recog 2.3.22 → 3.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +2 -0
- data/LICENSE +1 -1
- data/README.md +25 -16
- data/Rakefile +2 -9
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/fingerprint.rb +21 -7
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/match_reporter.rb +37 -3
- data/lib/recog/matcher.rb +5 -10
- data/lib/recog/verifier.rb +4 -4
- data/lib/recog/verify_reporter.rb +7 -6
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +20 -7
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +61 -19
- data/{xml → recog/xml}/architecture.xml +15 -1
- data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
- data/{xml → recog/xml}/dns_versionbind.xml +16 -13
- data/{xml → recog/xml}/favicons.xml +167 -9
- data/{xml → recog/xml}/fingerprints.xsd +9 -1
- data/{xml → recog/xml}/ftp_banners.xml +131 -141
- data/{xml → recog/xml}/h323_callresp.xml +2 -2
- data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
- data/{xml → recog/xml}/html_title.xml +250 -9
- data/{xml → recog/xml}/http_cookies.xml +111 -34
- data/{xml → recog/xml}/http_servers.xml +483 -270
- data/{xml → recog/xml}/http_wwwauth.xml +83 -37
- data/{xml → recog/xml}/imap_banners.xml +10 -10
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +0 -0
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +8 -5
- data/{xml → recog/xml}/ntp_banners.xml +33 -33
- data/{xml → recog/xml}/operating_system.xml +92 -77
- data/{xml → recog/xml}/pop_banners.xml +25 -25
- data/{xml → recog/xml}/rsh_resp.xml +0 -0
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +16 -5
- data/{xml → recog/xml}/sip_user_agents.xml +122 -27
- data/{xml → recog/xml}/smb_native_lm.xml +5 -5
- data/{xml → recog/xml}/smb_native_os.xml +25 -25
- data/{xml → recog/xml}/smtp_banners.xml +132 -131
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +1 -1
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +0 -0
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
- data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
- data/{xml → recog/xml}/ssh_banners.xml +9 -5
- data/{xml → recog/xml}/telnet_banners.xml +83 -1
- data/{xml → recog/xml}/tls_jarm.xml +30 -2
- data/{xml → recog/xml}/x11_banners.xml +3 -3
- data/{xml → recog/xml}/x509_issuers.xml +24 -4
- data/{xml → recog/xml}/x509_subjects.xml +32 -3
- data/recog.gemspec +9 -5
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/match_reporter_spec.rb +22 -8
- data/spec/lib/recog/verify_reporter_spec.rb +8 -8
- data/spec/spec_helper.rb +4 -0
- data.tar.gz.sig +0 -0
- metadata +154 -142
- metadata.gz.sig +0 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/dependabot.yml +0 -8
- data/.github/workflows/ci.yml +0 -26
- data/.github/workflows/verify.yml +0 -89
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/CONTRIBUTING.md +0 -276
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -163
- data/bin/recog_verify +0 -63
- data/cpe-remap.yaml +0 -356
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -20
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/verify.feature +0 -48
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -105
- data/identifiers/hw_device.txt +0 -84
- data/identifiers/hw_family.txt +0 -121
- data/identifiers/hw_product.txt +0 -461
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -75
- data/identifiers/os_family.txt +0 -234
- data/identifiers/os_product.txt +0 -350
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -764
- data/identifiers/vendor.txt +0 -847
- data/lib/recog/verifier_factory.rb +0 -13
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -175
- data/tools/dev/hooks/pre-commit +0 -21
- data/update_cpes.py +0 -250
@@ -214,6 +214,17 @@
|
|
214
214
|
<param pos="0" name="hw.device" value="DVR"/>
|
215
215
|
</fingerprint>
|
216
216
|
|
217
|
+
<!-- Xiongmai Technology is rebranded by a number of DVR and IP Camera manufacturers -->
|
218
|
+
|
219
|
+
<fingerprint pattern="^NETSurveillance WEB$">
|
220
|
+
<description>NetSurveillance web interface on DVR and IP Camera devices sourced from Xiongmai Technology</description>
|
221
|
+
<example>NETSurveillance WEB</example>
|
222
|
+
<param pos="0" name="service.vendor" value="Xiongmai Technology"/>
|
223
|
+
<param pos="0" name="service.product" value="uc-httpd"/>
|
224
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:xiongmaitech:uc-httpd:-"/>
|
225
|
+
<param pos="0" name="os.vendor" value="Xiongmai Technology"/>
|
226
|
+
</fingerprint>
|
227
|
+
|
217
228
|
<fingerprint pattern="^FRITZ!Box$">
|
218
229
|
<description>AVM FRITZ!Box</description>
|
219
230
|
<example>FRITZ!Box</example>
|
@@ -427,9 +438,14 @@
|
|
427
438
|
<example>Fireware XTM User Authentication</example>
|
428
439
|
<param pos="0" name="service.vendor" value="WatchGuard"/>
|
429
440
|
