recog 2.3.22 → 3.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (128) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +2 -0
  3. data/LICENSE +1 -1
  4. data/README.md +25 -16
  5. data/Rakefile +2 -9
  6. data/lib/recog/db_manager.rb +1 -1
  7. data/lib/recog/fingerprint.rb +21 -7
  8. data/lib/recog/fingerprint_parse_error.rb +10 -0
  9. data/lib/recog/match_reporter.rb +37 -3
  10. data/lib/recog/matcher.rb +5 -10
  11. data/lib/recog/verifier.rb +4 -4
  12. data/lib/recog/verify_reporter.rb +7 -6
  13. data/lib/recog/version.rb +1 -1
  14. data/{bin → recog/bin}/recog_match +20 -7
  15. data/{xml → recog/xml}/apache_modules.xml +0 -0
  16. data/{xml → recog/xml}/apache_os.xml +61 -19
  17. data/{xml → recog/xml}/architecture.xml +15 -1
  18. data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
  19. data/{xml → recog/xml}/dns_versionbind.xml +16 -13
  20. data/{xml → recog/xml}/favicons.xml +167 -9
  21. data/{xml → recog/xml}/fingerprints.xsd +9 -1
  22. data/{xml → recog/xml}/ftp_banners.xml +131 -141
  23. data/{xml → recog/xml}/h323_callresp.xml +2 -2
  24. data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
  25. data/{xml → recog/xml}/html_title.xml +250 -9
  26. data/{xml → recog/xml}/http_cookies.xml +111 -34
  27. data/{xml → recog/xml}/http_servers.xml +483 -270
  28. data/{xml → recog/xml}/http_wwwauth.xml +83 -37
  29. data/{xml → recog/xml}/imap_banners.xml +10 -10
  30. data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
  31. data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
  32. data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
  33. data/{xml → recog/xml}/mysql_banners.xml +0 -0
  34. data/{xml → recog/xml}/mysql_error.xml +0 -0
  35. data/{xml → recog/xml}/nntp_banners.xml +8 -5
  36. data/{xml → recog/xml}/ntp_banners.xml +33 -33
  37. data/{xml → recog/xml}/operating_system.xml +92 -77
  38. data/{xml → recog/xml}/pop_banners.xml +25 -25
  39. data/{xml → recog/xml}/rsh_resp.xml +0 -0
  40. data/{xml → recog/xml}/rtsp_servers.xml +0 -0
  41. data/{xml → recog/xml}/sip_banners.xml +16 -5
  42. data/{xml → recog/xml}/sip_user_agents.xml +122 -27
  43. data/{xml → recog/xml}/smb_native_lm.xml +5 -5
  44. data/{xml → recog/xml}/smb_native_os.xml +25 -25
  45. data/{xml → recog/xml}/smtp_banners.xml +132 -131
  46. data/{xml → recog/xml}/smtp_debug.xml +0 -0
  47. data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
  48. data/{xml → recog/xml}/smtp_expn.xml +0 -0
  49. data/{xml → recog/xml}/smtp_help.xml +1 -1
  50. data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
  51. data/{xml → recog/xml}/smtp_noop.xml +0 -0
  52. data/{xml → recog/xml}/smtp_quit.xml +0 -0
  53. data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
  54. data/{xml → recog/xml}/smtp_rset.xml +0 -0
  55. data/{xml → recog/xml}/smtp_turn.xml +0 -0
  56. data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
  57. data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
  58. data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
  59. data/{xml → recog/xml}/ssh_banners.xml +9 -5
  60. data/{xml → recog/xml}/telnet_banners.xml +83 -1
  61. data/{xml → recog/xml}/tls_jarm.xml +30 -2
  62. data/{xml → recog/xml}/x11_banners.xml +3 -3
  63. data/{xml → recog/xml}/x509_issuers.xml +24 -4
  64. data/{xml → recog/xml}/x509_subjects.xml +32 -3
  65. data/recog.gemspec +9 -5
  66. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  67. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  68. data/spec/data/external_example_fingerprint.xml +8 -0
  69. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  70. data/spec/lib/recog/db_spec.rb +84 -61
  71. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  72. data/spec/lib/recog/match_reporter_spec.rb +22 -8
  73. data/spec/lib/recog/verify_reporter_spec.rb +8 -8
  74. data/spec/spec_helper.rb +4 -0
  75. data.tar.gz.sig +0 -0
  76. metadata +154 -142
  77. metadata.gz.sig +0 -0
  78. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
  79. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
  80. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
  81. data/.github/PULL_REQUEST_TEMPLATE +0 -24
  82. data/.github/SECURITY.md +0 -35
  83. data/.github/dependabot.yml +0 -8
  84. data/.github/workflows/ci.yml +0 -26
  85. data/.github/workflows/verify.yml +0 -89
  86. data/.gitignore +0 -23
  87. data/.rspec +0 -3
  88. data/.ruby-gemset +0 -1
  89. data/.ruby-version +0 -1
  90. data/.snyk +0 -10
  91. data/.travis.yml +0 -25
  92. data/CONTRIBUTING.md +0 -276
  93. data/bin/recog_cleanup +0 -16
  94. data/bin/recog_export +0 -81
  95. data/bin/recog_standardize +0 -163
  96. data/bin/recog_verify +0 -63
  97. data/cpe-remap.yaml +0 -356
  98. data/features/data/failing_banners_fingerprints.xml +0 -20
  99. data/features/data/matching_banners_fingerprints.xml +0 -23
  100. data/features/data/multiple_banners_fingerprints.xml +0 -32
  101. data/features/data/no_tests.xml +0 -3
  102. data/features/data/sample_banner.txt +0 -2
  103. data/features/data/successful_tests.xml +0 -18
  104. data/features/data/tests_with_failures.xml +0 -20
  105. data/features/data/tests_with_warnings.xml +0 -17
  106. data/features/match.feature +0 -36
  107. data/features/support/aruba.rb +0 -3
  108. data/features/support/env.rb +0 -6
  109. data/features/verify.feature +0 -48
  110. data/identifiers/README.md +0 -70
  111. data/identifiers/fields.txt +0 -105
  112. data/identifiers/hw_device.txt +0 -84
  113. data/identifiers/hw_family.txt +0 -121
  114. data/identifiers/hw_product.txt +0 -461
  115. data/identifiers/os_architecture.txt +0 -10
  116. data/identifiers/os_device.txt +0 -75
  117. data/identifiers/os_family.txt +0 -234
  118. data/identifiers/os_product.txt +0 -350
  119. data/identifiers/service_family.txt +0 -249
  120. data/identifiers/service_product.txt +0 -764
  121. data/identifiers/vendor.txt +0 -847
  122. data/lib/recog/verifier_factory.rb +0 -13
  123. data/misc/convert_mysql_err +0 -61
  124. data/misc/order.xsl +0 -17
  125. data/requirements.txt +0 -2
  126. data/spec/lib/fingerprint_self_test_spec.rb +0 -175
  127. data/tools/dev/hooks/pre-commit +0 -21
  128. data/update_cpes.py +0 -250
@@ -214,6 +214,17 @@
214
214
  <param pos="0" name="hw.device" value="DVR"/>
215
215
  </fingerprint>
216
216
 
