RubyGems - recog - Versions diffs - 2.3.22 → 3.0.2 - Mend

recog 2.3.22 → 3.0.2

Files changed (128) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +2 -0
data/LICENSE +1 -1
data/README.md +25 -16
data/Rakefile +2 -9
data/lib/recog/db_manager.rb +1 -1
data/lib/recog/fingerprint.rb +21 -7
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/match_reporter.rb +37 -3
data/lib/recog/matcher.rb +5 -10
data/lib/recog/verifier.rb +4 -4
data/lib/recog/verify_reporter.rb +7 -6
data/lib/recog/version.rb +1 -1
data/{bin → recog/bin}/recog_match +20 -7
data/{xml → recog/xml}/apache_modules.xml +0 -0
data/{xml → recog/xml}/apache_os.xml +61 -19
data/{xml → recog/xml}/architecture.xml +15 -1
data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
data/{xml → recog/xml}/dns_versionbind.xml +16 -13
data/{xml → recog/xml}/favicons.xml +167 -9
data/{xml → recog/xml}/fingerprints.xsd +9 -1
data/{xml → recog/xml}/ftp_banners.xml +131 -141
data/{xml → recog/xml}/h323_callresp.xml +2 -2
data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
data/{xml → recog/xml}/html_title.xml +250 -9
data/{xml → recog/xml}/http_cookies.xml +111 -34
data/{xml → recog/xml}/http_servers.xml +483 -270
data/{xml → recog/xml}/http_wwwauth.xml +83 -37
data/{xml → recog/xml}/imap_banners.xml +10 -10
data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
data/{xml → recog/xml}/mysql_banners.xml +0 -0
data/{xml → recog/xml}/mysql_error.xml +0 -0
data/{xml → recog/xml}/nntp_banners.xml +8 -5
data/{xml → recog/xml}/ntp_banners.xml +33 -33
data/{xml → recog/xml}/operating_system.xml +92 -77
data/{xml → recog/xml}/pop_banners.xml +25 -25
data/{xml → recog/xml}/rsh_resp.xml +0 -0
data/{xml → recog/xml}/rtsp_servers.xml +0 -0
data/{xml → recog/xml}/sip_banners.xml +16 -5
data/{xml → recog/xml}/sip_user_agents.xml +122 -27
data/{xml → recog/xml}/smb_native_lm.xml +5 -5
data/{xml → recog/xml}/smb_native_os.xml +25 -25
data/{xml → recog/xml}/smtp_banners.xml +132 -131
data/{xml → recog/xml}/smtp_debug.xml +0 -0
data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
data/{xml → recog/xml}/smtp_expn.xml +0 -0
data/{xml → recog/xml}/smtp_help.xml +1 -1
data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
data/{xml → recog/xml}/smtp_noop.xml +0 -0
data/{xml → recog/xml}/smtp_quit.xml +0 -0
data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
data/{xml → recog/xml}/smtp_rset.xml +0 -0
data/{xml → recog/xml}/smtp_turn.xml +0 -0
data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
data/{xml → recog/xml}/ssh_banners.xml +9 -5
data/{xml → recog/xml}/telnet_banners.xml +83 -1
data/{xml → recog/xml}/tls_jarm.xml +30 -2
data/{xml → recog/xml}/x11_banners.xml +3 -3
data/{xml → recog/xml}/x509_issuers.xml +24 -4
data/{xml → recog/xml}/x509_subjects.xml +32 -3
data/recog.gemspec +9 -5
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/match_reporter_spec.rb +22 -8
data/spec/lib/recog/verify_reporter_spec.rb +8 -8
data/spec/spec_helper.rb +4 -0
data.tar.gz.sig +0 -0
metadata +154 -142
metadata.gz.sig +0 -0
data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
data/.github/PULL_REQUEST_TEMPLATE +0 -24
data/.github/SECURITY.md +0 -35
data/.github/dependabot.yml +0 -8
data/.github/workflows/ci.yml +0 -26
data/.github/workflows/verify.yml +0 -89
data/.gitignore +0 -23
data/.rspec +0 -3
data/.ruby-gemset +0 -1
data/.ruby-version +0 -1
data/.snyk +0 -10
data/.travis.yml +0 -25
data/CONTRIBUTING.md +0 -276
data/bin/recog_cleanup +0 -16
data/bin/recog_export +0 -81
data/bin/recog_standardize +0 -163
data/bin/recog_verify +0 -63
data/cpe-remap.yaml +0 -356
data/features/data/failing_banners_fingerprints.xml +0 -20
data/features/data/matching_banners_fingerprints.xml +0 -23
data/features/data/multiple_banners_fingerprints.xml +0 -32
data/features/data/no_tests.xml +0 -3
data/features/data/sample_banner.txt +0 -2
data/features/data/successful_tests.xml +0 -18
data/features/data/tests_with_failures.xml +0 -20
data/features/data/tests_with_warnings.xml +0 -17
data/features/match.feature +0 -36
data/features/support/aruba.rb +0 -3
data/features/support/env.rb +0 -6
data/features/verify.feature +0 -48
data/identifiers/README.md +0 -70
data/identifiers/fields.txt +0 -105
data/identifiers/hw_device.txt +0 -84
data/identifiers/hw_family.txt +0 -121
data/identifiers/hw_product.txt +0 -461
data/identifiers/os_architecture.txt +0 -10
data/identifiers/os_device.txt +0 -75
data/identifiers/os_family.txt +0 -234
data/identifiers/os_product.txt +0 -350
data/identifiers/service_family.txt +0 -249
data/identifiers/service_product.txt +0 -764
data/identifiers/vendor.txt +0 -847
data/lib/recog/verifier_factory.rb +0 -13
data/misc/convert_mysql_err +0 -61
data/misc/order.xsl +0 -17
data/requirements.txt +0 -2
data/spec/lib/fingerprint_self_test_spec.rb +0 -175
