recog 2.3.22 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +1 -1
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +2 -0
- data/bin/recog_verify +42 -7
- data/cpe-remap.yaml +20 -2
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +81 -17
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_product.txt +2 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +1 -0
- data/identifiers/os_product.txt +8 -1
- data/identifiers/service_product.txt +14 -0
- data/identifiers/vendor.txt +13 -1
- data/lib/recog/fingerprint.rb +21 -7
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +4 -4
- data/lib/recog/verify_reporter.rb +7 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +8 -8
- data/update_cpes.py +129 -36
- data/xml/apache_os.xml +61 -19
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +1 -1
- data/xml/dns_versionbind.xml +16 -13
- data/xml/favicons.xml +87 -5
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +131 -141
- data/xml/h323_callresp.xml +2 -2
- data/xml/hp_pjl_id.xml +81 -81
- data/xml/html_title.xml +178 -9
- data/xml/http_cookies.xml +83 -27
- data/xml/http_servers.xml +409 -269
- data/xml/http_wwwauth.xml +70 -37
- data/xml/imap_banners.xml +2 -2
- data/xml/nntp_banners.xml +8 -5
- data/xml/ntp_banners.xml +33 -33
- data/xml/operating_system.xml +92 -77
- data/xml/pop_banners.xml +17 -17
- data/xml/sip_banners.xml +16 -5
- data/xml/sip_user_agents.xml +122 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +25 -25
- data/xml/smtp_banners.xml +132 -131
- data/xml/smtp_help.xml +1 -1
- data/xml/snmp_sysdescr.xml +1227 -1227
- data/xml/snmp_sysobjid.xml +2 -2
- data/xml/ssh_banners.xml +9 -5
- data/xml/telnet_banners.xml +49 -0
- data/xml/tls_jarm.xml +22 -2
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +3 -2
- data/xml/x509_subjects.xml +3 -3
- metadata +19 -3
- data/lib/recog/verifier_factory.rb +0 -13
data/update_cpes.py
CHANGED
@@ -7,56 +7,117 @@ import sys
|
|
7
7
|
import yaml
|
8
8
|
from lxml import etree
|
9
9
|
|
10
|
+
BASE_LOG_FORMAT = '%(levelname)s: %(message)s'
|
11
|
+
|
12
|
+
# CPE w/o 2.3 component: cpe:/a:nginx:nginx:0.1.0"
|
13
|
+
REGEX_CPE = re.compile('^cpe:/([aho]):([^:]+):([^:]+)')
|
14
|
+
# CPE w/ 2.3 component: cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*
|
15
|
+
REGEX_CPE_23 = re.compile('^cpe:2.3:([aho]):([^:]+):([^:]+)')
|
16
|
+
|
17
|
+
XML_PATH_DEPRECATED_BY = "./{http://scap.nist.gov/schema/cpe-extension/2.3}cpe23-item/{http://scap.nist.gov/schema/cpe-extension/2.3}deprecation/{http://scap.nist.gov/schema/cpe-extension/2.3}deprecated-by"
|
18
|
+
|
19
|
+
|
10
20
|
def parse_r7_remapping(file):
|
11
21
|
with open(file) as remap_file:
|
12
22
|
return yaml.safe_load(remap_file)["mappings"]
|
13
23
|
|
24
|
+
|
25
|
+
def update_vp_map(target_map, cpe_type, vendor, product):
|
26
|
+
"""Add an entry to the dict tracking valid combinations
|
27
|
+
"""
|
28
|
+
|
29
|
+
if cpe_type not in target_map:
|
30
|
+
target_map[cpe_type] = {}
|
31
|
+
|
32
|
+
if vendor not in target_map[cpe_type]:
|
33
|
+
target_map[cpe_type][vendor] = set()
|
34
|
+
|
35
|
+
product = product.replace('%2f', '/')
|
36
|
+
target_map[cpe_type][vendor].add(product)
|
37
|
+
|
38
|
+
|
39
|
+
def update_deprecated_map(target_map, dep_string, entry):
|
40
|
+
"""Add an entry to the dict tracking deprecations
|
41
|
+
|
42
|
+
target_map example:
|
43
|
+
|
44
|
+
{
|
45
|
+
"a:100plus:101eip":
|
46
|
+
{
|
47
|
+
"deprecated_date": "2021-06-10T15:28:05.490Z",
|
48
|
+
"deprecated_by": "a:hundredplus:101eip"
|
49
|
+
}
|
50
|
+
}
|
51
|
+
|
52
|
+
Args:
|
53
|
+
target_map (dict): dict containing deprecations
|
54
|
+
dep_string (str): key to add in the format of 'type:vendor:product'
|
55
|
+