217
+ <!-- Xiongmai Technology is rebranded by a number of DVR and IP Camera manufacturers -->
218
+
219
+ <fingerprint pattern="^NETSurveillance WEB$">
220
+ <description>NetSurveillance web interface on DVR and IP Camera devices sourced from Xiongmai Technology</description>
221
+ <example>NETSurveillance WEB</example>
222
+ <param pos="0" name="service.vendor" value="Xiongmai Technology"/>
223
+ <param pos="0" name="service.product" value="uc-httpd"/>
224
+ <param pos="0" name="service.cpe23" value="cpe:/a:xiongmaitech:uc-httpd:-"/>
225
+ <param pos="0" name="os.vendor" value="Xiongmai Technology"/>
226
+ </fingerprint>
227
+
217
228
  <fingerprint pattern="^FRITZ!Box$">
218
229
  <description>AVM FRITZ!Box</description>
219
230
  <example>FRITZ!Box</example>
@@ -427,9 +438,14 @@
427
438
  <example>Fireware XTM User Authentication</example>
428
439
  <param pos="0" name="service.vendor" value="WatchGuard"/>
429
440
  <param pos="0" name="service.product" value="Fireware XTM"/>
441
+ <param pos="0" name="service.device" value="Firewall"/>
430
442
  <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
443
+ <param pos="0" name="service.component.vendor" value="nginx"/>
444
+ <param pos="0" name="service.component.product" value="nginx"/>
445
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
431
446
  <param pos="0" name="os.vendor" value="WatchGuard"/>
432
447
  <param pos="0" name="os.product" value="Fireware"/>
448
+ <param pos="0" name="os.device" value="Firewall"/>
433
449
  <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
434
450
  </fingerprint>
435
451
 
@@ -635,8 +651,8 @@
635
651
 
636
652
  <fingerprint pattern="^Wowza Streaming Engine 4 (Subscription|Perpetual Pro) Edition (\d\.[\w.]+) build(\d+)$">
637
653
  <description>Wowza Streaming Engine</description>
638
- <example service.version="4.7.7.01" service.version.version="20190222144406">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
639
- <example service.edition="Perpetual Pro">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
654
+ <example service.version="4.7.7.01" service.version.version="20190222144406" service.edition="Subscription">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
655
+ <example service.edition="Perpetual Pro" service.version="4.8.8.01" service.version.version="20201216140014">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
640
656
  <param pos="0" name="service.vendor" value="Wowza"/>
641
657
  <param pos="0" name="service.product" value="Streaming Engine"/>
642
658
  <param pos="1" name="service.edition"/>
@@ -673,7 +689,7 @@
673
689
  <param pos="0" name="service.product" value="nginx"/>
674
690
  <param pos="0" name="service.family" value="nginx"/>
675
691
  <param pos="0" name="service.vendor" value="nginx"/>
676
- <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
692
+ <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
677
693
  </fingerprint>
678
694
 
