recog 2.3.5 → 2.3.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (86) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +17 -5
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +7 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +34 -29
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +21 -0
  12. data/features/data/successful_tests.xml +1 -1
  13. data/features/data/tests_with_warnings.xml +1 -1
  14. data/features/match.feature +4 -0
  15. data/features/support/aruba.rb +3 -0
  16. data/features/verify.feature +8 -4
  17. data/identifiers/README.md +56 -0
  18. data/identifiers/hw_device.txt +77 -0
  19. data/identifiers/hw_family.txt +96 -0
  20. data/identifiers/hw_product.txt +328 -0
  21. data/identifiers/os_architecture.txt +20 -0
  22. data/identifiers/os_device.txt +94 -0
  23. data/identifiers/os_family.txt +325 -0
  24. data/identifiers/os_product.txt +420 -0
  25. data/identifiers/service_family.txt +272 -0
  26. data/identifiers/service_product.txt +556 -0
  27. data/identifiers/software_class.txt +26 -0
  28. data/identifiers/software_family.txt +91 -0
  29. data/identifiers/software_product.txt +333 -0
  30. data/identifiers/vendor.txt +890 -0
  31. data/lib/recog/fingerprint.rb +46 -0
  32. data/lib/recog/version.rb +1 -1
  33. data/requirements.txt +1 -1
  34. data/spec/data/verification_fingerprints.xml +86 -0
  35. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  36. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  37. data/spec/lib/recog/fingerprint_spec.rb +89 -0
  38. data/update_cpes.py +1 -1
  39. data/xml/apache_modules.xml +292 -5
  40. data/xml/apache_os.xml +50 -2
  41. data/xml/architecture.xml +19 -7
  42. data/xml/dns_versionbind.xml +113 -11
  43. data/xml/favicons.xml +1700 -0
  44. data/xml/ftp_banners.xml +287 -15
  45. data/xml/h323_callresp.xml +112 -12
  46. data/xml/hp_pjl_id.xml +47 -5
  47. data/xml/html_title.xml +2371 -17
  48. data/xml/http_cookies.xml +82 -7
  49. data/xml/http_servers.xml +839 -41
  50. data/xml/http_wwwauth.xml +154 -27
  51. data/xml/imap_banners.xml +19 -13
  52. data/xml/ldap_searchresult.xml +81 -9
  53. data/xml/mdns_device-info_txt.xml +194 -17
  54. data/xml/mdns_workstation_txt.xml +4 -2
  55. data/xml/mysql_banners.xml +554 -45
  56. data/xml/mysql_error.xml +113 -6
  57. data/xml/nntp_banners.xml +10 -2
  58. data/xml/ntp_banners.xml +95 -11
  59. data/xml/operating_system.xml +90 -3
  60. data/xml/pop_banners.xml +30 -31
  61. data/xml/rsh_resp.xml +11 -2
  62. data/xml/rtsp_servers.xml +96 -0
  63. data/xml/sip_banners.xml +192 -17
  64. data/xml/sip_user_agents.xml +69 -3
  65. data/xml/smb_native_lm.xml +10 -2
  66. data/xml/smb_native_os.xml +80 -2
  67. data/xml/smtp_banners.xml +166 -9
  68. data/xml/smtp_debug.xml +6 -4
  69. data/xml/smtp_ehlo.xml +7 -5
  70. data/xml/smtp_expn.xml +13 -4
  71. data/xml/smtp_help.xml +23 -4
  72. data/xml/smtp_mailfrom.xml +5 -2
  73. data/xml/smtp_noop.xml +6 -5
  74. data/xml/smtp_quit.xml +5 -4
  75. data/xml/smtp_rcptto.xml +5 -2
  76. data/xml/smtp_rset.xml +4 -4
  77. data/xml/smtp_turn.xml +4 -4
  78. data/xml/smtp_vrfy.xml +14 -4
  79. data/xml/snmp_sysdescr.xml +862 -122
  80. data/xml/snmp_sysobjid.xml +47 -2
  81. data/xml/ssh_banners.xml +1153 -192
  82. data/xml/telnet_banners.xml +419 -14
  83. data/xml/x11_banners.xml +27 -4