<param pos="0" name="service.product" value="Fireware XTM"/>
|
441
|
+
<param pos="0" name="service.device" value="Firewall"/>
|
430
442
|
<param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
|
443
|
+
<param pos="0" name="service.component.vendor" value="nginx"/>
|
444
|
+
<param pos="0" name="service.component.product" value="nginx"/>
|
445
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
|
431
446
|
<param pos="0" name="os.vendor" value="WatchGuard"/>
|
432
447
|
<param pos="0" name="os.product" value="Fireware"/>
|
448
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
433
449
|
<param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
|
434
450
|
</fingerprint>
|
435
451
|
|
@@ -635,8 +651,8 @@
|
|
635
651
|
|
636
652
|
<fingerprint pattern="^Wowza Streaming Engine 4 (Subscription|Perpetual Pro) Edition (\d\.[\w.]+) build(\d+)$">
|
637
653
|
<description>Wowza Streaming Engine</description>
|
638
|
-
<example service.version="4.7.7.01" service.version.version="20190222144406">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
|
639
|
-
<example service.edition="Perpetual Pro">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
|
654
|
+
<example service.version="4.7.7.01" service.version.version="20190222144406" service.edition="Subscription">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
|
655
|
+
<example service.edition="Perpetual Pro" service.version="4.8.8.01" service.version.version="20201216140014">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
|
640
656
|
<param pos="0" name="service.vendor" value="Wowza"/>
|
641
657
|
<param pos="0" name="service.product" value="Streaming Engine"/>
|
642
658
|
<param pos="1" name="service.edition"/>
|
@@ -673,7 +689,7 @@
|
|
673
689
|
<param pos="0" name="service.product" value="nginx"/>
|
674
690
|
<param pos="0" name="service.family" value="nginx"/>
|
675
691
|
<param pos="0" name="service.vendor" value="nginx"/>
|
676
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
692
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
|
677
693
|
</fingerprint>
|
678
694
|
|
679
695
|
<fingerprint pattern="^Test Page for the Nginx HTTP Server on (?:Fedora|EPEL)$">
|
@@ -682,11 +698,11 @@
|
|
682
698
|
<param pos="0" name="service.product" value="nginx"/>
|
683
699
|
<param pos="0" name="service.family" value="nginx"/>
|
684
700
|
<param pos="0" name="service.vendor" value="nginx"/>
|
685
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
701
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
|
686
702
|
<param pos="0" name="os.family" value="Linux"/>
|
687
|
-
<param pos="0" name="os.vendor" value="
|
688
|
-
<param pos="0" name="os.product" value="Fedora Core
|
689
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:
|
703
|
+
<param pos="0" name="os.vendor" value="Fedora Project"/>
|
704
|
+
<param pos="0" name="os.product" value="Fedora Core"/>
|
705
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
|
690
706
|
</fingerprint>
|
691
707
|
|
692
708
|
<fingerprint pattern="^Welcome to nginx on Debian!$">
|
@@ -695,7 +711,7 @@
|
|
695
711
|
<param pos="0" name="service.product" value="nginx"/>
|
696
712
|
<param pos="0" name="service.family" value="nginx"/>
|
697
713
|
<param pos="0" name="service.vendor" value="nginx"/>
|
698
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
714
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
|
699
715
|
<param pos="0" name="os.vendor" value="Debian"/>
|
700
716
|
<param pos="0" name="os.product" value="Linux"/>
|
701
717
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
@@ -1367,6 +1383,7 @@
|
|
1367
1383
|
<param pos="0" name="os.device" value="Switch"/>
|
1368
1384
|
<param pos="0" name="os.product" value="MDS 9000"/>
|
1369
1385
|
<param pos="1" name="os.version"/>
|
1386
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:mds_9000_san-os:{os.version}"/>
|
1370
1387
|
</fingerprint>
|
1371
1388
|
|
1372
1389
|
<fingerprint pattern="^Stealthwatch Management Console$">
|
@@ -2432,6 +2449,22 @@
|
|
2432
2449
|
<param pos="0" name="service.cpe23" value="cpe:/a:jupyter:notebook:-"/>
|
2433
2450
|
</fingerprint>
|
2434
2451
|
|
2452
|
+
<fingerprint pattern="^Jupyter Server$">
|
2453
|
+
<description>Jupyter Server - backend to Jupyter web applications</description>
|
2454
|
+
<example>Jupyter Server</example>
|
2455
|
+
<param pos="0" name="service.vendor" value="Jupyter"/>
|
2456
|
+
<param pos="0" name="service.product" value="Jupyter Server"/>
|
2457
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyter_server:-"/>
|
2458
|
+
</fingerprint>
|
2459
|
+
|
2460
|
+
<fingerprint pattern="^JupyterHub$">
|
2461
|
+
<description>JupyterHub - Multi-user server for Jupyter notebooks</description>
|
2462
|
+
<example>JupyterHub</example>
|
2463
|
+
<param pos="0" name="service.vendor" value="Jupyter"/>
