recog 2.3.22 → 3.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (128) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +2 -0
  3. data/LICENSE +1 -1
  4. data/README.md +25 -16
  5. data/Rakefile +2 -9
  6. data/lib/recog/db_manager.rb +1 -1
  7. data/lib/recog/fingerprint.rb +21 -7
  8. data/lib/recog/fingerprint_parse_error.rb +10 -0
  9. data/lib/recog/match_reporter.rb +37 -3
  10. data/lib/recog/matcher.rb +5 -10
  11. data/lib/recog/verifier.rb +4 -4
  12. data/lib/recog/verify_reporter.rb +7 -6
  13. data/lib/recog/version.rb +1 -1
  14. data/{bin → recog/bin}/recog_match +20 -7
  15. data/{xml → recog/xml}/apache_modules.xml +0 -0
  16. data/{xml → recog/xml}/apache_os.xml +61 -19
  17. data/{xml → recog/xml}/architecture.xml +15 -1
  18. data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
  19. data/{xml → recog/xml}/dns_versionbind.xml +16 -13
  20. data/{xml → recog/xml}/favicons.xml +167 -9
  21. data/{xml → recog/xml}/fingerprints.xsd +9 -1
  22. data/{xml → recog/xml}/ftp_banners.xml +131 -141
  23. data/{xml → recog/xml}/h323_callresp.xml +2 -2
  24. data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
  25. data/{xml → recog/xml}/html_title.xml +250 -9
  26. data/{xml → recog/xml}/http_cookies.xml +111 -34
  27. data/{xml → recog/xml}/http_servers.xml +483 -270
  28. data/{xml → recog/xml}/http_wwwauth.xml +83 -37
  29. data/{xml → recog/xml}/imap_banners.xml +10 -10
  30. data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
  31. data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
  32. data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
  33. data/{xml → recog/xml}/mysql_banners.xml +0 -0
  34. data/{xml → recog/xml}/mysql_error.xml +0 -0
  35. data/{xml → recog/xml}/nntp_banners.xml +8 -5
  36. data/{xml → recog/xml}/ntp_banners.xml +33 -33
  37. data/{xml → recog/xml}/operating_system.xml +92 -77
  38. data/{xml → recog/xml}/pop_banners.xml +25 -25
  39. data/{xml → recog/xml}/rsh_resp.xml +0 -0
  40. data/{xml → recog/xml}/rtsp_servers.xml +0 -0
  41. data/{xml → recog/xml}/sip_banners.xml +16 -5
  42. data/{xml → recog/xml}/sip_user_agents.xml +122 -27
  43. data/{xml → recog/xml}/smb_native_lm.xml +5 -5
  44. data/{xml → recog/xml}/smb_native_os.xml +25 -25
  45. data/{xml → recog/xml}/smtp_banners.xml +132 -131
  46. data/{xml → recog/xml}/smtp_debug.xml +0 -0
  47. data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
  48. data/{xml → recog/xml}/smtp_expn.xml +0 -0
  49. data/{xml → recog/xml}/smtp_help.xml +1 -1
  50. data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
  51. data/{xml → recog/xml}/smtp_noop.xml +0 -0
  52. data/{xml → recog/xml}/smtp_quit.xml +0 -0
  53. data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
  54. data/{xml → recog/xml}/smtp_rset.xml +0 -0
  55. data/{xml → recog/xml}/smtp_turn.xml +0 -0
  56. data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
  57. data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
  58. data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
  59. data/{xml → recog/xml}/ssh_banners.xml +9 -5
  60. data/{xml → recog/xml}/telnet_banners.xml +83 -1
  61. data/{xml → recog/xml}/tls_jarm.xml +30 -2
  62. data/{xml → recog/xml}/x11_banners.xml +3 -3
  63. data/{xml → recog/xml}/x509_issuers.xml +24 -4
  64. data/{xml → recog/xml}/x509_subjects.xml +32 -3
  65. data/recog.gemspec +9 -5
  66. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  67. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  68. data/spec/data/external_example_fingerprint.xml +8 -0
  69. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  70. data/spec/lib/recog/db_spec.rb +84 -61
  71. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  72. data/spec/lib/recog/match_reporter_spec.rb +22 -8
  73. data/spec/lib/recog/verify_reporter_spec.rb +8 -8
  74. data/spec/spec_helper.rb +4 -0
  75. data.tar.gz.sig +0 -0
  76. metadata +154 -142
  77. metadata.gz.sig +0 -0
  78. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
  79. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
  80. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
  81. data/.github/PULL_REQUEST_TEMPLATE +0 -24
  82. data/.github/SECURITY.md +0 -35
  83. data/.github/dependabot.yml +0 -8
  84. data/.github/workflows/ci.yml +0 -26
  85. data/.github/workflows/verify.yml +0 -89
  86. data/.gitignore +0 -23
  87. data/.rspec +0 -3
  88. data/.ruby-gemset +0 -1
  89. data/.ruby-version +0 -1
  90. data/.snyk +0 -10
  91. data/.travis.yml +0 -25
  92. data/CONTRIBUTING.md +0 -276
  93. data/bin/recog_cleanup +0 -16
  94. data/bin/recog_export +0 -81
  95. data/bin/recog_standardize +0 -163
  96. data/bin/recog_verify +0 -63
  97. data/cpe-remap.yaml +0 -356
  98. data/features/data/failing_banners_fingerprints.xml +0 -20
  99. data/features/data/matching_banners_fingerprints.xml +0 -23
  100. data/features/data/multiple_banners_fingerprints.xml +0 -32
  101. data/features/data/no_tests.xml +0 -3
  102. data/features/data/sample_banner.txt +0 -2
  103. data/features/data/successful_tests.xml +0 -18
  104. data/features/data/tests_with_failures.xml +0 -20
  105. data/features/data/tests_with_warnings.xml +0 -17
  106. data/features/match.feature +0 -36
  107. data/features/support/aruba.rb +0 -3
  108. data/features/support/env.rb +0 -6
  109. data/features/verify.feature +0 -48
  110. data/identifiers/README.md +0 -70
  111. data/identifiers/fields.txt +0 -105
  112. data/identifiers/hw_device.txt +0 -84
  113. data/identifiers/hw_family.txt +0 -121
  114. data/identifiers/hw_product.txt +0 -461
  115. data/identifiers/os_architecture.txt +0 -10
  116. data/identifiers/os_device.txt +0 -75
  117. data/identifiers/os_family.txt +0 -234
  118. data/identifiers/os_product.txt +0 -350
  119. data/identifiers/service_family.txt +0 -249
  120. data/identifiers/service_product.txt +0 -764
  121. data/identifiers/vendor.txt +0 -847
  122. data/lib/recog/verifier_factory.rb +0 -13
  123. data/misc/convert_mysql_err +0 -61
  124. data/misc/order.xsl +0 -17
  125. data/requirements.txt +0 -2
  126. data/spec/lib/fingerprint_self_test_spec.rb +0 -175
  127. data/tools/dev/hooks/pre-commit +0 -21
  128. data/update_cpes.py +0 -250
@@ -8,6 +8,7 @@
8
8
 
