recog 2.3.22 → 2.3.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +1 -1
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +2 -0
- data/bin/recog_verify +42 -7
- data/cpe-remap.yaml +20 -2
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +81 -17
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_product.txt +2 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +1 -0
- data/identifiers/os_product.txt +8 -1
- data/identifiers/service_product.txt +14 -0
- data/identifiers/vendor.txt +13 -1
- data/lib/recog/fingerprint.rb +21 -7
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +4 -4
- data/lib/recog/verify_reporter.rb +7 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +8 -8
- data/update_cpes.py +129 -36
- data/xml/apache_os.xml +61 -19
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +1 -1
- data/xml/dns_versionbind.xml +16 -13
- data/xml/favicons.xml +87 -5
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +131 -141
- data/xml/h323_callresp.xml +2 -2
- data/xml/hp_pjl_id.xml +81 -81
- data/xml/html_title.xml +178 -9
- data/xml/http_cookies.xml +83 -27
- data/xml/http_servers.xml +409 -269
- data/xml/http_wwwauth.xml +70 -37
- data/xml/imap_banners.xml +2 -2
- data/xml/nntp_banners.xml +8 -5
- data/xml/ntp_banners.xml +33 -33
- data/xml/operating_system.xml +92 -77
- data/xml/pop_banners.xml +17 -17
- data/xml/sip_banners.xml +16 -5
- data/xml/sip_user_agents.xml +122 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +25 -25
- data/xml/smtp_banners.xml +132 -131
- data/xml/smtp_help.xml +1 -1
- data/xml/snmp_sysdescr.xml +1227 -1227
- data/xml/snmp_sysobjid.xml +2 -2
- data/xml/ssh_banners.xml +9 -5
- data/xml/telnet_banners.xml +49 -0
- data/xml/tls_jarm.xml +22 -2
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +3 -2
- data/xml/x509_subjects.xml +3 -3
- metadata +19 -3
- data/lib/recog/verifier_factory.rb +0 -13
data/update_cpes.py
CHANGED
|
@@ -7,56 +7,117 @@ import sys
|
|
|
7
7
|
import yaml
|
|
8
8
|
from lxml import etree
|
|
9
9
|
|
|
10
|
+
BASE_LOG_FORMAT = '%(levelname)s: %(message)s'
|
|
11
|
+
|
|
12
|
+
# CPE w/o 2.3 component: cpe:/a:nginx:nginx:0.1.0"
|
|
13
|
+
REGEX_CPE = re.compile('^cpe:/([aho]):([^:]+):([^:]+)')
|
|
14
|
+
# CPE w/ 2.3 component: cpe:2.3:a:f5:nginx:0.1.0:*:*:*:*:*:*:*
|
|
15
|
+
REGEX_CPE_23 = re.compile('^cpe:2.3:([aho]):([^:]+):([^:]+)')
|
|
16
|
+
|
|
17
|
+
XML_PATH_DEPRECATED_BY = "./{http://scap.nist.gov/schema/cpe-extension/2.3}cpe23-item/{http://scap.nist.gov/schema/cpe-extension/2.3}deprecation/{http://scap.nist.gov/schema/cpe-extension/2.3}deprecated-by"
|
|
18
|
+
|
|
19
|
+
|
|
10
20
|
def parse_r7_remapping(file):
|
|
11
21
|
with open(file) as remap_file:
|
|
12
22
|
return yaml.safe_load(remap_file)["mappings"]
|
|
13
23
|
|
|
24
|
+
|
|
25
|
+
def update_vp_map(target_map, cpe_type, vendor, product):
|
|
26
|
+
"""Add an entry to the dict tracking valid combinations
|
|
27
|
+
"""
|
|
28
|
+
|
|
29
|
+
if cpe_type not in target_map:
|
|
30
|
+
target_map[cpe_type] = {}
|
|
31
|
+
|
|
32
|
+
if vendor not in target_map[cpe_type]:
|
|
33
|
+
target_map[cpe_type][vendor] = set()
|
|
34
|
+
|
|
35
|
+
product = product.replace('%2f', '/')
|
|
36
|
+
target_map[cpe_type][vendor].add(product)
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
def update_deprecated_map(target_map, dep_string, entry):
|
|
40
|
+
"""Add an entry to the dict tracking deprecations
|
|
41
|
+
|
|
42
|
+
target_map example:
|
|
43
|
+
|
|
44
|
+
{
|
|
45
|
+
"a:100plus:101eip":
|
|
46
|
+
{
|
|
47
|
+
"deprecated_date": "2021-06-10T15:28:05.490Z",
|
|
48
|
+
"deprecated_by": "a:hundredplus:101eip"
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
Args:
|
|
53
|
+
target_map (dict): dict containing deprecations
|
|
54
|
+
dep_string (str): key to add in the format of 'type:vendor:product'
|
|
55
|
+
entry (lxml.etree._Element): XML element to pull additional data from