|
2464
|
+
<param pos="0" name="service.product" value="JupyterHub"/>
|
2465
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyterhub:-"/>
|
2466
|
+
</fingerprint>
|
2467
|
+
|
2435
2468
|
<fingerprint pattern="^Redirect to userimage: /control/userimage\.html$">
|
2436
2469
|
<description>Mobotix Network Camera</description>
|
2437
2470
|
<example>Redirect to userimage: /control/userimage.html</example>
|
@@ -3112,7 +3145,7 @@
|
|
3112
3145
|
<example>Log In - Confluence</example>
|
3113
3146
|
<param pos="0" name="service.vendor" value="Atlassian"/>
|
3114
3147
|
<param pos="0" name="service.product" value="Confluence"/>
|
3115
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:
|
3148
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence_server:-"/>
|
3116
3149
|
</fingerprint>
|
3117
3150
|
|
3118
3151
|
<fingerprint pattern="^System Dashboard - ">
|
@@ -3724,4 +3757,212 @@
|
|
3724
3757
|
<param pos="0" name="hw.product" value="Eternus"/>
|
3725
3758
|
</fingerprint>
|
3726
3759
|
|
3760
|
+
<fingerprint pattern="^Covenant - Login$">
|
3761
|
+
<description>Covenant .NET C2 framework</description>
|
3762
|
+
<example>Covenant - Login</example>
|
3763
|
+
<param pos="0" name="service.product" value="Covenant"/>
|
3764
|
+
</fingerprint>
|
3765
|
+
|
3766
|
+
<fingerprint pattern="^Login \| CALDERA$">
|
3767
|
+
<description>MITRE CALDERA C2 framework</description>
|
3768
|
+
<example>Login | CALDERA</example>
|
3769
|
+
<param pos="0" name="service.vendor" value="MITRE"/>
|
3770
|
+
<param pos="0" name="service.product" value="CALDERA"/>
|
3771
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mitre:caldera:-"/>
|
3772
|
+
</fingerprint>
|
3773
|
+
|
3774
|
+
<fingerprint pattern="(?:(\S{1,512}):\d{1,5} / \S{1,512} \| )?phpMyAdmin(?: ([\d.]+(?:-[a-zA-Z0-9]+)?(?:\+\d{8}\.[a-f0-9]{4,40})?))?">
|
3775
|
+
<description>phpMyAdmin web interface for MySQL and MariaDB</description>
|
3776
|
+
<example>phpMyAdmin</example>
|
3777
|
+
<example service.version="2.10.0.2">phpMyAdmin 2.10.0.2</example>
|
3778
|
+
<example service.version="5.0.0-rc1">phpMyAdmin 5.0.0-rc1</example>
|
3779
|
+
<example service.version="5.3.0-dev">phpMyAdmin 5.3.0-dev</example>
|
3780
|
+
<example host.name="10.10.10.10" service.version="5.0.4">10.10.10.10:8080 / db.foo.bar | phpMyAdmin 5.0.4</example>
|
3781
|
+
<example host.name="localhost" service.version="5.3.0-dev+20220208.47252f9cf8">localhost:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
|
3782
|
+
<example host.name="[::ffff:10.10.10.10]" service.version="5.3.0-dev+20220208.47252f9cf8">[::ffff:10.10.10.10]:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
|
3783
|
+
<param pos="0" name="service.vendor" value="phpMyAdmin"/>
|
3784
|
+
<param pos="0" name="service.product" value="phpMyAdmin"/>
|
3785
|
+
<param pos="1" name="host.name"/>
|
3786
|
+
<param pos="2" name="service.version"/>
|
3787
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:{service.version}"/>
|
3788
|
+
</fingerprint>
|
3789
|
+
|
3790
|
+
<fingerprint pattern="^Login - Adminer$">
|
3791
|
+
<description>Adminer database management tool</description>
|
3792
|
+
<example>Login - Adminer</example>
|
3793
|
+
<param pos="0" name="service.vendor" value="Adminer"/>
|
3794
|
+
<param pos="0" name="service.product" value="Adminer"/>
|
3795
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
|
3796
|
+
</fingerprint>
|
3797
|
+
|
3798
|
+
<fingerprint pattern="^Home - Mongo Express$">
|
3799
|
+
<description>mongo-express web-based MongoDB admin interface</description>
|
3800
|
+
<example>Home - Mongo Express</example>
|
3801
|
+
<param pos="0" name="service.vendor" value="mongo-express Project"/>
|
3802
|
+
<param pos="0" name="service.product" value="mongo-express"/>
|
3803
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
|
3804
|
+
</fingerprint>
|
3805
|
+
|
3806
|
+
<fingerprint pattern="^Solr Admin$">
|
3807
|
+
<description>Apache Solr</description>
|
3808
|
+
<example>Solr Admin</example>
|
3809
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
3810
|
+
<param pos="0" name="service.product" value="Solr"/>
|
3811
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:solr:-"/>
|
3812
|
+
</fingerprint>
|
3813
|
+
|
3814
|
+
<fingerprint pattern="^Spark (?:Master|Worker) at (?:spark:\/\/)?(\S{1,512}):\d{1,5}$">
|
3815
|
+
<description>Apache Spark</description>
|
3816
|
+
<example host.name="spark-master-0.foo.bar">Spark Master at spark://spark-master-0.foo.bar:7077</example>
|
3817
|
+
<example host.name="10.10.10.10">Spark Master at spark://10.10.10.10:7077</example>
|
3818
|
+
<example host.name="10.10.10.10">Spark Worker at 10.10.10.10:45339</example>
|
3819
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
3820
|
+
