RubyGems - recog - Versions diffs - 2.3.22 → 3.0.2 - Mend

recog 2.3.22 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -0
data/LICENSE +1 -1
data/README.md +25 -16
data/Rakefile +2 -9
data/lib/recog/db_manager.rb +1 -1
data/lib/recog/fingerprint.rb +21 -7
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/match_reporter.rb +37 -3
data/lib/recog/matcher.rb +5 -10
data/lib/recog/verifier.rb +4 -4
data/lib/recog/verify_reporter.rb +7 -6
data/lib/recog/version.rb +1 -1
data/{bin → recog/bin}/recog_match +20 -7
data/{xml → recog/xml}/apache_modules.xml +0 -0
data/{xml → recog/xml}/apache_os.xml +61 -19
data/{xml → recog/xml}/architecture.xml +15 -1
data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
data/{xml → recog/xml}/dns_versionbind.xml +16 -13
data/{xml → recog/xml}/favicons.xml +167 -9
data/{xml → recog/xml}/fingerprints.xsd +9 -1
data/{xml → recog/xml}/ftp_banners.xml +131 -141
data/{xml → recog/xml}/h323_callresp.xml +2 -2
data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
data/{xml → recog/xml}/html_title.xml +250 -9
data/{xml → recog/xml}/http_cookies.xml +111 -34
data/{xml → recog/xml}/http_servers.xml +483 -270
data/{xml → recog/xml}/http_wwwauth.xml +83 -37
data/{xml → recog/xml}/imap_banners.xml +10 -10
data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
data/{xml → recog/xml}/mysql_banners.xml +0 -0
data/{xml → recog/xml}/mysql_error.xml +0 -0
data/{xml → recog/xml}/nntp_banners.xml +8 -5
data/{xml → recog/xml}/ntp_banners.xml +33 -33
data/{xml → recog/xml}/operating_system.xml +92 -77
data/{xml → recog/xml}/pop_banners.xml +25 -25
data/{xml → recog/xml}/rsh_resp.xml +0 -0
data/{xml → recog/xml}/rtsp_servers.xml +0 -0
data/{xml → recog/xml}/sip_banners.xml +16 -5
data/{xml → recog/xml}/sip_user_agents.xml +122 -27
data/{xml → recog/xml}/smb_native_lm.xml +5 -5
data/{xml → recog/xml}/smb_native_os.xml +25 -25
data/{xml → recog/xml}/smtp_banners.xml +132 -131
data/{xml → recog/xml}/smtp_debug.xml +0 -0
data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
data/{xml → recog/xml}/smtp_expn.xml +0 -0
data/{xml → recog/xml}/smtp_help.xml +1 -1
data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
data/{xml → recog/xml}/smtp_noop.xml +0 -0
data/{xml → recog/xml}/smtp_quit.xml +0 -0
data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
data/{xml → recog/xml}/smtp_rset.xml +0 -0
data/{xml → recog/xml}/smtp_turn.xml +0 -0
data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
data/{xml → recog/xml}/ssh_banners.xml +9 -5
data/{xml → recog/xml}/telnet_banners.xml +83 -1
data/{xml → recog/xml}/tls_jarm.xml +30 -2
data/{xml → recog/xml}/x11_banners.xml +3 -3
data/{xml → recog/xml}/x509_issuers.xml +24 -4
data/{xml → recog/xml}/x509_subjects.xml +32 -3
data/recog.gemspec +9 -5
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/match_reporter_spec.rb +22 -8
data/spec/lib/recog/verify_reporter_spec.rb +8 -8
data/spec/spec_helper.rb +4 -0
data.tar.gz.sig +0 -0
metadata +154 -142
metadata.gz.sig +0 -0
data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
data/.github/PULL_REQUEST_TEMPLATE +0 -24
data/.github/SECURITY.md +0 -35
data/.github/dependabot.yml +0 -8
data/.github/workflows/ci.yml +0 -26
data/.github/workflows/verify.yml +0 -89
data/.gitignore +0 -23
data/.rspec +0 -3
data/.ruby-gemset +0 -1
data/.ruby-version +0 -1
data/.snyk +0 -10
data/.travis.yml +0 -25
data/CONTRIBUTING.md +0 -276
data/bin/recog_cleanup +0 -16
data/bin/recog_export +0 -81
data/bin/recog_standardize +0 -163
data/bin/recog_verify +0 -63
data/cpe-remap.yaml +0 -356
data/features/data/failing_banners_fingerprints.xml +0 -20
data/features/data/matching_banners_fingerprints.xml +0 -23
data/features/data/multiple_banners_fingerprints.xml +0 -32
data/features/data/no_tests.xml +0 -3
data/features/data/sample_banner.txt +0 -2
data/features/data/successful_tests.xml +0 -18
data/features/data/tests_with_failures.xml +0 -20
data/features/data/tests_with_warnings.xml +0 -17
data/features/match.feature +0 -36
data/features/support/aruba.rb +0 -3
data/features/support/env.rb +0 -6
data/features/verify.feature +0 -48
data/identifiers/README.md +0 -70
data/identifiers/fields.txt +0 -105
data/identifiers/hw_device.txt +0 -84
data/identifiers/hw_family.txt +0 -121
data/identifiers/hw_product.txt +0 -461
data/identifiers/os_architecture.txt +0 -10
data/identifiers/os_device.txt +0 -75
data/identifiers/os_family.txt +0 -234
data/identifiers/os_product.txt +0 -350
data/identifiers/service_family.txt +0 -249
data/identifiers/service_product.txt +0 -764
data/identifiers/vendor.txt +0 -847
data/lib/recog/verifier_factory.rb +0 -13
data/misc/convert_mysql_err +0 -61
data/misc/order.xsl +0 -17