|
|
56
|
+
|
|
57
|
+
Returns:
|
|
58
|
+
None, target_map modified in place
|
|
59
|
+
"""
|
|
60
|
+
|
|
61
|
+
deprecated_date = entry.get("deprecation_date", "")
|
|
62
|
+
|
|
63
|
+
# Find the CPE that deprecated this entry
|
|
64
|
+
raw_dep_by = entry.find(XML_PATH_DEPRECATED_BY).get('name')
|
|
65
|
+
|
|
66
|
+
# Extract the type, vendor, product
|
|
67
|
+
dep_by_match = REGEX_CPE_23.match(raw_dep_by)
|
|
68
|
+
if not dep_by_match:
|
|
69
|
+
logging.error("CPE %s is deprecated but we can't build the deprecation mapping entry for some reason.", dep_string)
|
|
70
|
+
return
|
|
71
|
+
|
|
72
|
+
dep_type, dep_vendor, dep_product = dep_by_match.group(1, 2, 3)
|
|
73
|
+
deprecated_by = "{}:{}:{}".format(dep_type, dep_vendor, dep_product)
|
|
74
|
+
|
|
75
|
+
if dep_string not in target_map:
|
|
76
|
+
target_map[dep_string] = {}
|
|
77
|
+
|
|
78
|
+
if not target_map[dep_string].get('deprecated_date'):
|
|
79
|
+
target_map[dep_string]['deprecated_date'] = deprecated_date
|
|
80
|
+
|
|
81
|
+
if not target_map[dep_string].get('deprecated_by'):
|
|
82
|
+
target_map[dep_string]['deprecated_by'] = deprecated_by
|
|
83
|
+
|
|
84
|
+
|
|
14
85
|
def parse_cpe_vp_map(file):
|
|
86
|
+
deprecated_map = {}
|
|
15
87
|
vp_map = {} # cpe_type -> vendor -> products
|
|
88
|
+
|
|
16
89
|
parser = etree.XMLParser(remove_comments=False)
|
|
17
90
|
doc = etree.parse(file, parser)
|
|
18
|
-
namespaces = {
|
|
91
|
+
namespaces = {
|
|
92
|
+
'ns': 'http://cpe.mitre.org/dictionary/2.0',
|
|
93
|
+
'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'
|
|
94
|
+
}
|
|
19
95
|
for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
|
|
20
96
|
cpe_name = entry.get("name")
|
|
21
97
|
if not cpe_name:
|
|
22
98
|
continue
|
|
23
99
|
|
|
24
|
-
|
|
25
|
-
if entry.get("deprecated"):
|
|
26
|
-
continue
|
|
27
|
-
|
|
28
|
-
cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
|
|
29
|
-
|
|
100
|
+
cpe_match = REGEX_CPE.match(cpe_name)
|
|
30
101
|
if cpe_match:
|
|
31
102
|
cpe_type, vendor, product = cpe_match.group(1, 2, 3)
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
if
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
vp_map[cpe_type][vendor].add(product)
|
|
38
|
-
else:
|
|
39
|
-
logging.error("Unexpected CPE %s", cpe_name)
|
|
103
|
+
# If the entry is deprecated then don't add it to our list of valid
|
|
104
|
+
# CPEs, but instead add it to a list for reference later.
|
|
105
|
+
if entry.get("deprecated"):
|
|
106
|
+
# This will be the key under which we store the deprecation data
|
|
107
|
+
deprecated_string = "{}:{}:{}".format(cpe_type, vendor, product)
|
|
40
108
|
|
|
41
|
-
|
|
109
|
+
update_deprecated_map(deprecated_map, deprecated_string, entry)
|
|
110
|
+
continue
|
|
42
111
|
|
|
43
|
-
|
|
44
|
-
if len(sys.argv) != 4:
|
|
45
|
-
logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
|
|
46
|
-
sys.exit(1)
|
|
112
|
+
update_vp_map(vp_map, cpe_type, vendor, product)
|
|
47
113
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
|
|
51
|
-
sys.exit(1)
|
|
114
|
+
else:
|
|
115
|
+
logging.error("Unexpected CPE %s", cpe_name)
|
|
52
116
|
|
|
53
|
-
|
|
54
|
-
if not r7_vp_map:
|
|
55
|
-
logging.warning("No Rapid7 vendor/product => CPE mapping read from %s", sys.argv[3])
|
|
117
|
+
return vp_map, deprecated_map
|
|
56
118
|
|
|
57
|
-
update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map)
|
|
58
119
|
|
|
59
|
-
def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
120
|
+
def lookup_cpe(vendor, product, cpe_type, cpe_table, remap, deprecated_map):
|
|
60
121
|
"""Identify the correct vendor and product values for a CPE
|
|
61
122
|
|
|
62
123
|
This function attempts to determine the correct CPE using vendor and product
|
|
@@ -82,6 +143,8 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
|
82
143
|
cpe_type (str): CPE type - o, a, h, etc.
