recog 2.3.5 → 2.3.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +17 -5
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +7 -4
- data/CONTRIBUTING.md +136 -37
- data/Gemfile +2 -5
- data/README.md +34 -29
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +142 -0
- data/cpe-remap.yaml +21 -0
- data/features/data/successful_tests.xml +1 -1
- data/features/data/tests_with_warnings.xml +1 -1
- data/features/match.feature +4 -0
- data/features/support/aruba.rb +3 -0
- data/features/verify.feature +8 -4
- data/identifiers/README.md +56 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +20 -0
- data/identifiers/os_device.txt +94 -0
- data/identifiers/os_family.txt +325 -0
- data/identifiers/os_product.txt +420 -0
- data/identifiers/service_family.txt +272 -0
- data/identifiers/service_product.txt +556 -0
- data/identifiers/software_class.txt +26 -0
- data/identifiers/software_family.txt +91 -0
- data/identifiers/software_product.txt +333 -0
- data/identifiers/vendor.txt +890 -0
- data/lib/recog/fingerprint.rb +46 -0
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/verification_fingerprints.xml +86 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -1
- data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
- data/spec/lib/recog/fingerprint_spec.rb +89 -0
- data/update_cpes.py +1 -1
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +50 -2
- data/xml/architecture.xml +19 -7
- data/xml/dns_versionbind.xml +113 -11
- data/xml/favicons.xml +1700 -0
- data/xml/ftp_banners.xml +287 -15
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +2371 -17
- data/xml/http_cookies.xml +82 -7
- data/xml/http_servers.xml +839 -41
- data/xml/http_wwwauth.xml +154 -27
- data/xml/imap_banners.xml +19 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +194 -17
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +554 -45
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +95 -11
- data/xml/operating_system.xml +90 -3
- data/xml/pop_banners.xml +30 -31
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +96 -0
- data/xml/sip_banners.xml +192 -17
- data/xml/sip_user_agents.xml +69 -3
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +80 -2
- data/xml/smtp_banners.xml +166 -9
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +862 -122
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +1153 -192
- data/xml/telnet_banners.xml +419 -14
- data/xml/x11_banners.xml +27 -4
- data/xml/x509_issuers.xml +39 -15
- data/xml/x509_subjects.xml +545 -64
- metadata +32 -6
data/xml/ftp_banners.xml
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
<?xml version=
|
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
|
2
2
|
<fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
|
|
3
3
|
<!--
|
|
4
4
|
FTP greeting messages (part of the banner after the response code) are matched
|
|
5
5
|
against these patterns to fingerprint FTP servers.
|
|
6
6
|
-->
|
|
7
|
+
|
|
7
8
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
|
|
8
9
|
<description>Microsoft FTP Server on Windows NT</description>
|
|
9
10
|
<example>xx Microsoft FTP Service (Version 3.0).</example>
|
|
@@ -18,6 +19,7 @@
|
|
|
18
19
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
|
|
19
20
|
<param pos="1" name="host.name"/>
|
|
20
21
|
</fingerprint>
|
|
22
|
+
|
|
21
23
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
|
|
22
24
|
<description>Microsoft FTP Server on Windows 2000</description>
|
|
23
25
|
<example>xxx Microsoft FTP Service (Version 5.0).</example>
|
|
@@ -32,6 +34,7 @@
|
|
|
32
34
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
|
|
33
35
|
<param pos="1" name="host.name"/>
|
|
34
36
|
</fingerprint>
|
|
37
|
+
|
|
35
38
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
|
|
36
39
|
<description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
|
|
37
40
|
<example>xxx Microsoft FTP Service (Version 5.1).</example>
|
|
@@ -45,6 +48,7 @@
|
|
|
45
48
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
46
49
|
<param pos="1" name="host.name"/>
|
|
47
50
|
</fingerprint>
|
|
51
|
+
|
|
48
52
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
|
|
49
53
|
<description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
|
|
50
54
|
<example>hostname Microsoft FTP Service</example>
|
|
@@ -58,6 +62,7 @@
|
|
|
58
62
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
59
63
|
<param pos="1" name="host.name"/>
|
|
60
64
|
</fingerprint>
|
|
65
|
+
|
|
61
66
|
<fingerprint pattern="^Microsoft FTP Service$">
|
|
62
67
|
<description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
|
|
63
68
|
<example>Microsoft FTP Service</example>
|
|
@@ -70,6 +75,7 @@
|
|
|
70
75
|
<param pos="0" name="os.product" value="Windows"/>
|
|
71
76
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
72
77
|
</fingerprint>
|
|
78
|
+
|
|
73
79
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
|
74
80
|
<description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
|
|
75
81
|
<example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
|
|
@@ -82,6 +88,7 @@
|
|
|
82
88
|
<param pos="1" name="host.name"/>
|
|
83
89
|
<param pos="2" name="service.version"/>
|
|
84
90
|
</fingerprint>
|
|
91
|
+
|
|
85
92
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
|
86
93
|
<description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
|
|
87
94
|
<example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
|
|
@@ -94,6 +101,7 @@
|
|
|
94
101
|
<param pos="1" name="host.name"/>
|
|
95
102
|
<param pos="2" name="service.version"/>
|
|
96
103
|
</fingerprint>
|
|
104
|
+
|
|
97
105
|
<fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
|
|
98
106
|
<description>WU-FTPD on various OS</description>
|
|
99
107
|
<example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
|
|
@@ -105,6 +113,7 @@
|
|
|
105
113
|
<param pos="1" name="host.name"/>
|
|
106
114
|
<param pos="2" name="service.version"/>
|
|
107
115
|
</fingerprint>
|
|
116
|
+
|
|
108
117
|
<fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
|
109
118
|
<description>FTPD on Mac OS X Server with a version</description>
|
|
110
119
|
<example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
|
|
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.
|
|
|
119
128
|
<param pos="2" name="os.version"/>
|
|
120
129
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
|
|
121
130
|
</fingerprint>
|
|
131
|
+
|
|
122
132
|
<fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
|
123
133
|
<description>FTPD on Mac OS X Server without a version</description>
|
|
124
134
|
<example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
132
142
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
|
|
133
143
|
<param pos="1" name="host.name"/>
|
|
134
144
|
</fingerprint>
|
|
145
|
+
|
|
135
146
|
<fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
|
|
136
147
|
<description>Simple tnftpd banner with a version</description>
|
|
137
148
|
<example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
|
|
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
139
150
|
<param pos="2" name="service.version"/>
|
|
140
151
|
<param pos="1" name="host.name"/>
|
|
141
152
|
</fingerprint>
|
|
153
|
+
|
|
142
154
|
<fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
|
|
143
155
|
<description>SunOS/Solaris</description>
|
|
144
156
|
<example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
|
|
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
149
161
|
<param pos="2" name="os.version"/>
|
|
150
162
|
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
|
|
151
163
|
</fingerprint>
|
|
164
|
+
|
|
152
165
|
<fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
|
|
153
166
|
<description>SunOS/Solaris 5.7-5.10</description>
|
|
154
167
|
<example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
|
|
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
160
173
|
<param pos="2" name="os.version"/>
|
|
161
174
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
|
162
175
|
</fingerprint>
|
|
176
|
+
|
|
163
177
|
<fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
|
|
164
178
|
<description>SunOS 5.6 (Solaris 2.6)</description>
|
|
165
179
|
<example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
|
|
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
170
184
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
|
|
171
185
|
<param pos="1" name="host.name"/>
|
|
172
186
|
</fingerprint>
|
|
187
|
+
|
|
173
188