<param pos="0" name="service.product" value="Spark"/>
|
3821
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:spark:-"/>
|
3822
|
+
<param pos="1" name="host.name"/>
|
3823
|
+
</fingerprint>
|
3824
|
+
|
3825
|
+
<fingerprint pattern="^pfSense - Login$">
|
3826
|
+
<description>pfSense Firewall</description>
|
3827
|
+
<example>pfSense - Login</example>
|
3828
|
+
<param pos="0" name="service.vendor" value="pfSense"/>
|
3829
|
+
<param pos="0" name="service.product" value="pfSense"/>
|
3830
|
+
<param pos="0" name="service.device" value="Firewall"/>
|
3831
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pfsense:pfsense:-"/>
|
3832
|
+
<param pos="0" name="service.component.vendor" value="nginx"/>
|
3833
|
+
<param pos="0" name="service.component.product" value="nginx"/>
|
3834
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
|
3835
|
+
<param pos="0" name="os.vendor" value="pfSense"/>
|
3836
|
+
<param pos="0" name="os.product" value="FreeBSD"/>
|
3837
|
+
</fingerprint>
|
3838
|
+
|
3839
|
+
<fingerprint pattern="^Netgate pfSense Plus - Login$">
|
3840
|
+
<description>pfSense Plus Firewall</description>
|
3841
|
+
<example>Netgate pfSense Plus - Login</example>
|
3842
|
+
<param pos="0" name="service.vendor" value="Netgate"/>
|
3843
|
+
<param pos="0" name="service.product" value="pfSense"/>
|
3844
|
+
<param pos="0" name="service.device" value="Firewall"/>
|
3845
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:netgate:pfsense:-"/>
|
3846
|
+
<param pos="0" name="service.component.vendor" value="nginx"/>
|
3847
|
+
<param pos="0" name="service.component.product" value="nginx"/>
|
3848
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
|
3849
|
+
<param pos="0" name="os.vendor" value="pfSense"/>
|
3850
|
+
<param pos="0" name="os.product" value="FreeBSD"/>
|
3851
|
+
</fingerprint>
|
3852
|
+
|
3853
|
+
<fingerprint pattern="^Vigor Login Page$">
|
3854
|
+
<description>DrayTek Vigor network equipment - without model or version</description>
|
3855
|
+
<example>Vigor Login Page</example>
|
3856
|
+
<param pos="0" name="os.vendor" value="DrayTek"/>
|
3857
|
+
<param pos="0" name="os.family" value="Vigor"/>
|
3858
|
+
<param pos="0" name="hw.vendor" value="DrayTek"/>
|
3859
|
+
<param pos="0" name="hw.family" value="Vigor"/>
|
3860
|
+
</fingerprint>
|
3861
|
+
|
3862
|
+
<fingerprint pattern="^WSO2 API Manager|\[Publisher Portal\]WSO2 APIM$">
|
3863
|
+
<description>WSO2 API Manager</description>
|
3864
|
+
<example>WSO2 API Manager</example>
|
3865
|
+
<example>[Publisher Portal]WSO2 APIM</example>
|
3866
|
+
<param pos="0" name="service.vendor" value="WSO2"/>
|
3867
|
+
<param pos="0" name="service.product" value="API Manager"/>
|
3868
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:wso2:api_manager:-"/>
|
3869
|
+
<param pos="0" name="service.component.vendor" value="WSO2"/>
|
3870
|
+
<param pos="0" name="service.component.product" value="Carbon"/>
|
3871
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
|
3872
|
+
</fingerprint>
|
3873
|
+
|
3874
|
+
<fingerprint pattern="^WSO2 Management Console$">
|
3875
|
+
<description>WSO2 Identity Server</description>
|
3876
|
+
<example>WSO2 Management Console</example>
|
3877
|
+
<param pos="0" name="service.vendor" value="WSO2"/>
|
3878
|
+
<param pos="0" name="service.product" value="Identity Server"/>
|
3879
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:wso2:identity_server:-"/>
|
3880
|
+
<param pos="0" name="service.component.vendor" value="WSO2"/>
|
3881
|
+
<param pos="0" name="service.component.product" value="Carbon"/>
|
3882
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
|
3883
|
+
</fingerprint>
|
3884
|
+
|
3885
|
+
<fingerprint pattern="^WSO2 Enterprise Integrator \(WSO2 EI\)$">
|
3886
|
+
<description>WSO2 Enterprise Integrator</description>
|
3887
|
+
<example>WSO2 Enterprise Integrator (WSO2 EI)</example>
|
3888
|
+
<param pos="0" name="service.vendor" value="WSO2"/>
|
3889
|
+
<param pos="0" name="service.product" value="Enterprise Integrator"/>
|
3890
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:wso2:enterprise_integrator:-"/>
|
3891
|
+
<param pos="0" name="service.component.vendor" value="WSO2"/>
|
3892
|
+
<param pos="0" name="service.component.product" value="Carbon"/>
|
3893
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
|
3894
|
+
</fingerprint>
|
3895
|
+
|
3896
|
+
<fingerprint pattern="^dotCMS Content Management Platform$">
|
3897
|
+
<description>dotCMS Content Management Platform</description>
|
3898
|
+
<example>dotCMS Content Management Platform</example>
|
3899
|
+
<param pos="0" name="service.vendor" value="dotCMS"/>
|
3900
|
+
<param pos="0" name="service.product" value="dotCMS"/>
|
3901
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
|
3902