|
|
83
144
|
cpe_table (dict): dict containing the official NIST CPE data
|
|
84
145
|
remap (dict): dict containing the remapping values
|
|
146
|
+
deprecated_cves (set): set of all deprecated CPEs in the format
|
|
147
|
+
'type:vendor:product'
|
|
85
148
|
Returns:
|
|
86
149
|
success, vendor, product
|
|
87
150
|
"""
|
|
@@ -130,13 +193,20 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
|
130
193
|
# Found remap vendor, remap product
|
|
131
194
|
return True, new_vendor, possible_product
|
|
132
195
|
|
|
196
|
+
deprecated_string = "{}:{}:{}".format(cpe_type, vendor, product)
|
|
197
|
+
if deprecated_map.get(deprecated_string, False):
|
|
198
|
+
dep_by = deprecated_map[deprecated_string].get("deprecated_by", "")
|
|
199
|
+
dep_date = deprecated_map[deprecated_string].get("deprecated_date", "")
|
|
200
|
+
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping. This combination is DEPRECATED by %s at %s",
|
|
201
|
+
product, vendor, cpe_type, dep_by, dep_date)
|
|
202
|
+
else:
|
|
203
|
+
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping.",
|
|
204
|
+
product, vendor, cpe_type)
|
|
133
205
|
|
|
134
|
-
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping",
|
|
135
|
-
product, vendor, cpe_type)
|
|
136
206
|
return False, None, None
|
|
137
207
|
|
|
138
208
|
|
|
139
|
-
def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
209
|
+
def update_cpes(xml_file, cpe_vp_map, r7_vp_map, deprecated_cves):
|
|
140
210
|
parser = etree.XMLParser(remove_comments=False, remove_blank_text=True)
|
|
141
211
|
doc = etree.parse(xml_file, parser)
|
|
142
212
|
|
|
@@ -160,7 +230,6 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
|
160
230
|
raise ValueError('Duplicated fingerprint named {} in fingerprint {} in file {}'.format(name, fingerprint.attrib['pattern'], xml_file))
|
|
161
231
|
params[fp_type][name] = param
|
|
162
232
|
|
|
163
|
-
|
|
164
233
|
# for each of the applicable os/service param groups, build a CPE
|
|
165
234
|
for fp_type in params:
|
|
166
235
|
if fp_type == 'os':
|
|
@@ -210,7 +279,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
|
210
279
|
if (vendor.startswith('{') and vendor.endswith('}')) or (product.startswith('{') and product.endswith('}')):
|
|
211
280
|
continue
|
|
212
281
|
|
|
213
|
-
success, vendor, product = lookup_cpe(vendor, product, cpe_type, cpe_vp_map, r7_vp_map)
|
|
282
|
+
success, vendor, product = lookup_cpe(vendor, product, cpe_type, cpe_vp_map, r7_vp_map, deprecated_cves)
|
|
214
283
|
if not success:
|
|
215
284
|
continue
|
|
216
285
|
|
|
@@ -245,6 +314,30 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
|
245
314
|
with open(xml_file, 'wb') as xml_out:
|
|
246
315
|
xml_out.write(etree.tostring(root, pretty_print=True, xml_declaration=True, encoding=doc.docinfo.encoding))
|
|
247
316
|
|
|
317
|
+
|
|
318
|
+
def main():
|
|
319
|
+
if len(sys.argv) != 4:
|
|
320
|
+
logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
|
|
321
|
+
sys.exit(1)
|
|
322
|
+
|
|
323
|
+
cpe_vp_map, deprecated_map = parse_cpe_vp_map(sys.argv[2])
|
|
324
|
+
if not cpe_vp_map:
|
|
325
|
+
logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
|
|
326
|
+
sys.exit(1)
|
|
327
|
+
|
|
328
|
+
r7_vp_map = parse_r7_remapping(sys.argv[3])
|
|
329
|
+
if not r7_vp_map:
|
|
330
|
+
logging.warning("No Rapid7 vendor/product => CPE mapping read from %s", sys.argv[3])
|
|
331
|
+
|
|
332
|
+
# update format string for the logging handler to include the recog XML filename
|
|
333
|
+
logging.basicConfig(force=True, format=f"{sys.argv[1]}: {BASE_LOG_FORMAT}")
|
|
334
|
+
|
|
335
|
+
update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map, deprecated_map)
|
|
336
|
+
|
|
337
|
+
|
|
248
338
|
if __name__ == '__main__':
|
|
249
|
-
|
|
250
|
-
|
|
339
|
+
logging.basicConfig(format=BASE_LOG_FORMAT)
|
|
340
|
+
try:
|
|
341
|
+
sys.exit(main())
|
|
342