data/tools/dev/hooks/pre-commit +0 -21
data/update_cpes.py +0 -250

data/{xml → recog/xml}/html_title.xml RENAMED Viewed

@@ -214,6 +214,17 @@
     <param pos="0" name="hw.device" value="DVR"/>
   </fingerprint>
+  <!-- Xiongmai Technology is rebranded by a number of DVR and IP Camera manufacturers -->
+  <fingerprint pattern="^NETSurveillance WEB$">
+    <description>NetSurveillance web interface on DVR and IP Camera devices sourced from Xiongmai Technology</description>
+    <example>NETSurveillance WEB</example>
+    <param pos="0" name="service.vendor" value="Xiongmai Technology"/>
+    <param pos="0" name="service.product" value="uc-httpd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:xiongmaitech:uc-httpd:-"/>
+    <param pos="0" name="os.vendor" value="Xiongmai Technology"/>
+  </fingerprint>
   <fingerprint pattern="^FRITZ!Box$">
     <description>AVM FRITZ!Box</description>
     <example>FRITZ!Box</example>
@@ -427,9 +438,14 @@
     <example>Fireware XTM User Authentication</example>
     <param pos="0" name="service.vendor" value="WatchGuard"/>
     <param pos="0" name="service.product" value="Fireware XTM"/>
+    <param pos="0" name="service.device" value="Firewall"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.vendor" value="WatchGuard"/>
     <param pos="0" name="os.product" value="Fireware"/>
+    <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
   </fingerprint>
@@ -635,8 +651,8 @@
   <fingerprint pattern="^Wowza Streaming Engine 4 (Subscription|Perpetual Pro) Edition (\d\.[\w.]+) build(\d+)$">
     <description>Wowza Streaming Engine</description>
-    <example service.version="4.7.7.01" service.version.version="20190222144406">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
-    <example service.edition="Perpetual Pro">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
+    <example service.version="4.7.7.01" service.version.version="20190222144406" service.edition="Subscription">Wowza Streaming Engine 4 Subscription Edition 4.7.7.01 build20190222144406</example>
+    <example service.edition="Perpetual Pro" service.version="4.8.8.01" service.version.version="20201216140014">Wowza Streaming Engine 4 Perpetual Pro Edition 4.8.8.01 build20201216140014</example>
     <param pos="0" name="service.vendor" value="Wowza"/>
     <param pos="0" name="service.product" value="Streaming Engine"/>
     <param pos="1" name="service.edition"/>
@@ -673,7 +689,7 @@
     <param pos="0" name="service.product" value="nginx"/>
     <param pos="0" name="service.family" value="nginx"/>
     <param pos="0" name="service.vendor" value="nginx"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
   </fingerprint>
   <fingerprint pattern="^Test Page for the Nginx HTTP Server on (?:Fedora|EPEL)$">
@@ -682,11 +698,11 @@
     <param pos="0" name="service.product" value="nginx"/>
     <param pos="0" name="service.family" value="nginx"/>
     <param pos="0" name="service.vendor" value="nginx"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.family" value="Linux"/>
-    <param pos="0" name="os.vendor" value="Red Hat"/>
-    <param pos="0" name="os.product" value="Fedora Core Linux"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
+    <param pos="0" name="os.vendor" value="Fedora Project"/>
+    <param pos="0" name="os.product" value="Fedora Core"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
   </fingerprint>
   <fingerprint pattern="^Welcome to nginx on Debian!$">
@@ -695,7 +711,7 @@
     <param pos="0" name="service.product" value="nginx"/>
     <param pos="0" name="service.family" value="nginx"/>
     <param pos="0" name="service.vendor" value="nginx"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.vendor" value="Debian"/>
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
@@ -1367,6 +1383,7 @@
     <param pos="0" name="os.device" value="Switch"/>
     <param pos="0" name="os.product" value="MDS 9000"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:mds_9000_san-os:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^Stealthwatch Management Console$">
@@ -2432,6 +2449,22 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:notebook:-"/>
   </fingerprint>
+  <fingerprint pattern="^Jupyter Server$">
+    <description>Jupyter Server - backend to Jupyter web applications</description>
+    <example>Jupyter Server</example>
+    <param pos="0" name="service.vendor" value="Jupyter"/>
+    <param pos="0" name="service.product" value="Jupyter Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyter_server:-"/>
+  </fingerprint>
+  <fingerprint pattern="^JupyterHub$">
+    <description>JupyterHub - Multi-user server for Jupyter notebooks</description>
+    <example>JupyterHub</example>
+    <param pos="0" name="service.vendor" value="Jupyter"/>