entry (lxml.etree._Element): XML element to pull additional data from
|
56
|
+
|
57
|
+
Returns:
|
58
|
+
None, target_map modified in place
|
59
|
+
"""
|
60
|
+
|
61
|
+
deprecated_date = entry.get("deprecation_date", "")
|
62
|
+
|
63
|
+
# Find the CPE that deprecated this entry
|
64
|
+
raw_dep_by = entry.find(XML_PATH_DEPRECATED_BY).get('name')
|
65
|
+
|
66
|
+
# Extract the type, vendor, product
|
67
|
+
dep_by_match = REGEX_CPE_23.match(raw_dep_by)
|
68
|
+
if not dep_by_match:
|
69
|
+
logging.error("CPE %s is deprecated but we can't build the deprecation mapping entry for some reason.", dep_string)
|
70
|
+
return
|
71
|
+
|
72
|
+
dep_type, dep_vendor, dep_product = dep_by_match.group(1, 2, 3)
|
73
|
+
deprecated_by = "{}:{}:{}".format(dep_type, dep_vendor, dep_product)
|
74
|
+
|
75
|
+
if dep_string not in target_map:
|
76
|
+
target_map[dep_string] = {}
|
77
|
+
|
78
|
+
if not target_map[dep_string].get('deprecated_date'):
|
79
|
+
target_map[dep_string]['deprecated_date'] = deprecated_date
|
80
|
+
|
81
|
+
if not target_map[dep_string].get('deprecated_by'):
|
82
|
+
target_map[dep_string]['deprecated_by'] = deprecated_by
|
83
|
+
|
84
|
+
|
14
85
|
def parse_cpe_vp_map(file):
|
86
|
+
deprecated_map = {}
|
15
87
|
vp_map = {} # cpe_type -> vendor -> products
|
88
|
+
|
16
89
|
parser = etree.XMLParser(remove_comments=False)
|
17
90
|
doc = etree.parse(file, parser)
|
18
|
-
namespaces = {
|
91
|
+
namespaces = {
|
92
|
+
'ns': 'http://cpe.mitre.org/dictionary/2.0',
|
93
|
+
'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'
|
94
|
+
}
|
19
95
|
for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
|
20
96
|
cpe_name = entry.get("name")
|
21
97
|
if not cpe_name:
|
22
98
|
continue
|
23
99
|
|
24
|
-
|
25
|
-
if entry.get("deprecated"):
|
26
|
-
continue
|
27
|
-
|
28
|
-
cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
|
29
|
-
|
100
|
+
cpe_match = REGEX_CPE.match(cpe_name)
|
30
101
|
if cpe_match:
|
31
102
|
cpe_type, vendor, product = cpe_match.group(1, 2, 3)
|
32
|
-
|
33
|
-
|
34
|
-
if
|
35
|
-
|
36
|
-
|
37
|
-
vp_map[cpe_type][vendor].add(product)
|
38
|
-
else:
|
39
|
-
logging.error("Unexpected CPE %s", cpe_name)
|
103
|
+
# If the entry is deprecated then don't add it to our list of valid
|
104
|
+
# CPEs, but instead add it to a list for reference later.
|
105
|
+
if entry.get("deprecated"):
|
106
|
+
# This will be the key under which we store the deprecation data
|
107
|
+
deprecated_string = "{}:{}:{}".format(cpe_type, vendor, product)
|
40
108
|
|
41
|
-
|
109
|
+
update_deprecated_map(deprecated_map, deprecated_string, entry)
|
110
|
+
continue
|
42
111
|
|
43
|
-
|
44
|
-
if len(sys.argv) != 4:
|
45
|
-
logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
|
46
|
-
sys.exit(1)
|
112
|
+
update_vp_map(vp_map, cpe_type, vendor, product)
|
47
113
|
|
48
|
-
|
49
|
-
|
50
|
-
logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
|
51
|
-
sys.exit(1)
|
114
|
+
else:
|
115
|
+
logging.error("Unexpected CPE %s", cpe_name)
|
52
116
|
|
53
|
-
|
54
|
-
if not r7_vp_map:
|
55
|
-
logging.warning("No Rapid7 vendor/product => CPE mapping read from %s", sys.argv[3])
|
117
|
+
return vp_map, deprecated_map
|
56
118
|
|
57
|
-
update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map)
|
58
119
|
|
59
|
-
def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
120
|
+
def lookup_cpe(vendor, product, cpe_type, cpe_table, remap, deprecated_map):
|
60
121
|
"""Identify the correct vendor and product values for a CPE
|
61
122
|
|
62
123
|
This function attempts to determine the correct CPE using vendor and product
|
@@ -82,6 +143,8 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
82
143
|
cpe_type (str): CPE type - o, a, h, etc.