679
695
  <fingerprint pattern="^Test Page for the Nginx HTTP Server on (?:Fedora|EPEL)$">
@@ -682,11 +698,11 @@
682
698
  <param pos="0" name="service.product" value="nginx"/>
683
699
  <param pos="0" name="service.family" value="nginx"/>
684
700
  <param pos="0" name="service.vendor" value="nginx"/>
685
- <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
701
+ <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
686
702
  <param pos="0" name="os.family" value="Linux"/>
687
- <param pos="0" name="os.vendor" value="Red Hat"/>
688
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
689
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
703
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
704
+ <param pos="0" name="os.product" value="Fedora Core"/>
705
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
690
706
  </fingerprint>
691
707
 
692
708
  <fingerprint pattern="^Welcome to nginx on Debian!$">
@@ -695,7 +711,7 @@
695
711
  <param pos="0" name="service.product" value="nginx"/>
696
712
  <param pos="0" name="service.family" value="nginx"/>
697
713
  <param pos="0" name="service.vendor" value="nginx"/>
698
- <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
714
+ <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
699
715
  <param pos="0" name="os.vendor" value="Debian"/>
700
716
  <param pos="0" name="os.product" value="Linux"/>
701
717
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
@@ -1367,6 +1383,7 @@
1367
1383
  <param pos="0" name="os.device" value="Switch"/>
1368
1384
  <param pos="0" name="os.product" value="MDS 9000"/>
1369
1385
  <param pos="1" name="os.version"/>
1386
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:mds_9000_san-os:{os.version}"/>
1370
1387
  </fingerprint>
1371
1388
 
1372
1389
  <fingerprint pattern="^Stealthwatch Management Console$">
@@ -2432,6 +2449,22 @@
2432
2449
  <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:notebook:-"/>
2433
2450
  </fingerprint>
2434
2451
 
2452
+ <fingerprint pattern="^Jupyter Server$">
2453
+ <description>Jupyter Server - backend to Jupyter web applications</description>
2454
+ <example>Jupyter Server</example>
2455
+ <param pos="0" name="service.vendor" value="Jupyter"/>
2456
+ <param pos="0" name="service.product" value="Jupyter Server"/>
2457
+ <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyter_server:-"/>
2458
+ </fingerprint>
2459
+
2460
+ <fingerprint pattern="^JupyterHub$">
2461
+ <description>JupyterHub - Multi-user server for Jupyter notebooks</description>
2462
+ <example>JupyterHub</example>
2463
+ <param pos="0" name="service.vendor" value="Jupyter"/>
2464
+ <param pos="0" name="service.product" value="JupyterHub"/>
2465
+ <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyterhub:-"/>
2466
+ </fingerprint>
2467
+
2435
2468
  <fingerprint pattern="^Redirect to userimage: /control/userimage\.html$">
2436
2469
  <description>Mobotix Network Camera</description>
2437
2470
  <example>Redirect to userimage: /control/userimage.html</example>
@@ -3112,7 +3145,7 @@
3112
3145
  <example>Log In - Confluence</example>
3113
3146
  <param pos="0" name="service.vendor" value="Atlassian"/>
3114
3147
  <param pos="0" name="service.product" value="Confluence"/>
3115
- <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence:-"/>
3148
+ <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence_server:-"/>
3116
3149
  </fingerprint>
3117
3150
 
3118
3151
  <fingerprint pattern="^System Dashboard - ">
@@ -3724,4 +3757,212 @@
3724
3757
  <param pos="0" name="hw.product" value="Eternus"/>
3725
3758
  </fingerprint>
3726
3759
 