+    <param pos="0" name="service.product" value="JupyterHub"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:jupyter:jupyterhub:-"/>
+  </fingerprint>
   <fingerprint pattern="^Redirect to userimage: /control/userimage\.html$">
     <description>Mobotix Network Camera</description>
     <example>Redirect to userimage: /control/userimage.html</example>
@@ -3112,7 +3145,7 @@
     <example>Log In - Confluence</example>
     <param pos="0" name="service.vendor" value="Atlassian"/>
     <param pos="0" name="service.product" value="Confluence"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:confluence_server:-"/>
   </fingerprint>
   <fingerprint pattern="^System Dashboard - ">
@@ -3724,4 +3757,212 @@
     <param pos="0" name="hw.product" value="Eternus"/>
   </fingerprint>
+  <fingerprint pattern="^Covenant - Login$">
+    <description>Covenant .NET C2 framework</description>
+    <example>Covenant - Login</example>
+    <param pos="0" name="service.product" value="Covenant"/>
+  </fingerprint>
+  <fingerprint pattern="^Login \| CALDERA$">
+    <description>MITRE CALDERA C2 framework</description>
+    <example>Login | CALDERA</example>
+    <param pos="0" name="service.vendor" value="MITRE"/>
+    <param pos="0" name="service.product" value="CALDERA"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mitre:caldera:-"/>
+  </fingerprint>
+  <fingerprint pattern="(?:(\S{1,512}):\d{1,5} / \S{1,512} \| )?phpMyAdmin(?: ([\d.]+(?:-[a-zA-Z0-9]+)?(?:\+\d{8}\.[a-f0-9]{4,40})?))?">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>phpMyAdmin</example>
+    <example service.version="2.10.0.2">phpMyAdmin 2.10.0.2</example>
+    <example service.version="5.0.0-rc1">phpMyAdmin 5.0.0-rc1</example>
+    <example service.version="5.3.0-dev">phpMyAdmin 5.3.0-dev</example>
+    <example host.name="10.10.10.10" service.version="5.0.4">10.10.10.10:8080 / db.foo.bar | phpMyAdmin 5.0.4</example>
+    <example host.name="localhost" service.version="5.3.0-dev+20220208.47252f9cf8">localhost:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
+    <example host.name="[::ffff:10.10.10.10]" service.version="5.3.0-dev+20220208.47252f9cf8">[::ffff:10.10.10.10]:8080 / mysql-server | phpMyAdmin 5.3.0-dev+20220208.47252f9cf8</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Login - Adminer$">
+    <description>Adminer database management tool</description>
+    <example>Login - Adminer</example>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Home - Mongo Express$">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>Home - Mongo Express</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Solr Admin$">
+    <description>Apache Solr</description>
+    <example>Solr Admin</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Solr"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:solr:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Spark (?:Master|Worker) at (?:spark:\/\/)?(\S{1,512}):\d{1,5}$">
+    <description>Apache Spark</description>
+    <example host.name="spark-master-0.foo.bar">Spark Master at spark://spark-master-0.foo.bar:7077</example>
+    <example host.name="10.10.10.10">Spark Master at spark://10.10.10.10:7077</example>
+    <example host.name="10.10.10.10">Spark Worker at 10.10.10.10:45339</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Spark"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:spark:-"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^pfSense - Login$">
+    <description>pfSense Firewall</description>
+    <example>pfSense - Login</example>
+    <param pos="0" name="service.vendor" value="pfSense"/>
+    <param pos="0" name="service.product" value="pfSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pfsense:pfsense:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
+    <param pos="0" name="os.vendor" value="pfSense"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+  </fingerprint>
+  <fingerprint pattern="^Netgate pfSense Plus - Login$">
+    <description>pfSense Plus Firewall</description>
+    <example>Netgate pfSense Plus - Login</example>
+    <param pos="0" name="service.vendor" value="Netgate"/>
+    <param pos="0" name="service.product" value="pfSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:netgate:pfsense:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
+    <param pos="0" name="os.vendor" value="pfSense"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+  </fingerprint>
+  <fingerprint pattern="^Vigor Login Page$">
+    <description>DrayTek Vigor network equipment - without model or version</description>
+    <example>Vigor Login Page</example>
+    <param pos="0" name="os.vendor" value="DrayTek"/>
+    <param pos="0" name="os.family" value="Vigor"/>
+    <param pos="0" name="hw.vendor" value="DrayTek"/>
+    <param pos="0" name="hw.family" value="Vigor"/>