  84. data/xml/x509_issuers.xml +39 -15
  85. data/xml/x509_subjects.xml +545 -64
  86. metadata +32 -6
data/xml/http_cookies.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.cookie" protocol="http" database_type="service">
3
3
  <!--
4
4
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
5
5
  servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
9
  <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
9
10
  <param pos="1" name="cookie"/>
@@ -12,6 +13,7 @@
12
13
  <param pos="0" name="service.product" value="ColdFusion"/>
13
14
  <param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
14
15
  </fingerprint>
16
+
15
17
  <fingerprint pattern="^ANsession\d+=(\S+);.*">
16
18
  <description>Array Networks Secure Access Gateway / SSL VPN</description>
17
19
  <example>ANsession0002262072457555=IPMI; path=/;secure</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="service.family" value="Secure Access Gateway"/>
21
23
  <param pos="0" name="hw.device" value="VPN"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
24
27
  <description>Apache</description>
25
28
  <param pos="1" name="cookie"/>
@@ -29,6 +32,7 @@
29
32
  <param pos="0" name="service.product" value="HTTPD"/>
30
33
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="^(JServSessionIdroot)=.*">
33
37
  <description>Apache JServ</description>
34
38
  <param pos="1" name="cookie"/>
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="service.family" value="JServ"/>
37
41
  <param pos="0" name="service.product" value="JServ"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
40
45
  <description>ATG Dynamo</description>
41
46
  <param pos="1" name="cookie"/>
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="service.family" value="Dynamo"/>
44
49
  <param pos="0" name="service.product" value="Dynamo"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
47
53
  <description>BEA WebLogic (with timestamp)</description>
48
54
  <param pos="1" name="cookie"/>
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="service.product" value="WebLogic"/>
53
59
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^(WebLogicSession)=.*">
56
63
  <description>BEA WebLogic (no timestamp)</description>
57
64
  <param pos="1" name="cookie"/>
@@ -60,6 +67,7 @@
60
67
  <param pos="0" name="service.product" value="WebLogic"/>
61
68
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
62
69
  </fingerprint>
70
+
63
71
  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
64
72
  <description>BlueCoat Proxy</description>
65
73
  <param pos="1" name="cookie"/>
@@ -67,20 +75,22 @@
67
75
  <param pos="0" name="service.family" value="Proxy"/>
68
76
  <param pos="0" name="service.product" value="Proxy"/>
69
77
  </fingerprint>
78
+
70
79
  <fingerprint pattern="^(CAKEPHP)=.*">
71
80
  <description>CakePHP - http://www.cakephp.org/</description>
72
81
  <param pos="1" name="cookie"/>
73
82
  <param pos="0" name="service.family" value="PHP"/>
74
83
  <param pos="0" name="service.product" value="CakePHP"/>
75
84
  </fingerprint>
85
+
76
86
  <!--
77
87
  For the following two Cisco Content Service Switch fingerprints:
78
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
79
89
  unfortunately, there's no separator so it's hard to tell what the
80
90
  actual break is between the pieces of data.