3760
+ <fingerprint pattern="^Covenant - Login$">
3761
+ <description>Covenant .NET C2 framework</description>
3762
+ <example>Covenant - Login</example>
3763
+ <param pos="0" name="service.product" value="Covenant"/>
3764
+ </fingerprint>
3765
+
3766
+ <fingerprint pattern="^Login \| CALDERA$">
3767
+ <description>MITRE CALDERA C2 framework</description>
3768
+ <example>Login | CALDERA</example>
3769
+ <param pos="0" name="service.vendor" value="MITRE"/>
3770
+ <param pos="0" name="service.product" value="CALDERA"/>
3771
+ <param pos="0" name="service.cpe23" value="cpe:/a:mitre:caldera:-"/>
3772
+ </fingerprint>
3773
+
3774
+ <fingerprint pattern="(?:(\S{1,512}):\d{1,5} / \S{1,512} \| )?phpMyAdmin(?: ([\d.]+(?:-[a-zA-Z0-9]+)?(?:\+\d{8}\.[a-f0-9]{4,40})?))?">
3775
+ <description>phpMyAdmin web interface for MySQL and MariaDB</description>
3776
+ <example>phpMyAdmin</example>
3777
+ <example service.version="2.10.0.2">phpMyAdmin 2.10.0.2</example>
3778
+ <example service.version="5.0.0-rc1">phpMyAdmin 5.0.0-rc1</example>
3779
+ <example service.version="5.3.0-dev">phpMyAdmin 5.3.0-dev</example>
3780
+ <example host.name="10.10.10.10" service.version="5.0.4">10.10.10.10:8080 / db.foo.bar | phpMyAdmin 5.0.4</example>
3781
+ <example host.name="localhost" service.version="5.3.0-dev+20220208.47252f9cf8">localhost:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
3782
+ <example host.name="[::ffff:10.10.10.10]" service.version="5.3.0-dev+20220208.47252f9cf8">[::ffff:10.10.10.10]:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
3783
+ <param pos="0" name="service.vendor" value="phpMyAdmin"/>
3784
+ <param pos="0" name="service.product" value="phpMyAdmin"/>
3785
+ <param pos="1" name="host.name"/>
3786
+ <param pos="2" name="service.version"/>
3787
+ <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:{service.version}"/>
3788
+ </fingerprint>
3789
+
3790
+ <fingerprint pattern="^Login - Adminer$">
3791
+ <description>Adminer database management tool</description>
3792
+ <example>Login - Adminer</example>
3793
+ <param pos="0" name="service.vendor" value="Adminer"/>
3794
+ <param pos="0" name="service.product" value="Adminer"/>
3795
+ <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
3796
+ </fingerprint>
3797
+
3798
+ <fingerprint pattern="^Home - Mongo Express$">
3799
+ <description>mongo-express web-based MongoDB admin interface</description>
3800
+ <example>Home - Mongo Express</example>
3801
+ <param pos="0" name="service.vendor" value="mongo-express Project"/>
3802
+ <param pos="0" name="service.product" value="mongo-express"/>
3803
+ <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
3804
+ </fingerprint>
3805
+
3806
+ <fingerprint pattern="^Solr Admin$">
3807
+ <description>Apache Solr</description>
3808
+ <example>Solr Admin</example>
3809
+ <param pos="0" name="service.vendor" value="Apache"/>
3810
+ <param pos="0" name="service.product" value="Solr"/>
3811
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:solr:-"/>
3812
+ </fingerprint>
3813
+
3814
+ <fingerprint pattern="^Spark (?:Master|Worker) at (?:spark:\/\/)?(\S{1,512}):\d{1,5}$">
3815
+ <description>Apache Spark</description>
3816
+ <example host.name="spark-master-0.foo.bar">Spark Master at spark://spark-master-0.foo.bar:7077</example>
3817
+ <example host.name="10.10.10.10">Spark Master at spark://10.10.10.10:7077</example>
3818
+ <example host.name="10.10.10.10">Spark Worker at 10.10.10.10:45339</example>
3819
+ <param pos="0" name="service.vendor" value="Apache"/>
3820
+ <param pos="0" name="service.product" value="Spark"/>
3821
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:spark:-"/>
3822
+ <param pos="1" name="host.name"/>
3823
+ </fingerprint>
3824
+
3825
+ <fingerprint pattern="^pfSense - Login$">
3826
+ <description>pfSense Firewall</description>
3827
+ <example>pfSense - Login</example>
3828
+ <param pos="0" name="service.vendor" value="pfSense"/>
3829
+ <param pos="0" name="service.product" value="pfSense"/>
3830
+ <param pos="0" name="service.device" value="Firewall"/>
3831
+ <param pos="0" name="service.cpe23" value="cpe:/a:pfsense:pfsense:-"/>
3832
+ <param pos="0" name="service.component.vendor" value="nginx"/>
3833
+ <param pos="0" name="service.component.product" value="nginx"/>
3834
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
3835
+ <param pos="0" name="os.vendor" value="pfSense"/>
3836
+ <param pos="0" name="os.product" value="FreeBSD"/>
3837
+ </fingerprint>
3838
+
3839
+ <fingerprint pattern="^Netgate pfSense Plus - Login$">
3840
+ <description>pfSense Plus Firewall</description>
3841
+ <example>Netgate pfSense Plus - Login</example>
3842
+ <param pos="0" name="service.vendor" value="Netgate"/>
3843
+ <param pos="0" name="service.product" value="pfSense"/>
3844
+ <param pos="0" name="service.device" value="Firewall"/>
3845
+ <param pos="0" name="service.cpe23" value="cpe:/a:netgate:pfsense:-"/>
3846
+ <param pos="0" name="service.component.vendor" value="nginx"/>
3847
+ <param pos="0" name="service.component.product" value="nginx"/>
3848
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
3849
+ <param pos="0" name="os.vendor" value="pfSense"/>
3850
+ <param pos="0" name="os.product" value="FreeBSD"/>
3851
+ </fingerprint>
3852
+
3853
+ <fingerprint pattern="^Vigor Login Page$">
3854
+ <description>DrayTek Vigor network equipment - without model or version</description>
3855
+ <example>Vigor Login Page</example>
3856
+ <param pos="0" name="os.vendor" value="DrayTek"/>
3857
+ <param pos="0" name="os.family" value="Vigor"/>
3858
+ <param pos="0" name="hw.vendor" value="DrayTek"/>
3859
+ <param pos="0" name="hw.family" value="Vigor"/>
3860
+ </fingerprint>
3861
+
3862
+ <fingerprint pattern="^WSO2 API Manager|\[Publisher Portal\]WSO2 APIM$">