9
9
  <fingerprint pattern="\(iSeries\)">
10
10
  <description>IBM i5/OS iSeries (OS/400)</description>
11
+ <example>Apache/2.0.52 (iSeries)</example>
11
12
  <param pos="0" name="os.vendor" value="IBM"/>
12
13
  <param pos="0" name="os.family" value="OS/400"/>
13
14
  <param pos="0" name="os.product" value="OS/400"/>
@@ -16,6 +17,7 @@
16
17
 
17
18
  <fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.92mdk\)">
18
19
  <description>Mandriva (formerly Mandrake) Linux 9.2</description>
20
+ <example>Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.3.92mdk) mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2</example>
19
21
  <param pos="0" name="os.certainty" value="0.9"/>
20
22
  <param pos="0" name="os.vendor" value="Mandriva"/>
21
23
  <param pos="0" name="os.family" value="Linux"/>
@@ -26,6 +28,7 @@
26
28
 
27
29
  <fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.100mdk\)">
28
30
  <description>Mandriva (formerly Mandrake) Linux 10.0</description>
31
+ <example>Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6.11.100mdk)</example>
29
32
  <param pos="0" name="os.certainty" value="0.9"/>
30
33
  <param pos="0" name="os.vendor" value="Mandriva"/>
31
34
  <param pos="0" name="os.family" value="Linux"/>
@@ -36,6 +39,7 @@
36
39
 