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
|
|
174
189
|
<description>ProFTPD on Debian Linux</description>
|
|
175
190
|
<example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
|
|
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
184
199
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
|
185
200
|
<param pos="2" name="host.name"/>
|
|
186
201
|
</fingerprint>
|
|
202
|
+
|
|
187
203
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
|
|
188
204
|
<description>ProFTPD on a Linksys Wireless Access Point/Router</description>
|
|
189
205
|
<example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
|
|
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
197
213
|
<param pos="2" name="os.product"/>
|
|
198
214
|
<param pos="3" name="host.name"/>
|
|
199
215
|
</fingerprint>
|
|
216
|
+
|
|
200
217
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
|
|
201
218
|
<description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
|
|
202
219
|
<example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
|
|
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
210
227
|
<param pos="0" name="hw.product" value="ReadyNAS"/>
|
|
211
228
|
<param pos="2" name="host.ip"/>
|
|
212
229
|
</fingerprint>
|
|
230
|
+
|
|
213
231
|
<fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
|
|
214
232
|
<description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
|
|
215
233
|
<example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
|
|
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
222
240
|
<param pos="0" name="hw.product" value="ReadyNAS"/>
|
|
223
241
|
<param pos="1" name="host.name"/>
|
|
224
242
|
</fingerprint>
|
|
243
|
+
|
|
225
244
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
|
|
226
245
|
<description>ProFTPD on a wired Linksys device</description>
|
|
227
246
|
<param pos="0" name="service.family" value="ProFTPD"/>
|
|
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
234
253
|
<param pos="2" name="os.product"/>
|
|
235
254
|
<param pos="3" name="host.name"/>
|
|
236
255
|
</fingerprint>
|
|
256
|
+
|
|
237
257
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
|
|
238
258
|
<description>ProFTPD with version info but no obvious OS info</description>
|
|
239
259
|
<example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
|
|
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
247
267
|
<param pos="2" name="proftpd.server.name"/>
|
|
248
268
|
<param pos="3" name="host.name"/>
|
|
249
269
|
</fingerprint>
|
|
270
|
+
|
|
250
271
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
|
|
251
272
|
<description>ProFTPD with only version info</description>
|
|
252
273
|
<example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
|
|
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
256
277
|
<param pos="1" name="service.version"/>
|
|
257
278
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
|
258
279
|
</fingerprint>
|
|
280
|
+
|
|
259
281
|
<fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
|
|
260
282
|
<description>ProFTPD with no version info</description>
|
|
261
283
|
<example>ProFTPD FTP Server ready.</example>
|
|
@@ -265,6 +287,20 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
265
287
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
|
266
288
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
|
267
289
|
</fingerprint>
|
|
290
|
+
|
|
291
|
+
<fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
|
|
292
|
+
<description>ProFTPD with no version info, parenthetical form</description>
|
|
293
|
+
<example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
|
|
294
|
+
<example host.ip="1.2.3.4">ProFTPD Server (ProFTPD Default Installation) [1.2.3.4]</example>
|
|
295
|
+
<example host.ip="1.2.3.4">ProFTPD Server (pair Networks, Inc FTP server) [1.2.3.4]</example>
|
|
296
|
+
<example host.ip="::ffff:192.168.1.1">ProFTPD Server (ProFTPD) [::ffff:192.168.1.1]</example>
|
|
297
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
|
298
|
+
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
|
299
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
|
300
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
|
301
|
+
<param pos="1" name="host.ip"/>
|
|
302
|
+
</fingerprint>
|
|
303
|
+
|
|
268
304
|
<fingerprint pattern="^ProFTPD Server$">
|
|
269
305
|
<description>ProFTPD with no version info, short form</description>
|
|
270
306
|
<example>ProFTPD Server</example>
|
|
@@ -273,6 +309,17 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
273
309
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
|
274
310
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
|
275
311
|
</fingerprint>
|
|
312
|
+
|
|
313
|
+
<fingerprint pattern="^ProFTPD\s*$">
|
|
314
|
+
<description>ProFTPD with no version info, super short form</description>
|
|
315
|
+
<example>ProFTPD</example>
|
|
316
|
+
<example>ProFTPD </example>
|
|
317
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
|
318
|
+
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
|
319
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
|
320
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
|
321
|
+
</fingerprint>
|
|
322
|
+
|
|
276
323
|
<fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
|
|
277
324
|
<description>ProFTPD no valid servers configured</description>
|
|
278
325
|
<example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
|
|
@@ -283,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
283
330
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
|
284
331
|
<param pos="1" name="host.name"/>
|
|
285
332
|
</fingerprint>
|
|
333
|
+
|
|
286
334
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
|
|
287
335
|
<description>ProFTPD with version info - truncated</description>
|
|
288
336
|
<example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
|
|
@@ -295,6 +343,18 @@ example.com FTP server (Version: Mac OS X Server) ready.
|
|
|
295
343
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
|
296
344
|
<param pos="2" name="proftpd.server.name"/>
|
|
297
345
|
</fingerprint>
|
|
346
|
+
|
|
347
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
|
|
348
|
+
<description>ProFTPD with version info but no obvious OS info, take 2</description>
|
|
349
|
+
<example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
|
|
350
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
|
351
|
+
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
|
352
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
|
353
|
+
<param pos="1" name="service.version"/>
|
|
354
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
|
355
|
+
<param pos="2" name="host.name"/>
|
|
356
|
+
</fingerprint>
|
|
357
|
+
|
|
298
358
|
<fingerprint pattern="^=\(<\*>\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(<\*>\)=-" flags="REG_MULTILINE">
|
|
299
359
|
<description>Pure-FTPd versions <= 1.0.13 (at least as far back as 1.0.11)</description>
|
|
300
360
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-</example>
|
|
@@ -304,6 +364,7 @@ more stuff
|
|
|
304
364
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
|
305
365
|
<param pos="1" name="service.version"/>
|
|
306
366
|
</fingerprint>
|
|
367
|
+
|
|
307
368
|
<fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
|
|
308
369
|
<description>Pure-FTPd versions >= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
|
|
309
370
|
<example>---------- Welcome to Pure-FTPd ----------</example>
|
|
@@ -316,6 +377,7 @@ more text
|
|
|
316
377
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
|
317
378
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
|
318
379
|
</fingerprint>
|
|
380
|
+
|
|
319
381
|
<fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
|
|
320
382
|
<description>Basic Pure-FTPd banner, no version</description>
|
|
321
383
|
<example>Welcome to Pure-FTPd</example>
|
|
@@ -323,6 +385,7 @@ more text
|
|
|
323
385
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
|
324
386
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
|
325
387
|
</fingerprint>
|
|
388
|
+
|
|
326
389
|
<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
|
|
327
390
|
<description>Older Pure-FTPd versions</description>
|
|
328
391
|
<example service.version="1.1.0">=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-</example>
|
|
@@ -332,6 +395,7 @@ more text
|
|
|
332
395
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
|
333
396
|
