="ASA" os.version="8.2(4.4)">Cisco ASA Version 8.2(4.4)</example>
722
+ <example os.family="ASA" os.product="ASA" os.version="8.3(2.25)">Cisco ASA Version 8.3(2.25)</example>
723
+ <example os.family="ASA" os.product="ASA" os.version="9.5(2.200)">Cisco ASA Version 9.5(2.200)</example>
709
724
  <param pos="0" name="os.vendor" value="Cisco"/>
710
725
  <param pos="1" name="os.family"/>
711
726
  <param pos="1" name="os.product"/>