RubyGems - recog - Versions diffs - 2.3.22 → 3.0.2 - Mend

recog 2.3.22 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -0
data/LICENSE +1 -1
data/README.md +25 -16
data/Rakefile +2 -9
data/lib/recog/db_manager.rb +1 -1
data/lib/recog/fingerprint.rb +21 -7
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/match_reporter.rb +37 -3
data/lib/recog/matcher.rb +5 -10
data/lib/recog/verifier.rb +4 -4
data/lib/recog/verify_reporter.rb +7 -6
data/lib/recog/version.rb +1 -1
data/{bin → recog/bin}/recog_match +20 -7
data/{xml → recog/xml}/apache_modules.xml +0 -0
data/{xml → recog/xml}/apache_os.xml +61 -19
data/{xml → recog/xml}/architecture.xml +15 -1
data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
data/{xml → recog/xml}/dns_versionbind.xml +16 -13
data/{xml → recog/xml}/favicons.xml +167 -9
data/{xml → recog/xml}/fingerprints.xsd +9 -1
data/{xml → recog/xml}/ftp_banners.xml +131 -141
data/{xml → recog/xml}/h323_callresp.xml +2 -2
data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
data/{xml → recog/xml}/html_title.xml +250 -9
data/{xml → recog/xml}/http_cookies.xml +111 -34
data/{xml → recog/xml}/http_servers.xml +483 -270
data/{xml → recog/xml}/http_wwwauth.xml +83 -37
data/{xml → recog/xml}/imap_banners.xml +10 -10
data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
data/{xml → recog/xml}/mysql_banners.xml +0 -0
data/{xml → recog/xml}/mysql_error.xml +0 -0
data/{xml → recog/xml}/nntp_banners.xml +8 -5
data/{xml → recog/xml}/ntp_banners.xml +33 -33
data/{xml → recog/xml}/operating_system.xml +92 -77
data/{xml → recog/xml}/pop_banners.xml +25 -25
data/{xml → recog/xml}/rsh_resp.xml +0 -0
data/{xml → recog/xml}/rtsp_servers.xml +0 -0
data/{xml → recog/xml}/sip_banners.xml +16 -5
data/{xml → recog/xml}/sip_user_agents.xml +122 -27
data/{xml → recog/xml}/smb_native_lm.xml +5 -5
data/{xml → recog/xml}/smb_native_os.xml +25 -25
data/{xml → recog/xml}/smtp_banners.xml +132 -131
data/{xml → recog/xml}/smtp_debug.xml +0 -0
data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
data/{xml → recog/xml}/smtp_expn.xml +0 -0
data/{xml → recog/xml}/smtp_help.xml +1 -1
data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
data/{xml → recog/xml}/smtp_noop.xml +0 -0
data/{xml → recog/xml}/smtp_quit.xml +0 -0
data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
data/{xml → recog/xml}/smtp_rset.xml +0 -0
data/{xml → recog/xml}/smtp_turn.xml +0 -0
data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
data/{xml → recog/xml}/ssh_banners.xml +9 -5
data/{xml → recog/xml}/telnet_banners.xml +83 -1
data/{xml → recog/xml}/tls_jarm.xml +30 -2
data/{xml → recog/xml}/x11_banners.xml +3 -3
data/{xml → recog/xml}/x509_issuers.xml +24 -4
data/{xml → recog/xml}/x509_subjects.xml +32 -3
data/recog.gemspec +9 -5
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/match_reporter_spec.rb +22 -8
data/spec/lib/recog/verify_reporter_spec.rb +8 -8
data/spec/spec_helper.rb +4 -0
data.tar.gz.sig +0 -0
metadata +154 -142
metadata.gz.sig +0 -0
data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
data/.github/PULL_REQUEST_TEMPLATE +0 -24
data/.github/SECURITY.md +0 -35
data/.github/dependabot.yml +0 -8
data/.github/workflows/ci.yml +0 -26
data/.github/workflows/verify.yml +0 -89
data/.gitignore +0 -23
data/.rspec +0 -3
data/.ruby-gemset +0 -1
data/.ruby-version +0 -1
data/.snyk +0 -10
data/.travis.yml +0 -25
data/CONTRIBUTING.md +0 -276
data/bin/recog_cleanup +0 -16
data/bin/recog_export +0 -81
data/bin/recog_standardize +0 -163
data/bin/recog_verify +0 -63
data/cpe-remap.yaml +0 -356
data/features/data/failing_banners_fingerprints.xml +0 -20
data/features/data/matching_banners_fingerprints.xml +0 -23
data/features/data/multiple_banners_fingerprints.xml +0 -32
data/features/data/no_tests.xml +0 -3
data/features/data/sample_banner.txt +0 -2
data/features/data/successful_tests.xml +0 -18
data/features/data/tests_with_failures.xml +0 -20
data/features/data/tests_with_warnings.xml +0 -17