|
+
except KeyboardInterrupt:
|
|
343
|
+
pass
|
data/xml/apache_os.xml
CHANGED
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
|
|
9
9
|
<fingerprint pattern="\(iSeries\)">
|
|
10
10
|
<description>IBM i5/OS iSeries (OS/400)</description>
|
|
11
|
+
<example>Apache/2.0.52 (iSeries)</example>
|
|
11
12
|
<param pos="0" name="os.vendor" value="IBM"/>
|
|
12
13
|
<param pos="0" name="os.family" value="OS/400"/>
|
|
13
14
|
<param pos="0" name="os.product" value="OS/400"/>
|
|
@@ -16,6 +17,7 @@
|
|
|
16
17
|
|
|
17
18
|
<fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.92mdk\)">
|
|
18
19
|
<description>Mandriva (formerly Mandrake) Linux 9.2</description>
|
|
20
|
+
<example>Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.3.92mdk) mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2</example>
|
|
19
21
|
<param pos="0" name="os.certainty" value="0.9"/>
|
|
20
22
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
|
21
23
|
<param pos="0" name="os.family" value="Linux"/>
|
|
@@ -26,6 +28,7 @@
|
|
|
26
28
|
|
|
27
29
|
<fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.100mdk\)">
|
|
28
30
|
<description>Mandriva (formerly Mandrake) Linux 10.0</description>
|
|
31
|
+
<example>Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6.11.100mdk)</example>
|
|
29
32
|
<param pos="0" name="os.certainty" value="0.9"/>
|
|
30
33
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
|
31
34
|
<param pos="0" name="os.family" value="Linux"/>
|
|
@@ -36,6 +39,7 @@
|
|
|
36
39
|
|
|
37
40
|
<fingerprint pattern="\((?:Mandrake|Mandriva) Linux/">
|
|
38
41
|
<description>Mandriva (formerly Mandrake) Linux unknown version</description>
|
|
42
|
+
<example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
|
|
39
43
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
|
40
44
|
<param pos="0" name="os.family" value="Linux"/>
|
|
41
45
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -44,6 +48,7 @@
|
|
|
44
48
|
|
|
45
49
|
<fingerprint pattern="\(Mandrakelinux/">
|
|
46
50
|
<description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
|
|
51
|
+
<example>Apache-AdvancedExtranetServer/2.0.53 (Mandrakelinux/PREFORK-9mdk) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/4.3.10 mod_perl/1.999.21 Perl/v5.8.6</example>
|
|
47
52
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
|
48
53
|
<param pos="0" name="os.family" value="Linux"/>
|
|
49
54
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -52,6 +57,7 @@
|
|
|
52
57
|
|
|
53
58
|
<fingerprint pattern="\(PalmOS\)">
|
|
54
59
|
<description>PalmOS</description>
|
|
60
|
+
<example>Apache/1.2.42 (PalmOS)</example>
|
|
55
61
|
<param pos="0" name="os.vendor" value="Palm"/>
|
|
56
62
|
<param pos="0" name="os.family" value="PalmOS"/>
|
|
57
63
|
<param pos="0" name="os.product" value="PalmOS"/>
|
|
@@ -59,6 +65,7 @@
|
|
|
59
65
|
|
|
60
66
|
<fingerprint pattern="\(Win32\)">
|
|
61
67
|
<description>Microsoft Windows</description>
|
|
68
|
+
<example>Apache/2.2.25 (Win32)</example>
|
|
62
69
|
<param pos="0" name="os.certainty" value="0.75"/>
|
|
63
70
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
64
71
|
<param pos="0" name="os.family" value="Windows"/>
|
|
@@ -68,6 +75,7 @@
|
|
|
68
75
|
|
|
69
76
|
<fingerprint pattern="\(Darwin\)">
|
|
70
77
|
<description>Apple Mac OS X</description>
|
|
78
|
+
<example>Apache/1.3.33 (Darwin)</example>
|
|
71
79
|
<param pos="0" name="os.vendor" value="Apple"/>
|
|
72
80
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
73
81
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
@@ -76,6 +84,7 @@
|
|
|
76
84
|
|
|
77
85
|
<fingerprint pattern="\(Ubuntu\)">
|
|
78
86
|
<description>Ubuntu</description>
|
|
87
|
+
<example>Apache (Ubuntu)</example>
|
|
79
88
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
80
89
|
<param pos="0" name="os.family" value="Linux"/>
|
|
81
90