37
40
  <fingerprint pattern="\((?:Mandrake|Mandriva) Linux/">
38
41
  <description>Mandriva (formerly Mandrake) Linux unknown version</description>
42
+ <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
39
43
  <param pos="0" name="os.vendor" value="Mandriva"/>
40
44
  <param pos="0" name="os.family" value="Linux"/>
41
45
  <param pos="0" name="os.product" value="Linux"/>
@@ -44,6 +48,7 @@
44
48
 
45
49
  <fingerprint pattern="\(Mandrakelinux/">
46
50
  <description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
51
+ <example>Apache-AdvancedExtranetServer/2.0.53 (Mandrakelinux/PREFORK-9mdk) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/4.3.10 mod_perl/1.999.21 Perl/v5.8.6</example>
47
52
  <param pos="0" name="os.vendor" value="Mandriva"/>
48
53
  <param pos="0" name="os.family" value="Linux"/>
49
54
  <param pos="0" name="os.product" value="Linux"/>
@@ -52,6 +57,7 @@
52
57
 
53
58
  <fingerprint pattern="\(PalmOS\)">
54
59
  <description>PalmOS</description>
60
+ <example>Apache/1.2.42 (PalmOS)</example>
55
61
  <param pos="0" name="os.vendor" value="Palm"/>
56
62
  <param pos="0" name="os.family" value="PalmOS"/>
57
63
  <param pos="0" name="os.product" value="PalmOS"/>
@@ -59,6 +65,7 @@
59
65
 
60
66
  <fingerprint pattern="\(Win32\)">
61
67
  <description>Microsoft Windows</description>
68
+ <example>Apache/2.2.25 (Win32)</example>
62
69
  <param pos="0" name="os.certainty" value="0.75"/>
63
70
  <param pos="0" name="os.vendor" value="Microsoft"/>
64
71
  <param pos="0" name="os.family" value="Windows"/>
@@ -68,6 +75,7 @@
68
75
 
69
76
  <fingerprint pattern="\(Darwin\)">
70
77
  <description>Apple Mac OS X</description>
78
+ <example>Apache/1.3.33 (Darwin)</example>
71
79
  <param pos="0" name="os.vendor" value="Apple"/>
72
80
  <param pos="0" name="os.family" value="Mac OS X"/>
73
81
  <param pos="0" name="os.product" value="Mac OS X"/>
@@ -76,6 +84,7 @@
76
84
 
77
85
  <fingerprint pattern="\(Ubuntu\)">
78
86
  <description>Ubuntu</description>
87
+ <example>Apache (Ubuntu)</example>
79
88
  <param pos="0" name="os.vendor" value="Ubuntu"/>
80
89
  <param pos="0" name="os.family" value="Linux"/>
81
90
  <param pos="0" name="os.product" value="Linux"/>
@@ -84,6 +93,7 @@
84
93
 
85
94
  <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?">
86
95
  <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
96
+ <example>Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)</example>
87
97
  <param pos="0" name="os.vendor" value="Sun"/>
88
98
  <param pos="0" name="os.family" value="Linux"/>
89
99
  <param pos="0" name="os.product" value="Cobalt RaQ"/>
@@ -91,6 +101,7 @@
91
101
 
92
102
  <fingerprint pattern="\(BlueQuartz\)">
93
103
  <description>Blue Quartz is created by a Cobalt RaQ UG</description>
104
+ <example>Apache/2.0.52 (BlueQuartz)</example>
94
105
  <param pos="0" name="os.vendor" value="Sun"/>
95
106
  <param pos="0" name="os.family" value="Linux"/>
96
107
  <param pos="0" name="os.product" value="Cobalt RaQ"/>
@@ -98,59 +109,66 @@
98
109
 
99
110
  <fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)">
100
111
  <description>Red Hat Fedora 11</description>
101
- <param pos="0" name="os.vendor" value="Red Hat"/>
112
+ <example>Apache/2.2.11 (Fedora)</example>
113
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
102
114
  <param pos="0" name="os.family" value="Linux"/>
103
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
115
+ <param pos="0" name="os.product" value="Fedora Core"/>
104
116
  <param pos="0" name="os.version" value="11"/>
105
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
117
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:11"/>
106
118
  </fingerprint>
107
119
 