data/features/match.feature +0 -36
data/features/support/aruba.rb +0 -3
data/features/support/env.rb +0 -6
data/features/verify.feature +0 -48
data/identifiers/README.md +0 -70
data/identifiers/fields.txt +0 -105
data/identifiers/hw_device.txt +0 -84
data/identifiers/hw_family.txt +0 -121
data/identifiers/hw_product.txt +0 -461
data/identifiers/os_architecture.txt +0 -10
data/identifiers/os_device.txt +0 -75
data/identifiers/os_family.txt +0 -234
data/identifiers/os_product.txt +0 -350
data/identifiers/service_family.txt +0 -249
data/identifiers/service_product.txt +0 -764
data/identifiers/vendor.txt +0 -847
data/lib/recog/verifier_factory.rb +0 -13
data/misc/convert_mysql_err +0 -61
data/misc/order.xsl +0 -17
data/requirements.txt +0 -2
data/spec/lib/fingerprint_self_test_spec.rb +0 -175
data/tools/dev/hooks/pre-commit +0 -21
data/update_cpes.py +0 -250

data/{xml → recog/xml}/apache_os.xml RENAMED Viewed

@@ -8,6 +8,7 @@
   <fingerprint pattern="\(iSeries\)">
     <description>IBM i5/OS iSeries (OS/400)</description>
+    <example>Apache/2.0.52 (iSeries)</example>
     <param pos="0" name="os.vendor" value="IBM"/>
     <param pos="0" name="os.family" value="OS/400"/>
     <param pos="0" name="os.product" value="OS/400"/>
@@ -16,6 +17,7 @@
   <fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.92mdk\)">
     <description>Mandriva (formerly Mandrake) Linux 9.2</description>
+    <example>Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6.3.92mdk) mod_ssl/2.0.47 OpenSSL/0.9.7b PHP/4.3.2</example>
     <param pos="0" name="os.certainty" value="0.9"/>
     <param pos="0" name="os.vendor" value="Mandriva"/>
     <param pos="0" name="os.family" value="Linux"/>
@@ -26,6 +28,7 @@
   <fingerprint pattern="\(Mandrake Linux/\d+\.\d+\.100mdk\)">
     <description>Mandriva (formerly Mandrake) Linux 10.0</description>
+    <example>Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6.11.100mdk)</example>
     <param pos="0" name="os.certainty" value="0.9"/>
     <param pos="0" name="os.vendor" value="Mandriva"/>
     <param pos="0" name="os.family" value="Linux"/>
@@ -36,6 +39,7 @@
   <fingerprint pattern="\((?:Mandrake|Mandriva) Linux/">
     <description>Mandriva (formerly Mandrake) Linux unknown version</description>
+    <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
     <param pos="0" name="os.vendor" value="Mandriva"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -44,6 +48,7 @@
   <fingerprint pattern="\(Mandrakelinux/">
     <description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
+    <example>Apache-AdvancedExtranetServer/2.0.53 (Mandrakelinux/PREFORK-9mdk) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/4.3.10 mod_perl/1.999.21 Perl/v5.8.6</example>
     <param pos="0" name="os.vendor" value="Mandriva"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -52,6 +57,7 @@
   <fingerprint pattern="\(PalmOS\)">
     <description>PalmOS</description>
+    <example>Apache/1.2.42 (PalmOS)</example>
     <param pos="0" name="os.vendor" value="Palm"/>
     <param pos="0" name="os.family" value="PalmOS"/>
     <param pos="0" name="os.product" value="PalmOS"/>
@@ -59,6 +65,7 @@
   <fingerprint pattern="\(Win32\)">
     <description>Microsoft Windows</description>
+    <example>Apache/2.2.25 (Win32)</example>
     <param pos="0" name="os.certainty" value="0.75"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
@@ -68,6 +75,7 @@
   <fingerprint pattern="\(Darwin\)">
     <description>Apple Mac OS X</description>
+    <example>Apache/1.3.33 (Darwin)</example>
     <param pos="0" name="os.vendor" value="Apple"/>
     <param pos="0" name="os.family" value="Mac OS X"/>
     <param pos="0" name="os.product" value="Mac OS X"/>
@@ -76,6 +84,7 @@
   <fingerprint pattern="\(Ubuntu\)">
     <description>Ubuntu</description>
+    <example>Apache (Ubuntu)</example>
     <param pos="0" name="os.vendor" value="Ubuntu"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -84,6 +93,7 @@