81
-
82
91
  http://www.cisco.com/warp/public/117/AP_cookies.html
83
92
  -->
93
+
84
94
  <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
85
95
  <description>Cisco 11000 Series Content Service Switch (CSS)</description>
86
96
  <param pos="1" name="cookie"/>
@@ -90,6 +100,7 @@
90
100
  <param pos="0" name="service.family" value="Content Service Switch"/>
91
101
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^(ARPT)=.*">
94
105
  <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
95
106
  <param pos="1" name="cookie"/>
@@ -97,6 +108,7 @@
97
108
  <param pos="0" name="service.family" value="Content Service Switch"/>
98
109
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
99
110
  </fingerprint>
111
+
100
112
  <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
101
113
  <description>Cisco ASA VPN</description>
102
114
  <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
@@ -109,13 +121,15 @@
109
121
  <param pos="0" name="service.product" value="HTTP"/>
110
122
  <param pos="0" name="os.vendor" value="Cisco"/>
111
123
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
112
- <param pos="0" name="os.product" value="VPN"/>
124
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
125
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
113
126
  <param pos="0" name="hw.vendor" value="Cisco"/>
114
127
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
115
128
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
116
129
  <param pos="0" name="hw.device" value="Firewall"/>
117
130
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
118
131
  </fingerprint>
132
+
119
133
  <fingerprint pattern="^(st8id)=.*">
120
134
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
121
135
  <param pos="1" name="cookie"/>
@@ -123,14 +137,31 @@
123
137
  <param pos="0" name="service.family" value="Application Protection System"/>
124
138
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
125
139
  </fingerprint>
126
- <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS])=.*">
140
+
141
+ <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=.*">
127
142
  <description>Citrix NetScaler</description>
128
143
  <example>NSC_AAAC=xyz;</example>
144
+ <example>NSC_TEMP=xyz;</example>
129
145
  <param pos="0" name="os.vendor" value="Citrix"/>
130
146
  <param pos="0" name="os.family" value="NetScaler"/>
131
147
  <param pos="0" name="os.device" value="Network Management Device"/>
132
148
  <param pos="0" name="os.product" value="NetScaler"/>
149
+ <param pos="0" name="service.vendor" value="Citrix"/>
150
+ <param pos="0" name="service.family" value="NetScaler"/>
151
+ <param pos="0" name="service.device" value="Network Management Device"/>
152
+ <param pos="0" name="service.product" value="NetScaler"/>
153
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
154
+ </fingerprint>
155
+
156
+ <fingerprint pattern="^DSSignInURL=/">
157
+ <description>Pulse Secure VPN</description>
158
+ <example>DSSignInURL=/; path=/; secure</example>
159
+ <param pos="0" name="os.vendor" value="Pulse Secure"/>
160
+ <param pos="0" name="os.family" value="SSL-VPN"/>
161
+ <param pos="0" name="os.device" value="SSL-VPN"/>
162
+ <param pos="0" name="os.product" value="SSL-VPN"/>
133
163
  </fingerprint>
164
+
134
165
  <fingerprint pattern="^(EktGUID|ecm)=.*">
135
166
  <description>Ektron CMS400.net</description>
136
167
  <param pos="1" name="cookie"/>
@@ -138,8 +169,10 @@
138
169
  <param pos="0" name="service.family" value="CMS400.NET"/>
139
170
  <param pos="0" name="service.product" value="CMS400.NET"/>
140
171
  </fingerprint>
141
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
172
+
173
+ <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
142
174
  <description>F5 BIG-IP LTM - Server variant</description>
175
+ <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
143
176
  <param pos="1" name="cookie"/>
144
177
  <param pos="2" name="loadbalancer.poolname"/>
145
178
  <param pos="0" name="service.vendor" value="F5"/>
@@ -147,6 +180,7 @@
147
180
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
148
181
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
149
182
  </fingerprint>
183
+
150
184
  <fingerprint pattern="^(BigIPCookie)=.*">
151
185
  <description>F5 BIG-IP LTM</description>
152
186
  <param pos="1" name="cookie"/>
@@ -155,6 +189,7 @@
155
189
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
156
190
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
157
191
  </fingerprint>
192
+
158
193
  <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
159
194
  <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
160
195
  <param pos="1" name="cookie"/>
@@ -162,6 +197,7 @@
162
197
  <param pos="0" name="service.family" value="HAProxy"/>