3863
+ <description>WSO2 API Manager</description>
3864
+ <example>WSO2 API Manager</example>
3865
+ <example>[Publisher Portal]WSO2 APIM</example>
3866
+ <param pos="0" name="service.vendor" value="WSO2"/>
3867
+ <param pos="0" name="service.product" value="API Manager"/>
3868
+ <param pos="0" name="service.cpe23" value="cpe:/a:wso2:api_manager:-"/>
3869
+ <param pos="0" name="service.component.vendor" value="WSO2"/>
3870
+ <param pos="0" name="service.component.product" value="Carbon"/>
3871
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
3872
+ </fingerprint>
3873
+
3874
+ <fingerprint pattern="^WSO2 Management Console$">
3875
+ <description>WSO2 Identity Server</description>
3876
+ <example>WSO2 Management Console</example>
3877
+ <param pos="0" name="service.vendor" value="WSO2"/>
3878
+ <param pos="0" name="service.product" value="Identity Server"/>
3879
+ <param pos="0" name="service.cpe23" value="cpe:/a:wso2:identity_server:-"/>
3880
+ <param pos="0" name="service.component.vendor" value="WSO2"/>
3881
+ <param pos="0" name="service.component.product" value="Carbon"/>
3882
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
3883
+ </fingerprint>
3884
+
3885
+ <fingerprint pattern="^WSO2 Enterprise Integrator \(WSO2 EI\)$">
3886
+ <description>WSO2 Enterprise Integrator</description>
3887
+ <example>WSO2 Enterprise Integrator (WSO2 EI)</example>
3888
+ <param pos="0" name="service.vendor" value="WSO2"/>
3889
+ <param pos="0" name="service.product" value="Enterprise Integrator"/>
3890
+ <param pos="0" name="service.cpe23" value="cpe:/a:wso2:enterprise_integrator:-"/>
3891
+ <param pos="0" name="service.component.vendor" value="WSO2"/>
3892
+ <param pos="0" name="service.component.product" value="Carbon"/>
3893
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
3894
+ </fingerprint>
3895
+
3896
+ <fingerprint pattern="^dotCMS Content Management Platform$">
3897
+ <description>dotCMS Content Management Platform</description>
3898
+ <example>dotCMS Content Management Platform</example>
3899
+ <param pos="0" name="service.vendor" value="dotCMS"/>
3900
+ <param pos="0" name="service.product" value="dotCMS"/>
3901
+ <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
3902
+ </fingerprint>
3903
+
3904
+ <fingerprint pattern="^Zimbra (?:Web Client Sign In|Administration)$">
3905
+ <description>Zimbra Collaboration</description>
3906
+ <example>Zimbra Web Client Sign In</example>
3907
+ <example>Zimbra Administration</example>
3908
+ <param pos="0" name="service.vendor" value="Zimbra"/>
3909
+ <param pos="0" name="service.product" value="Collaboration"/>
3910
+ <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
3911
+ </fingerprint>
3912
+
3913
+ <!-- Specific Eltex fingerprints to enable CPE generation -->
3914
+
3915
+ <fingerprint pattern="^Eltex - NTP-RG-1402G$">
3916
+ <description>Eltex - NTP-RG-1402G broadband router</description>
3917
+ <example>Eltex - NTP-RG-1402G</example>
3918
+ <param pos="0" name="os.vendor" value="Eltex"/>
3919
+ <param pos="0" name="os.product" value="NTP-RG-1402G Firmware"/>
3920
+ <param pos="0" name="os.device" value="Broadband Router"/>
3921
+ <param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-rg-1402g_firmware:-"/>
3922
+ <param pos="0" name="hw.vendor" value="Eltex"/>
3923
+ <param pos="0" name="hw.product" value="NTP-RG-1402G"/>
3924
+ <param pos="0" name="hw.device" value="Broadband Router"/>
3925
+ <param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-rg-1402g:-"/>
3926
+ </fingerprint>
3927
+
3928
+ <fingerprint pattern="^Eltex - NTP-2$">
3929
+ <description>Eltex - NTP-2 broadband router</description>
3930
+ <example>Eltex - NTP-2</example>
3931
+ <param pos="0" name="os.vendor" value="Eltex"/>
3932
+ <param pos="0" name="os.product" value="NTP-2 Firmware"/>
3933
+ <param pos="0" name="os.device" value="Broadband Router"/>
3934
+ <param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-2_firmware:-"/>
3935
+ <param pos="0" name="hw.vendor" value="Eltex"/>
3936
+ <param pos="0" name="hw.product" value="NTP-2"/>
3937
+ <param pos="0" name="hw.device" value="Broadband Router"/>
3938
+ <param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-2:-"/>
3939
+ </fingerprint>
3940
+
3941
+ <!-- General Eltex fingerprints -->
3942
+
3943
+ <fingerprint pattern="^Eltex - (NT[PU]-RG-\d[\w-]+):?(:?rev\.\w\w?)?$">
3944
+ <description>Eltex RG model ONT class broadband router</description>
3945
+ <example hw.product="NTU-RG-1402G-W">Eltex - NTU-RG-1402G-W</example>
3946
+ <example hw.product="NTU-RG-1421G-Wac" hw.version="rev.A1">Eltex - NTU-RG-1421G-Wac:rev.A1</example>
3947
+ <example hw.product="NTP-RG-1402G-W" hw.version="rev.C">Eltex - NTP-RG-1402G-W:rev.C</example>
3948
+ <param pos="0" name="os.vendor" value="Eltex"/>
3949
+ <param pos="0" name="os.device" value="Broadband Router"/>
3950
+ <param pos="0" name="hw.vendor" value="Eltex"/>
3951
+ <param pos="1" name="hw.product"/>
3952
+ <param pos="2" name="hw.version"/>
3953
+ <param pos="0" name="hw.device" value="Broadband Router"/>
3954
+ </fingerprint>
3955
+
3956
+ <fingerprint pattern="^Eltex - (NT[PU]-2\w\w?)$">
3957
+ <description>Eltex - NTP / NTU model broadband router</description>
3958
+ <example hw.product="NTU-2V">Eltex - NTU-2V</example>
3959
+ <example hw.product="NTU-2VC">Eltex - NTU-2VC</example>
3960
+ <example hw.product="NTP-2C">Eltex - NTP-2C</example>
3961
+ <param pos="0" name="os.vendor" value="Eltex"/>
3962
+ <param pos="0" name="os.device" value="Broadband Router"/>
3963
+ <param pos="0" name="hw.vendor" value="Eltex"/>
3964
+ <param pos="1" name="hw.product"/>
3965
+ <param pos="0" name="hw.device" value="Broadband Router"/>
3966
+ </fingerprint>
3967
+
3727
3968
  </fingerprints>
@@ -79,17 +79,31 @@
79
79
 