|
+
</fingerprint>
|
3903
|
+
|
3904
|
+
<fingerprint pattern="^Zimbra (?:Web Client Sign In|Administration)$">
|
3905
|
+
<description>Zimbra Collaboration</description>
|
3906
|
+
<example>Zimbra Web Client Sign In</example>
|
3907
|
+
<example>Zimbra Administration</example>
|
3908
|
+
<param pos="0" name="service.vendor" value="Zimbra"/>
|
3909
|
+
<param pos="0" name="service.product" value="Collaboration"/>
|
3910
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
|
3911
|
+
</fingerprint>
|
3912
|
+
|
3913
|
+
<!-- Specific Eltex fingerprints to enable CPE generation -->
|
3914
|
+
|
3915
|
+
<fingerprint pattern="^Eltex - NTP-RG-1402G$">
|
3916
|
+
<description>Eltex - NTP-RG-1402G broadband router</description>
|
3917
|
+
<example>Eltex - NTP-RG-1402G</example>
|
3918
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
3919
|
+
<param pos="0" name="os.product" value="NTP-RG-1402G Firmware"/>
|
3920
|
+
<param pos="0" name="os.device" value="Broadband Router"/>
|
3921
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-rg-1402g_firmware:-"/>
|
3922
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
3923
|
+
<param pos="0" name="hw.product" value="NTP-RG-1402G"/>
|
3924
|
+
<param pos="0" name="hw.device" value="Broadband Router"/>
|
3925
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-rg-1402g:-"/>
|
3926
|
+
</fingerprint>
|
3927
|
+
|
3928
|
+
<fingerprint pattern="^Eltex - NTP-2$">
|
3929
|
+
<description>Eltex - NTP-2 broadband router</description>
|
3930
|
+
<example>Eltex - NTP-2</example>
|
3931
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
3932
|
+
<param pos="0" name="os.product" value="NTP-2 Firmware"/>
|
3933
|
+
<param pos="0" name="os.device" value="Broadband Router"/>
|
3934
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-2_firmware:-"/>
|
3935
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
3936
|
+
<param pos="0" name="hw.product" value="NTP-2"/>
|
3937
|
+
<param pos="0" name="hw.device" value="Broadband Router"/>
|
3938
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-2:-"/>
|
3939
|
+
</fingerprint>
|
3940
|
+
|
3941
|
+
<!-- General Eltex fingerprints -->
|
3942
|
+
|
3943
|
+
<fingerprint pattern="^Eltex - (NT[PU]-RG-\d[\w-]+):?(:?rev\.\w\w?)?$">
|
3944
|
+
<description>Eltex RG model ONT class broadband router</description>
|
3945
|
+
<example hw.product="NTU-RG-1402G-W">Eltex - NTU-RG-1402G-W</example>
|
3946
|
+
<example hw.product="NTU-RG-1421G-Wac" hw.version="rev.A1">Eltex - NTU-RG-1421G-Wac:rev.A1</example>
|
3947
|
+
<example hw.product="NTP-RG-1402G-W" hw.version="rev.C">Eltex - NTP-RG-1402G-W:rev.C</example>
|
3948
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
3949
|
+
<param pos="0" name="os.device" value="Broadband Router"/>
|
3950
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
3951
|
+
<param pos="1" name="hw.product"/>
|
3952
|
+
<param pos="2" name="hw.version"/>
|
3953
|
+
<param pos="0" name="hw.device" value="Broadband Router"/>
|
3954
|
+
</fingerprint>
|
3955
|
+
|
3956
|
+
<fingerprint pattern="^Eltex - (NT[PU]-2\w\w?)$">
|
3957
|
+
<description>Eltex - NTP / NTU model broadband router</description>
|
3958
|
+
<example hw.product="NTU-2V">Eltex - NTU-2V</example>
|
3959
|
+
<example hw.product="NTU-2VC">Eltex - NTU-2VC</example>
|
3960
|
+
<example hw.product="NTP-2C">Eltex - NTP-2C</example>
|
3961
|
+
<param pos="0" name="os.vendor" value="Eltex"/>
|
3962
|
+
<param pos="0" name="os.device" value="Broadband Router"/>
|
3963
|
+
<param pos="0" name="hw.vendor" value="Eltex"/>
|
3964
|
+
<param pos="1" name="hw.product"/>
|
3965
|
+
<param pos="0" name="hw.device" value="Broadband Router"/>
|
3966
|
+
</fingerprint>
|
3967
|
+
|
3727
3968
|
</fingerprints>
|
@@ -79,17 +79,31 @@
|
|
79
79
|
|
80
80
|
<fingerprint pattern="^ANsession\d+=(\S+);">
|
81
81
|
<description>Array Networks Secure Access Gateway / SSL VPN</description>
|
82
|
-
<example>ANsession0002262072457555=IPMI; path=/;secure</example>
|
82
|
+
<example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
|
83
83
|
<param pos="1" name="cookie"/>
|
84
84
|
<param pos="0" name="service.vendor" value="Array Networks"/>
|
85
85
|
<param pos="0" name="service.family" value="Secure Access Gateway"/>
|
86
86
|
<param pos="0" name="hw.device" value="VPN"/>
|
87
87
|
</fingerprint>
|
88
88
|
|
89
|
-
<fingerprint pattern="^
|
90
|
-
<description>Apache</description>
|
91
|
-
<
|
92
|
-
<
|
89
|
+
<fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
|
90
|
+
<description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
|
91
|
+
<example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
|
92
|
+
<example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
|
93
|
+
<example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