|
83
144
|
cpe_table (dict): dict containing the official NIST CPE data
|
84
145
|
remap (dict): dict containing the remapping values
|
146
|
+
deprecated_cves (set): set of all deprecated CPEs in the format
|
147
|
+
'type:vendor:product'
|
85
148
|
Returns:
|
86
149
|
success, vendor, product
|
87
150
|
"""
|
@@ -130,13 +193,20 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
130
193
|
# Found remap vendor, remap product
|
131
194
|
return True, new_vendor, possible_product
|
132
195
|
|
196
|
+
deprecated_string = "{}:{}:{}".format(cpe_type, vendor, product)
|
197
|
+
if deprecated_map.get(deprecated_string, False):
|
198
|
+
dep_by = deprecated_map[deprecated_string].get("deprecated_by", "")
|
199
|
+
dep_date = deprecated_map[deprecated_string].get("deprecated_date", "")
|
200
|
+
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping. This combination is DEPRECATED by %s at %s",
|
201
|
+
product, vendor, cpe_type, dep_by, dep_date)
|
202
|
+
else:
|
203
|
+
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping.",
|
204
|
+
product, vendor, cpe_type)
|
133
205
|
|
134
|
-
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping",
|
135
|
-
product, vendor, cpe_type)
|
136
206
|
return False, None, None
|
137
207
|
|
138
208
|
|
139
|
-
def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
209
|
+
def update_cpes(xml_file, cpe_vp_map, r7_vp_map, deprecated_cves):
|
140
210
|
parser = etree.XMLParser(remove_comments=False, remove_blank_text=True)
|
141
211
|
doc = etree.parse(xml_file, parser)
|
142
212
|
|
@@ -160,7 +230,6 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
160
230
|
raise ValueError('Duplicated fingerprint named {} in fingerprint {} in file {}'.format(name, fingerprint.attrib['pattern'], xml_file))
|
161
231
|
params[fp_type][name] = param
|
162
232
|
|
163
|
-
|
164
233
|
# for each of the applicable os/service param groups, build a CPE
|
165
234
|
for fp_type in params:
|
166
235
|
if fp_type == 'os':
|
@@ -210,7 +279,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
210
279
|
if (vendor.startswith('{') and vendor.endswith('}')) or (product.startswith('{') and product.endswith('}')):
|
211
280
|
continue
|
212
281
|
|
213
|
-
success, vendor, product = lookup_cpe(vendor, product, cpe_type, cpe_vp_map, r7_vp_map)
|
282
|
+
success, vendor, product = lookup_cpe(vendor, product, cpe_type, cpe_vp_map, r7_vp_map, deprecated_cves)
|
214
283
|
if not success:
|
215
284
|
continue
|
216
285
|
|
@@ -245,6 +314,30 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
245
314
|
with open(xml_file, 'wb') as xml_out:
|
246
315
|
xml_out.write(etree.tostring(root, pretty_print=True, xml_declaration=True, encoding=doc.docinfo.encoding))
|
247
316
|
|
317
|
+
|
318
|
+
def main():
|
319
|
+
if len(sys.argv) != 4:
|
320
|
+
logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
|
321
|
+
sys.exit(1)
|
322
|
+
|
323
|
+
cpe_vp_map, deprecated_map = parse_cpe_vp_map(sys.argv[2])
|
324
|
+
if not cpe_vp_map:
|
325
|
+
logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
|
326
|
+
sys.exit(1)
|
327
|
+
|
328
|
+
r7_vp_map = parse_r7_remapping(sys.argv[3])
|
329
|
+
if not r7_vp_map:
|
330
|
+
logging.warning("No Rapid7 vendor/product => CPE mapping read from %s", sys.argv[3])
|
331
|
+
|
332
|
+
# update format string for the logging handler to include the recog XML filename
|
333
|
+
logging.basicConfig(force=True, format=f"{sys.argv[1]}: {BASE_LOG_FORMAT}")
|
334
|
+
|
335
|
+
update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map, deprecated_map)
|
336
|
+
|
337
|
+
|
248
338
|
if __name__ == '__main__':
|
249
|
-
|
250
|
-
|
339
|
+
logging.basicConfig(format=BASE_LOG_FORMAT)
|
340
|
+
try:
|
341
|
+
sys.exit(main())
|
342
|