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -84,6 +93,7 @@
|
|
|
84
93
|
|
|
85
94
|
<fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?">
|
|
86
95
|
<description>Sun Cobalt RaQ (Red Hat based Linux)</description>
|
|
96
|
+
<example>Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)</example>
|
|
87
97
|
<param pos="0" name="os.vendor" value="Sun"/>
|
|
88
98
|
<param pos="0" name="os.family" value="Linux"/>
|
|
89
99
|
<param pos="0" name="os.product" value="Cobalt RaQ"/>
|
|
@@ -91,6 +101,7 @@
|
|
|
91
101
|
|
|
92
102
|
<fingerprint pattern="\(BlueQuartz\)">
|
|
93
103
|
<description>Blue Quartz is created by a Cobalt RaQ UG</description>
|
|
104
|
+
<example>Apache/2.0.52 (BlueQuartz)</example>
|
|
94
105
|
<param pos="0" name="os.vendor" value="Sun"/>
|
|
95
106
|
<param pos="0" name="os.family" value="Linux"/>
|
|
96
107
|
<param pos="0" name="os.product" value="Cobalt RaQ"/>
|
|
@@ -98,59 +109,66 @@
|
|
|
98
109
|
|
|
99
110
|
<fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)">
|
|
100
111
|
<description>Red Hat Fedora 11</description>
|
|
101
|
-
<
|
|
112
|
+
<example>Apache/2.2.11 (Fedora)</example>
|
|
113
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
|
102
114
|
<param pos="0" name="os.family" value="Linux"/>
|
|
103
|
-
<param pos="0" name="os.product" value="Fedora Core
|
|
115
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
|
104
116
|
<param pos="0" name="os.version" value="11"/>
|
|
105
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
|
117
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:11"/>
|
|
106
118
|
</fingerprint>
|
|
107
119
|
|
|
108
120
|
<fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)">
|
|
109
121
|
<description>Red Hat Fedora 13</description>
|
|
110
|
-
<
|
|
122
|
+
<example>Apache/2.2.15 (Fedora)</example>
|
|
123
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
|
111
124
|
<param pos="0" name="os.family" value="Linux"/>
|
|
112
|
-
<param pos="0" name="os.product" value="Fedora Core
|
|
125
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
|
113
126
|
<param pos="0" name="os.version" value="13"/>
|
|
114
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
|
127
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:13"/>
|
|
115
128
|
</fingerprint>
|
|
116
129
|
|
|
117
130
|
<fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)">
|
|
118
131
|
<description>Red Hat Fedora 14</description>
|
|
119
|
-
<
|
|
132
|
+
<example>Apache/2.2.16 (Fedora)</example>
|
|
133
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
|
120
134
|
<param pos="0" name="os.family" value="Linux"/>
|
|
121
|
-
<param pos="0" name="os.product" value="Fedora Core
|
|
135
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
|
122
136
|
<param pos="0" name="os.version" value="14"/>
|
|
123
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
|
137
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:14"/>
|
|
124
138
|
</fingerprint>
|
|
125
139
|
|
|
126
140
|
<fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)">
|
|
127
141
|
<description>Red Hat Fedora 17</description>
|
|
128
|
-
<
|
|
142
|
+
<example>Apache/2.2.23 (Fedora)</example>
|
|
143
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
|
129
144
|
<param pos="0" name="os.family" value="Linux"/>
|
|
130
|
-
<param pos="0" name="os.product" value="Fedora Core
|
|
145
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
|
131
146
|
<param pos="0" name="os.version" value="17"/>
|
|
132
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
|
147
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:17"/>
|
|
133
148
|
</fingerprint>
|
|
134
149
|
|
|
135
150
|
<fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)">
|
|
136
151
|
<description>Red Hat Fedora 18</description>
|
|
137
|
-
<
|
|
152
|
+
<example>Apache/2.4.3 (Fedora) PHP/5.4.12</example>
|
|
153
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