data/requirements.txt +0 -2
data/spec/lib/fingerprint_self_test_spec.rb +0 -175
data/tools/dev/hooks/pre-commit +0 -21
data/update_cpes.py +0 -250

data/{xml → recog/xml}/html_title.xml RENAMED Viewed

@@ -214,6 +214,17 @@
     <param pos="0" name="hw.device" value="DVR"/>
   </fingerprint>
+  <!-- Xiongmai Technology is rebranded by a number of DVR and IP Camera manufacturers -->
+  <fingerprint pattern="^NETSurveillance WEB$">
+    <description>NetSurveillance web interface on DVR and IP Camera devices sourced from Xiongmai Technology</description>
+    <example>NETSurveillance WEB</example>
+    <param pos="0" name="service.vendor" value="Xiongmai Technology"/>
+    <param pos="0" name="service.product" value="uc-httpd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:xiongmaitech:uc-httpd:-"/>
+    <param pos="0" name="os.vendor" value="Xiongmai Technology"/>
+  </fingerprint>
   <fingerprint pattern="^FRITZ!Box$">
     <description>AVM FRITZ!Box</description>
     <example>FRITZ!Box</example>
@@ -427,9 +438,14 @@
     <example>Fireware XTM User Authentication</example>
     <param pos="0" name="service.vendor" value="WatchGuard"/>
     <param pos="0" name="service.product" value="Fireware XTM"/>
+    <param pos="0" name="service.device" value="Firewall"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.vendor" value="WatchGuard"/>
     <param pos="0" name="os.product" value="Fireware"/>
+    <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
   </fingerprint>
@@ -635,8 +651,8 @@
   <fingerprint pattern="^Wowza Streaming Engine 4 (Subscription|Perpetual Pro) Edition (\d\.[\w.]+) build(\d+)$">
     <description>Wowza Streaming Engine</description>
-    <example service.version="4.7.7.01" service.version.version="20190222144406">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
-    <example service.edition="Perpetual Pro">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
+    <example service.version="4.7.7.01" service.version.version="20190222144406" service.edition="Subscription">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
+    <example service.edition="Perpetual Pro" service.version="4.8.8.01" service.version.version="20201216140014">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
     <param pos="0" name="service.vendor" value="Wowza"/>
     <param pos="0" name="service.product" value="Streaming Engine"/>
     <param pos="1" name="service.edition"/>
@@ -673,7 +689,7 @@
     <param pos="0" name="service.product" value="nginx"/>
     <param pos="0" name="service.family" value="nginx"/>
     <param pos="0" name="service.vendor" value="nginx"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
   </fingerprint>
   <fingerprint pattern="^Test Page for the Nginx HTTP Server on (?:Fedora|EPEL)$">
@@ -682,11 +698,11 @@
     <param pos="0" name="service.product" value="nginx"/>
     <param pos="0" name="service.family" value="nginx"/>
     <param pos="0" name="service.vendor" value="nginx"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
   </fingerprint>
   <fingerprint pattern="^Welcome to nginx on Debian!$">
@@ -695,7 +711,7 @@
     <param pos="0" name="service.product" value="nginx"/>
     <param pos="0" name="service.family" value="nginx"/>
     <param pos="0" name="service.vendor" value="nginx"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.vendor" value="Debian"/>
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
@@ -1367,6 +1383,7 @@
     <param pos="0" name="os.device" value="Switch"/>
     <param pos="0" name="os.product" value="MDS 9000"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:mds_9000_san-os:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^Stealthwatch Management Console$">
@@ -2432,6 +2449,22 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:notebook:-"/>
   </fingerprint>
+  <fingerprint pattern="^Jupyter Server$">
+    <description>Jupyter Server - backend to Jupyter web applications</description>
+    <example>Jupyter Server</example>
+    <param pos="0" name="service.vendor" value="Jupyter"/>
+    <param pos="0" name="service.product" value="Jupyter Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyter_server:-"/>
+  </fingerprint>
+  <fingerprint pattern="^JupyterHub$">
+    <description>JupyterHub - Multi-user server for Jupyter notebooks</description>
+    <example>JupyterHub</example>
+    <param pos="0" name="service.vendor" value="Jupyter"/>
+    <param pos="0" name="service.product" value="JupyterHub"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyterhub:-"/>
+  </fingerprint>
   <fingerprint pattern="^Redirect to userimage: /control/userimage\.html$">