80
80
  <fingerprint pattern="^ANsession\d+=(\S+);">
81
81
  <description>Array Networks Secure Access Gateway / SSL VPN</description>
82
- <example>ANsession0002262072457555=IPMI; path=/;secure</example>
82
+ <example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
83
83
  <param pos="1" name="cookie"/>
84
84
  <param pos="0" name="service.vendor" value="Array Networks"/>
85
85
  <param pos="0" name="service.family" value="Secure Access Gateway"/>
86
86
  <param pos="0" name="hw.device" value="VPN"/>
87
87
  </fingerprint>
88
88
 
89
- <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);">
90
- <description>Apache</description>
91
- <param pos="1" name="cookie"/>
92
- <param pos="2" name="system.time.micros"/>
89
+ <fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
90
+ <description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
91
+ <example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
92
+ <example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
93
+ <example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
94
+ <example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
95
+ <param pos="0" name="cookie" value="Apache"/>
96
+ <param pos="1" name="host.ip"/>
97
+ <param pos="0" name="service.vendor" value="Apache"/>
98
+ <param pos="0" name="service.family" value="Apache"/>
99
+ <param pos="0" name="service.product" value="HTTPD"/>
100
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
101
+ </fingerprint>
102
+
103
+ <fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
104
+ <description>Apache with opaque session ID</description>
105
+ <example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
106
+ <param pos="0" name="cookie" value="Apache"/>
93
107
  <param pos="0" name="service.vendor" value="Apache"/>
94
108
  <param pos="0" name="service.family" value="Apache"/>
95
109
  <param pos="0" name="service.product" value="HTTPD"/>
@@ -123,27 +137,20 @@
123
137
  <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
124
138
  </fingerprint>
125
139
 
126
- <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);">
127
- <description>BEA WebLogic (with timestamp)</description>
128
- <param pos="1" name="cookie"/>
129
- <param pos="2" name="system.time.millis"/>
130
- <param pos="0" name="service.vendor" value="BEA"/>
131
- <param pos="0" name="service.family" value="WebLogic"/>
132
- <param pos="0" name="service.product" value="WebLogic"/>
133
- <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
134
- </fingerprint>
135
-
136
- <fingerprint pattern="^(WebLogicSession)=">
140
+ <fingerprint pattern="^WebLogicSession=">
137
141
  <description>BEA WebLogic (no timestamp)</description>
138
- <param pos="1" name="cookie"/>
142
+ <example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
143
+ <example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
144
+ <param pos="0" name="cookie" value="WebLogicSession"/>
139
145
  <param pos="0" name="service.vendor" value="BEA"/>
140
146
  <param pos="0" name="service.family" value="WebLogic"/>
141
147
  <param pos="0" name="service.product" value="WebLogic"/>
142
148
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
143
149
  </fingerprint>
144
150
 