|
94
|
+
<example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
|
95
|
+
<param pos="0" name="cookie" value="Apache"/>
|
96
|
+
<param pos="1" name="host.ip"/>
|
97
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
98
|
+
<param pos="0" name="service.family" value="Apache"/>
|
99
|
+
<param pos="0" name="service.product" value="HTTPD"/>
|
100
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
101
|
+
</fingerprint>
|
102
|
+
|
103
|
+
<fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
|
104
|
+
<description>Apache with opaque session ID</description>
|
105
|
+
<example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
|
106
|
+
<param pos="0" name="cookie" value="Apache"/>
|
93
107
|
<param pos="0" name="service.vendor" value="Apache"/>
|
94
108
|
<param pos="0" name="service.family" value="Apache"/>
|
95
109
|
<param pos="0" name="service.product" value="HTTPD"/>
|
@@ -123,27 +137,20 @@
|
|
123
137
|
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
124
138
|
</fingerprint>
|
125
139
|
|
126
|
-
<fingerprint pattern="^
|
127
|
-
<description>BEA WebLogic (with timestamp)</description>
|
128
|
-
<param pos="1" name="cookie"/>
|
129
|
-
<param pos="2" name="system.time.millis"/>
|
130
|
-
<param pos="0" name="service.vendor" value="BEA"/>
|
131
|
-
<param pos="0" name="service.family" value="WebLogic"/>
|
132
|
-
<param pos="0" name="service.product" value="WebLogic"/>
|
133
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
134
|
-
</fingerprint>
|
135
|
-
|
136
|
-
<fingerprint pattern="^(WebLogicSession)=">
|
140
|
+
<fingerprint pattern="^WebLogicSession=">
|
137
141
|
<description>BEA WebLogic (no timestamp)</description>
|
138
|
-
<
|
142
|
+
<example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
|
143
|
+
<example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
|
144
|
+
<param pos="0" name="cookie" value="WebLogicSession"/>
|
139
145
|
<param pos="0" name="service.vendor" value="BEA"/>
|
140
146
|
<param pos="0" name="service.family" value="WebLogic"/>
|
141
147
|
<param pos="0" name="service.product" value="WebLogic"/>
|
142
148
|
<param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
|
143
149
|
</fingerprint>
|
144
150
|
|
145
|
-
<fingerprint pattern="^(BCSI-
|
151
|
+
<fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
|
146
152
|
<description>BlueCoat Proxy</description>
|
153
|
+
<example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
|
147
154
|
<param pos="1" name="cookie"/>
|
148
155
|
<param pos="0" name="service.vendor" value="Blue Coat"/>
|
149
156
|
<param pos="0" name="service.family" value="Proxy"/>
|
@@ -208,6 +215,7 @@
|
|
208
215
|
|
209
216
|
<fingerprint pattern="^st8id=">
|
210
217
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
218
|
+
<example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
|
211
219
|
<param pos="0" name="cookie" value="st8id"/>
|
212
220
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
213
221
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
@@ -271,7 +279,7 @@
|
|
271
279
|
|
272
280
|
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
|
273
281
|
<description>F5 BIG-IP LTM - Server variant</description>
|
274
|
-
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
282
|
+
<example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
275
283
|
<param pos="1" name="cookie"/>
|
276
284
|
<param pos="2" name="loadbalancer.poolname"/>
|
277
285
|
<param pos="0" name="service.vendor" value="F5"/>
|
@@ -365,6 +373,9 @@
|
|
365
373
|
|
366
374
|
<fingerprint pattern="^IBMCBR=">
|
367
375
|
<description>IBM WebSphere Load Balancer</description>
|
376
|
+
<!-- Replace with a valid example if one is discovered -->
|
377
|
+
|
378
|
+
<example>IBMCBR=fakevalue</example>
|
368
379
|
<param pos="0" name="cookie" value="IBMCBR"/>
|
369
380
|
<param pos="0" name="service.vendor" value="IBM"/>
|
370
381
|
<param pos="0" name="service.family" value="WebSphere"/>
|
@@ -382,12 +393,14 @@
|
|
382
393
|
|
383
394
|
<fingerprint pattern="^_mastodon_session=">
|
384
395
|
<description>Mastodon</description>
|
396
|
+
<example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
|
385
397
|
<param pos="0" name="cookie" value="_mastodon_session"/>
|
386
398
|
<param pos="0" name="service.product" value="Mastodon"/>
|
387
399
|
</fingerprint>
|
388
400
|
|
389
401
|
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
|
390
402
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
403
|
+
<example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
|
391
404
|
<param pos="1" name="cookie"/>
|
392
405
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
393
406
|
<param pos="0" name="service.family" value="Commerce Server"/>
|
@@ -399,7 +412,7 @@
|
|
399
412
|
<description>Nextcloud</description>