     <description>Mobotix Network Camera</description>
     <example>Redirect to userimage: /control/userimage.html</example>
@@ -3112,7 +3145,7 @@
     <example>Log In - Confluence</example>
     <param pos="0" name="service.vendor" value="Atlassian"/>
     <param pos="0" name="service.product" value="Confluence"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence_server:-"/>
   </fingerprint>
   <fingerprint pattern="^System Dashboard - ">
@@ -3724,4 +3757,212 @@
     <param pos="0" name="hw.product" value="Eternus"/>
   </fingerprint>
+  <fingerprint pattern="^Covenant - Login$">
+    <description>Covenant .NET C2 framework</description>
+    <example>Covenant - Login</example>
+    <param pos="0" name="service.product" value="Covenant"/>
+  </fingerprint>
+  <fingerprint pattern="^Login \| CALDERA$">
+    <description>MITRE CALDERA C2 framework</description>
+    <example>Login | CALDERA</example>
+    <param pos="0" name="service.vendor" value="MITRE"/>
+    <param pos="0" name="service.product" value="CALDERA"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mitre:caldera:-"/>
+  </fingerprint>
+  <fingerprint pattern="(?:(\S{1,512}):\d{1,5} / \S{1,512} \| )?phpMyAdmin(?: ([\d.]+(?:-[a-zA-Z0-9]+)?(?:\+\d{8}\.[a-f0-9]{4,40})?))?">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>phpMyAdmin</example>
+    <example service.version="2.10.0.2">phpMyAdmin 2.10.0.2</example>
+    <example service.version="5.0.0-rc1">phpMyAdmin 5.0.0-rc1</example>
+    <example service.version="5.3.0-dev">phpMyAdmin 5.3.0-dev</example>
+    <example host.name="10.10.10.10" service.version="5.0.4">10.10.10.10:8080 / db.foo.bar | phpMyAdmin 5.0.4</example>
+    <example host.name="localhost" service.version="5.3.0-dev+20220208.47252f9cf8">localhost:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
+    <example host.name="[::ffff:10.10.10.10]" service.version="5.3.0-dev+20220208.47252f9cf8">[::ffff:10.10.10.10]:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Login - Adminer$">
+    <description>Adminer database management tool</description>
+    <example>Login - Adminer</example>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Home - Mongo Express$">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>Home - Mongo Express</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Solr Admin$">
+    <description>Apache Solr</description>
+    <example>Solr Admin</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Solr"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:solr:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Spark (?:Master|Worker) at (?:spark:\/\/)?(\S{1,512}):\d{1,5}$">
+    <description>Apache Spark</description>
+    <example host.name="spark-master-0.foo.bar">Spark Master at spark://spark-master-0.foo.bar:7077</example>
+    <example host.name="10.10.10.10">Spark Master at spark://10.10.10.10:7077</example>
+    <example host.name="10.10.10.10">Spark Worker at 10.10.10.10:45339</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Spark"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:spark:-"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^pfSense - Login$">
+    <description>pfSense Firewall</description>
+    <example>pfSense - Login</example>
+    <param pos="0" name="service.vendor" value="pfSense"/>
+    <param pos="0" name="service.product" value="pfSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pfsense:pfsense:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
+    <param pos="0" name="os.vendor" value="pfSense"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+  </fingerprint>
+  <fingerprint pattern="^Netgate pfSense Plus - Login$">
+    <description>pfSense Plus Firewall</description>
+    <example>Netgate pfSense Plus - Login</example>
+    <param pos="0" name="service.vendor" value="Netgate"/>
+    <param pos="0" name="service.product" value="pfSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:netgate:pfsense:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
+    <param pos="0" name="os.vendor" value="pfSense"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+  </fingerprint>
+  <fingerprint pattern="^Vigor Login Page$">
+    <description>DrayTek Vigor network equipment - without model or version</description>
+    <example>Vigor Login Page</example>
+    <param pos="0" name="os.vendor" value="DrayTek"/>
+    <param pos="0" name="os.family" value="Vigor"/>
+    <param pos="0" name="hw.vendor" value="DrayTek"/>
+    <param pos="0" name="hw.family" value="Vigor"/>
+  </fingerprint>
+  <fingerprint pattern="^WSO2 API Manager|\[Publisher Portal\]WSO2 APIM$">
+    <description>WSO2 API Manager</description>
+    <example>WSO2 API Manager</example>