+  </fingerprint>
+  <fingerprint pattern="^WSO2 API Manager|\[Publisher Portal\]WSO2 APIM$">
+    <description>WSO2 API Manager</description>
+    <example>WSO2 API Manager</example>
+    <example>[Publisher Portal]WSO2 APIM</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="API Manager"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:api_manager:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+  <fingerprint pattern="^WSO2 Management Console$">
+    <description>WSO2 Identity Server</description>
+    <example>WSO2 Management Console</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Identity Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:identity_server:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+  <fingerprint pattern="^WSO2 Enterprise Integrator \(WSO2 EI\)$">
+    <description>WSO2 Enterprise Integrator</description>
+    <example>WSO2 Enterprise Integrator (WSO2 EI)</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Enterprise Integrator"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:enterprise_integrator:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+  <fingerprint pattern="^dotCMS Content Management Platform$">
+    <description>dotCMS Content Management Platform</description>
+    <example>dotCMS Content Management Platform</example>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Zimbra (?:Web Client Sign In|Administration)$">
+    <description>Zimbra Collaboration</description>
+    <example>Zimbra Web Client Sign In</example>
+    <example>Zimbra Administration</example>
+    <param pos="0" name="service.vendor" value="Zimbra"/>
+    <param pos="0" name="service.product" value="Collaboration"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
+  </fingerprint>
+  <!-- Specific Eltex fingerprints to enable CPE generation -->
+  <fingerprint pattern="^Eltex - NTP-RG-1402G$">
+    <description>Eltex - NTP-RG-1402G broadband router</description>
+    <example>Eltex - NTP-RG-1402G</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="NTP-RG-1402G Firmware"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-rg-1402g_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="0" name="hw.product" value="NTP-RG-1402G"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-rg-1402g:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Eltex - NTP-2$">
+    <description>Eltex - NTP-2 broadband router</description>
+    <example>Eltex - NTP-2</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.product" value="NTP-2 Firmware"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:eltex-co:ntp-2_firmware:-"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="0" name="hw.product" value="NTP-2"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:eltex-co:ntp-2:-"/>
+  </fingerprint>
+  <!-- General Eltex fingerprints -->
+  <fingerprint pattern="^Eltex - (NT[PU]-RG-\d[\w-]+):?(:?rev\.\w\w?)?$">
+    <description>Eltex RG model ONT class broadband router</description>
+    <example hw.product="NTU-RG-1402G-W">Eltex - NTU-RG-1402G-W</example>
+    <example hw.product="NTU-RG-1421G-Wac" hw.version="rev.A1">Eltex - NTU-RG-1421G-Wac:rev.A1</example>
+    <example hw.product="NTP-RG-1402G-W" hw.version="rev.C">Eltex - NTP-RG-1402G-W:rev.C</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+  </fingerprint>
+  <fingerprint pattern="^Eltex - (NT[PU]-2\w\w?)$">
+    <description>Eltex - NTP / NTU model broadband router</description>
+    <example hw.product="NTU-2V">Eltex - NTU-2V</example>
+    <example hw.product="NTU-2VC">Eltex - NTU-2VC</example>
+    <example hw.product="NTP-2C">Eltex - NTP-2C</example>
+    <param pos="0" name="os.vendor" value="Eltex"/>
+    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="hw.vendor" value="Eltex"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
+  </fingerprint>
 </fingerprints>

data/{xml → recog/xml}/http_cookies.xml RENAMED Viewed

@@ -79,17 +79,31 @@
   <fingerprint pattern="^ANsession\d+=(\S+);">
     <description>Array Networks Secure Access Gateway / SSL VPN</description>
-    <example>ANsession0002262072457555=IPMI; path=/;secure</example>
+    <example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Array Networks"/>
     <param pos="0" name="service.family" value="Secure Access Gateway"/>
     <param pos="0" name="hw.device" value="VPN"/>
   </fingerprint>
-  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);">
-    <description>Apache</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.micros"/>
+  <fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
+    <description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
+    <example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
+    <example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
+    <example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