163
198
  <param pos="0" name="service.product" value="HAProxy"/>
164
199
  </fingerprint>
200
+
165
201
  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
166
202
  <description>IBM Tivoli Access Manager for e-business WebSEAL
167
203
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
@@ -173,6 +209,7 @@
173
209
  <param pos="0" name="service.family" value="Tivoli"/>
174
210
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
175
211
  </fingerprint>
212
+
176
213
  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
177
214
  <description>IBM Tivoli Access Manager for e-business WebSeal
178
215
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
@@ -182,6 +219,7 @@
182
219
  <param pos="0" name="service.family" value="Tivoli"/>
183
220
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
184
221
  </fingerprint>
222
+
185
223
  <fingerprint pattern="^(IBMCBR)=.*">
186
224
  <description>IBM WebSphere Load Balancer</description>
187
225
  <param pos="1" name="cookie"/>
@@ -189,12 +227,14 @@
189
227
  <param pos="0" name="service.family" value="WebSphere"/>
190
228
  <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
191
229
  </fingerprint>
230
+
192
231
  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
193
232
  <description>Joom!Fish http://www.joomfish.net/</description>
194
233
  <param pos="1" name="cookie"/>
195
234
  <param pos="0" name="service.family" value="Joom!Fish"/>
196
235
  <param pos="0" name="service.product" value="Joom!Fish"/>
197
236
  </fingerprint>
237
+
198
238
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
199
239
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
200
240
  <param pos="1" name="cookie"/>
@@ -203,6 +243,7 @@
203
243
  <param pos="0" name="service.product" value="Commerce Server"/>
204
244
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
205
245
  </fingerprint>
246
+
206
247
  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
207
248
  <description>Microsoft IIS (ASP.NET)
208
249
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
@@ -218,6 +259,7 @@
218
259
  <param pos="0" name="service.component.product" value="ASP.NET"/>
219
260
  <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
220
261
  </fingerprint>
262
+
221
263
  <fingerprint pattern="^(AlteonP)=.*">
222
264
  <description>Nortel Alteon Web Switch</description>
223
265
  <param pos="1" name="cookie"/>
@@ -225,6 +267,7 @@
225
267
  <param pos="0" name="service.family" value="Alteon"/>
226
268
  <param pos="0" name="service.product" value="Alteon Web Switch"/>
227
269
  </fingerprint>
270
+
228
271
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
229
272
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
230
273
  <param pos="1" name="cookie"/>
@@ -232,6 +275,7 @@
232
275
  <param pos="0" name="service.family" value="Content Server"/>
233
276
  <param pos="0" name="service.product" value="Content Server"/>
234
277
  </fingerprint>
278
+
235
279
  <fingerprint pattern="^(parkinglot)=.*">
236
280
  <description>Oversee Webserver</description>
237
281
  <param pos="1" name="cookie"/>
@@ -239,6 +283,7 @@
239
283
  <param pos="0" name="service.family" value="Webserver"/>
240
284
  <param pos="0" name="service.product" value="Webserver"/>
241
285
  </fingerprint>
286
+
242
287
  <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
243
288
  <description>PHP - http://www.php.net/ref.session</description>
244
289
  <param pos="1" name="cookie"/>
@@ -247,6 +292,7 @@
247
292
  <param pos="0" name="service.product" value="PHP"/>
248
293
  <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
249
294
  </fingerprint>
295
+
250
296
  <fingerprint pattern="^(RMID)=.*">
251
297
  <description>RealMedia OpenAdStream</description>
252
298
  <param pos="1" name="cookie"/>
@@ -254,6 +300,7 @@
254
300
  <param pos="0" name="service.family" value="OpenAdStream"/>
255
301
  <param pos="0" name="service.product" value="OpenAdStream"/>
256
302
  </fingerprint>
303
+
257
304
  <fingerprint pattern="^(RoxenUserID)=.*">
258
305
  <description>Roxen WebServer</description>
259
306
  <param pos="1" name="cookie"/>
@@ -261,6 +308,7 @@
261
308
  <param pos="0" name="service.family" value="WebServer"/>
262
309
  <param pos="0" name="service.product" value="WebServer"/>
263
310
  </fingerprint>
311
+
264
312
  <fingerprint pattern="^(_sn)=.*">
265
313
  <description>Siebel CRM</description>
266
314
  <param pos="1" name="cookie"/>
@@ -268,6 +316,7 @@
268
316
  <param pos="0" name="service.family" value="CRM"/>
269
317
  <param pos="0" name="service.product" value="CRM"/>
270
318
  </fingerprint>
319
+
271
320
  <!-- This fingerprint is not specific enough. Multiple products are sold under
272
321
  the brand iPlanet/Sun ONE/Sun Java.