   <fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?">
     <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
+    <example>Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)</example>
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Cobalt RaQ"/>
@@ -91,6 +101,7 @@
   <fingerprint pattern="\(BlueQuartz\)">
     <description>Blue Quartz is created by a Cobalt RaQ UG</description>
+    <example>Apache/2.0.52 (BlueQuartz)</example>
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Cobalt RaQ"/>
@@ -98,59 +109,66 @@
   <fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\)">
     <description>Red Hat Fedora 11</description>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <example>Apache/2.2.11 (Fedora)</example>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="0" name="os.version" value="11"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:11"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\)">
     <description>Red Hat Fedora 13</description>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <example>Apache/2.2.15 (Fedora)</example>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="0" name="os.version" value="13"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:13"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\)">
     <description>Red Hat Fedora 14</description>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <example>Apache/2.2.16 (Fedora)</example>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="0" name="os.version" value="14"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:14"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\)">
     <description>Red Hat Fedora 17</description>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <example>Apache/2.2.23 (Fedora)</example>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="0" name="os.version" value="17"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:17"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\)">
     <description>Red Hat Fedora 18</description>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <example>Apache/2.4.3 (Fedora) PHP/5.4.12</example>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="0" name="os.version" value="18"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:18"/>
   </fingerprint>
   <fingerprint pattern="\(Fedora\)">
     <description>Red Hat Fedora</description>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <example>Apache (Fedora)</example>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
   </fingerprint>
   <fingerprint pattern="\(RHEL\)">
     <description>Red Hat Enterprise Linux</description>
+    <example>Apache/2.0.53 (RHEL)</example>
     <param pos="0" name="os.vendor" value="Red Hat"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Enterprise Linux"/>
@@ -159,6 +177,8 @@
   <fingerprint pattern="\(Red[ -]Hat(?:[/ ]Linux)?\)">
     <description>Red Hat Linux</description>
+    <example>Apache (Red Hat Linux)</example>
+    <example>Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.3.11</example>
     <param pos="0" name="os.vendor" value="Red Hat"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -176,6 +196,8 @@
   <fingerprint pattern="Debian(?:[/ ]GNU)?(?:/Linux)?">
     <description>Debian Linux</description>
+    <example>Debian GNU/Linux</example>
+    <example>Apache/1.3.26 (Unix) Debian GNU/Linux</example>
     <param pos="0" name="os.vendor" value="Debian"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -184,6 +206,8 @@
   <fingerprint pattern="\((?:Linux/)?S[uU]SE(?:/Linux)?\)">
     <description>Novell SuSE Linux</description>
+    <example>Apache (SuSE/Linux)</example>
+    <example>Apache/2.2.12 (Linux/SUSE)</example>
     <param pos="0" name="os.vendor" value="SuSE"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -192,6 +216,7 @@
   <fingerprint pattern="\(NETWARE\)">