<param pos="1" name="service.version"/>
|
|
334
397
|
</fingerprint>
|
|
398
|
+
|
|
335
399
|
<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
|
|
336
400
|
<description>Serv-U (only runs on Windows)</description>
|
|
337
401
|
<example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
|
|
@@ -346,6 +410,7 @@ more text
|
|
|
346
410
|
<param pos="0" name="os.product" value="Windows"/>
|
|
347
411
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
348
412
|
</fingerprint>
|
|
413
|
+
|
|
349
414
|
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
|
350
415
|
<description>zftpserver (only runs on Windows)</description>
|
|
351
416
|
<example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
|
|
@@ -357,6 +422,7 @@ more text
|
|
|
357
422
|
<param pos="0" name="os.product" value="Windows"/>
|
|
358
423
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
359
424
|
</fingerprint>
|
|
425
|
+
|
|
360
426
|
<fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
|
|
361
427
|
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
|
362
428
|
<example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
|
|
@@ -366,6 +432,7 @@ more text
|
|
|
366
432
|
<param pos="1" name="service.version"/>
|
|
367
433
|
<param pos="2" name="host.name"/>
|
|
368
434
|
</fingerprint>
|
|
435
|
+
|
|
369
436
|
<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
|
|
370
437
|
<description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
|
|
371
438
|
<example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
|
|
@@ -373,6 +440,7 @@ more text
|
|
|
373
440
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
|
374
441
|
<param pos="1" name="service.version"/>
|
|
375
442
|
</fingerprint>
|
|
443
|
+
|
|
376
444
|
<fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
|
|
377
445
|
<description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
|
|
378
446
|
<example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
|
|
@@ -380,6 +448,7 @@ more text
|
|
|
380
448
|
<param pos="0" name="service.product" value="vsFTPd Extended"/>
|
|
381
449
|
<param pos="1" name="service.version"/>
|
|
382
450
|
</fingerprint>
|
|
451
|
+
|
|
383
452
|
<fingerprint pattern="^OOPS: .*vsftp.*$">
|
|
384
453
|
<description>vsFTPd (Very Secure FTP Daemon) error message</description>
|
|
385
454
|
<example>OOPS: vsftpd: root is not mounted.</example>
|
|
@@ -387,6 +456,7 @@ more text
|
|
|
387
456
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
|
388
457
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
|
389
458
|
</fingerprint>
|
|
459
|
+
|
|
390
460
|
<fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
|
|
391
461
|
<description>FileZilla FTP Server</description>
|
|
392
462
|
<example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
|
|
@@ -397,6 +467,7 @@ more text
|
|
|
397
467
|
<param pos="0" name="service.product" value="FileZilla FTP Server"/>
|
|
398
468
|
<param pos="1" name="service.version"/>
|
|
399
469
|
</fingerprint>
|
|
470
|
+
|
|
400
471
|
<fingerprint pattern="^\s*APC FTP server ready\.$">
|
|
401
472
|
<description>APC device</description>
|
|
402
473
|
<example>APC FTP server ready.</example>
|
|
@@ -407,6 +478,7 @@ more text
|
|
|
407
478
|
<param pos="0" name="hw.vendor" value="APC"/>
|
|
408
479
|
<param pos="0" name="hw.device" value="Power device"/>
|
|
409
480
|
</fingerprint>
|
|
481
|
+
|
|
410
482
|
<fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
|
|
411
483
|
<description>APC power/cooling device</description>
|
|
412
484
|
<example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
|
|
@@ -423,6 +495,7 @@ more text
|
|
|
423
495
|
<param pos="0" name="hw.vendor" value="APC"/>
|
|
424
496
|
<param pos="0" name="hw.device" value="Power device"/>
|
|
425
497
|
</fingerprint>
|
|
498
|
+
|
|
426
499
|
<fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
|
|
427
500
|
<description>EMC Celerra</description>
|
|
428
501
|
<example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
|
|
@@ -440,6 +513,7 @@ more text
|
|
|
440
513
|
<param pos="0" name="hw.device" value="Storage"/>
|
|
441
514
|
<param pos="0" name="hw.product" value="Celerra"/>
|
|
442
515
|
</fingerprint>
|
|
516
|
+
|
|
443
517
|
<fingerprint pattern="^JD FTP Server Ready.*$">
|
|
444
518
|
<description>HP JetDirect printer</description>
|
|
445
519
|
<example>JD FTP Server Ready</example>
|
|
@@ -456,6 +530,7 @@ more text
|
|
|
456
530
|
<param pos="0" name="hw.family" value="JetDirect"/>
|
|
457
531
|
<param pos="0" name="hw.product" value="JetDirect"/>
|
|
458
532
|
</fingerprint>
|
|
533
|
+
|
|
459
534
|
<fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
|
|
460
535
|
<description>Check Point FireWall-1</description>
|
|
461
536
|
<example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
|
|
@@ -473,6 +548,7 @@ more text
|
|
|
473
548
|
<param pos="0" name="hw.family" value="Firewall-1"/>
|
|
474
549
|
<param pos="1" name="host.name"/>
|
|
475
550
|
</fingerprint>
|
|
551
|
+
|
|
476
552
|
<fingerprint pattern="^Blue Coat FTP Service$">
|
|
477
553
|
<description>Blue Coat security appliances</description>
|
|
478
554
|
<example>Blue Coat FTP Service</example>
|
|
@@ -481,11 +557,13 @@ more text
|
|
|
481
557
|
<param pos="0" name="os.vendor" value="Blue Coat"/>
|
|
482
558
|
<param pos="0" name="os.device" value="Web proxy"/>
|
|
483
559
|
</fingerprint>
|
|
560
|
+
|
|
484
561
|
<fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
|
|
485
562
|
<description>Nepenthes honeypot</description>
|
|
486
563
|
<param pos="0" name="service.family" value="Nepenthes"/>
|
|
487
564
|
<param pos="0" name="service.product" value="Nepenthes"/>
|
|
488
565
|
</fingerprint>
|
|
566
|
+
|
|
489
567
|
<fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
|
|
490
568
|
<description>IBM z/OS FTP Service</description>
|
|
491
569
|
<example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
|
|
@@ -498,6 +576,7 @@ more text
|
|
|
498
576
|
<param pos="1" name="os.version"/>
|
|
499
577
|
<param pos="2" name="host.name"/>
|
|
500
578
|
</fingerprint>
|
|
579
|
+
|
|
501
580
|
<fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
|
|
502
581
|
<description>IBM 4690 FTP Service</description>
|
|
503
582
|
<example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
|
|
@@ -508,6 +587,7 @@ more text
|
|
|
508
587
|
<param pos="0" name="os.family" value="4690"/>
|
|
509
588
|
<param pos="0" name="os.device" value="Point of sale"/>
|
|
510
589
|
</fingerprint>
|
|
590
|
+
|
|
511
591
|
<fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
|
|
512
592
|
<description>NcFTPd Server
|
|
513
593
|
http://www.ncftp.com/ncftpd/</description>
|
|
@@ -516,6 +596,7 @@ more text
|
|
|
516
596
|
<param pos="0" name="service.product" value="NcFTPd Server"/>
|
|
517
597
|
<param pos="1" name="host.name"/>
|
|
518
598
|
</fingerprint>
|
|
599
|
+
|
|
519
600
|
<fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
|
|
520
601
|
<description>D-Link DCS-2100 wireless internet camera</description>
|
|
521
602
|
<example>hostname DCS-2100 FTP server ready.</example>
|
|
@@ -524,6 +605,7 @@ more text
|
|
|
524
605
|
<param pos="0" name="os.device" value="Web cam"/>
|
|
525
606
|
<param pos="1" name="host.name"/>
|
|
526
607
|
</fingerprint>
|
|
608
|
+
|
|
527
609
|
<fingerprint pattern="^Secure Gateway FTP server ready\.$">
|
|
528
610
|
<description>Raptor firewall</description>
|
|
529
611
|
<example>Secure Gateway FTP server ready.</example>
|
|
@@ -532,6 +614,7 @@ more text
|
|
|
532
614
|
<param pos="0" name="os.product" value="Raptor"/>
|
|
533
615
|
<param pos="0" name="os.device" value="Firewall"/>
|
|
534
616
|
</fingerprint>
|
|
617
|
+
|
|
535
618
|
<fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
|
|
536
619
|
<description>Sun StorEdge disk array</description>
|
|
537
620
|
<example>SUN StorEdge 3511 RAID FTP server ready.</example>
|
|
@@ -540,6 +623,7 @@ more text
|
|
|
540
623
|
<param pos="1" name="os.product"/>
|
|
541
624
|
<param pos="0" name="os.device" value="Storage"/>
|
|
542
625
|
</fingerprint>
|
|
626
|
+
|
|
543
627
|
<fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
|
|
544
628
|
<description>Axis Network Camera</description>
|
|
545
629
|
<example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
|
|
@@ -552,28 +636,47 @@ more text
|
|
|
552
636
|
<param pos="0" name="hw.device" value="Web cam"/>
|
|
553
637
|
<param pos="1" name="hw.product"/>
|
|
554
638