108
120
  <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)">
109
121
  <description>Red Hat Fedora 13</description>
110
- <param pos="0" name="os.vendor" value="Red Hat"/>
122
+ <example>Apache/2.2.15 (Fedora)</example>
123
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
111
124
  <param pos="0" name="os.family" value="Linux"/>
112
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
125
+ <param pos="0" name="os.product" value="Fedora Core"/>
113
126
  <param pos="0" name="os.version" value="13"/>
114
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
127
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:13"/>
115
128
  </fingerprint>
116
129
 
117
130
  <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)">
118
131
  <description>Red Hat Fedora 14</description>
119
- <param pos="0" name="os.vendor" value="Red Hat"/>
132
+ <example>Apache/2.2.16 (Fedora)</example>
133
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
120
134
  <param pos="0" name="os.family" value="Linux"/>
121
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
135
+ <param pos="0" name="os.product" value="Fedora Core"/>
122
136
  <param pos="0" name="os.version" value="14"/>
123
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
137
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:14"/>
124
138
  </fingerprint>
125
139
 
126
140
  <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)">
127
141
  <description>Red Hat Fedora 17</description>
128
- <param pos="0" name="os.vendor" value="Red Hat"/>
142
+ <example>Apache/2.2.23 (Fedora)</example>
143
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
129
144
  <param pos="0" name="os.family" value="Linux"/>
130
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
145
+ <param pos="0" name="os.product" value="Fedora Core"/>
131
146
  <param pos="0" name="os.version" value="17"/>
132
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
147
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:17"/>
133
148
  </fingerprint>
134
149
 
135
150
  <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)">
136
151
  <description>Red Hat Fedora 18</description>
137
- <param pos="0" name="os.vendor" value="Red Hat"/>
152
+ <example>Apache/2.4.3 (Fedora) PHP/5.4.12</example>
153
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
138
154
  <param pos="0" name="os.family" value="Linux"/>
139
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
155
+ <param pos="0" name="os.product" value="Fedora Core"/>
140
156
  <param pos="0" name="os.version" value="18"/>
141
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
157
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:18"/>
142
158
  </fingerprint>
143
159
 
144
160
  <fingerprint pattern="\(Fedora\)">
145
161
  <description>Red Hat Fedora</description>
146
- <param pos="0" name="os.vendor" value="Red Hat"/>
162
+ <example>Apache (Fedora)</example>
163
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
147
164
  <param pos="0" name="os.family" value="Linux"/>
148
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
149
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
165
+ <param pos="0" name="os.product" value="Fedora Core"/>
166
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
150
167
  </fingerprint>
151
168
 
152
169
  <fingerprint pattern="\(RHEL\)">
153
170
  <description>Red Hat Enterprise Linux</description>
171
+ <example>Apache/2.0.53 (RHEL)</example>
154
172
  <param pos="0" name="os.vendor" value="Red Hat"/>
155
173
  <param pos="0" name="os.family" value="Linux"/>
156
174
  <param pos="0" name="os.product" value="Enterprise Linux"/>
@@ -159,6 +177,8 @@
159
177
 
160
178
  <fingerprint pattern="\(Red[ -]Hat(?:[/ ]Linux)?\)">
161
179
  <description>Red Hat Linux</description>
180
+ <example>Apache (Red Hat Linux)</example>
181
+ <example>Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.3.11</example>
162
182
  <param pos="0" name="os.vendor" value="Red Hat"/>
163
183
  <param pos="0" name="os.family" value="Linux"/>
164
184
  <param pos="0" name="os.product" value="Linux"/>
@@ -176,6 +196,8 @@
176
196
 
177
197
  <fingerprint pattern="Debian(?:[/ ]GNU)?(?:/Linux)?">
178
198
  <description>Debian Linux</description>
199
+ <example>Debian GNU/Linux</example>
200
+ <example>Apache/1.3.26 (Unix) Debian GNU/Linux</example>
179
201
  <param pos="0" name="os.vendor" value="Debian"/>
180
202
  <param pos="0" name="os.family" value="Linux"/>
181
203
  <param pos="0" name="os.product" value="Linux"/>
@@ -184,6 +206,8 @@
184
206
 