     <description>Novell NetWare</description>
+    <example>Apache/2.0.64 (NETWARE)</example>
     <param pos="0" name="os.vendor" value="Novell"/>
     <param pos="0" name="os.family" value="NetWare"/>
     <param pos="0" name="os.product" value="NetWare"/>
@@ -200,6 +225,7 @@
   <fingerprint pattern="HP-UX_Apache-based_Web_Server">
     <description>HP HP-UX</description>
+    <example>Apache/2.0.58 HP-UX_Apache-based_Web_Server</example>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.family" value="HP-UX"/>
     <param pos="0" name="os.product" value="HP-UX"/>
@@ -208,6 +234,7 @@
   <fingerprint pattern="\(CentOS\)">
     <description>CentOS Linux</description>
+    <example>Apache/2.2.15 (CentOS)</example>
     <param pos="0" name="os.vendor" value="CentOS"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -216,6 +243,7 @@
   <fingerprint pattern="\(Turbolinux\)">
     <description>Turbolinux</description>
+    <example>Apache/2.2.6 (Turbolinux)</example>
     <param pos="0" name="os.vendor" value="Turbolinux"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -223,6 +251,7 @@
   <fingerprint pattern="\(FreeBSD\)">
     <description>FreeBSD</description>
+    <example>Apache/2.4.51 (FreeBSD) OpenSSL/1.1.1h-freebsd</example>
     <param pos="0" name="os.vendor" value="FreeBSD"/>
     <param pos="0" name="os.family" value="FreeBSD"/>
     <param pos="0" name="os.product" value="FreeBSD"/>
@@ -231,6 +260,7 @@
   <fingerprint pattern="\(Asianux\)">
     <description>Asianux Linux</description>
+    <example>Apache/2.2.15 (Asianux)</example>
     <param pos="0" name="os.vendor" value="Asianux"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -238,6 +268,7 @@
   <fingerprint pattern="\(Gentoo(?:/Linux)?\)">
     <description>Gentoo Linux</description>
+    <example>Apache/2.2.6 (Gentoo) DAV/2 mod_python/3.3.1</example>
     <param pos="0" name="os.vendor" value="Gentoo"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -246,6 +277,7 @@
   <fingerprint pattern="\(Conectiva(?:/Linux)?\)">
     <description>Conectiva Linux</description>
+    <example>Apache/1.3.33 (Unix) (Conectiva/Linux)</example>
     <param pos="0" name="os.vendor" value="Conectiva"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -254,6 +286,7 @@
   <fingerprint pattern="\(Trustix Secure Linux(?:/Linux)?\)">
     <description>Trustix Linux</description>
+    <example>Apache/2.0.55 (Trustix Secure Linux/Linux)</example>
     <param pos="0" name="os.vendor" value="Trustix"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Secure Linux"/>
@@ -262,6 +295,7 @@
   <fingerprint pattern="\(White Box\)">
     <description>White Box Enterprise Linux</description>
+    <example>Apache/2.0.46 (White Box)</example>
     <param pos="0" name="os.vendor" value="White Box"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Enterprise Linux"/>
@@ -269,6 +303,7 @@
   <fingerprint pattern="\(UnitedLinux\)">
     <description>UnitedLinux</description>
+    <example>Apache/1.3.26 (UnitedLinux) mod_ssl/2.8.10</example>
     <param pos="0" name="os.vendor" value="UnitedLinux"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -276,6 +311,7 @@
   <fingerprint pattern="\(PLD/Linux\)">
     <description>PLD Linux</description>
+    <example>Apache/1.3.42 (PLD/Linux)</example>
     <param pos="0" name="os.vendor" value="PLD"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -283,6 +319,7 @@
   <fingerprint pattern="\(Vine/Linux\)">
     <description>Vine Linux</description>
+    <example>Apache/1.3.27 (Unix) (Vine/Linux)</example>
     <param pos="0" name="os.vendor" value="Vine"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -290,13 +327,17 @@
   <fingerprint pattern="\(rPath\)">
     <description>rPath Linux</description>
+    <example>Apache/2.2.9 (rPath)</example>
     <param pos="0" name="os.vendor" value="rPath"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
-  <fingerprint pattern="\(StartCom Linux\)">