|
138
154
|
<param pos="0" name="os.family" value="Linux"/>
|
|
139
|
-
<param pos="0" name="os.product" value="Fedora Core
|
|
155
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
|
140
156
|
<param pos="0" name="os.version" value="18"/>
|
|
141
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
|
157
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:18"/>
|
|
142
158
|
</fingerprint>
|
|
143
159
|
|
|
144
160
|
<fingerprint pattern="\(Fedora\)">
|
|
145
161
|
<description>Red Hat Fedora</description>
|
|
146
|
-
<
|
|
162
|
+
<example>Apache (Fedora)</example>
|
|
163
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
|
147
164
|
<param pos="0" name="os.family" value="Linux"/>
|
|
148
|
-
<param pos="0" name="os.product" value="Fedora Core
|
|
149
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
|
165
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
|
166
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
|
|
150
167
|
</fingerprint>
|
|
151
168
|
|
|
152
169
|
<fingerprint pattern="\(RHEL\)">
|
|
153
170
|
<description>Red Hat Enterprise Linux</description>
|
|
171
|
+
<example>Apache/2.0.53 (RHEL)</example>
|
|
154
172
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
|
155
173
|
<param pos="0" name="os.family" value="Linux"/>
|
|
156
174
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
|
@@ -159,6 +177,8 @@
|
|
|
159
177
|
|
|
160
178
|
<fingerprint pattern="\(Red[ -]Hat(?:[/ ]Linux)?\)">
|
|
161
179
|
<description>Red Hat Linux</description>
|
|
180
|
+
<example>Apache (Red Hat Linux)</example>
|
|
181
|
+
<example>Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.3.11</example>
|
|
162
182
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
|
163
183
|
<param pos="0" name="os.family" value="Linux"/>
|
|
164
184
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -176,6 +196,8 @@
|
|
|
176
196
|
|
|
177
197
|
<fingerprint pattern="Debian(?:[/ ]GNU)?(?:/Linux)?">
|
|
178
198
|
<description>Debian Linux</description>
|
|
199
|
+
<example>Debian GNU/Linux</example>
|
|
200
|
+
<example>Apache/1.3.26 (Unix) Debian GNU/Linux</example>
|
|
179
201
|
<param pos="0" name="os.vendor" value="Debian"/>
|
|
180
202
|
<param pos="0" name="os.family" value="Linux"/>
|
|
181
203
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -184,6 +206,8 @@
|
|
|
184
206
|
|
|
185
207
|
<fingerprint pattern="\((?:Linux/)?S[uU]SE(?:/Linux)?\)">
|
|
186
208
|
<description>Novell SuSE Linux</description>
|
|
209
|
+
<example>Apache (SuSE/Linux)</example>
|
|
210
|
+
<example>Apache/2.2.12 (Linux/SUSE)</example>
|
|
187
211
|
<param pos="0" name="os.vendor" value="SuSE"/>
|
|
188
212
|
<param pos="0" name="os.family" value="Linux"/>
|
|
189
213
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -192,6 +216,7 @@
|
|
|
192
216
|
|
|
193
217
|
<fingerprint pattern="\(NETWARE\)">
|
|
194
218
|
<description>Novell NetWare</description>
|
|
219
|
+
<example>Apache/2.0.64 (NETWARE)</example>
|
|
195
220
|
<param pos="0" name="os.vendor" value="Novell"/>
|
|
196
221
|
<param pos="0" name="os.family" value="NetWare"/>
|
|
197
222
|
<param pos="0" name="os.product" value="NetWare"/>
|
|
@@ -200,6 +225,7 @@
|
|
|
200
225
|
|
|
201
226
|
<fingerprint pattern="HP-UX_Apache-based_Web_Server">
|
|
202
227
|
<description>HP HP-UX</description>
|
|
228
|
+
<example>Apache/2.0.58 HP-UX_Apache-based_Web_Server</example>
|
|
203
229
|
<param pos="0" name="os.vendor" value="HP"/>
|
|
204
230
|
<param pos="0" name="os.family" value="HP-UX"/>
|
|
205
231
|
<param pos="0" name="os.product" value="HP-UX"/>
|
|
@@ -208,6 +234,7 @@
|
|
|
208
234
|
|
|
209
235
|
<fingerprint pattern="\(CentOS\)">
|
|
210
236
|
<description>CentOS Linux</description>
|
|
237
|
+
<example>Apache/2.2.15 (CentOS)</example>
|
|
211
238
|
<param pos="0" name="os.vendor" value="CentOS"/>
|
|
212
239
|
<param pos="0" name="os.family" value="Linux"/>