145
- <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=">
151
+ <fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
146
152
  <description>BlueCoat Proxy</description>
153
+ <example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
147
154
  <param pos="1" name="cookie"/>
148
155
  <param pos="0" name="service.vendor" value="Blue Coat"/>
149
156
  <param pos="0" name="service.family" value="Proxy"/>
@@ -208,6 +215,7 @@
208
215
 
209
216
  <fingerprint pattern="^st8id=">
210
217
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
218
+ <example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
211
219
  <param pos="0" name="cookie" value="st8id"/>
212
220
  <param pos="0" name="service.vendor" value="Citrix"/>
213
221
  <param pos="0" name="service.family" value="Application Protection System"/>
@@ -271,7 +279,7 @@
271
279
 
272
280
  <fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
273
281
  <description>F5 BIG-IP LTM - Server variant</description>
274
- <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
282
+ <example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
275
283
  <param pos="1" name="cookie"/>
276
284
  <param pos="2" name="loadbalancer.poolname"/>
277
285
  <param pos="0" name="service.vendor" value="F5"/>
@@ -365,6 +373,9 @@
365
373
 
366
374
  <fingerprint pattern="^IBMCBR=">
367
375
  <description>IBM WebSphere Load Balancer</description>
376
+ <!-- Replace with a valid example if one is discovered -->
377
+
378
+ <example>IBMCBR=fakevalue</example>
368
379
  <param pos="0" name="cookie" value="IBMCBR"/>
369
380
  <param pos="0" name="service.vendor" value="IBM"/>
370
381
  <param pos="0" name="service.family" value="WebSphere"/>
@@ -382,12 +393,14 @@
382
393
 
383
394
  <fingerprint pattern="^_mastodon_session=">
384
395
  <description>Mastodon</description>
396
+ <example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
385
397
  <param pos="0" name="cookie" value="_mastodon_session"/>
386
398
  <param pos="0" name="service.product" value="Mastodon"/>
387
399
  </fingerprint>
388
400
 
389
401
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
390
402
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
403
+ <example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
391
404
  <param pos="1" name="cookie"/>
392
405
  <param pos="0" name="service.vendor" value="Microsoft"/>
393
406
  <param pos="0" name="service.family" value="Commerce Server"/>
@@ -399,7 +412,7 @@
399
412
  <description>Nextcloud</description>
400
413
  <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
401
414
  <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
402
- <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
415
+ <example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
403
416
  <param pos="1" name="cookie"/>
404
417
  <param pos="0" name="service.vendor" value="Nextcloud"/>
405
418
  <param pos="0" name="service.product" value="Nextcloud Server"/>
@@ -426,6 +439,8 @@
426
439
 
427
440
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
428
441
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
442
+ <example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
443
+ <example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
429
444
  <param pos="1" name="cookie"/>
430
445
  <param pos="0" name="service.vendor" value="FatWire"/>
431
446
  <param pos="0" name="service.family" value="Content Server"/>
@@ -434,6 +449,7 @@
434
449
 
435
450
  <fingerprint pattern="^parkinglot=">
436
451
  <description>Oversee Webserver</description>
452
+ <example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
437
453
  <param pos="0" name="cookie" value="parkinglot"/>
438
454
  <param pos="0" name="service.vendor" value="Oversee"/>
439
455
  <param pos="0" name="service.family" value="Webserver"/>
@@ -491,6 +507,7 @@
491
507
 
492
508
  <fingerprint pattern="^NSES40Session=">
493
509
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
510
+ <example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
494
511
  <param pos="0" name="cookie" value="NSES40Session"/>
495
512
  <param pos="0" name="service.vendor" value="Sun"/>
496
513
  <param pos="0" name="service.family" value="Java System Web Server"/>
@@ -517,8 +534,10 @@
517
534
  <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
518
535
  </fingerprint>
519
536
 
520
- <fingerprint pattern="^(gx_session_id|JROUTE)=">
537
+ <fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
521
538
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
539
+ <example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
540
+ <example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
522
541
  <param pos="1" name="cookie"/>
523
542
  <param pos="0" name="service.vendor" value="Sun"/>
524
543
  <param pos="0" name="service.family" value="Java System Application Server"/>
@@ -565,6 +584,7 @@
565
584
 
566
585
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
567
586
  <description>Vignette</description>
587
+ <example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
568
588
  <param pos="1" name="cookie"/>
569
589
  <param pos="0" name="service.vendor" value="Vignette"/>
570
590
  <param pos="0" name="service.family" value="Vignette"/>
@@ -589,14 +609,16 @@
589
609
  <param pos="0" name="service.product" value="WebTrends"/>
590
610
  </fingerprint>
591
611
 