+    <example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
+    <param pos="0" name="cookie" value="Apache"/>
+    <param pos="1" name="host.ip"/>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.family" value="Apache"/>
+    <param pos="0" name="service.product" value="HTTPD"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
+    <description>Apache with opaque session ID</description>
+    <example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
+    <param pos="0" name="cookie" value="Apache"/>
     <param pos="0" name="service.vendor" value="Apache"/>
     <param pos="0" name="service.family" value="Apache"/>
     <param pos="0" name="service.product" value="HTTPD"/>
@@ -123,27 +137,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
   </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);">
-    <description>BEA WebLogic (with timestamp)</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.millis"/>
-    <param pos="0" name="service.vendor" value="BEA"/>
-    <param pos="0" name="service.family" value="WebLogic"/>
-    <param pos="0" name="service.product" value="WebLogic"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
-  </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=">
+  <fingerprint pattern="^WebLogicSession=">
     <description>BEA WebLogic (no timestamp)</description>
-    <param pos="1" name="cookie"/>
+    <example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
+    <example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
+    <param pos="0" name="cookie" value="WebLogicSession"/>
     <param pos="0" name="service.vendor" value="BEA"/>
     <param pos="0" name="service.family" value="WebLogic"/>
     <param pos="0" name="service.product" value="WebLogic"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=">
+  <fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
     <description>BlueCoat Proxy</description>
+    <example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Blue Coat"/>
     <param pos="0" name="service.family" value="Proxy"/>
@@ -208,6 +215,7 @@
   <fingerprint pattern="^st8id=">
     <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
+    <example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
     <param pos="0" name="cookie" value="st8id"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="Application Protection System"/>
@@ -271,7 +279,7 @@
   <fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
     <description>F5 BIG-IP LTM - Server variant</description>
-    <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
+    <example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="2" name="loadbalancer.poolname"/>
     <param pos="0" name="service.vendor" value="F5"/>
@@ -365,6 +373,9 @@
   <fingerprint pattern="^IBMCBR=">
     <description>IBM WebSphere Load Balancer</description>
+    <!-- Replace with a valid example if one is discovered -->
+    <example>IBMCBR=fakevalue</example>
     <param pos="0" name="cookie" value="IBMCBR"/>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="WebSphere"/>
@@ -382,12 +393,14 @@
   <fingerprint pattern="^_mastodon_session=">
     <description>Mastodon</description>
+    <example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
     <param pos="0" name="cookie" value="_mastodon_session"/>
     <param pos="0" name="service.product" value="Mastodon"/>
   </fingerprint>
   <fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
     <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
+    <example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Commerce Server"/>
@@ -399,7 +412,7 @@
     <description>Nextcloud</description>
     <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
     <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
-    <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
+    <example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Nextcloud"/>
     <param pos="0" name="service.product" value="Nextcloud Server"/>
@@ -426,6 +439,8 @@
   <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
     <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
+    <example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
+    <example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="FatWire"/>
     <param pos="0" name="service.family" value="Content Server"/>
@@ -434,6 +449,7 @@
   <fingerprint pattern="^parkinglot=">
     <description>Oversee Webserver</description>
+    <example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
     <param pos="0" name="cookie" value="parkinglot"/>
     <param pos="0" name="service.vendor" value="Oversee"/>
     <param pos="0" name="service.family" value="Webserver"/>
@@ -491,6 +507,7 @@
   <fingerprint pattern="^NSES40Session=">
