recog 2.3.22 → 2.3.23

data/xml/dns_versionbind.xml

@@ -68,8 +68,8 @@
     <example service.version="9.3.6-P1" os.version="5" os.version.version="11">9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12</example>
     <example service.version="9.9.1-P3" os.version="6">9.9.1-P3-RedHat-9.9.1.P3.el6</example>
     <example service.version="9.9.3-rpz2+rl.13208.13-P2" os.version="6">9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6</example>
-    <example os.version="6" os.version.version="1">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
-    <example os.version="6" os.version.version="">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
+    <example os.version="6" os.version.version="1" service.version="9.7.3-P3">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
+    <example os.version="6" os.version.version="" service.version="9.8.2rc1">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
@@ -85,21 +85,21 @@
 
   <fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
     <description>ISC BIND: Fedora</description>
-    <example service.version="9.10.4-P8">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
+    <example service.version="9.10.4-P8" os.version="25">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
     <!-- The '-rl' in the example below indicates a rate limiting patch -->
 
-    <example service.version="9.9.3-rl.13207.22-P2">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
-    <example os.version="10">9.5.2-RedHat-9.5.2-1.fc10</example>
+    <example service.version="9.9.3-rl.13207.22-P2" os.version="19">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
+    <example os.version="10" service.version="9.5.2">9.5.2-RedHat-9.5.2-1.fc10</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="2" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
@@ -719,8 +719,11 @@
   -->
 
   <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
-    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
+    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something -- assert nothing.</description>
     <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 
   <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
@@ -843,8 +846,8 @@
 
   <fingerprint pattern="^ALU DNS ([\d\.]+) Build (\d+)$">
     <description>ALU (Alcatel Lucent?) DNS</description>
-    <example service.version="6.2">ALU DNS 6.2 Build 22</example>
-    <example service.version.version="9">ALU DNS 6.2 Build 9</example>
+    <example service.version="6.2" service.version.version="22">ALU DNS 6.2 Build 22</example>
+    <example service.version.version="9" service.version="6.2">ALU DNS 6.2 Build 9</example>
     <param pos="0" name="service.vendor" value="ALU"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
@@ -910,8 +913,8 @@
 
   <fingerprint pattern="^Meta IP[\s\/]DNS (?:V[\d\.]+ )?- BIND V([\d\.]+(?:-REL)?) \(Build (\d+)\s?\)$">
     <description>Check Point Meta IP</description>
-    <example service.version="8.2.7-REL">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
-    <example service.version.version="4704">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
+    <example service.version="8.2.7-REL" service.version.version="31">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
+    <example service.version.version="4704" service.version="8.1.2">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
     <param pos="0" name="service.vendor" value="Check Point"/>
     <param pos="0" name="service.family" value="META IP"/>
     <param pos="0" name="service.product" value="DNS"/>

data/xml/favicons.xml

@@ -486,6 +486,15 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^cff908861188a1246a35c3f8325c7d2c$">
+    <description>Tomato Router Firmware</description>
+    <example>cff908861188a1246a35c3f8325c7d2c</example>
+    <param pos="0" name="os.vendor" value="Tomato"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Tomato"/>
+    <param pos="0" name="os.device" value="Router"/>
+  </fingerprint>
+
   <fingerprint pattern="^bad2c1f96cd66e70b4aa119e7270cc62|966e60f8eb85b7ea43a7b0095f3e2336$">
     <description>Atlassian Confluence</description>
     <example>bad2c1f96cd66e70b4aa119e7270cc62</example>
@@ -493,7 +502,7 @@
     <param pos="0" name="service.vendor" value="Atlassian"/>
     <param pos="0" name="service.product" value="Confluence"/>
     <param pos="0" name="service.certainty" value="0.5"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence_server:-"/>
   </fingerprint>
 