+
except KeyboardInterrupt:
|
343
|
+
pass
|
data/xml/apache_os.xml
CHANGED
@@ -8,6 +8,7 @@
|
|
8
8
|
|
9
9
|
<fingerprint pattern="\(iSeries\)">
|
10
10
|
<description>IBM i5/OS iSeries (OS/400)</description>
|
11
|
+
<example>Apache/2.0.52 (iSeries)</example>
|
11
12
|
<param pos="0" name="os.vendor" value="IBM"/>
|
12
13
|
<param pos="0" name="os.family" value="OS/400"/>
|
13
14
|
<param pos="0" name="os.product" value="OS/400"/>
|
@@ -16,6 +17,7 @@
|
|
16
17
|
|
17
18
|
<fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.92mdk\)">
|
18
19
|
<description>Mandriva (formerly Mandrake) Linux 9.2</description>
|
20
|
+
<example>Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.3.92mdk) mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2</example>
|
19
21
|
<param pos="0" name="os.certainty" value="0.9"/>
|
20
22
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
21
23
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -26,6 +28,7 @@
|
|
26
28
|
|
27
29
|
<fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.100mdk\)">
|
28
30
|
<description>Mandriva (formerly Mandrake) Linux 10.0</description>
|
31
|
+
<example>Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6.11.100mdk)</example>
|
29
32
|
<param pos="0" name="os.certainty" value="0.9"/>
|
30
33
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
31
34
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -36,6 +39,7 @@
|
|
36
39
|
|
37
40
|
<fingerprint pattern="\((?:Mandrake|Mandriva) Linux/">
|
38
41
|
<description>Mandriva (formerly Mandrake) Linux unknown version</description>
|
42
|
+
<example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
|
39
43
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
40
44
|
<param pos="0" name="os.family" value="Linux"/>
|
41
45
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -44,6 +48,7 @@
|
|
44
48
|
|
45
49
|
<fingerprint pattern="\(Mandrakelinux/">
|
46
50
|
<description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
|
51
|
+
<example>Apache-AdvancedExtranetServer/2.0.53 (Mandrakelinux/PREFORK-9mdk) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/4.3.10 mod_perl/1.999.21 Perl/v5.8.6</example>
|
47
52
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
48
53
|
<param pos="0" name="os.family" value="Linux"/>
|
49
54
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -52,6 +57,7 @@
|
|
52
57
|
|
53
58
|
<fingerprint pattern="\(PalmOS\)">
|
54
59
|
<description>PalmOS</description>
|
60
|
+
<example>Apache/1.2.42 (PalmOS)</example>
|
55
61
|
<param pos="0" name="os.vendor" value="Palm"/>
|
56
62
|
<param pos="0" name="os.family" value="PalmOS"/>
|
57
63
|
<param pos="0" name="os.product" value="PalmOS"/>
|
@@ -59,6 +65,7 @@
|
|
59
65
|
|
60
66
|
<fingerprint pattern="\(Win32\)">
|
61
67
|
<description>Microsoft Windows</description>
|
68
|
+
<example>Apache/2.2.25 (Win32)</example>
|
62
69
|
<param pos="0" name="os.certainty" value="0.75"/>
|
63
70
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
64
71
|
<param pos="0" name="os.family" value="Windows"/>
|
@@ -68,6 +75,7 @@
|
|
68
75
|
|
69
76
|
<fingerprint pattern="\(Darwin\)">
|
70
77
|
<description>Apple Mac OS X</description>
|
78
|
+
<example>Apache/1.3.33 (Darwin)</example>
|
71
79
|
<param pos="0" name="os.vendor" value="Apple"/>
|
72
80
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
73
81
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
@@ -76,6 +84,7 @@
|
|
76
84
|
|
77
85
|
<fingerprint pattern="\(Ubuntu\)">
|
78
86
|
<description>Ubuntu</description>
|
87
|
+
<example>Apache (Ubuntu)</example>
|
79
88
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
80
89
|
<param pos="0" name="os.family" value="Linux"/>
|
81
90
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -84,6 +93,7 @@