|
<param pos="2" name="hw.version"/>
|
|
639
|
+
<param pos="0" name="os.vendor" value="AXIS"/>
|
|
640
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
641
|
+
<param pos="0" name="os.device" value="Web cam"/>
|
|
555
642
|
</fingerprint>
|
|
556
|
-
|
|
557
|
-
|
|
643
|
+
|
|
644
|
+
<fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
|
|
645
|
+
<description>Axis Video encoders/servers</description>
|
|
558
646
|
<example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
|
|
559
647
|
<example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
|
|
560
648
|
<example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
|
|
561
649
|
<example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
|
|
562
650
|
<example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
|
|
563
651
|
<example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
|
|
652
|
+
<param pos="0" name="hw.vendor" value="Axis"/>
|
|
653
|
+
<param pos="1" name="hw.product"/>
|
|
654
|
+
<param pos="2" name="hw.version"/>
|
|
655
|
+
<param pos="0" name="hw.device" value="Video Encoder"/>
|
|
656
|
+
<param pos="0" name="os.vendor" value="AXIS"/>
|
|
657
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
658
|
+
</fingerprint>
|
|
659
|
+
|
|
660
|
+
<fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
|
|
661
|
+
<description>Axis Audio encoders/servers</description>
|
|
564
662
|
<example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
|
|
565
663
|
<param pos="0" name="hw.vendor" value="Axis"/>
|
|
566
664
|
<param pos="1" name="hw.product"/>
|
|
567
665
|
<param pos="2" name="hw.version"/>
|
|
666
|
+
<param pos="0" name="hw.device" value="Audio Encoder"/>
|
|
667
|
+
<param pos="0" name="os.vendor" value="AXIS"/>
|
|
668
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
568
669
|
</fingerprint>
|
|
670
|
+
|
|
569
671
|
<fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
|
|
570
672
|
<description>Axis Door Controllers</description>
|
|
571
673
|
<example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
|
|
572
674
|
<param pos="0" name="hw.vendor" value="Axis"/>
|
|
573
|
-
<param pos="0" name="hw.device" value="
|
|
675
|
+
<param pos="0" name="hw.device" value="Access Control"/>
|
|
574
676
|
<param pos="1" name="hw.product"/>
|
|
575
677
|
<param pos="2" name="hw.version"/>
|
|
576
678
|
</fingerprint>
|
|
679
|
+
|
|
577
680
|
<fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
|
|
578
681
|
<description>Axis print servers</description>
|
|
579
682
|
<example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
|
|
@@ -584,6 +687,7 @@ more text
|
|
|
584
687
|
<param pos="1" name="hw.product"/>
|
|
585
688
|
<param pos="2" name="hw.version"/>
|
|
586
689
|
</fingerprint>
|
|
690
|
+
|
|
587
691
|
<fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
|
|
588
692
|
<description>Ricoh Aficio multifunction device</description>
|
|
589
693
|
<example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
|
|
@@ -599,6 +703,7 @@ more text
|
|
|
599
703
|
<param pos="1" name="os.product"/>
|
|
600
704
|
<param pos="2" name="os.version"/>
|
|
601
705
|
</fingerprint>
|
|
706
|
+
|
|
602
707
|
<fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
|
|
603
708
|
<description>Ricoh NRG multifunction device</description>
|
|
604
709
|
<example>NRG MP C2800 FTP server (8.25) ready.</example>
|
|
@@ -617,6 +722,7 @@ more text
|
|
|
617
722
|
<param pos="0" name="hw.device" value="Multifunction Device"/>
|
|
618
723
|
<param pos="1" name="hw.product"/>
|
|
619
724
|
</fingerprint>
|
|
725
|
+
|
|
620
726
|
<fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
|
|
621
727
|
<description>Xerox WorkCentre</description>
|
|
622
728
|
<example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
|
|
@@ -629,8 +735,9 @@ more text
|
|
|
629
735
|
<param pos="0" name="hw.vendor" value="Xerox"/>
|
|
630
736
|
<param pos="0" name="hw.family" value="WorkCentre"/>
|
|
631
737
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
632
|
-
<param pos="1" name="hw.product"/>
|
|
738
|
+
<param pos="1" name="hw.product"/>
|
|
633
739
|
</fingerprint>
|
|
740
|
+
|
|
634
741
|
<fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
|
|
635
742
|
<description>Xerox Phaser Laser Printer</description>
|
|
636
743
|
<example>Xerox Phaser 6130N</example>
|
|
@@ -644,6 +751,7 @@ more text
|
|
|
644
751
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
645
752
|
<param pos="1" name="hw.product"/>
|
|
646
753
|
</fingerprint>
|
|
754
|
+
|
|
647
755
|
<fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
|
|
648
756
|
<description>Xerox Wide Format Series of Printers</description>
|
|
649
757
|
<example>XEROX 6204 Wide Format FTP server ready</example>
|
|
@@ -656,6 +764,7 @@ more text
|
|
|
656
764
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
657
765
|
<param pos="1" name="hw.product"/>
|
|
658
766
|
</fingerprint>
|
|
767
|
+
|
|
659
768
|
<fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
|
|
660
769
|
<description>FUJI XEROX DocuPrint Series of Printers</description>
|
|
661
770
|
<example>FUJI XEROX DocuPrint 3055</example>
|
|
@@ -666,6 +775,7 @@ more text
|
|
|
666
775
|
<param pos="0" name="os.device" value="Printer"/>
|
|
667
776
|
<param pos="1" name="os.product"/>
|
|
668
777
|
</fingerprint>
|
|
778
|
+
|
|
669
779
|
<fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
670
780
|
<description>Lexmark printer with MAC address</description>
|
|
671
781
|
<example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
|
|
@@ -677,6 +787,7 @@ more text
|
|
|
677
787
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
678
788
|
<param pos="2" name="hw.product"/>
|
|
679
789
|
</fingerprint>
|
|
790
|
+
|
|
680
791
|
<fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
681
792
|
<description>Lexmark printer with OS version</description>
|
|
682
793
|
<example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
|
|
@@ -687,6 +798,7 @@ more text
|
|
|
687
798
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
688
799
|
<param pos="1" name="hw.product"/>
|
|
689
800
|
</fingerprint>
|
|
801
|
+
|
|
690
802
|
<fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
691
803
|
<description>Lexmark printer</description>
|
|
692
804
|
<example hw.product="X500">Lexmark X500 FTP server ready</example>
|
|
@@ -696,6 +808,17 @@ more text
|
|
|
696
808
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
697
809
|
<param pos="1" name="hw.product"/>
|
|
698
810
|
</fingerprint>
|
|
811
|
+
|
|
812
|
+
<fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
|
|
813
|
+
<description>Kyocera Multifunction Device</description>
|
|
814
|
+
<example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
|
|
815
|
+
<param pos="0" name="os.vendor" value="Kyocera"/>
|
|
816
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
817
|
+
<param pos="0" name="hw.vendor" value="Kyocera"/>
|
|
818
|
+
<param pos="0" name="hw.device" value="Multifunction Device"/>
|
|
819
|
+
<param pos="1" name="hw.product"/>
|
|
820
|
+
</fingerprint>
|
|
821
|
+
|
|
699
822
|
<fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
|
|
700
823
|
<description>VxWorks with version information</description>
|
|
701
824
|
<example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
|
|
@@ -707,6 +830,7 @@ more text
|
|
|
707
830
|
<param pos="1" name="os.version"/>
|
|
708
831
|
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
|
709
832
|
</fingerprint>
|
|
833
|
+
|
|
710
834
|
<fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
|
|
711
835
|
<description>VxWorks without version information</description>
|
|
712
836
|
<example>Tornado-vxWorks FTP server ready</example>
|
|
@@ -714,6 +838,7 @@ more text
|
|
|
714
838
|
<param pos="0" name="os.product" value="VxWorks"/>
|
|
715
839
|
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
|
|
716
840
|
</fingerprint>
|
|
841
|
+
|
|
717
842
|
<fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
|
|
718
843
|
<description>VxWorks 6 with version information</description>
|
|
719
844
|
<example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
|
|
@@ -721,23 +846,25 @@ more text
|
|
|
721
846
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
|
722
847
|
<param pos="0" name="os.product" value="VxWorks"/>
|
|
723
848
|
<param pos="1" name="os.version"/>
|
|
724
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks
|
|
849