273
322
  <fingerprint pattern="^(iPlanetUserId)=.*">
@@ -277,7 +326,9 @@
277
326
  <param pos="0" name="service.family" value="???"/>
278
327
  <param pos="0" name="service.product" value="???"/>
279
328
  </fingerprint>
329
+
280
330
  -->
331
+
281
332
  <fingerprint pattern="^(NSES40Session)=.*">
282
333
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
283
334
  <param pos="1" name="cookie"/>
@@ -287,6 +338,7 @@
287
338
  <param pos="0" name="service.version" value="4.0"/>
288
339
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
289
340
  </fingerprint>
341
+
290
342
  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
291
343
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
292
344
  <param pos="1" name="cookie"/>
@@ -295,6 +347,7 @@
295
347
  <param pos="0" name="service.product" value="Java System Application Server"/>
296
348
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
297
349
  </fingerprint>
350
+
298
351
  <fingerprint pattern="^(fe_typo_user)=.*">
299
352
  <description>TYPO3 CMS - http://typo3.com/</description>
300
353
  <param pos="1" name="cookie"/>
@@ -302,6 +355,7 @@
302
355
  <param pos="0" name="service.family" value="CMS"/>
303
356
  <param pos="0" name="service.product" value="CMS"/>
304
357
  </fingerprint>
358
+
305
359
  <fingerprint pattern="^(SaneID)=.*">
306
360
  <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
307
361
  <param pos="1" name="cookie"/>
@@ -309,6 +363,7 @@
309
363
  <param pos="0" name="service.family" value="NetTracker"/>
310
364
  <param pos="0" name="service.product" value="NetTracker"/>
311
365
  </fingerprint>
366
+
312
367
  <fingerprint pattern="^(__utm[a-z])=.*">
313
368
  <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
314
369
  <param pos="1" name="cookie"/>
@@ -316,6 +371,7 @@
316
371
  <param pos="0" name="service.family" value="Urchin"/>
317
372
  <param pos="0" name="service.product" value="Urchin Tracking Module"/>
318
373
  </fingerprint>
374
+
319
375
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
320
376
  <description>Vignette</description>
321
377
  <param pos="1" name="cookie"/>
@@ -323,6 +379,7 @@
323
379
  <param pos="0" name="service.family" value="Vignette"/>
324
380
  <param pos="0" name="service.product" value="Vignette"/>
325
381
  </fingerprint>
382
+
326
383
  <fingerprint pattern="^(wgSession)=.*">
327
384
  <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
328
385
  <param pos="1" name="cookie"/>
@@ -330,6 +387,7 @@
330
387
  <param pos="0" name="service.family" value="WebGUI"/>
331
388
  <param pos="0" name="service.product" value="WebGUI"/>
332
389
  </fingerprint>
390
+
333
391
  <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
334
392
  <description>WebTrends</description>
335
393
  <param pos="1" name="cookie"/>
@@ -337,20 +395,24 @@
337
395
  <param pos="0" name="service.family" value="WebTrends"/>
338
396
  <param pos="0" name="service.product" value="WebTrends"/>
339
397
  </fingerprint>
398
+
340
399
  <fingerprint pattern="^(_ZopeId)=.*">
341
400
  <description>Zope</description>
342
401
  <param pos="1" name="cookie"/>
343
402
  <param pos="0" name="service.family" value="Zope"/>
344
403
  <param pos="0" name="service.product" value="Zope"/>
345
404
  </fingerprint>
405
+
346
406
  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
347
407
  <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
348
408
  <param pos="1" name="cookie"/>
349
409
  <param pos="2" name="service.version"/>
350
410
  <param pos="0" name="service.vendor" value="Oracle"/>
351
411
  <param pos="0" name="service.family" value="OracleAS"/>
352
- <param pos="0" name="service.product" value="OracleAS Portal"/>
412
+ <param pos="0" name="service.product" value="Application Server Portal"/>
413
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
353
414
  </fingerprint>
415
+
354
416
  <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
355
417
  <description>HP System Management Homepage (SMH)</description>
356