|
|
84
93
|
|
85
94
|
<fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?">
|
86
95
|
<description>Sun Cobalt RaQ (Red Hat based Linux)</description>
|
96
|
+
<example>Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)</example>
|
87
97
|
<param pos="0" name="os.vendor" value="Sun"/>
|
88
98
|
<param pos="0" name="os.family" value="Linux"/>
|
89
99
|
<param pos="0" name="os.product" value="Cobalt RaQ"/>
|
@@ -91,6 +101,7 @@
|
|
91
101
|
|
92
102
|
<fingerprint pattern="\(BlueQuartz\)">
|
93
103
|
<description>Blue Quartz is created by a Cobalt RaQ UG</description>
|
104
|
+
<example>Apache/2.0.52 (BlueQuartz)</example>
|
94
105
|
<param pos="0" name="os.vendor" value="Sun"/>
|
95
106
|
<param pos="0" name="os.family" value="Linux"/>
|
96
107
|
<param pos="0" name="os.product" value="Cobalt RaQ"/>
|
@@ -98,59 +109,66 @@
|
|
98
109
|
|
99
110
|
<fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)">
|
100
111
|
<description>Red Hat Fedora 11</description>
|
101
|
-
<
|
112
|
+
<example>Apache/2.2.11 (Fedora)</example>
|
113
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
102
114
|
<param pos="0" name="os.family" value="Linux"/>
|
103
|
-
<param pos="0" name="os.product" value="Fedora Core
|
115
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
104
116
|
<param pos="0" name="os.version" value="11"/>
|
105
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
117
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:11"/>
|
106
118
|
</fingerprint>
|
107
119
|
|
108
120
|
<fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)">
|
109
121
|
<description>Red Hat Fedora 13</description>
|
110
|
-
<
|
122
|
+
<example>Apache/2.2.15 (Fedora)</example>
|
123
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
111
124
|
<param pos="0" name="os.family" value="Linux"/>
|
112
|
-
<param pos="0" name="os.product" value="Fedora Core
|
125
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
113
126
|
<param pos="0" name="os.version" value="13"/>
|
114
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
127
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:13"/>
|
115
128
|
</fingerprint>
|
116
129
|
|
117
130
|
<fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)">
|
118
131
|
<description>Red Hat Fedora 14</description>
|
119
|
-
<
|
132
|
+
<example>Apache/2.2.16 (Fedora)</example>
|
133
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
120
134
|
<param pos="0" name="os.family" value="Linux"/>
|
121
|
-
<param pos="0" name="os.product" value="Fedora Core
|
135
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
122
136
|
<param pos="0" name="os.version" value="14"/>
|
123
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
137
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:14"/>
|
124
138
|
</fingerprint>
|
125
139
|
|
126
140
|
<fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)">
|
127
141
|
<description>Red Hat Fedora 17</description>
|
128
|
-
<
|
142
|
+
<example>Apache/2.2.23 (Fedora)</example>
|
143
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
129
144
|
<param pos="0" name="os.family" value="Linux"/>
|
130
|
-
<param pos="0" name="os.product" value="Fedora Core
|
145
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
131
146
|
<param pos="0" name="os.version" value="17"/>
|
132
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
147
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:17"/>
|
133
148
|
</fingerprint>
|
134
149
|
|
135
150
|
<fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)">
|
136
151
|
<description>Red Hat Fedora 18</description>
|
137
|
-
<
|
152
|
+
<example>Apache/2.4.3 (Fedora) PHP/5.4.12</example>
|
153
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