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
|
725
850
|
</fingerprint>
|
|
851
|
+
|
|
726
852
|
<fingerprint pattern="^[\w<>]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
|
|
727
853
|
<description>VxWorks on Tenor MultiPath with version information</description>
|
|
728
|
-
<example os.version="5.4.2"
|
|
854
|
+
<example os.version="5.4.2"><38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
|
|
729
855
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
|
730
856
|
<param pos="0" name="os.product" value="VxWorks"/>
|
|
731
857
|
<param pos="1" name="os.version"/>
|
|
732
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks
|
|
858
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
|
733
859
|
</fingerprint>
|
|
860
|
+
|
|
734
861
|
<fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
|
|
735
862
|
<description>VxWorks with Secure NetLinx</description>
|
|
736
863
|
<example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
|
|
737
864
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
|
738
865
|
<param pos="0" name="os.product" value="VxWorks"/>
|
|
739
866
|
<param pos="1" name="os.version"/>
|
|
740
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks
|
|
867
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
|
741
868
|
</fingerprint>
|
|
742
869
|
|
|
743
870
|
<fingerprint pattern="^ADC iScale$">
|
|
@@ -748,6 +875,7 @@ more text
|
|
|
748
875
|
<param pos="0" name="os.vendor" value="ADC"/>
|
|
749
876
|
<param pos="0" name="os.product" value="iScale"/>
|
|
750
877
|
</fingerprint>
|
|
878
|
+
|
|
751
879
|
<fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
|
|
752
880
|
<description>Taskalfa Series of Printers</description>
|
|
753
881
|
<example>TASKalfa 300ci FTP server</example>
|
|
@@ -761,6 +889,7 @@ more text
|
|
|
761
889
|
<param pos="0" name="hw.device" value="Multifunction Device"/>
|
|
762
890
|
<param pos="1" name="hw.product"/>
|
|
763
891
|
</fingerprint>
|
|
892
|
+
|
|
764
893
|
<fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
|
|
765
894
|
<description>SAVIN Printer FTP Server</description>
|
|
766
895
|
<example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
|
|
@@ -781,6 +910,7 @@ more text
|
|
|
781
910
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
782
911
|
<param pos="1" name="hw.product"/>
|
|
783
912
|
</fingerprint>
|
|
913
|
+
|
|
784
914
|
<fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
|
|
785
915
|
<description>OCE IM series Printer</description>
|
|
786
916
|
<example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
|
|
@@ -791,6 +921,7 @@ more text
|
|
|
791
921
|
<param pos="1" name="os.product"/>
|
|
792
922
|
<param pos="2" name="os.version"/>
|
|
793
923
|
</fingerprint>
|
|
924
|
+
|
|
794
925
|
<fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
|
|
795
926
|
<description>OCE Printer</description>
|
|
796
927
|
<example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
|
|
@@ -800,6 +931,7 @@ more text
|
|
|
800
931
|
<param pos="1" name="os.product"/>
|
|
801
932
|
<param pos="2" name="os.version"/>
|
|
802
933
|
</fingerprint>
|
|
934
|
+
|
|
803
935
|
<fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
|
|
804
936
|
<description>MPI Technologies Linkcom Express FTP Server with os version</description>
|
|
805
937
|
<example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
|
|
@@ -809,6 +941,7 @@ more text
|
|
|
809
941
|
<param pos="1" name="hw.product"/>
|
|
810
942
|
<param pos="2" name="os.version"/>
|
|
811
943
|
</fingerprint>
|
|
944
|
+
|
|
812
945
|
<fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
|
|
813
946
|
<description>MPI Technologies Linkcom Express FTP Server</description>
|
|
814
947
|
<example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
|
|
@@ -817,6 +950,7 @@ more text
|
|
|
817
950
|
<param pos="0" name="hw.device" value="Print server"/>
|
|
818
951
|
<param pos="1" name="hw.product"/>
|
|
819
952
|
</fingerprint>
|
|
953
|
+
|
|
820
954
|
<fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
|
|
821
955
|
<description>IBM Infoprint FTP</description>
|
|
822
956
|
<example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
|
|
@@ -829,6 +963,7 @@ more text
|
|
|
829
963
|
<param pos="1" name="os.product"/>
|
|
830
964
|
<param pos="2" name="os.version"/>
|
|
831
965
|
</fingerprint>
|
|
966
|
+
|
|
832
967
|
<fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
|
|
833
968
|
<description>Gestetner Printer FTP</description>
|
|
834
969
|
<example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
|
|
@@ -841,6 +976,7 @@ more text
|
|
|
841
976
|
<param pos="1" name="os.product"/>
|
|
842
977
|
<param pos="2" name="os.version"/>
|
|
843
978
|
</fingerprint>
|
|
979
|
+
|
|
844
980
|
<fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
|
|
845
981
|
<description>Gestetner Printer FTP - short banner</description>
|
|
846
982
|
<example>Gestetner MPC2500</example>
|
|
@@ -848,6 +984,7 @@ more text
|
|
|
848
984
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
849
985
|
<param pos="1" name="os.product"/>
|
|
850
986
|
</fingerprint>
|
|
987
|
+
|
|
851
988
|
<fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
|
|
852
989
|
<description>Lexmark Marknet Printers FTP</description>
|
|
853
990
|
<example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
|
|
@@ -857,6 +994,7 @@ more text
|
|
|
857
994
|
<param pos="1" name="os.product"/>
|
|
858
995
|
<param pos="2" name="os.version"/>
|
|
859
996
|
</fingerprint>
|
|
997
|
+
|
|
860
998
|
<fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
|
|
861
999
|
<description>Source Technologies ST9600 Series Secure Printer</description>
|
|
862
1000
|
<example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
|
|
@@ -869,6 +1007,7 @@ more text
|
|
|
869
1007
|
<param pos="2" name="os.product"/>
|
|
870
1008
|
<param pos="3" name="os.version"/>
|
|
871
1009
|
</fingerprint>
|
|
1010
|
+
|
|
872
1011
|
<fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
|
|
873
1012
|
<description>Lexmark ProXXX Series of Printers</description>
|
|
874
1013
|
<example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
|
@@ -881,6 +1020,7 @@ more text
|
|
|
881
1020
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
882
1021
|
<param pos="2" name="hw.product"/>
|
|
883
1022
|
</fingerprint>
|
|
1023
|
+
|
|
884
1024
|
<fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
|
|
885
1025
|
<description>Lexmark Forms Printer</description>
|
|
886
1026
|
<example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
|
|
@@ -895,6 +1035,7 @@ more text
|
|
|
895
1035
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
896
1036
|
<param pos="2" name="hw.product"/>
|
|
897
1037
|
</fingerprint>
|
|
1038
|
+
|
|
898
1039
|
<fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
|
899
1040
|
<description>Toshiba e-STUDIO Printer with MAC address</description>
|
|
900
1041
|
<example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
|
|
@@ -908,6 +1049,7 @@ more text
|
|
|
908
1049
|
<param pos="0" name="hw.device" value="Multifunction Device"/>
|
|
909
1050
|
<param pos="0" name="hw.product" value="e-STUDIO"/>
|
|
910
1051
|
</fingerprint>
|
|
1052
|
+
|
|
911
1053
|
<fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
|
912
1054
|
<description>Toshiba e-STUDIO Printer</description>
|
|
913
1055
|
<example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
@@ -919,6 +1061,7 @@ more text
|
|
|
919
1061
|
<param pos="0" name="hw.device" value="Multifunction Device"/>
|
|
920
1062
|
<param pos="0" name="hw.product" value="e-STUDIO"/>
|
|
921
1063
|
</fingerprint>
|
|
1064
|
+
|
|
922
1065
|
<fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
|
|
923
1066
|
<description>Lexmark Optra Printer</description>
|
|
924
1067
|
<example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
|
|
@@ -933,6 +1076,7 @@ more text
|
|
|
933
1076
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
934
1077
|
<param pos="1" name="hw.product"/>
|
|
935
1078
|
</fingerprint>
|
|
1079
|
+
|
|
936
1080
|
<fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
|
|
937
1081
|
<description>Sharp Printer/Copier/Scanne</description>
|
|
938
1082
|
<example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
|
|
@@ -954,6 +1098,7 @@ more text
|
|
|
954
1098
|
<param pos="0" name="hw.family" value="MX Series"/>
|
|
955
1099
|
<param pos="1" name="hw.product"/>
|
|
956
1100
|
</fingerprint>
|
|
1101