|
|
213
240
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -216,6 +243,7 @@
|
|
|
216
243
|
|
|
217
244
|
<fingerprint pattern="\(Turbolinux\)">
|
|
218
245
|
<description>Turbolinux</description>
|
|
246
|
+
<example>Apache/2.2.6 (Turbolinux)</example>
|
|
219
247
|
<param pos="0" name="os.vendor" value="Turbolinux"/>
|
|
220
248
|
<param pos="0" name="os.family" value="Linux"/>
|
|
221
249
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -223,6 +251,7 @@
|
|
|
223
251
|
|
|
224
252
|
<fingerprint pattern="\(FreeBSD\)">
|
|
225
253
|
<description>FreeBSD</description>
|
|
254
|
+
<example>Apache/2.4.51 (FreeBSD) OpenSSL/1.1.1h-freebsd</example>
|
|
226
255
|
<param pos="0" name="os.vendor" value="FreeBSD"/>
|
|
227
256
|
<param pos="0" name="os.family" value="FreeBSD"/>
|
|
228
257
|
<param pos="0" name="os.product" value="FreeBSD"/>
|
|
@@ -231,6 +260,7 @@
|
|
|
231
260
|
|
|
232
261
|
<fingerprint pattern="\(Asianux\)">
|
|
233
262
|
<description>Asianux Linux</description>
|
|
263
|
+
<example>Apache/2.2.15 (Asianux)</example>
|
|
234
264
|
<param pos="0" name="os.vendor" value="Asianux"/>
|
|
235
265
|
<param pos="0" name="os.family" value="Linux"/>
|
|
236
266
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -238,6 +268,7 @@
|
|
|
238
268
|
|
|
239
269
|
<fingerprint pattern="\(Gentoo(?:/Linux)?\)">
|
|
240
270
|
<description>Gentoo Linux</description>
|
|
271
|
+
<example>Apache/2.2.6 (Gentoo) DAV/2 mod_python/3.3.1</example>
|
|
241
272
|
<param pos="0" name="os.vendor" value="Gentoo"/>
|
|
242
273
|
<param pos="0" name="os.family" value="Linux"/>
|
|
243
274
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -246,6 +277,7 @@
|
|
|
246
277
|
|
|
247
278
|
<fingerprint pattern="\(Conectiva(?:/Linux)?\)">
|
|
248
279
|
<description>Conectiva Linux</description>
|
|
280
|
+
<example>Apache/1.3.33 (Unix) (Conectiva/Linux)</example>
|
|
249
281
|
<param pos="0" name="os.vendor" value="Conectiva"/>
|
|
250
282
|
<param pos="0" name="os.family" value="Linux"/>
|
|
251
283
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -254,6 +286,7 @@
|
|
|
254
286
|
|
|
255
287
|
<fingerprint pattern="\(Trustix Secure Linux(?:/Linux)?\)">
|
|
256
288
|
<description>Trustix Linux</description>
|
|
289
|
+
<example>Apache/2.0.55 (Trustix Secure Linux/Linux)</example>
|
|
257
290
|
<param pos="0" name="os.vendor" value="Trustix"/>
|
|
258
291
|
<param pos="0" name="os.family" value="Linux"/>
|
|
259
292
|
<param pos="0" name="os.product" value="Secure Linux"/>
|
|
@@ -262,6 +295,7 @@
|
|
|
262
295
|
|
|
263
296
|
<fingerprint pattern="\(White Box\)">
|
|
264
297
|
<description>White Box Enterprise Linux</description>
|
|
298
|
+
<example>Apache/2.0.46 (White Box)</example>
|
|
265
299
|
<param pos="0" name="os.vendor" value="White Box"/>
|
|
266
300
|
<param pos="0" name="os.family" value="Linux"/>
|
|
267
301
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
|
@@ -269,6 +303,7 @@
|
|
|
269
303
|
|
|
270
304
|
<fingerprint pattern="\(UnitedLinux\)">
|
|
271
305
|
<description>UnitedLinux</description>
|
|
306
|
+
<example>Apache/1.3.26 (UnitedLinux) mod_ssl/2.8.10</example>
|
|
272
307
|
<param pos="0" name="os.vendor" value="UnitedLinux"/>
|
|
273
308
|
<param pos="0" name="os.family" value="Linux"/>
|
|
274
309
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -276,6 +311,7 @@
|
|
|
276
311
|
|
|
277
312
|
<fingerprint pattern="\(PLD/Linux\)">
|
|
278
313
|
<description>PLD Linux</description>
|
|
314
|
+
<example>Apache/1.3.42 (PLD/Linux)</example>
|
|
279
315
|
<param pos="0" name="os.vendor" value="PLD"/>
|
|
280
316
|
<param pos="0" name="os.family" value="Linux"/>
|
|
281
317
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -283,6 +319,7 @@
|
|
|
283
319
|
|
|
284
320
|
<fingerprint pattern="\(Vine/Linux\)">
|
|
285
321
|
<description>Vine Linux</description>
|
|
322
|
+