138
154
|
<param pos="0" name="os.family" value="Linux"/>
|
139
|
-
<param pos="0" name="os.product" value="Fedora Core
|
155
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
140
156
|
<param pos="0" name="os.version" value="18"/>
|
141
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
157
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:18"/>
|
142
158
|
</fingerprint>
|
143
159
|
|
144
160
|
<fingerprint pattern="\(Fedora\)">
|
145
161
|
<description>Red Hat Fedora</description>
|
146
|
-
<
|
162
|
+
<example>Apache (Fedora)</example>
|
163
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
147
164
|
<param pos="0" name="os.family" value="Linux"/>
|
148
|
-
<param pos="0" name="os.product" value="Fedora Core
|
149
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
165
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
166
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
|
150
167
|
</fingerprint>
|
151
168
|
|
152
169
|
<fingerprint pattern="\(RHEL\)">
|
153
170
|
<description>Red Hat Enterprise Linux</description>
|
171
|
+
<example>Apache/2.0.53 (RHEL)</example>
|
154
172
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
155
173
|
<param pos="0" name="os.family" value="Linux"/>
|
156
174
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
@@ -159,6 +177,8 @@
|
|
159
177
|
|
160
178
|
<fingerprint pattern="\(Red[ -]Hat(?:[/ ]Linux)?\)">
|
161
179
|
<description>Red Hat Linux</description>
|
180
|
+
<example>Apache (Red Hat Linux)</example>
|
181
|
+
<example>Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.3.11</example>
|
162
182
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
163
183
|
<param pos="0" name="os.family" value="Linux"/>
|
164
184
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -176,6 +196,8 @@
|
|
176
196
|
|
177
197
|
<fingerprint pattern="Debian(?:[/ ]GNU)?(?:/Linux)?">
|
178
198
|
<description>Debian Linux</description>
|
199
|
+
<example>Debian GNU/Linux</example>
|
200
|
+
<example>Apache/1.3.26 (Unix) Debian GNU/Linux</example>
|
179
201
|
<param pos="0" name="os.vendor" value="Debian"/>
|
180
202
|
<param pos="0" name="os.family" value="Linux"/>
|
181
203
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -184,6 +206,8 @@
|
|
184
206
|
|
185
207
|
<fingerprint pattern="\((?:Linux/)?S[uU]SE(?:/Linux)?\)">
|
186
208
|
<description>Novell SuSE Linux</description>
|
209
|
+
<example>Apache (SuSE/Linux)</example>
|
210
|
+
<example>Apache/2.2.12 (Linux/SUSE)</example>
|
187
211
|
<param pos="0" name="os.vendor" value="SuSE"/>
|
188
212
|
<param pos="0" name="os.family" value="Linux"/>
|
189
213
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -192,6 +216,7 @@
|
|
192
216
|
|
193
217
|
<fingerprint pattern="\(NETWARE\)">
|
194
218
|
<description>Novell NetWare</description>
|
219
|
+
<example>Apache/2.0.64 (NETWARE)</example>
|
195
220
|
<param pos="0" name="os.vendor" value="Novell"/>
|
196
221
|
<param pos="0" name="os.family" value="NetWare"/>
|
197
222
|
<param pos="0" name="os.product" value="NetWare"/>
|
@@ -200,6 +225,7 @@
|
|
200
225
|
|
201
226
|
<fingerprint pattern="HP-UX_Apache-based_Web_Server">
|
202
227
|
<description>HP HP-UX</description>
|
228
|
+
<example>Apache/2.0.58 HP-UX_Apache-based_Web_Server</example>
|
203
229
|
<param pos="0" name="os.vendor" value="HP"/>
|
204
230
|
<param pos="0" name="os.family" value="HP-UX"/>
|
205
231
|
<param pos="0" name="os.product" value="HP-UX"/>
|
@@ -208,6 +234,7 @@
|
|
208
234
|
|
209
235
|
<fingerprint pattern="\(CentOS\)">
|
210
236
|
<description>CentOS Linux</description>
|
237
|
+
<example>Apache/2.2.15 (CentOS)</example>
|
211
238
|
<param pos="0" name="os.vendor" value="CentOS"/>
|
212
239
|
<param pos="0" name="os.family" value="Linux"/>