|
400
413
|
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
401
414
|
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
402
|
-
<example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
415
|
+
<example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
403
416
|
<param pos="1" name="cookie"/>
|
404
417
|
<param pos="0" name="service.vendor" value="Nextcloud"/>
|
405
418
|
<param pos="0" name="service.product" value="Nextcloud Server"/>
|
@@ -426,6 +439,8 @@
|
|
426
439
|
|
427
440
|
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
|
428
441
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
442
|
+
<example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
|
443
|
+
<example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
|
429
444
|
<param pos="1" name="cookie"/>
|
430
445
|
<param pos="0" name="service.vendor" value="FatWire"/>
|
431
446
|
<param pos="0" name="service.family" value="Content Server"/>
|
@@ -434,6 +449,7 @@
|
|
434
449
|
|
435
450
|
<fingerprint pattern="^parkinglot=">
|
436
451
|
<description>Oversee Webserver</description>
|
452
|
+
<example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
|
437
453
|
<param pos="0" name="cookie" value="parkinglot"/>
|
438
454
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
439
455
|
<param pos="0" name="service.family" value="Webserver"/>
|
@@ -491,6 +507,7 @@
|
|
491
507
|
|
492
508
|
<fingerprint pattern="^NSES40Session=">
|
493
509
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
510
|
+
<example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
|
494
511
|
<param pos="0" name="cookie" value="NSES40Session"/>
|
495
512
|
<param pos="0" name="service.vendor" value="Sun"/>
|
496
513
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
@@ -517,8 +534,10 @@
|
|
517
534
|
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
518
535
|
</fingerprint>
|
519
536
|
|
520
|
-
<fingerprint pattern="^(
|
537
|
+
<fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
|
521
538
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
539
|
+
<example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
|
540
|
+
<example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
|
522
541
|
<param pos="1" name="cookie"/>
|
523
542
|
<param pos="0" name="service.vendor" value="Sun"/>
|
524
543
|
<param pos="0" name="service.family" value="Java System Application Server"/>
|
@@ -565,6 +584,7 @@
|
|
565
584
|
|
566
585
|
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
|
567
586
|
<description>Vignette</description>
|
587
|
+
<example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
|
568
588
|
<param pos="1" name="cookie"/>
|
569
589
|
<param pos="0" name="service.vendor" value="Vignette"/>
|
570
590
|
<param pos="0" name="service.family" value="Vignette"/>
|
@@ -589,14 +609,16 @@
|
|
589
609
|
<param pos="0" name="service.product" value="WebTrends"/>
|
590
610
|
</fingerprint>
|
591
611
|
|
592
|
-
<fingerprint pattern="^(
|
593
|
-
<description>Zimbra</description>
|
594
|
-
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
595
|
-
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
612
|
+
<fingerprint pattern="^(ZM_(?:TEST|LOGIN_CSRF)|ZA_(?:SKIN|TEST))=">
|
613
|
+
<description>Zimbra Collaboration</description>
|
614
|
+
<example cookie="ZM_TEST">ZM_TEST=true; Secure</example>
|
615
|
+
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131; Secure; HttpOnly</example>
|
616
|
+
<example cookie="ZA_SKIN">ZA_SKIN=serenity</example>
|
617
|
+
<example cookie="ZA_TEST">ZA_TEST=true; Secure</example>
|
596
618
|
<param pos="1" name="cookie"/>
|
597
|
-
<param pos="0" name="service.vendor" value="
|
598
|
-
<param pos="0" name="service.product" value="
|
599
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
619
|
+
<param pos="0" name="service.vendor" value="Zimbra"/>
|
620
|
+
<param pos="0" name="service.product" value="Collaboration"/>
|
621
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
|
600
622
|
</fingerprint>
|
601
623
|
|
602
624
|
<fingerprint pattern="^_ZopeId=">
|
@@ -607,10 +629,11 @@
|
|
607
629
|
<param pos="0" name="service.product" value="Zope"/>
|
608
630
|
</fingerprint>
|
609
631
|
|
610
|
-
<fingerprint pattern="^
|
632
|
+
<fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
|
611
633
|
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
612
|
-
<
|
613
|
-
<param pos="
|
634
|
+
<example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
|
635
|
+
<param pos="0" name="cookie" value="portal"/>
|
636
|
+
<param pos="1" name="service.version"/>
|
614
637
|
<param pos="0" name="service.vendor" value="Oracle"/>
|
615
638
|
<param pos="0" name="service.family" value="OracleAS"/>
|
616
639
|
<param pos="0" name="service.product" value="Application Server Portal"/>