+    <example>[Publisher Portal]WSO2 APIM</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="API Manager"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:api_manager:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+  <fingerprint pattern="^WSO2 Management Console$">
+    <description>WSO2 Identity Server</description>
+    <example>WSO2 Management Console</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Identity Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:identity_server:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+  <fingerprint pattern="^WSO2 Enterprise Integrator \(WSO2 EI\)$">
+    <description>WSO2 Enterprise Integrator</description>
+    <example>WSO2 Enterprise Integrator (WSO2 EI)</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Enterprise Integrator"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:enterprise_integrator:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+  <fingerprint pattern="^dotCMS Content Management Platform$">
+    <description>dotCMS Content Management Platform</description>
+    <example>dotCMS Content Management Platform</example>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Zimbra (?:Web Client Sign In|Administration)$">
+    <description>Zimbra Collaboration</description>
+    <example>Zimbra Web Client Sign In</example>
+    <example>Zimbra Administration</example>
+    <param pos="0" name="service.vendor" value="Zimbra"/>
+    <param pos="0" name="service.product" value="Collaboration"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
+  </fingerprint>
+  <!-- Specific Eltex fingerprints to enable CPE generation -->
+  <fingerprint pattern="^Eltex - NTP-RG-1402G$">
+    <description>Eltex - NTP-RG-1402G broadband router</description>
+    <example>Eltex - NTP-RG-1402G</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="NTP-RG-1402G Firmware"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-rg-1402g_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="0" name="hw.product" value="NTP-RG-1402G"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-rg-1402g:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Eltex - NTP-2$">
+    <description>Eltex - NTP-2 broadband router</description>
+    <example>Eltex - NTP-2</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="NTP-2 Firmware"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-2_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="0" name="hw.product" value="NTP-2"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-2:-"/>
+  </fingerprint>
+  <!-- General Eltex fingerprints -->
+  <fingerprint pattern="^Eltex - (NT[PU]-RG-\d[\w-]+):?(:?rev\.\w\w?)?$">
+    <description>Eltex RG model ONT class broadband router</description>
+    <example hw.product="NTU-RG-1402G-W">Eltex - NTU-RG-1402G-W</example>
+    <example hw.product="NTU-RG-1421G-Wac" hw.version="rev.A1">Eltex - NTU-RG-1421G-Wac:rev.A1</example>
+    <example hw.product="NTP-RG-1402G-W" hw.version="rev.C">Eltex - NTP-RG-1402G-W:rev.C</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+  </fingerprint>
+  <fingerprint pattern="^Eltex - (NT[PU]-2\w\w?)$">
+    <description>Eltex - NTP / NTU model broadband router</description>
+    <example hw.product="NTU-2V">Eltex - NTU-2V</example>
+    <example hw.product="NTU-2VC">Eltex - NTU-2VC</example>
+    <example hw.product="NTP-2C">Eltex - NTP-2C</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+  </fingerprint>
 </fingerprints>

data/{xml → recog/xml}/http_cookies.xml RENAMED Viewed

@@ -79,17 +79,31 @@
   <fingerprint pattern="^ANsession\d+=(\S+);">
     <description>Array Networks Secure Access Gateway / SSL VPN</description>
-    <example>ANsession0002262072457555=IPMI; path=/;secure</example>
+    <example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Array Networks"/>
     <param pos="0" name="service.family" value="Secure Access Gateway"/>
     <param pos="0" name="hw.device" value="VPN"/>
   </fingerprint>
-  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);">
-    <description>Apache</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.micros"/>
+  <fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
+    <description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
+    <example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
+    <example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
+    <example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
+    <example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
+    <param pos="0" name="cookie" value="Apache"/>
+    <param pos="1" name="host.ip"/>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.family" value="Apache"/>