|
+
|
|
957
1102
|
<fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
|
|
958
1103
|
<description>Kyocera Printer with version string</description>
|
|
959
1104
|
<example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
|
|
@@ -966,6 +1111,7 @@ more text
|
|
|
966
1111
|
<param pos="0" name="hw.device" value="Multifunction Device"/>
|
|
967
1112
|
<param pos="1" name="hw.product"/>
|
|
968
1113
|
</fingerprint>
|
|
1114
|
+
|
|
969
1115
|
<fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
|
|
970
1116
|
<description>Kyocera Printer</description>
|
|
971
1117
|
<example os.product="FS-1370DN">FS-1370DN FTP server</example>
|
|
@@ -979,6 +1125,7 @@ more text
|
|
|
979
1125
|
<param pos="0" name="hw.family" value="FS"/>
|
|
980
1126
|
<param pos="1" name="hw.product"/>
|
|
981
1127
|
</fingerprint>
|
|
1128
|
+
|
|
982
1129
|
<fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
|
|
983
1130
|
<description>Extended Systems ExtendNet Print Server</description>
|
|
984
1131
|
<example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
|
|
@@ -1000,6 +1147,7 @@ more text
|
|
|
1000
1147
|
<param pos="0" name="hw.device" value="Print server"/>
|
|
1001
1148
|
<param pos="1" name="hw.product"/>
|
|
1002
1149
|
</fingerprint>
|
|
1150
|
+
|
|
1003
1151
|
<fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
|
|
1004
1152
|
<description>SATO Printer</description>
|
|
1005
1153
|
<example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
|
|
@@ -1010,6 +1158,7 @@ more text
|
|
|
1010
1158
|
<param pos="0" name="hw.vendor" value="SATO"/>
|
|
1011
1159
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
1012
1160
|
</fingerprint>
|
|
1161
|
+
|
|
1013
1162
|
<fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
|
|
1014
1163
|
<description>AMTDatasouth Fastmark M5</description>
|
|
1015
1164
|
<example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
|
|
@@ -1021,12 +1170,13 @@ more text
|
|
|
1021
1170
|
<param pos="0" name="os.product" value="Fastmark M5"/>
|
|
1022
1171
|
<param pos="0" name="os.device" value="Printer"/>
|
|
1023
1172
|
<param pos="1" name="os.version"/>
|
|
1024
|
-
<param pos="0" name="system.time.format" value="MMM dd HH:mm
|
|
1173
|
+
<param pos="0" name="system.time.format" value="MMM dd HH:mm:ss"/>
|
|
1025
1174
|
<param pos="2" name="system.time"/>
|
|
1026
1175
|
<param pos="0" name="hw.vendor" value="AMTDatasouth"/>
|
|
1027
1176
|
<param pos="0" name="hw.product" value="Fastmark M5"/>
|
|
1028
1177
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
1029
1178
|
</fingerprint>
|
|
1179
|
+
|
|
1030
1180
|
<fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
|
|
1031
1181
|
<description>EFI FTP Print Server</description>
|
|
1032
1182
|
<example>EFI FTP Print server ready.</example>
|
|
@@ -1036,7 +1186,9 @@ more text
|
|
|
1036
1186
|
<param pos="0" name="os.product" value="Fiery Print Server"/>
|
|
1037
1187
|
<param pos="0" name="os.device" value="Print server"/>
|
|
1038
1188
|
</fingerprint>
|
|
1189
|
+
|
|
1039
1190
|
<!-- Conjectured based on known MX FTP fingerprints -->
|
|
1191
|
+
|
|
1040
1192
|
<fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
|
|
1041
1193
|
<description>Sharp AR Series multifunction device</description>
|
|
1042
1194
|
<example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
|
|
@@ -1050,6 +1202,7 @@ more text
|
|
|
1050
1202
|
<param pos="0" name="hw.family" value="AR Series"/>
|
|
1051
1203
|
<param pos="1" name="hw.product"/>
|
|
1052
1204
|
</fingerprint>
|
|
1205
|
+
|
|
1053
1206
|
<fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
|
|
1054
1207
|
<description>Konica Minolta FTP Server - w/o version</description>
|
|
1055
1208
|
<example>KONICA MINOLTA FTP server ready.</example>
|
|
@@ -1062,6 +1215,7 @@ more text
|
|
|
1062
1215
|
<param pos="0" name="hw.vendor" value="Konica Minolta"/>
|
|
1063
1216
|
<param pos="0" name="hw.product" value="Printer"/>
|
|
1064
1217
|
</fingerprint>
|
|
1218
|
+
|
|
1065
1219
|
<fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
|
|
1066
1220
|
<description>Konica Minolta FTP Server</description>
|
|
1067
1221
|
<example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
|
|
@@ -1079,6 +1233,7 @@ more text
|
|
|
1079
1233
|
<param pos="0" name="service.product" value="KM FTPD"/>
|
|
1080
1234
|
<param pos="2" name="service.version"/>
|
|
1081
1235
|
</fingerprint>
|
|
1236
|
+
|
|
1082
1237
|
<fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
|
|
1083
1238
|
<description>ZebraNet Print Server FTP</description>
|
|
1084
1239
|
<example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
|
|
@@ -1092,12 +1247,26 @@ more text
|
|
|
1092
1247
|
<param pos="0" name="hw.device" value="Print server"/>
|
|
1093
1248
|
<param pos="1" name="hw.product"/>
|
|
1094
1249
|
</fingerprint>
|
|
1250
|
+
|
|
1251
|
+
<fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
|
|
1252
|
+
<description>Dell Laser Printer</description>
|
|
1253
|
+
<example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
|
|
1254
|
+
<param pos="0" name="os.vendor" value="Dell"/>
|
|
1255
|
+
<param pos="0" name="os.device" value="Printer"/>
|
|
1256
|
+
<param pos="0" name="hw.vendor" value="Dell"/>
|
|
1257
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
|
1258
|
+
<param pos="1" name="host.name"/>
|
|
1259
|
+
<param pos="2" name="host.mac"/>
|
|
1260
|
+
<param pos="3" name="hw.product"/>
|
|
1261
|
+
</fingerprint>
|
|
1262
|
+
|
|
1095
1263
|
<fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
|
|
1096
1264
|
<description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
|
|
1097
1265
|
<example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
|
|
1098
1266
|
<example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
|
|
1099
1267
|
<param pos="1" name="host.name"/>
|
|
1100
1268
|
</fingerprint>
|
|
1269
|
+
|
|
1101
1270
|
<fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
|
|
1102
1271
|
<description>Cisco TelePresence</description>
|
|
1103
1272
|
<example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
|
|
@@ -1113,6 +1282,7 @@ more text
|
|
|
1113
1282
|
<param pos="2" name="hw.model"/>
|
|
1114
1283
|
<param pos="3" name="os.version"/>
|
|
1115
1284
|
</fingerprint>
|
|
1285
|
+
|
|
1116
1286
|
<fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
|
|
1117
1287
|
<description>Digital/Compaq/HP Tru64 Unix</description>
|
|
1118
1288
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
|
|
@@ -1123,6 +1293,7 @@ more text
|
|
|
1123
1293
|
<param pos="2" name="os.version"/>
|
|
1124
1294
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
|
|
1125
1295
|
</fingerprint>
|
|
1296
|
+
|
|
1126
1297
|
<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
|
1127
1298
|
<description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
|
|
1128
1299
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
|
|
@@ -1132,6 +1303,7 @@ more text
|
|
|
1132
1303
|
<param pos="1" name="host.name"/>
|
|
1133
1304
|
<param pos="2" name="os.version"/>
|
|
1134
1305
|
</fingerprint>
|
|
1306
|
+
|
|
1135
1307
|
<fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
|
|
1136
1308
|
<description>MikroTik</description>
|
|
1137
1309
|
<example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
|
|
@@ -1141,6 +1313,7 @@ more text
|
|
|
1141
1313
|
<param pos="2" name="os.version"/>
|
|
1142
1314
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
|
1143
1315
|
</fingerprint>
|
|
1316
|
+
|
|
1144
1317
|
<fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
|
|
1145
1318
|
<description>MikroTik w/o hostname</description>
|
|
1146
1319
|
<example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
|
|
@@ -1149,6 +1322,7 @@ more text
|
|
|
1149
1322
|
<param pos="1" name="os.version"/>
|
|
1150
1323
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
|
1151
1324
|
</fingerprint>
|
|
1325
|
+
|
|
1152
1326
|
<fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
|
|
1153
1327
|
<description>FTPD on an Asus Wireless Access Point/Router</description>
|
|
1154
1328
|
<example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
|
|
@@ -1160,6 +1334,7 @@ more text
|
|
|
1160
1334
|
<param pos="0" name="hw.device" value="WAP"/>
|
|
1161
1335
|
<param pos="1" name="hw.product"/>
|
|
1162
1336
|
</fingerprint>
|
|
1337
|
+
|
|
1163
1338
|
<fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
|
|
1164
1339
|