185
207
  <fingerprint pattern="\((?:Linux/)?S[uU]SE(?:/Linux)?\)">
186
208
  <description>Novell SuSE Linux</description>
209
+ <example>Apache (SuSE/Linux)</example>
210
+ <example>Apache/2.2.12 (Linux/SUSE)</example>
187
211
  <param pos="0" name="os.vendor" value="SuSE"/>
188
212
  <param pos="0" name="os.family" value="Linux"/>
189
213
  <param pos="0" name="os.product" value="Linux"/>
@@ -192,6 +216,7 @@
192
216
 
193
217
  <fingerprint pattern="\(NETWARE\)">
194
218
  <description>Novell NetWare</description>
219
+ <example>Apache/2.0.64 (NETWARE)</example>
195
220
  <param pos="0" name="os.vendor" value="Novell"/>
196
221
  <param pos="0" name="os.family" value="NetWare"/>
197
222
  <param pos="0" name="os.product" value="NetWare"/>
@@ -200,6 +225,7 @@
200
225
 
201
226
  <fingerprint pattern="HP-UX_Apache-based_Web_Server">
202
227
  <description>HP HP-UX</description>
228
+ <example>Apache/2.0.58 HP-UX_Apache-based_Web_Server</example>
203
229
  <param pos="0" name="os.vendor" value="HP"/>
204
230
  <param pos="0" name="os.family" value="HP-UX"/>
205
231
  <param pos="0" name="os.product" value="HP-UX"/>
@@ -208,6 +234,7 @@
208
234
 
209
235
  <fingerprint pattern="\(CentOS\)">
210
236
  <description>CentOS Linux</description>
237
+ <example>Apache/2.2.15 (CentOS)</example>
211
238
  <param pos="0" name="os.vendor" value="CentOS"/>
212
239
  <param pos="0" name="os.family" value="Linux"/>
213
240
  <param pos="0" name="os.product" value="Linux"/>
@@ -216,6 +243,7 @@
216
243
 
217
244
  <fingerprint pattern="\(Turbolinux\)">
218
245
  <description>Turbolinux</description>
246
+ <example>Apache/2.2.6 (Turbolinux)</example>
219
247
  <param pos="0" name="os.vendor" value="Turbolinux"/>
220
248
  <param pos="0" name="os.family" value="Linux"/>
221
249
  <param pos="0" name="os.product" value="Linux"/>
@@ -223,6 +251,7 @@
223
251
 
224
252
  <fingerprint pattern="\(FreeBSD\)">
225
253
  <description>FreeBSD</description>
254
+ <example>Apache/2.4.51 (FreeBSD) OpenSSL/1.1.1h-freebsd</example>
226
255
  <param pos="0" name="os.vendor" value="FreeBSD"/>
227
256
  <param pos="0" name="os.family" value="FreeBSD"/>
228
257
  <param pos="0" name="os.product" value="FreeBSD"/>
@@ -231,6 +260,7 @@
231
260
 
232
261
  <fingerprint pattern="\(Asianux\)">
233
262
  <description>Asianux Linux</description>
263
+ <example>Apache/2.2.15 (Asianux)</example>
234
264
  <param pos="0" name="os.vendor" value="Asianux"/>
235
265
  <param pos="0" name="os.family" value="Linux"/>
236
266
  <param pos="0" name="os.product" value="Linux"/>
@@ -238,6 +268,7 @@
238
268
 
239
269
  <fingerprint pattern="\(Gentoo(?:/Linux)?\)">
240
270
  <description>Gentoo Linux</description>
271
+ <example>Apache/2.2.6 (Gentoo) DAV/2 mod_python/3.3.1</example>
241
272
  <param pos="0" name="os.vendor" value="Gentoo"/>
242
273
  <param pos="0" name="os.family" value="Linux"/>
243
274
  <param pos="0" name="os.product" value="Linux"/>
@@ -246,6 +277,7 @@
246
277
 
247
278
  <fingerprint pattern="\(Conectiva(?:/Linux)?\)">
248
279
  <description>Conectiva Linux</description>
280
+ <example>Apache/1.3.33 (Unix) (Conectiva/Linux)</example>
249
281
  <param pos="0" name="os.vendor" value="Conectiva"/>
250
282
  <param pos="0" name="os.family" value="Linux"/>
251
283
  <param pos="0" name="os.product" value="Linux"/>
@@ -254,6 +286,7 @@
254
286
 