+    <param pos="0" name="service.product" value="HTTPD"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
+    <description>Apache with opaque session ID</description>
+    <example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
+    <param pos="0" name="cookie" value="Apache"/>
     <param pos="0" name="service.vendor" value="Apache"/>
     <param pos="0" name="service.family" value="Apache"/>
     <param pos="0" name="service.product" value="HTTPD"/>
@@ -123,27 +137,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
   </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);">
-    <description>BEA WebLogic (with timestamp)</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.millis"/>
-    <param pos="0" name="service.vendor" value="BEA"/>
-    <param pos="0" name="service.family" value="WebLogic"/>
-    <param pos="0" name="service.product" value="WebLogic"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
-  </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=">
+  <fingerprint pattern="^WebLogicSession=">
     <description>BEA WebLogic (no timestamp)</description>
-    <param pos="1" name="cookie"/>
+    <example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
+    <example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
+    <param pos="0" name="cookie" value="WebLogicSession"/>
     <param pos="0" name="service.vendor" value="BEA"/>
     <param pos="0" name="service.family" value="WebLogic"/>
     <param pos="0" name="service.product" value="WebLogic"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=">
+  <fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
     <description>BlueCoat Proxy</description>
+    <example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Blue Coat"/>
     <param pos="0" name="service.family" value="Proxy"/>
@@ -208,6 +215,7 @@
   <fingerprint pattern="^st8id=">
     <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
+    <example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
     <param pos="0" name="cookie" value="st8id"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="Application Protection System"/>
@@ -271,7 +279,7 @@
   <fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
     <description>F5 BIG-IP LTM - Server variant</description>
-    <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
+    <example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="2" name="loadbalancer.poolname"/>
     <param pos="0" name="service.vendor" value="F5"/>
@@ -365,6 +373,9 @@
   <fingerprint pattern="^IBMCBR=">
     <description>IBM WebSphere Load Balancer</description>
+    <!-- Replace with a valid example if one is discovered -->
+    <example>IBMCBR=fakevalue</example>
     <param pos="0" name="cookie" value="IBMCBR"/>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="WebSphere"/>
@@ -382,12 +393,14 @@
   <fingerprint pattern="^_mastodon_session=">
     <description>Mastodon</description>
+    <example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
     <param pos="0" name="cookie" value="_mastodon_session"/>
     <param pos="0" name="service.product" value="Mastodon"/>
   </fingerprint>
   <fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
     <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
+    <example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Commerce Server"/>
@@ -399,7 +412,7 @@
     <description>Nextcloud</description>
     <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
     <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
-    <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
+    <example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Nextcloud"/>
     <param pos="0" name="service.product" value="Nextcloud Server"/>
@@ -426,6 +439,8 @@
   <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
     <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
+    <example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
+    <example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="FatWire"/>
     <param pos="0" name="service.family" value="Content Server"/>
@@ -434,6 +449,7 @@
   <fingerprint pattern="^parkinglot=">
     <description>Oversee Webserver</description>
+    <example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
     <param pos="0" name="cookie" value="parkinglot"/>
     <param pos="0" name="service.vendor" value="Oversee"/>
     <param pos="0" name="service.family" value="Webserver"/>
@@ -491,6 +507,7 @@
   <fingerprint pattern="^NSES40Session=">
     <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
+    <example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