<example>Apache/1.3.27 (Unix) (Vine/Linux)</example>
|
|
286
323
|
<param pos="0" name="os.vendor" value="Vine"/>
|
|
287
324
|
<param pos="0" name="os.family" value="Linux"/>
|
|
288
325
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -290,13 +327,17 @@
|
|
|
290
327
|
|
|
291
328
|
<fingerprint pattern="\(rPath\)">
|
|
292
329
|
<description>rPath Linux</description>
|
|
330
|
+
<example>Apache/2.2.9 (rPath)</example>
|
|
293
331
|
<param pos="0" name="os.vendor" value="rPath"/>
|
|
294
332
|
<param pos="0" name="os.family" value="Linux"/>
|
|
295
333
|
<param pos="0" name="os.product" value="Linux"/>
|
|
296
334
|
</fingerprint>
|
|
297
335
|
|
|
298
|
-
<fingerprint pattern="\(StartCom Linux
|
|
336
|
+
<fingerprint pattern="\(StartCom(?: Linux)?\)">
|
|
299
337
|
<description>StartCom Linux</description>
|
|
338
|
+
<example>Apache/2.2.3 (StartCom)</example>
|
|
339
|
+
<example>Apache/2.2.3 (StartCom) (Release 31.SEL5_4)</example>
|
|
340
|
+
<example>Apache/2.2.0 (StartCom Linux)</example>
|
|
300
341
|
<param pos="0" name="os.vendor" value="StartCom"/>
|
|
301
342
|
<param pos="0" name="os.family" value="Linux"/>
|
|
302
343
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -304,6 +345,7 @@
|
|
|
304
345
|
|
|
305
346
|
<fingerprint pattern="Linux">
|
|
306
347
|
<description>Generic Linux fallback</description>
|
|
348
|
+
<example>Apache/Linux</example>
|
|
307
349
|
<param pos="0" name="os.certainty" value="0.75"/>
|
|
308
350
|
<param pos="0" name="os.family" value="Linux"/>
|
|
309
351
|
<param pos="0" name="os.product" value="Linux"/>
|
data/xml/architecture.xml
CHANGED
|
@@ -16,28 +16,42 @@
|
|
|
16
16
|
<param pos="0" name="os.arch" value="x86"/>
|
|
17
17
|
</fingerprint>
|
|
18
18
|
|
|
19
|
-
<fingerprint pattern="PowerPC|PPC|POWER
|
|
19
|
+
<fingerprint pattern="PowerPC|PPC|POWER" flags="REG_ICASE">
|
|
20
20
|
<description>PowerPC</description>
|
|
21
|
+
<example>PowerPC</example>
|
|
22
|
+
<example>PPC</example>
|
|
23
|
+
<example>POWER</example>
|
|
24
|
+
<example>ppc</example>
|
|
21
25
|
<param pos="0" name="os.arch" value="PowerPC"/>
|
|
22
26
|
</fingerprint>
|
|
23
27
|
|
|
24
28
|
<fingerprint pattern="SPARC" flags="REG_ICASE">
|
|
25
29
|
<description>SPARC</description>
|
|
30
|
+
<example>SPARC</example>
|
|
31
|
+
<example>sparc</example>
|
|
26
32
|
<param pos="0" name="os.arch" value="Sparc"/>
|
|
27
33
|
</fingerprint>
|
|
28
34
|
|
|
29
35
|
<fingerprint pattern="mips" flags="REG_ICASE">
|
|
30
36
|
<description>MIPS</description>
|
|
37
|
+
<example>MIPS</example>
|
|
38
|
+
<example>mips</example>
|
|
31
39
|
<param pos="0" name="os.arch" value="MIPS"/>
|
|
32
40
|
</fingerprint>
|
|
33
41
|
|
|
34
42
|
<fingerprint pattern="arm64|aarch64" flags="REG_ICASE">
|
|
35
43
|
<description>ARM64 (aarch64)</description>
|
|
44
|
+
<example>arm64</example>
|
|
45
|
+
<example>ARM64</example>
|
|
46
|
+
<example>aarch64</example>
|
|
47
|
+
<example>AARCH64</example>
|
|
36
48
|
<param pos="0" name="os.arch" value="ARM64"/>
|
|
37
49
|
</fingerprint>
|
|
38
50
|
|
|
39
51
|
<fingerprint pattern="arm" flags="REG_ICASE">
|
|
40
52
|
<description>ARM</description>
|
|
53
|
+
<example>arm</example>
|
|
54
|
+
<example>ARM</example>
|
|
41
55
|
<param pos="0" name="os.arch" value="ARM"/>
|
|
42
56
|
</fingerprint>
|
|
43
57
|
|
data/xml/dhcp_vendor_class.xml
CHANGED
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
<example hw.family="OfficeJet">Hewlett-Packard OfficeJet</example>
|
|
49
49
|
<example hw.family="LaserJet">HP LaserJet</example>
|
|
50
50
|
<example hw.family="Printer">HP Printer</example>
|
|
51
|
-
<example>Hewlett-Packard JetDirect</example>
|
|
51
|
+
<example hw.family="JetDirect">Hewlett-Packard JetDirect</example>
|
|
52
52
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
53
53
|
<param pos="0" name="hw.vendor" value="HP"/>
|
|
54
54
|
<param pos="1" name="hw.family"/>
|