+  <fingerprint pattern="\(StartCom(?: Linux)?\)">
     <description>StartCom Linux</description>
+    <example>Apache/2.2.3 (StartCom)</example>
+    <example>Apache/2.2.3 (StartCom) (Release 31.SEL5_4)</example>
+    <example>Apache/2.2.0 (StartCom Linux)</example>
     <param pos="0" name="os.vendor" value="StartCom"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
@@ -304,6 +345,7 @@
   <fingerprint pattern="Linux">
     <description>Generic Linux fallback</description>
+    <example>Apache/Linux</example>
     <param pos="0" name="os.certainty" value="0.75"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>

data/{xml → recog/xml}/architecture.xml RENAMED Viewed

@@ -16,28 +16,42 @@
     <param pos="0" name="os.arch" value="x86"/>
   </fingerprint>
-  <fingerprint pattern="PowerPC|PPC|POWER|ppc">
+  <fingerprint pattern="PowerPC|PPC|POWER" flags="REG_ICASE">
     <description>PowerPC</description>
+    <example>PowerPC</example>
+    <example>PPC</example>
+    <example>POWER</example>
+    <example>ppc</example>
     <param pos="0" name="os.arch" value="PowerPC"/>
   </fingerprint>
   <fingerprint pattern="SPARC" flags="REG_ICASE">
     <description>SPARC</description>
+    <example>SPARC</example>
+    <example>sparc</example>
     <param pos="0" name="os.arch" value="Sparc"/>
   </fingerprint>
   <fingerprint pattern="mips" flags="REG_ICASE">
     <description>MIPS</description>
+    <example>MIPS</example>
+    <example>mips</example>
     <param pos="0" name="os.arch" value="MIPS"/>
   </fingerprint>
   <fingerprint pattern="arm64|aarch64" flags="REG_ICASE">
     <description>ARM64 (aarch64)</description>
+    <example>arm64</example>
+    <example>ARM64</example>
+    <example>aarch64</example>
+    <example>AARCH64</example>
     <param pos="0" name="os.arch" value="ARM64"/>
   </fingerprint>
   <fingerprint pattern="arm" flags="REG_ICASE">
     <description>ARM</description>
+    <example>arm</example>
+    <example>ARM</example>
     <param pos="0" name="os.arch" value="ARM"/>
   </fingerprint>

data/{xml → recog/xml}/dhcp_vendor_class.xml RENAMED Viewed

@@ -48,7 +48,7 @@
     <example hw.family="OfficeJet">Hewlett-Packard OfficeJet</example>
     <example hw.family="LaserJet">HP LaserJet</example>
     <example hw.family="Printer">HP Printer</example>
-    <example>Hewlett-Packard JetDirect</example>
+    <example hw.family="JetDirect">Hewlett-Packard JetDirect</example>
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="1" name="hw.family"/>
@@ -108,16 +108,16 @@
   <fingerprint pattern="^Aruba\s(JL\d+A)\s(\d+[A-Z]?)\S+\sSwitch(?:\sdslforum.org)?$">
     <description>HP Aruba Network Switch</description>
-    <example hw.product="JL075A" hw.family="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
-    <example hw.product="JL253A" hw.family="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
-    <example hw.product="JL256A" hw.family="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
-    <example hw.product="JL258A" hw.family="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
-    <example hw.product="JL357A" hw.family="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
-    <param pos="0" name="hw.device" value="Switch"/>
-    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
-    <param pos="1" name="hw.product"/>
-    <param pos="2" name="hw.family"/>
+    <example hw.model="JL075A" hw.product="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
+    <example hw.model="JL253A" hw.product="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
+    <example hw.model="JL256A" hw.product="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
+    <example hw.model="JL258A" hw.product="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
+    <example hw.model="JL357A" hw.product="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
     <param pos="0" name="os.vendor" value="Aruba Networks"/>