|
@@ -650,6 +673,51 @@
|
|
650
673
|
<param pos="0" name="service.certainty" value="0.5"/>
|
651
674
|
</fingerprint>
|
652
675
|
|
676
|
+
<fingerprint pattern="^phpMyAdmin=">
|
677
|
+
<description>phpMyAdmin web interface for MySQL and MariaDB</description>
|
678
|
+
<example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
|
679
|
+
<param pos="0" name="service.vendor" value="phpMyAdmin"/>
|
680
|
+
<param pos="0" name="service.product" value="phpMyAdmin"/>
|
681
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
|
682
|
+
</fingerprint>
|
683
|
+
|
684
|
+
<fingerprint pattern="^(adminer_(?:sid|key))=">
|
685
|
+
<description>Adminer database management tool</description>
|
686
|
+
<example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
|
687
|
+
<example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
|
688
|
+
<param pos="1" name="cookie"/>
|
689
|
+
<param pos="0" name="service.vendor" value="Adminer"/>
|
690
|
+
<param pos="0" name="service.product" value="Adminer"/>
|
691
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
|
692
|
+
</fingerprint>
|
693
|
+
|
694
|
+
<fingerprint pattern="^mongo-express=">
|
695
|
+
<description>mongo-express web-based MongoDB admin interface</description>
|
696
|
+
<example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
|
697
|
+
<param pos="0" name="service.vendor" value="mongo-express Project"/>
|
698
|
+
<param pos="0" name="service.product" value="mongo-express"/>
|
699
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
|
700
|
+
</fingerprint>
|
701
|
+
|
702
|
+
<fingerprint pattern="^adscsrf=">
|
703
|
+
<description>ManageEngine ADSelfService Plus</description>
|
704
|
+
<example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
|
705
|
+
<param pos="0" name="service.vendor" value="ManageEngine"/>
|
706
|
+
<param pos="0" name="service.product" value="ADSelfService Plus"/>
|
707
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
|
708
|
+
</fingerprint>
|
709
|
+
|
710
|
+
<fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
|
711
|
+
<description>dotCMS Content Management Platform</description>
|
712
|
+
<example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
|
713
|
+
<example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
|
714
|
+
<example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
|
715
|
+
<param pos="1" name="cookie"/>
|
716
|
+
<param pos="0" name="service.vendor" value="dotCMS"/>
|
717
|
+
<param pos="0" name="service.product" value="dotCMS"/>
|
718
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
|
719
|
+
</fingerprint>
|
720
|
+
|
653
721
|
<!--
|
654
722
|
Ignore various cookies that are very generic cookies for session IDs
|
655
723
|
that are not necessarily indicative of any particular
|
@@ -659,23 +727,32 @@
|
|
659
727
|
-->
|
660
728
|
|
661
729
|
<fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
|
662
|
-
<description>Ignore simple JSESSIONID and related cookies</description>
|
730
|
+
<description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
|
663
731
|
<example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
|
664
732
|
<example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
|
665
733
|
<example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
|
734
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
735
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
736
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
666
737
|
</fingerprint>
|
667
738
|
|
668
739
|
<fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
|
669
|
-
<description>Ignore simple SESSIONID and related cookies</description>
|
740
|
+
<description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
|
670
741
|
<example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
|
671
742
|
<example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
|
672
743
|
<example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
|
673
744
|
<example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
|
745
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
746
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
747
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
674
748
|
</fingerprint>
|
675
749
|
|
676
750
|
<fingerprint pattern="(?i)^sid=[^;]+;">
|
677
|
-
<description>Ignore simple SID and related cookies</description>
|
751
|
+
<description>Ignore simple SID and related cookies -- assert nothing</description>
|
678
752
|
<example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
|
753
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
754
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
755
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
679
756
|
</fingerprint>
|
680
757
|
|
681
758
|
</fingerprints>
|