     <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
+    <example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
     <param pos="0" name="cookie" value="NSES40Session"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Web Server"/>
@@ -517,8 +534,10 @@
     <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
   </fingerprint>
-  <fingerprint pattern="^(gx_session_id|JROUTE)=">
+  <fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
     <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
+    <example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
+    <example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Application Server"/>
@@ -565,6 +584,7 @@
   <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
     <description>Vignette</description>
+    <example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Vignette"/>
     <param pos="0" name="service.family" value="Vignette"/>
@@ -589,14 +609,16 @@
     <param pos="0" name="service.product" value="WebTrends"/>
   </fingerprint>
-  <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=">
-    <description>Zimbra</description>
-    <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
-    <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
+  <fingerprint pattern="^(ZM_(?:TEST|LOGIN_CSRF)|ZA_(?:SKIN|TEST))=">
+    <description>Zimbra Collaboration</description>
+    <example cookie="ZM_TEST">ZM_TEST=true; Secure</example>
+    <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131; Secure; HttpOnly</example>
+    <example cookie="ZA_SKIN">ZA_SKIN=serenity</example>
+    <example cookie="ZA_TEST">ZA_TEST=true; Secure</example>
     <param pos="1" name="cookie"/>
-    <param pos="0" name="service.vendor" value="Synacor"/>
-    <param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
+    <param pos="0" name="service.vendor" value="Zimbra"/>
+    <param pos="0" name="service.product" value="Collaboration"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
   </fingerprint>
   <fingerprint pattern="^_ZopeId=">
@@ -607,10 +629,11 @@
     <param pos="0" name="service.product" value="Zope"/>
   </fingerprint>
-  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+)">
+  <fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
     <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="service.version"/>
+    <example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
+    <param pos="0" name="cookie" value="portal"/>
+    <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="OracleAS"/>
     <param pos="0" name="service.product" value="Application Server Portal"/>
@@ -650,6 +673,51 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
+  <fingerprint pattern="^phpMyAdmin=">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(adminer_(?:sid|key))=">
+    <description>Adminer database management tool</description>
+    <example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
+    <example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+  <fingerprint pattern="^mongo-express=">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
+  <fingerprint pattern="^adscsrf=">
+    <description>ManageEngine ADSelfService Plus</description>
+    <example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="ADSelfService Plus"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
+    <description>dotCMS Content Management Platform</description>
+    <example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
+    <example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
+    <example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
   <!--
         Ignore various cookies that are very generic cookies for session IDs
         that are not necessarily indicative of any particular
@@ -659,23 +727,32 @@
     -->
   <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
-    <description>Ignore simple JSESSIONID and related cookies</description>
+    <description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
     <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
     <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
     <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
-    <description>Ignore simple SESSIONID and related cookies</description>
+    <description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
     <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
     <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
     <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
     <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="(?i)^sid=[^;]+;">
-    <description>Ignore simple SID and related cookies</description>
+    <description>Ignore simple SID and related cookies -- assert nothing</description>
     <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 </fingerprints>