<description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
|
|
1165
1340
|
<example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
|
|
@@ -1170,6 +1345,7 @@ more text
|
|
|
1170
1345
|
<param pos="0" name="hw.device" value="DSL Modem"/>
|
|
1171
1346
|
<param pos="1" name="hw.product"/>
|
|
1172
1347
|
</fingerprint>
|
|
1348
|
+
|
|
1173
1349
|
<fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
|
|
1174
1350
|
<description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
|
|
1175
1351
|
<example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
|
|
@@ -1179,6 +1355,7 @@ more text
|
|
|
1179
1355
|
<param pos="0" name="hw.device" value="WAP"/>
|
|
1180
1356
|
<param pos="1" name="hw.product"/>
|
|
1181
1357
|
</fingerprint>
|
|
1358
|
+
|
|
1182
1359
|
<fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
|
|
1183
1360
|
<description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
|
|
1184
1361
|
<example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
|
|
@@ -1192,6 +1369,7 @@ more text
|
|
|
1192
1369
|
<param pos="0" name="hw.family" value="FRITZ!Box"/>
|
|
1193
1370
|
<param pos="1" name="hw.product"/>
|
|
1194
1371
|
</fingerprint>
|
|
1372
|
+
|
|
1195
1373
|
<fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
|
|
1196
1374
|
<description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
|
|
1197
1375
|
<example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
|
|
@@ -1199,10 +1377,11 @@ more text
|
|
|
1199
1377
|
<param pos="0" name="service.product" value="inetutils ftpd"/>
|
|
1200
1378
|
<param pos="0" name="service.vendor" value="GNU"/>
|
|
1201
1379
|
<param pos="1" name="service.version"/>
|
|
1202
|
-
<param pos="0" name="hw.vendor" value="
|
|
1380
|
+
<param pos="0" name="hw.vendor" value="Zyxel"/>
|
|
1203
1381
|
<param pos="0" name="hw.family" value="WiMax"/>
|
|
1204
1382
|
<param pos="0" name="hw.device" value="WAP"/>
|
|
1205
1383
|
</fingerprint>
|
|
1384
|
+
|
|
1206
1385
|
<fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
|
|
1207
1386
|
<description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
|
|
1208
1387
|
<example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
|
|
@@ -1214,6 +1393,7 @@ more text
|
|
|
1214
1393
|
<param pos="1" name="hw.product"/>
|
|
1215
1394
|
<param pos="2" name="os.version"/>
|
|
1216
1395
|
</fingerprint>
|
|
1396
|
+
|
|
1217
1397
|
<fingerprint pattern="^DiskStation FTP server ready\.$">
|
|
1218
1398
|
<description>FTPD on a Synology DiskStation NAS</description>
|
|
1219
1399
|
<example>DiskStation FTP server ready.</example>
|
|
@@ -1226,6 +1406,7 @@ more text
|
|
|
1226
1406
|
<param pos="0" name="hw.family" value="DiskStation"/>
|
|
1227
1407
|
<param pos="0" name="hw.device" value="NAS"/>
|
|
1228
1408
|
</fingerprint>
|
|
1409
|
+
|
|
1229
1410
|
<fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
|
|
1230
1411
|
<description>FTPD on a Synology device</description>
|
|
1231
1412
|
<example>Synology FTP server ready.</example>
|
|
@@ -1237,6 +1418,7 @@ more text
|
|
|
1237
1418
|
<param pos="0" name="os.product" value="Linux"/>
|
|
1238
1419
|
<param pos="0" name="hw.vendor" value="Synology"/>
|
|
1239
1420
|
</fingerprint>
|
|
1421
|
+
|
|
1240
1422
|
<fingerprint pattern="^.Welcome to MyBookLive.$">
|
|
1241
1423
|
<description>FTPD on Western Digital My Book Live NAS</description>
|
|
1242
1424
|
<example>"Welcome to MyBookLive"</example>
|
|
@@ -1245,6 +1427,7 @@ more text
|
|
|
1245
1427
|
<param pos="0" name="hw.product" value="My Book Live"/>
|
|
1246
1428
|
<param pos="0" name="hw.device" value="NAS"/>
|
|
1247
1429
|
</fingerprint>
|
|
1430
|
+
|
|
1248
1431
|
<fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
|
|
1249
1432
|
<description>Multicraft FTPD Server</description>
|
|
1250
1433
|
<example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
|
|
@@ -1254,6 +1437,7 @@ more text
|
|
|
1254
1437
|
<param pos="0" name="service.vendor" value="Multicraft"/>
|
|
1255
1438
|
<param pos="1" name="service.version"/>
|
|
1256
1439
|
</fingerprint>
|
|
1440
|
+
|
|
1257
1441
|
<fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
|
|
1258
1442
|
<description>Bftpd FTPD Server</description>
|
|
1259
1443
|
<example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
|
|
@@ -1265,6 +1449,7 @@ more text
|
|
|
1265
1449
|
<param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
|
|
1266
1450
|
<param pos="2" name="host.ip"/>
|
|
1267
1451
|
</fingerprint>
|
|
1452
|
+
|
|
1268
1453
|
<fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
|
|
1269
1454
|
<description>ProFTPD on QNAP Turbo Station NAS</description>
|
|
1270
1455
|
<example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
|
|
@@ -1280,6 +1465,7 @@ more text
|
|
|
1280
1465
|
<param pos="0" name="hw.device" value="NAS"/>
|
|
1281
1466
|
<param pos="2" name="host.ip"/>
|
|
1282
1467
|
</fingerprint>
|
|
1468
|
+
|
|
1283
1469
|
<fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
|
|
1284
1470
|
<description>Twisted (Python) FTP Server</description>
|
|
1285
1471
|
<example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
|
|
@@ -1289,6 +1475,7 @@ more text
|
|
|
1289
1475
|
<param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
|
|
1290
1476
|
<param pos="1" name="service.version"/>
|
|
1291
1477
|
</fingerprint>
|
|
1478
|
+
|
|
1292
1479
|
<fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
|
|
1293
1480
|
<description>Gene6 FTP Server on Windows</description>
|
|
1294
1481
|
<example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
|
|
@@ -1302,6 +1489,7 @@ more text
|
|
|
1302
1489
|
<param pos="0" name="os.product" value="Windows"/>
|
|
1303
1490
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
1304
1491
|
</fingerprint>
|
|
1492
|
+
|
|
1305
1493
|
<fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
|
|
1306
1494
|
<description>WS_FTP FTP Server on Windows - X2 variant</description>
|
|
1307
1495
|
<example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
|
|
@@ -1317,6 +1505,7 @@ more text
|
|
|
1317
1505
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
1318
1506
|
<param pos="1" name="host.name"/>
|
|
1319
1507
|
</fingerprint>
|
|
1508
|
+
|
|
1320
1509
|
<fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
|
|
1321
1510
|
<description>WS_FTP FTP Server on Windows - V2 variant</description>
|
|
1322
1511
|
<example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
|
|
@@ -1330,24 +1519,35 @@ more text
|
|
|
1330
1519
|
<param pos="0" name="os.product" value="Windows"/>
|
|
1331
1520
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
1332
1521
|
</fingerprint>
|
|
1522
|
+
|
|
1333
1523
|
<fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
|
|
1334
1524
|
<description>ZyXEL Unified Security Gateway</description>
|
|
1335
1525
|
<example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
|
|
1336
1526
|
<example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
|
|
1337
1527
|
<example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
|
|
1338
|
-
<param pos="0" name="service.vendor" value="
|
|
1528
|
+
<param pos="0" name="service.vendor" value="Zyxel"/>
|
|
1339
1529
|
<param pos="0" name="service.family" value="Unified Security Gateway"/>
|
|
1340
1530
|
<param pos="0" name="service.product" value="FTPD"/>
|
|
1341
1531
|
<param pos="2" name="host.ip"/>
|
|
1342
|
-
<param pos="0" name="hw.vendor" value="
|
|
1532
|
+
<param pos="0" name="hw.vendor" value="Zyxel"/>
|
|
1343
1533
|
<param pos="0" name="hw.family" value="Unified Security Gateway"/>
|
|
1344
1534
|
<param pos="1" name="hw.product"/>
|
|
1345
1535
|
</fingerprint>
|
|
1536
|
+
|
|
1346
1537
|
<fingerprint pattern="^Welcome to TP-LINK FTP server$">
|
|
1347
1538
|
<description>FTPD on a TP-LINK device (no version/host info)</description>
|
|
1348
1539
|
<example>Welcome to TP-LINK FTP server</example>
|
|
1349
1540
|
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
|
1350
1541
|
</fingerprint>
|
|
1542
|
+
|
|
1543
|
+
<fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
|
|
1544
|
+
<description>FTPD on a TP-LINK device with version, but no host info</description>
|
|
1545
|
+
<example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
|
|
1546
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
|
1547
|
+
<param pos="0" name="service.product" value="FTPD"/>
|
|
1548
|
+
<param pos="1" name="service.version"/>
|
|
1549
|
+
</fingerprint>
|
|
1550
|
+
|
|
1351