255
287
  <fingerprint pattern="\(Trustix Secure Linux(?:/Linux)?\)">
256
288
  <description>Trustix Linux</description>
289
+ <example>Apache/2.0.55 (Trustix Secure Linux/Linux)</example>
257
290
  <param pos="0" name="os.vendor" value="Trustix"/>
258
291
  <param pos="0" name="os.family" value="Linux"/>
259
292
  <param pos="0" name="os.product" value="Secure Linux"/>
@@ -262,6 +295,7 @@
262
295
 
263
296
  <fingerprint pattern="\(White Box\)">
264
297
  <description>White Box Enterprise Linux</description>
298
+ <example>Apache/2.0.46 (White Box)</example>
265
299
  <param pos="0" name="os.vendor" value="White Box"/>
266
300
  <param pos="0" name="os.family" value="Linux"/>
267
301
  <param pos="0" name="os.product" value="Enterprise Linux"/>
@@ -269,6 +303,7 @@
269
303
 
270
304
  <fingerprint pattern="\(UnitedLinux\)">
271
305
  <description>UnitedLinux</description>
306
+ <example>Apache/1.3.26 (UnitedLinux) mod_ssl/2.8.10</example>
272
307
  <param pos="0" name="os.vendor" value="UnitedLinux"/>
273
308
  <param pos="0" name="os.family" value="Linux"/>
274
309
  <param pos="0" name="os.product" value="Linux"/>
@@ -276,6 +311,7 @@
276
311
 
277
312
  <fingerprint pattern="\(PLD/Linux\)">
278
313
  <description>PLD Linux</description>
314
+ <example>Apache/1.3.42 (PLD/Linux)</example>
279
315
  <param pos="0" name="os.vendor" value="PLD"/>
280
316
  <param pos="0" name="os.family" value="Linux"/>
281
317
  <param pos="0" name="os.product" value="Linux"/>
@@ -283,6 +319,7 @@
283
319
 
284
320
  <fingerprint pattern="\(Vine/Linux\)">
285
321
  <description>Vine Linux</description>
322
+ <example>Apache/1.3.27 (Unix) (Vine/Linux)</example>
286
323
  <param pos="0" name="os.vendor" value="Vine"/>
287
324
  <param pos="0" name="os.family" value="Linux"/>
288
325
  <param pos="0" name="os.product" value="Linux"/>
@@ -290,13 +327,17 @@
290
327
 
291
328
  <fingerprint pattern="\(rPath\)">
292
329
  <description>rPath Linux</description>
330
+ <example>Apache/2.2.9 (rPath)</example>
293
331
  <param pos="0" name="os.vendor" value="rPath"/>
294
332
  <param pos="0" name="os.family" value="Linux"/>
295
333
  <param pos="0" name="os.product" value="Linux"/>
296
334
  </fingerprint>
297
335
 
298
- <fingerprint pattern="\(StartCom Linux\)">
336
+ <fingerprint pattern="\(StartCom(?: Linux)?\)">
299
337
  <description>StartCom Linux</description>
338
+ <example>Apache/2.2.3 (StartCom)</example>
339
+ <example>Apache/2.2.3 (StartCom) (Release 31.SEL5_4)</example>
340
+ <example>Apache/2.2.0 (StartCom Linux)</example>
300
341
  <param pos="0" name="os.vendor" value="StartCom"/>
301
342
  <param pos="0" name="os.family" value="Linux"/>
302
343
  <param pos="0" name="os.product" value="Linux"/>
@@ -304,6 +345,7 @@
304
345
 
305
346
  <fingerprint pattern="Linux">
306
347
  <description>Generic Linux fallback</description>
348
+ <example>Apache/Linux</example>
307
349
  <param pos="0" name="os.certainty" value="0.75"/>
308
350
  <param pos="0" name="os.family" value="Linux"/>
309
351
  <param pos="0" name="os.product" value="Linux"/>
@@ -16,28 +16,42 @@
16
16
  <param pos="0" name="os.arch" value="x86"/>
17
17
  </fingerprint>
18
18
 