|
213
240
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -216,6 +243,7 @@
|
|
216
243
|
|
217
244
|
<fingerprint pattern="\(Turbolinux\)">
|
218
245
|
<description>Turbolinux</description>
|
246
|
+
<example>Apache/2.2.6 (Turbolinux)</example>
|
219
247
|
<param pos="0" name="os.vendor" value="Turbolinux"/>
|
220
248
|
<param pos="0" name="os.family" value="Linux"/>
|
221
249
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -223,6 +251,7 @@
|
|
223
251
|
|
224
252
|
<fingerprint pattern="\(FreeBSD\)">
|
225
253
|
<description>FreeBSD</description>
|
254
|
+
<example>Apache/2.4.51 (FreeBSD) OpenSSL/1.1.1h-freebsd</example>
|
226
255
|
<param pos="0" name="os.vendor" value="FreeBSD"/>
|
227
256
|
<param pos="0" name="os.family" value="FreeBSD"/>
|
228
257
|
<param pos="0" name="os.product" value="FreeBSD"/>
|
@@ -231,6 +260,7 @@
|
|
231
260
|
|
232
261
|
<fingerprint pattern="\(Asianux\)">
|
233
262
|
<description>Asianux Linux</description>
|
263
|
+
<example>Apache/2.2.15 (Asianux)</example>
|
234
264
|
<param pos="0" name="os.vendor" value="Asianux"/>
|
235
265
|
<param pos="0" name="os.family" value="Linux"/>
|
236
266
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -238,6 +268,7 @@
|
|
238
268
|
|
239
269
|
<fingerprint pattern="\(Gentoo(?:/Linux)?\)">
|
240
270
|
<description>Gentoo Linux</description>
|
271
|
+
<example>Apache/2.2.6 (Gentoo) DAV/2 mod_python/3.3.1</example>
|
241
272
|
<param pos="0" name="os.vendor" value="Gentoo"/>
|
242
273
|
<param pos="0" name="os.family" value="Linux"/>
|
243
274
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -246,6 +277,7 @@
|
|
246
277
|
|
247
278
|
<fingerprint pattern="\(Conectiva(?:/Linux)?\)">
|
248
279
|
<description>Conectiva Linux</description>
|
280
|
+
<example>Apache/1.3.33 (Unix) (Conectiva/Linux)</example>
|
249
281
|
<param pos="0" name="os.vendor" value="Conectiva"/>
|
250
282
|
<param pos="0" name="os.family" value="Linux"/>
|
251
283
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -254,6 +286,7 @@
|
|
254
286
|
|
255
287
|
<fingerprint pattern="\(Trustix Secure Linux(?:/Linux)?\)">
|
256
288
|
<description>Trustix Linux</description>
|
289
|
+
<example>Apache/2.0.55 (Trustix Secure Linux/Linux)</example>
|
257
290
|
<param pos="0" name="os.vendor" value="Trustix"/>
|
258
291
|
<param pos="0" name="os.family" value="Linux"/>
|
259
292
|
<param pos="0" name="os.product" value="Secure Linux"/>
|
@@ -262,6 +295,7 @@
|
|
262
295
|
|
263
296
|
<fingerprint pattern="\(White Box\)">
|
264
297
|
<description>White Box Enterprise Linux</description>
|
298
|
+
<example>Apache/2.0.46 (White Box)</example>
|
265
299
|
<param pos="0" name="os.vendor" value="White Box"/>
|
266
300
|
<param pos="0" name="os.family" value="Linux"/>
|
267
301
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
@@ -269,6 +303,7 @@
|
|
269
303
|
|
270
304
|
<fingerprint pattern="\(UnitedLinux\)">
|
271
305
|
<description>UnitedLinux</description>
|
306
|
+
<example>Apache/1.3.26 (UnitedLinux) mod_ssl/2.8.10</example>
|
272
307
|
<param pos="0" name="os.vendor" value="UnitedLinux"/>
|
273
308
|
<param pos="0" name="os.family" value="Linux"/>
|
274
309
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -276,6 +311,7 @@
|
|
276
311
|
|
277
312
|
<fingerprint pattern="\(PLD/Linux\)">
|
278
313
|
<description>PLD Linux</description>
|
314
|
+
<example>Apache/1.3.42 (PLD/Linux)</example>
|
279
315
|
<param pos="0" name="os.vendor" value="PLD"/>
|
280
316
|
<param pos="0" name="os.family" value="Linux"/>
|
281
317
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -283,6 +319,7 @@
|
|
283
319
|
|
284
320
|
<fingerprint pattern="\(Vine/Linux\)">
|
285
321
|
<description>Vine Linux</description>
|