+    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
+    <param pos="2" name="hw.product"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.device" value="Switch"/>
   </fingerprint>
   <fingerprint pattern="^AXIS,(?:PTZ Dome )?Network Camera,(.*),([\d\.]+)$">

data/{xml → recog/xml}/dns_versionbind.xml RENAMED Viewed

@@ -68,8 +68,8 @@
     <example service.version="9.3.6-P1" os.version="5" os.version.version="11">9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12</example>
     <example service.version="9.9.1-P3" os.version="6">9.9.1-P3-RedHat-9.9.1.P3.el6</example>
     <example service.version="9.9.3-rpz2+rl.13208.13-P2" os.version="6">9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6</example>
-    <example os.version="6" os.version.version="1">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
-    <example os.version="6" os.version.version="">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
+    <example os.version="6" os.version.version="1" service.version="9.7.3-P3">9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3</example>
+    <example os.version="6" os.version.version="" service.version="9.8.2rc1">9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
@@ -85,21 +85,21 @@
   <fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
     <description>ISC BIND: Fedora</description>
-    <example service.version="9.10.4-P8">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
+    <example service.version="9.10.4-P8" os.version="25">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
     <!-- The '-rl' in the example below indicates a rate limiting patch -->
-    <example service.version="9.9.3-rl.13207.22-P2">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
-    <example os.version="10">9.5.2-RedHat-9.5.2-1.fc10</example>
+    <example service.version="9.9.3-rl.13207.22-P2" os.version="19">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
+    <example os.version="10" service.version="9.5.2">9.5.2-RedHat-9.5.2-1.fc10</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
     <param pos="0" name="service.product" value="BIND"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
     <param pos="2" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
@@ -719,8 +719,11 @@
   -->
   <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
-    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
+    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something -- assert nothing.</description>
     <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
@@ -843,8 +846,8 @@
   <fingerprint pattern="^ALU DNS ([\d\.]+) Build (\d+)$">
     <description>ALU (Alcatel Lucent?) DNS</description>
-    <example service.version="6.2">ALU DNS 6.2 Build 22</example>
-    <example service.version.version="9">ALU DNS 6.2 Build 9</example>
+    <example service.version="6.2" service.version.version="22">ALU DNS 6.2 Build 22</example>
+    <example service.version.version="9" service.version="6.2">ALU DNS 6.2 Build 9</example>
     <param pos="0" name="service.vendor" value="ALU"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
@@ -910,8 +913,8 @@
   <fingerprint pattern="^Meta IP[\s\/]DNS (?:V[\d\.]+ )?- BIND V([\d\.]+(?:-REL)?) \(Build (\d+)\s?\)$">
     <description>Check Point Meta IP</description>
-    <example service.version="8.2.7-REL">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
-    <example service.version.version="4704">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
+    <example service.version="8.2.7-REL" service.version.version="31">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
+    <example service.version.version="4704" service.version="8.1.2">Meta IP/DNS V4.1 - BIND V8.1.2 (Build 4704 )</example>
     <param pos="0" name="service.vendor" value="Check Point"/>
     <param pos="0" name="service.family" value="META IP"/>
     <param pos="0" name="service.product" value="DNS"/>