592
- <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
593
- <description>Zimbra</description>
594
- <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
595
- <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
612
+ <fingerprint pattern="^(ZM_(?:TEST|LOGIN_CSRF)|ZA_(?:SKIN|TEST))=">
613
+ <description>Zimbra Collaboration</description>
614
+ <example cookie="ZM_TEST">ZM_TEST=true; Secure</example>
615
+ <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131; Secure; HttpOnly</example>
616
+ <example cookie="ZA_SKIN">ZA_SKIN=serenity</example>
617
+ <example cookie="ZA_TEST">ZA_TEST=true; Secure</example>
596
618
  <param pos="1" name="cookie"/>
597
- <param pos="0" name="service.vendor" value="Synacor"/>
598
- <param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
599
- <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
619
+ <param pos="0" name="service.vendor" value="Zimbra"/>
620
+ <param pos="0" name="service.product" value="Collaboration"/>
621
+ <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
600
622
  </fingerprint>
601
623
 
602
624
  <fingerprint pattern="^_ZopeId=">
@@ -607,10 +629,11 @@
607
629
  <param pos="0" name="service.product" value="Zope"/>
608
630
  </fingerprint>
609
631
 
610
- <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+)">
632
+ <fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
611
633
  <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
612
- <param pos="1" name="cookie"/>
613
- <param pos="2" name="service.version"/>
634
+ <example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
635
+ <param pos="0" name="cookie" value="portal"/>
636
+ <param pos="1" name="service.version"/>
614
637
  <param pos="0" name="service.vendor" value="Oracle"/>
615
638
  <param pos="0" name="service.family" value="OracleAS"/>
616
639
  <param pos="0" name="service.product" value="Application Server Portal"/>
@@ -650,6 +673,51 @@
650
673
  <param pos="0" name="service.certainty" value="0.5"/>
651
674
  </fingerprint>
652
675
 
676
+ <fingerprint pattern="^phpMyAdmin=">
677
+ <description>phpMyAdmin web interface for MySQL and MariaDB</description>
678
+ <example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
679
+ <param pos="0" name="service.vendor" value="phpMyAdmin"/>
680
+ <param pos="0" name="service.product" value="phpMyAdmin"/>
681
+ <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
682
+ </fingerprint>
683
+
684
+ <fingerprint pattern="^(adminer_(?:sid|key))=">
685
+ <description>Adminer database management tool</description>
686
+ <example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
687
+ <example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
688
+ <param pos="1" name="cookie"/>
689
+ <param pos="0" name="service.vendor" value="Adminer"/>
690
+ <param pos="0" name="service.product" value="Adminer"/>
691
+ <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
692
+ </fingerprint>
693
+
694
+ <fingerprint pattern="^mongo-express=">
695
+ <description>mongo-express web-based MongoDB admin interface</description>
696
+ <example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
697
+ <param pos="0" name="service.vendor" value="mongo-express Project"/>
698
+ <param pos="0" name="service.product" value="mongo-express"/>
699
+ <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
700
+ </fingerprint>
701
+
702
+ <fingerprint pattern="^adscsrf=">
703
+ <description>ManageEngine ADSelfService Plus</description>
704
+ <example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
705
+ <param pos="0" name="service.vendor" value="ManageEngine"/>
706
+ <param pos="0" name="service.product" value="ADSelfService Plus"/>
707
+ <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
708
+ </fingerprint>
709
+
710
+ <fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
711
+ <description>dotCMS Content Management Platform</description>
712
+ <example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
713
+ <example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
714
+ <example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
715
+ <param pos="1" name="cookie"/>
716
+ <param pos="0" name="service.vendor" value="dotCMS"/>
717
+ <param pos="0" name="service.product" value="dotCMS"/>
718
+ <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
719
+ </fingerprint>
720
+
653
721
  <!--
654
722
  Ignore various cookies that are very generic cookies for session IDs
655
723
  that are not necessarily indicative of any particular
@@ -659,23 +727,32 @@
659
727
  -->
660
728
 
661
729
  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
662
- <description>Ignore simple JSESSIONID and related cookies</description>
730
+ <description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
663
731
  <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
664
732
  <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
665
733
  <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
734
+ <param pos="0" name="hw.certainty" value="0.0"/>
735
+ <param pos="0" name="os.certainty" value="0.0"/>
736
+ <param pos="0" name="service.certainty" value="0.0"/>
666
737
  </fingerprint>
667
738
 
668
739
  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
669
- <description>Ignore simple SESSIONID and related cookies</description>
740
+ <description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
670
741
  <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
671
742
  <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
672
743
  <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
673
744
  <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
745
+ <param pos="0" name="hw.certainty" value="0.0"/>
746
+ <param pos="0" name="os.certainty" value="0.0"/>
747
+ <param pos="0" name="service.certainty" value="0.0"/>
674
748
  </fingerprint>
675
749
 
676
750
  <fingerprint pattern="(?i)^sid=[^;]+;">
677
- <description>Ignore simple SID and related cookies</description>
751
+ <description>Ignore simple SID and related cookies -- assert nothing</description>
678
752
  <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
753
+ <param pos="0" name="hw.certainty" value="0.0"/>
754
+ <param pos="0" name="os.certainty" value="0.0"/>
755
+ <param pos="0" name="service.certainty" value="0.0"/>
679
756
  </fingerprint>
680
757
 
681
758
  </fingerprints>