418
  <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
@@ -359,6 +421,7 @@
359
421
  <param pos="0" name="service.family" value="SMH"/>
360
422
  <param pos="0" name="service.product" value="SMH"/>
361
423
  </fingerprint>
424
+
362
425
  <fingerprint pattern="^MoodleSession=">
363
426
  <description>Moodle</description>
364
427
  <example>MoodleSession=uohhsgcain708q5l4gqcmmb5s2; path=/</example>
@@ -367,6 +430,14 @@
367
430
  <param pos="0" name="service.component.product" value="Moodle"/>
368
431
  <param pos="0" name="service.component.cpe23" value="cpe:/a:moodle:moodle:-"/>
369
432
  </fingerprint>
433
+
434
+ <fingerprint pattern="_arachni_webui_session=">
435
+ <description>Arachni Security Scanner</description>
436
+ <example>_arachni_webui_session=el2MMEVVcld3Q2dBc3UvSmtQYmlPckpxSE2CMmlwd1Nja2lvUk5tRG5XYTlnRHJuVVVTblVNMTBOdGhrUU02dzC0K1I0Mnk3d1I3SUlCcngwQkliV3Y5VDBnVVZkOWJsS0VGSlYwM1RGMlVzVDNKcXlrdFNQZ0lIM1VBN3RDZFIrZTBrdjZmdSt0YnV2djh1RFE0S1czUmZQcGxNNW9UWVQydXFCZmNHZDRmTlg4cWludE5SUDRYU2JwdWw4Qmk3dEpDV3ZBejRkbU9ueFJKNG1HenplUEJjem9LU09IM0Z6ZHM4YU00aVpKUHJRVzR3SG8rRzBjWG9jclpqZGd2dmp2TnVGbjkvb0lmanZvM3lPZGhXb3c9PS0tR0dXVWppWnorMG1NNjlXTkYvaEswUT09--44b846e66f558667d7503010a726e2388803136f; path=/; HttpOnly</example>
437
+ <param pos="0" name="service.vendor" value="Arachni"/>
438
+ <param pos="0" name="service.product" value="Arachni"/>
439
+ </fingerprint>
440
+
370
441
  <!--
371
442
  Ignore various cookies that are very generic cookies for session IDs
372
443
  that are not necessarily indicative of any particular
@@ -374,12 +445,14 @@
374
445
  a similar cookie name, you must ensure that it is located prior to
375
446
  these and this is enforced by rspec.
376
447
  -->
448
+
377
449
  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
378
450
  <description>Ignore simple JSESSIONID and related cookies</description>
379
451
  <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
380
452
  <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
381
453
  <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
382
454
  </fingerprint>
455
+
383
456
  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
384
457
  <description>Ignore simple SESSIONID and related cookies</description>
385
458
  <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
@@ -387,8 +460,10 @@
387
460
  <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
388
461
  <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
389
462
  </fingerprint>
463
+
390
464
  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
391
465
  <description>Ignore simple SID and related cookies</description>
392
466
  <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
393
467
  </fingerprint>
394
- </fingerprints>
468
+
469
+ </fingerprints>
data/xml/http_servers.xml CHANGED
@@ -1,6 +1,7 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
3
3
  <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
4
+
4
5
  <fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
5
6
  <description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
6
7
  <example service.version="220.68">AirTunes/220.68</example>
@@ -9,6 +10,7 @@
9
10
  <param pos="1" name="service.version"/>
10
11
  <param pos="0" name="hw.device" value="Media Server"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="(?i)^cpsrvd(?:/([\d\.]+))?$">
13
15
  <description>cPanel Service Daemon</description>
14
16
  <example service.version="11.44.3.0">cpsrvd/11.44.3.0</example>
@@ -17,6 +19,7 @@
17
19
  <param pos="0" name="service.product" value="cPanel Service Daemon"/>
18
20
  <param pos="1" name="service.version"/>
19
21
  </fingerprint>
22
+
20
23
  <fingerprint pattern="(?i)^cwpsrv$">
21
24
  <description>CentOS Web Panel</description>
22
25
  <example>cwpsrv</example>
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Linux"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^Stronghold/(\d\.\d) Apache/([012][\d.]*)\s*(.*)$">
31
35
  <description>Red Hat Stronghold Enterprise Apache</description>