19
- <fingerprint pattern="PowerPC|PPC|POWER|ppc">
19
+ <fingerprint pattern="PowerPC|PPC|POWER" flags="REG_ICASE">
20
20
  <description>PowerPC</description>
21
+ <example>PowerPC</example>
22
+ <example>PPC</example>
23
+ <example>POWER</example>
24
+ <example>ppc</example>
21
25
  <param pos="0" name="os.arch" value="PowerPC"/>
22
26
  </fingerprint>
23
27
 
24
28
  <fingerprint pattern="SPARC" flags="REG_ICASE">
25
29
  <description>SPARC</description>
30
+ <example>SPARC</example>
31
+ <example>sparc</example>
26
32
  <param pos="0" name="os.arch" value="Sparc"/>
27
33
  </fingerprint>
28
34
 
29
35
  <fingerprint pattern="mips" flags="REG_ICASE">
30
36
  <description>MIPS</description>
37
+ <example>MIPS</example>
38
+ <example>mips</example>
31
39
  <param pos="0" name="os.arch" value="MIPS"/>
32
40
  </fingerprint>
33
41
 
34
42
  <fingerprint pattern="arm64|aarch64" flags="REG_ICASE">
35
43
  <description>ARM64 (aarch64)</description>
44
+ <example>arm64</example>
45
+ <example>ARM64</example>
46
+ <example>aarch64</example>
47
+ <example>AARCH64</example>
36
48
  <param pos="0" name="os.arch" value="ARM64"/>
37
49
  </fingerprint>
38
50
 
39
51
  <fingerprint pattern="arm" flags="REG_ICASE">
40
52
  <description>ARM</description>
53
+ <example>arm</example>
54
+ <example>ARM</example>
41
55
  <param pos="0" name="os.arch" value="ARM"/>
42
56
  </fingerprint>
43
57
 
@@ -48,7 +48,7 @@
48
48
  <example hw.family="OfficeJet">Hewlett-Packard OfficeJet</example>
49
49
  <example hw.family="LaserJet">HP LaserJet</example>
50
50
  <example hw.family="Printer">HP Printer</example>
51
- <example>Hewlett-Packard JetDirect</example>
51
+ <example hw.family="JetDirect">Hewlett-Packard JetDirect</example>
52
52
  <param pos="0" name="hw.device" value="Printer"/>
53
53
  <param pos="0" name="hw.vendor" value="HP"/>
54
54
  <param pos="1" name="hw.family"/>
@@ -108,16 +108,16 @@
108
108
 
109
109
  <fingerprint pattern="^Aruba\s(JL\d+A)\s(\d+[A-Z]?)\S+\sSwitch(?:\sdslforum.org)?$">
110
110
  <description>HP Aruba Network Switch</description>
111
- <example hw.product="JL075A" hw.family="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
112
- <example hw.product="JL253A" hw.family="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
113
- <example hw.product="JL256A" hw.family="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
114
- <example hw.product="JL258A" hw.family="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
115
- <example hw.product="JL357A" hw.family="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
116
- <param pos="0" name="hw.device" value="Switch"/>
117
- <param pos="0" name="hw.vendor" value="Aruba Networks"/>
118
- <param pos="1" name="hw.product"/>
119
- <param pos="2" name="hw.family"/>
111
+ <example hw.model="JL075A" hw.product="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
112
+ <example hw.model="JL253A" hw.product="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
113
+ <example hw.model="JL256A" hw.product="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
114
+ <example hw.model="JL258A" hw.product="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
115
+ <example hw.model="JL357A" hw.product="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
120
116
  <param pos="0" name="os.vendor" value="Aruba Networks"/>
117
+ <param pos="0" name="hw.vendor" value="Aruba Networks"/>
118
+ <param pos="2" name="hw.product"/>
119
+ <param pos="1" name="hw.model"/>
120
+ <param pos="0" name="hw.device" value="Switch"/>
121
121
  </fingerprint>
122
122
 