322
|
+
<example>Apache/1.3.27 (Unix) (Vine/Linux)</example>
|
286
323
|
<param pos="0" name="os.vendor" value="Vine"/>
|
287
324
|
<param pos="0" name="os.family" value="Linux"/>
|
288
325
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -290,13 +327,17 @@
|
|
290
327
|
|
291
328
|
<fingerprint pattern="\(rPath\)">
|
292
329
|
<description>rPath Linux</description>
|
330
|
+
<example>Apache/2.2.9 (rPath)</example>
|
293
331
|
<param pos="0" name="os.vendor" value="rPath"/>
|
294
332
|
<param pos="0" name="os.family" value="Linux"/>
|
295
333
|
<param pos="0" name="os.product" value="Linux"/>
|
296
334
|
</fingerprint>
|
297
335
|
|
298
|
-
<fingerprint pattern="\(StartCom Linux
|
336
|
+
<fingerprint pattern="\(StartCom(?: Linux)?\)">
|
299
337
|
<description>StartCom Linux</description>
|
338
|
+
<example>Apache/2.2.3 (StartCom)</example>
|
339
|
+
<example>Apache/2.2.3 (StartCom) (Release 31.SEL5_4)</example>
|
340
|
+
<example>Apache/2.2.0 (StartCom Linux)</example>
|
300
341
|
<param pos="0" name="os.vendor" value="StartCom"/>
|
301
342
|
<param pos="0" name="os.family" value="Linux"/>
|
302
343
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -304,6 +345,7 @@
|
|
304
345
|
|
305
346
|
<fingerprint pattern="Linux">
|
306
347
|
<description>Generic Linux fallback</description>
|
348
|
+
<example>Apache/Linux</example>
|
307
349
|
<param pos="0" name="os.certainty" value="0.75"/>
|
308
350
|
<param pos="0" name="os.family" value="Linux"/>
|
309
351
|
<param pos="0" name="os.product" value="Linux"/>
|
data/xml/architecture.xml
CHANGED
@@ -16,28 +16,42 @@
|
|
16
16
|
<param pos="0" name="os.arch" value="x86"/>
|
17
17
|
</fingerprint>
|
18
18
|
|
19
|
-
<fingerprint pattern="PowerPC|PPC|POWER
|
19
|
+
<fingerprint pattern="PowerPC|PPC|POWER" flags="REG_ICASE">
|
20
20
|
<description>PowerPC</description>
|
21
|
+
<example>PowerPC</example>
|
22
|
+
<example>PPC</example>
|
23
|
+
<example>POWER</example>
|
24
|
+
<example>ppc</example>
|
21
25
|
<param pos="0" name="os.arch" value="PowerPC"/>
|
22
26
|
</fingerprint>
|
23
27
|
|
24
28
|
<fingerprint pattern="SPARC" flags="REG_ICASE">
|
25
29
|
<description>SPARC</description>
|
30
|
+
<example>SPARC</example>
|
31
|
+
<example>sparc</example>
|
26
32
|
<param pos="0" name="os.arch" value="Sparc"/>
|
27
33
|
</fingerprint>
|
28
34
|
|
29
35
|
<fingerprint pattern="mips" flags="REG_ICASE">
|
30
36
|
<description>MIPS</description>
|
37
|
+
<example>MIPS</example>
|
38
|
+
<example>mips</example>
|
31
39
|
<param pos="0" name="os.arch" value="MIPS"/>
|
32
40
|
</fingerprint>
|
33
41
|
|
34
42
|
<fingerprint pattern="arm64|aarch64" flags="REG_ICASE">
|
35
43
|
<description>ARM64 (aarch64)</description>
|
44
|
+
<example>arm64</example>
|
45
|
+
<example>ARM64</example>
|
46
|
+
<example>aarch64</example>
|
47
|
+
<example>AARCH64</example>
|
36
48
|
<param pos="0" name="os.arch" value="ARM64"/>
|
37
49
|
</fingerprint>
|
38
50
|
|
39
51
|
<fingerprint pattern="arm" flags="REG_ICASE">
|
40
52
|
<description>ARM</description>
|
53
|
+
<example>arm</example>
|
54
|
+
<example>ARM</example>
|
41
55
|
<param pos="0" name="os.arch" value="ARM"/>
|
42
56
|
</fingerprint>
|
43
57
|
|
data/xml/dhcp_vendor_class.xml
CHANGED
@@ -48,7 +48,7 @@
|
|
48
48
|
<example hw.family="OfficeJet">Hewlett-Packard OfficeJet</example>
|
49
49
|
<example hw.family="LaserJet">HP LaserJet</example>
|
50
50
|
<example hw.family="Printer">HP Printer</example>
|
51
|
-
<example>Hewlett-Packard JetDirect</example>
|
51
|
+
<example hw.family="JetDirect">Hewlett-Packard JetDirect</example>
|
52
52
|
<param pos="0" name="hw.device" value="Printer"/>
|
53
53
|
<param pos="0" name="hw.vendor" value="HP"/>
|
54
54
|
<param pos="1" name="hw.family"/>
|