32
36
  <example service.version="1.3.19" service.cpe23="cpe:/a:apache:http_server:1.3.19" service.component.cpe23="cpe:/a:redhat:stronghold:3.0">Stronghold/3.0 Apache/1.3.19 RedHat/3014c</example>
@@ -47,6 +51,7 @@
47
51
  <param pos="0" name="os.family" value="Linux"/>
48
52
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
49
53
  </fingerprint>
54
+
50
55
  <fingerprint pattern="(?i)^Apache/\d$">
51
56
  <description>Apache returning only its major version number</description>
52
57
  <example>Apache/1</example>
@@ -56,6 +61,17 @@
56
61
  <param pos="0" name="service.family" value="Apache"/>
57
62
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
58
63
  </fingerprint>
64
+
65
+ <fingerprint pattern="^Apache ([\d.]+)$">
66
+ <description>Apache returning just version number</description>
67
+ <example service.version="1.3.29">Apache 1.3.29</example>
68
+ <param pos="0" name="service.vendor" value="Apache"/>
69
+ <param pos="0" name="service.product" value="HTTPD"/>
70
+ <param pos="0" name="service.family" value="Apache"/>
71
+ <param pos="1" name="service.version"/>
72
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
73
+ </fingerprint>
74
+
59
75
  <fingerprint pattern="(?i)^Apache$">
60
76
  <description>Apache returning no version information</description>
61
77
  <example>Apache</example>
@@ -65,6 +81,7 @@
65
81
  <param pos="0" name="service.family" value="Apache"/>
66
82
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
67
83
  </fingerprint>
84
+
68
85
  <fingerprint pattern="(?i)^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$">
69
86
  <description>Apache</description>
70
87
  <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
@@ -90,6 +107,7 @@
90
107
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
91
108
  <param pos="2" name="apache.info"/>
92
109
  </fingerprint>
110
+
93
111
  <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
94
112
  <description>Apache CouchDB</description>
95
113
  <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
@@ -98,11 +116,13 @@
98
116
  <param pos="1" name="service.version"/>
99
117
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:couchdb:{service.version}"/>
100
118
  </fingerprint>
119
+
101
120
  <fingerprint pattern="^support@arraynetworks.net$">
102
121
  <description>Array Networks device</description>
103
122
  <example>support@arraynetworks.net</example>
104
123
  <param pos="0" name="service.vendor" value="Array Networks"/>
105
124
  </fingerprint>
125
+
106
126
  <fingerprint pattern="^Check Point SVN foundation$">
107
127
  <description>Check Point Firewall NG</description>
108
128
  <example>Check Point SVN foundation</example>
@@ -120,6 +140,25 @@
120
140
  <param pos="0" name="hw.family" value="Firewall-1"/>
121
141
  <param pos="0" name="hw.product" value="Firewall-1"/>
122
142
  </fingerprint>
143
+
144
+ <fingerprint pattern="^CPWS$">
145
+ <description>Check Point Firewall NG - short version</description>
146
+ <example>CPWS</example>
147
+ <param pos="0" name="service.vendor" value="Check Point"/>
148
+ <param pos="0" name="service.product" value="Firewall-1"/>
149
+ <param pos="0" name="service.family" value="Firewall-1"/>
150
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
151
+ <param pos="0" name="os.vendor" value="Check Point"/>
152
+ <param pos="0" name="os.device" value="Firewall"/>
153
+ <param pos="0" name="os.family" value="Firewall-1"/>
154
+ <param pos="0" name="os.product" value="GAiA OS"/>
155
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
156
+ <param pos="0" name="hw.vendor" value="Check Point"/>
157
+ <param pos="0" name="hw.device" value="Firewall"/>
158
+ <param pos="0" name="hw.family" value="Firewall-1"/>
159
+ <param pos="0" name="hw.product" value="Firewall-1"/>
160
+ </fingerprint>
161
+
123
162
  <fingerprint pattern="^Microsoft-IIS/([1234]\.0)$">
124
163
  <description>Microsoft IIS 1.0 - 4.0 runs on Windows NT 4.0</description>
125
164
  <example>Microsoft-IIS/4.0</example>