123
123
  <fingerprint pattern="^AXIS,(?:PTZ Dome )?Network Camera,(.*),([\d\.]+)$">
@@ -68,8 +68,8 @@
68
68
  <example service.version="9.3.6-P1" os.version="5" os.version.version="11">9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12</example>
69
69
  <example service.version="9.9.1-P3" os.version="6">9.9.1-P3-RedHat-9.9.1.P3.el6</example>
70
70
  <example service.version="9.9.3-rpz2+rl.13208.13-P2" os.version="6">9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6</example>
71
- <example os.version="6" os.version.version="1">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
72
- <example os.version="6" os.version.version="">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
71
+ <example os.version="6" os.version.version="1" service.version="9.7.3-P3">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
72
+ <example os.version="6" os.version.version="" service.version="9.8.2rc1">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
73
73
  <param pos="0" name="service.vendor" value="ISC"/>
74
74
  <param pos="0" name="service.family" value="BIND"/>
75
75
  <param pos="0" name="service.product" value="BIND"/>
@@ -85,21 +85,21 @@
85
85
 
86
86
  <fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
87
87
  <description>ISC BIND: Fedora</description>
88
- <example service.version="9.10.4-P8">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
88
+ <example service.version="9.10.4-P8" os.version="25">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
89
89
  <!-- The '-rl' in the example below indicates a rate limiting patch -->
90
90
 
91
- <example service.version="9.9.3-rl.13207.22-P2">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
92
- <example os.version="10">9.5.2-RedHat-9.5.2-1.fc10</example>
91
+ <example service.version="9.9.3-rl.13207.22-P2" os.version="19">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
92
+ <example os.version="10" service.version="9.5.2">9.5.2-RedHat-9.5.2-1.fc10</example>
93
93
  <param pos="0" name="service.vendor" value="ISC"/>
94
94
  <param pos="0" name="service.family" value="BIND"/>
95
95
  <param pos="0" name="service.product" value="BIND"/>
96
96
  <param pos="1" name="service.version"/>
97
97
  <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
98
- <param pos="0" name="os.vendor" value="Red Hat"/>
98
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
99
99
  <param pos="0" name="os.family" value="Linux"/>
100
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
100
+ <param pos="0" name="os.product" value="Fedora Core"/>
101
101
  <param pos="2" name="os.version"/>
102
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
102
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:{os.version}"/>
103
103
  </fingerprint>
104
104
 
105
105
  <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
@@ -719,8 +719,11 @@
719
719
  -->
720
720
 
721
721
  <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
722
- <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
722
+ <description>SPOOFED - Microsoft DNS on Windows 2008 SP something -- assert nothing.</description>
723
723
  <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
724
+ <param pos="0" name="hw.certainty" value="0.0"/>
725
+ <param pos="0" name="os.certainty" value="0.0"/>
726
+ <param pos="0" name="service.certainty" value="0.0"/>
724
727
  </fingerprint>
725
728
 
726
729
  <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
@@ -843,8 +846,8 @@
843
846
 
844
847
  <fingerprint pattern="^ALU DNS ([\d\.]+) Build (\d+)$">
845
848
  <description>ALU (Alcatel Lucent?) DNS</description>
846
- <example service.version="6.2">ALU DNS 6.2 Build 22</example>
847
- <example service.version.version="9">ALU DNS 6.2 Build 9</example>
849
+ <example service.version="6.2" service.version.version="22">ALU DNS 6.2 Build 22</example>
850
+ <example service.version.version="9" service.version="6.2">ALU DNS 6.2 Build 9</example>
848
851
  <param pos="0" name="service.vendor" value="ALU"/>
849
852
  <param pos="0" name="service.family" value="DNS"/>
850
853
  <param pos="0" name="service.product" value="DNS"/>
@@ -910,8 +913,8 @@
910
913
 
911
914
  <fingerprint pattern="^Meta IP[\s\/]DNS (?:V[\d\.]+ )?- BIND V([\d\.]+(?:-REL)?) \(Build (\d+)\s?\)$">
912
915
  <description>Check Point Meta IP</description>
913
- <example service.version="8.2.7-REL">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
914
- <example service.version.version="4704">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
916
+ <example service.version="8.2.7-REL" service.version.version="31">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
917
+ <example service.version.version="4704" service.version="8.1.2">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
915
918
  <param pos="0" name="service.vendor" value="Check Point"/>
916
919
  <param pos="0" name="service.family" value="META IP"/>
917
920
  <param pos="0" name="service.product" value="DNS"/>