   <fingerprint pattern="^0fbe700fd7d07ec8d30ef8b3ac261484$">
@@ -1327,10 +1336,13 @@
     <description>pfSense Firewall</description>
     <example>5567e9ce23e5549e0fcd7195f3882816</example>
     <example>57f187c7a868faeac558007a8eb6cb2e</example>
-    <param pos="0" name="hw.vendor" value="pfSense"/>
-    <param pos="0" name="hw.device" value="Firewall"/>
-    <param pos="0" name="hw.product" value="Firewall"/>
-    <param pos="0" name="hw.certainty" value="0.5"/>
+    <param pos="0" name="service.vendor" value="pfSense"/>
+    <param pos="0" name="service.product" value="pfSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pfsense:pfsense:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.vendor" value="pfSense"/>
     <param pos="0" name="os.product" value="FreeBSD"/>
     <param pos="0" name="os.certainty" value="0.5"/>
@@ -1943,9 +1955,79 @@
     <param pos="0" name="os.vendor" value="LG"/>
     <param pos="0" name="os.product" value="webOS"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:lg:webos:-"/>
     <param pos="0" name="hw.vendor" value="LG"/>
     <param pos="0" name="hw.device" value="Smart TV"/>
     <param pos="0" name="hw.certainty" value="0.5"/>
   </fingerprint>
 
+  <fingerprint pattern="^dd80f14145f075264b3067801f511c2f$">
+    <description>Covenant .NET C2 framework</description>
+    <example>dd80f14145f075264b3067801f511c2f</example>
+    <param pos="0" name="service.product" value="Covenant"/>
+  </fingerprint>
+
+  <fingerprint pattern="^5508e5abca6493613e11c72f4296ebf4$">
+    <description>MITRE CALDERA C2 framework</description>
+    <example>5508e5abca6493613e11c72f4296ebf4</example>
+    <param pos="0" name="service.vendor" value="MITRE"/>
+    <param pos="0" name="service.product" value="CALDERA"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mitre:caldera:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^e4ce127909d4697b97bf404a42e7c428$">
+    <description>mitmweb web interface for mitmproxy - https://github.com/mitmproxy/mitmproxy</description>
+    <example>e4ce127909d4697b97bf404a42e7c428</example>
+    <param pos="0" name="service.vendor" value="mitmproxy"/>
+    <param pos="0" name="service.product" value="mitmproxy"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mitmproxy:mitmproxy:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^531b63a51234bb06c9d77f219eb25553$">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>531b63a51234bb06c9d77f219eb25553</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ded14e8b701325c527da56f86b5d5616$">
+    <description>Adminer database management tool</description>
+    <example>ded14e8b701325c527da56f86b5d5616</example>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^6f6256748d679d8684123363bd50a8dd$">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>6f6256748d679d8684123363bd50a8dd</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ce83d230195be7e6d3f1513cc5057da5$">
+    <description>Apache Solr</description>
+    <example>ce83d230195be7e6d3f1513cc5057da5</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Solr"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:solr:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^165de54ff29d30a3773c53e7911227d3$">
+    <description>Apache Spark</description>
+    <example>165de54ff29d30a3773c53e7911227d3</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Spark"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:spark:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^a3dcb28303f26786e262e0760781057a$">
+    <description>Eltex device web interface</description>
+    <example>a3dcb28303f26786e262e0760781057a</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/fingerprints.xsd

@@ -104,16 +104,24 @@
     <xsd:sequence>
       <xsd:element name="description" type="xsd:string" minOccurs="1" maxOccurs="1"/>
       <xsd:element name="example" type="example_element" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="param" type="param_element" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="param" type="param_element" minOccurs="1" maxOccurs="unbounded"/>
     </xsd:sequence>
     <xsd:attribute name="certainty" type="xsd:string" use="optional"/>
     <xsd:attribute name="pattern" type="xsd:string" use="required"/>
     <xsd:attribute name="flags" type="xsd:string" use="optional"/>
   </xsd:complexType>
 
+  <xsd:simpleType name="encoding">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="base64" />
+    </xsd:restriction>
+  </xsd:simpleType>
+
   <xsd:complexType name="example_element">
     <xsd:simpleContent>
       <xsd:extension base="xsd:string">
+        <xsd:attribute name="_encoding" type="encoding"/>
+        <xsd:attribute name="_filename" type="xsd:string"/>
         <xsd:anyAttribute processContents="skip"/>
       </xsd:extension>
     </xsd:simpleContent>