     <param pos="0" name="cookie" value="NSES40Session"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Web Server"/>
@@ -517,8 +534,10 @@
     <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
   </fingerprint>
-  <fingerprint pattern="^(gx_session_id|JROUTE)=">
+  <fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
     <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
+    <example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
+    <example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Application Server"/>
@@ -565,6 +584,7 @@
   <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
     <description>Vignette</description>
+    <example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Vignette"/>
     <param pos="0" name="service.family" value="Vignette"/>
@@ -589,14 +609,16 @@
     <param pos="0" name="service.product" value="WebTrends"/>
   </fingerprint>
-  <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
-    <description>Zimbra</description>
-    <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
-    <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
+  <fingerprint pattern="^(ZM_(?:TEST|LOGIN_CSRF)|ZA_(?:SKIN|TEST))=">
+    <description>Zimbra Collaboration</description>
+    <example cookie="ZM_TEST">ZM_TEST=true; Secure</example>
+    <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131; Secure; HttpOnly</example>
+    <example cookie="ZA_SKIN">ZA_SKIN=serenity</example>
+    <example cookie="ZA_TEST">ZA_TEST=true; Secure</example>
     <param pos="1" name="cookie"/>
-    <param pos="0" name="service.vendor" value="Synacor"/>
-    <param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
+    <param pos="0" name="service.vendor" value="Zimbra"/>
+    <param pos="0" name="service.product" value="Collaboration"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
   </fingerprint>
   <fingerprint pattern="^_ZopeId=">
@@ -607,10 +629,11 @@
     <param pos="0" name="service.product" value="Zope"/>
   </fingerprint>
-  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+)">
+  <fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
     <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="service.version"/>
+    <example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
+    <param pos="0" name="cookie" value="portal"/>
+    <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="OracleAS"/>
     <param pos="0" name="service.product" value="Application Server Portal"/>
@@ -650,6 +673,51 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
+  <fingerprint pattern="^phpMyAdmin=">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(adminer_(?:sid|key))=">
+    <description>Adminer database management tool</description>
+    <example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
+    <example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+  <fingerprint pattern="^mongo-express=">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
+  <fingerprint pattern="^adscsrf=">
+    <description>ManageEngine ADSelfService Plus</description>
+    <example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="ADSelfService Plus"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
+    <description>dotCMS Content Management Platform</description>
+    <example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
+    <example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
+    <example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
   <!--
         Ignore various cookies that are very generic cookies for session IDs
         that are not necessarily indicative of any particular
@@ -659,23 +727,32 @@
     -->
   <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
-    <description>Ignore simple JSESSIONID and related cookies</description>
+    <description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
     <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
     <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
     <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
-    <description>Ignore simple SESSIONID and related cookies</description>
+    <description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
     <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
     <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
     <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
     <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="(?i)^sid=[^;]+;">
-    <description>Ignore simple SID and related cookies</description>
+    <description>Ignore simple SID and related cookies -- assert nothing</description>
     <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 </fingerprints>