1551
|
<fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
|
|
1352
1552
|
<description>ucftpd with version</description>
|
|
1353
1553
|
<example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
|
|
@@ -1356,18 +1556,21 @@ more text
|
|
|
1356
1556
|
<param pos="0" name="service.product" value="ucftpd"/>
|
|
1357
1557
|
<param pos="1" name="service.version"/>
|
|
1358
1558
|
</fingerprint>
|
|
1559
|
+
|
|
1359
1560
|
<fingerprint pattern="^ucftpd FTP server ready\.$">
|
|
1360
1561
|
<description>ucftpd without version</description>
|
|
1361
1562
|
<example>ucftpd FTP server ready.</example>
|
|
1362
1563
|
<param pos="0" name="service.family" value="ucftpd"/>
|
|
1363
1564
|
<param pos="0" name="service.product" value="ucftpd"/>
|
|
1364
1565
|
</fingerprint>
|
|
1566
|
+
|
|
1365
1567
|
<fingerprint pattern="^Welcome to TBS FTP Server\.$">
|
|
1366
1568
|
<description>TBS FTP Server</description>
|
|
1367
1569
|
<example>Welcome to TBS FTP Server.</example>
|
|
1368
1570
|
<param pos="0" name="service.family" value="TBS FTP Server"/>
|
|
1369
1571
|
<param pos="0" name="service.product" value="TBS FTP Server"/>
|
|
1370
1572
|
</fingerprint>
|
|
1573
|
+
|
|
1371
1574
|
<fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
|
|
1372
1575
|
<description>Sofrel Remote Terminal Unit</description>
|
|
1373
1576
|
<example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
|
|
@@ -1375,9 +1578,10 @@ more text
|
|
|
1375
1578
|
<param pos="0" name="hw.family" value="S500 Range"/>
|
|
1376
1579
|
<param pos="1" name="hw.product"/>
|
|
1377
1580
|
<param pos="2" name="host.id"/>
|
|
1378
|
-
<param pos="0" name="system.time.format" value="HH:mm
|
|
1581
|
+
<param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
|
|
1379
1582
|
<param pos="3" name="system.time"/>
|
|
1380
1583
|
</fingerprint>
|
|
1584
|
+
|
|
1381
1585
|
<fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
|
|
1382
1586
|
<description>ALCATEL Service Router running TiMOS</description>
|
|
1383
1587
|
<example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
|
|
@@ -1388,11 +1592,13 @@ more text
|
|
|
1388
1592
|
<param pos="0" name="hw.family" value="Service Router"/>
|
|
1389
1593
|
<param pos="2" name="hw.product"/>
|
|
1390
1594
|
</fingerprint>
|
|
1595
|
+
|
|
1391
1596
|
<fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
|
|
1392
1597
|
<description>Generic FTP fingerprint with a hostname</description>
|
|
1393
1598
|
<example host.name="example.com">example.com FTP server ready.</example>
|
|
1394
1599
|
<param pos="1" name="host.name"/>
|
|
1395
1600
|
</fingerprint>
|
|
1601
|
+
|
|
1396
1602
|
<fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
|
|
1397
1603
|
<description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
|
|
1398
1604
|
<example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
|
|
@@ -1400,6 +1606,7 @@ more text
|
|
|
1400
1606
|
<param pos="1" name="host.name"/>
|
|
1401
1607
|
<param pos="2" name="service.version"/>
|
|
1402
1608
|
</fingerprint>
|
|
1609
|
+
|
|
1403
1610
|
<fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
|
|
1404
1611
|
<description>Generic FTP fingerprint without a hostname</description>
|
|
1405
1612
|
<example>FTP server is ready.</example>
|
|
@@ -1409,12 +1616,14 @@ more text
|
|
|
1409
1616
|
<example>FTP Server</example>
|
|
1410
1617
|
<example>FTP service ready.</example>
|
|
1411
1618
|
</fingerprint>
|
|
1619
|
+
|
|
1412
1620
|
<fingerprint pattern="^Welcom to ProRat Ftp Server$">
|
|
1413
1621
|
<description>The FTP server of the ProRat malware</description>
|
|
1414
1622
|
<example>Welcom to ProRat Ftp Server</example>
|
|
1415
1623
|
<param pos="0" name="service.vendor" value="Pro Group"/>
|
|
1416
1624
|
<param pos="0" name="service.product" value="ProRat"/>
|
|
1417
1625
|
</fingerprint>
|
|
1626
|
+
|
|
1418
1627
|
<fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
|
|
1419
1628
|
<description>Vermillion FTP Daemon</description>
|
|
1420
1629
|
<example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
|
|
@@ -1428,6 +1637,7 @@ more text
|
|
|
1428
1637
|
<param pos="2" name="service.version"/>
|
|
1429
1638
|
<param pos="1" name="host.name"/>
|
|
1430
1639
|
</fingerprint>
|
|
1640
|
+
|
|
1431
1641
|
<fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
|
|
1432
1642
|
<description>QVT/Net FTP Server</description>
|
|
1433
1643
|
<example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
|
|
@@ -1441,6 +1651,7 @@ more text
|
|
|
1441
1651
|
<param pos="2" name="service.version"/>
|
|
1442
1652
|
<param pos="1" name="host.name"/>
|
|
1443
1653
|
</fingerprint>
|
|
1654
|
+
|
|
1444
1655
|
<fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
|
|
1445
1656
|
<description>Amazon Linux AMI</description>
|
|
1446
1657
|
<example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
|
|
@@ -1449,4 +1660,65 @@ more text
|
|
|
1449
1660
|
<param pos="0" name="os.product" value="Linux AMI"/>
|
|
1450
1661
|
<param pos="1" name="os.version"/>
|
|
1451
1662
|
</fingerprint>
|
|
1452
|
-
|
|
1663
|
+
|
|
1664
|
+
<!-- Below are banners for FTP service providers, not necessarily
|
|
1665
|
+
specific FTP servers-->
|
|
1666
|
+
|
|
1667
|
+
<fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
|
|
1668
|
+
<description>Idea FTP Server</description>
|
|
1669
|
+
<example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
|
|
1670
|
+
<example service.version="0.80" host.name="subdomain.home.pl" host.ip="1.2.3.4">Idea FTP Server 0.80 (subdomain.home.pl) [1.2.3.4]</example>
|
|
1671
|
+
<param pos="0" name="service.vendor" value="Idea"/>
|
|
1672
|
+
<param pos="0" name="service.product" value="FTP Server"/>
|
|
1673
|
+
<param pos="1" name="service.version"/>
|
|
1674
|
+
<param pos="2" name="host.name"/>
|
|
1675
|
+
<param pos="3" name="host.ip"/>
|
|
1676
|
+
</fingerprint>
|
|
1677
|
+
|
|
1678
|
+
<fingerprint pattern="^Amazon Ftp$">
|
|
1679
|
+
<description>Amazon FTP endpoint</description>
|
|
1680
|
+
<example>Amazon Ftp</example>
|
|
1681
|
+
<param pos="0" name="service.vendor" value="Amazon"/>
|
|
1682
|
+
<param pos="0" name="service.product" value="FTP Server"/>
|
|
1683
|
+
</fingerprint>
|
|
1684
|
+
|
|
1685
|
+
<fingerprint pattern="^Dreamhost FTP Server$">
|
|
1686
|
+
<description>Dreamhost FTP endpoint</description>
|
|
1687
|
+
<example>Dreamhost FTP Server</example>
|
|
1688
|
+
<param pos="0" name="service.vendor" value="Dreamhost"/>
|
|
1689
|
+
<param pos="0" name="service.product" value="FTP Server"/>
|
|
1690
|
+
</fingerprint>
|
|
1691
|
+
|
|
1692
|
+
<fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
|
|
1693
|
+
<description>IBM iSeries FTP</description>
|
|
1694
|
+
<example host.name="core.bank.local.">QTCP at core.bank.local.</example>
|
|
1695
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
|
1696
|
+
<param pos="0" name="os.family" value="OS/400"/>
|
|
1697
|
+
<param pos="0" name="os.product" value="OS/400"/>
|
|
1698
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
|
|
1699
|
+
<param pos="1" name="host.name"/>
|
|
1700
|
+
</fingerprint>
|
|
1701
|
+
|
|
1702
|
+
<fingerprint pattern="^HomeLogic FTP Server">
|
|
1703
|
+
<description>ELAN Smart Home Controller</description>
|
|
1704
|
+
<example>HomeLogic FTP Server Please Give User Name</example>
|
|
1705
|
+
<param pos="0" name="hw.vendor" value="ELAN"/>
|
|
1706
|
+
<param pos="0" name="hw.device" value="Building Automation"/>
|
|
1707
|
+
<param pos="0" name="hw.product" value="Home Controller"/>
|
|
1708
|
+
<param pos="0" name="os.vendor" value="ELAN"/>
|
|
1709
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
1710
|
+
</fingerprint>
|
|
1711
|
+
|
|
1712
|
+
<fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
|
|
1713
|
+
<description>Honeywell Thermal Label Printer (Previously Intermec)</description>
|
|
1714
|
+
<example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
|
|
1715
|
+
<param pos="0" name="hw.vendor" value="Honeywell"/>
|
|
1716
|
+
<param pos="1" name="hw.model"/>
|
|
1717
|
+
<param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
|
|
1718
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
|
1719
|
+
<param pos="0" name="os.vendor" value="Honeywell"/>
|
|
1720
|
+
<param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
|
|
1721
|
+
<param pos="0" name="os.device" value="Printer"/>
|
|
1722
|
+
</fingerprint>
|
|
1723
|
+
|
|
1724
|
+
</fingerprints>
|