@@ -134,6 +173,7 @@
134
173
  <param pos="0" name="os.version" value="4.0"/>
135
174
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:4.0"/>
136
175
  </fingerprint>
176
+
137
177
  <fingerprint pattern="^Microsoft-IIS/5.0$">
138
178
  <description>Microsoft IIS 5.0 runs on Windows 2000</description>
139
179
  <example>Microsoft-IIS/5.0</example>
@@ -147,6 +187,7 @@
147
187
  <param pos="0" name="os.product" value="Windows 2000"/>
148
188
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
149
189
  </fingerprint>
190
+
150
191
  <fingerprint pattern="^Microsoft-IIS/5.1$">
151
192
  <description>Microsoft IIS 5.1 runs on Windows XP</description>
152
193
  <example>Microsoft-IIS/5.1</example>
@@ -160,6 +201,7 @@
160
201
  <param pos="0" name="os.product" value="Windows XP"/>
161
202
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
162
203
  </fingerprint>
204
+
163
205
  <fingerprint pattern="^Microsoft-IIS/6.0$">
164
206
  <description>Microsoft IIS 6.0 runs on Windows Server 2003 (and Windows XP x64)</description>
165
207
  <example>Microsoft-IIS/6.0</example>
@@ -173,6 +215,7 @@
173
215
  <param pos="0" name="os.product" value="Windows Server 2003"/>
174
216
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
175
217
  </fingerprint>
218
+
176
219
  <fingerprint pattern="^Microsoft-IIS/7.0$">
177
220
  <description>Microsoft IIS 7.0 runs on Windows Server 2008 (and Windows Vista)</description>
178
221
  <example>Microsoft-IIS/7.0</example>
@@ -186,6 +229,7 @@
186
229
  <param pos="0" name="os.product" value="Windows Server 2008"/>
187
230
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
188
231
  </fingerprint>
232
+
189
233
  <fingerprint pattern="^Microsoft-IIS/7.5$">
190
234
  <description>Microsoft IIS 7.5 runs on Windows Server 2008 R2 (and Windows 7)</description>
191
235
  <example>Microsoft-IIS/7.5</example>
@@ -199,6 +243,7 @@
199
243
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
200
244
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
201
245
  </fingerprint>
246
+
202
247
  <fingerprint pattern="^Microsoft-IIS/8.0$">
203
248
  <description>Microsoft IIS 8.0 runs on Windows Server 2012 (and Windows 8)</description>
204
249
  <example>Microsoft-IIS/8.0</example>
@@ -212,6 +257,7 @@
212
257
  <param pos="0" name="os.product" value="Windows Server 2012"/>
213
258
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
214
259
  </fingerprint>
260
+
215
261
  <fingerprint pattern="^Microsoft-IIS/8.5$">
216
262
  <description>Microsoft IIS 8.5 runs on Windows Server 2012 R2 (and Windows 8.1)</description>
217
263
  <example>Microsoft-IIS/8.5</example>
@@ -225,6 +271,7 @@
225
271
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
226
272
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
227
273
  </fingerprint>
274
+
228
275
  <fingerprint pattern="^Microsoft-IIS/10.0$">
229
276
  <description>Microsoft IIS 10.0 runs on Windows Server 2016 and 2019</description>
230
277
  <example>Microsoft-IIS/10.0</example>
@@ -235,8 +282,8 @@
235
282
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:10.0"/>
236
283
  <param pos="0" name="os.vendor" value="Microsoft"/>
237
284
  <param pos="0" name="os.family" value="Windows"/>
238
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
239
285
  </fingerprint>
286
+
240
287
  <fingerprint pattern="^Microsoft-IIS/([\d\.]+)$">
241
288
  <description>Microsoft IIS new, unknown Windows version</description>
242
289
  <example>Microsoft-IIS/9.0</example>
@@ -246,6 +293,7 @@
246
293
  <param pos="1" name="service.version"/>
247
294
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
248
295
  </fingerprint>
296
+
249
297
  <fingerprint pattern="^Microsoft-IIS$">
250
298
  <description>Microsoft IIS, no version information</description>
251
299
  <example>Microsoft-IIS</example>
@@ -256,6 +304,7 @@
256
304
  <param pos="0" name="os.vendor" value="Microsoft"/>
257
305
  <param pos="0" name="os.family" value="Windows"/>
258
306
  </fingerprint>
307
+
259
308
  <fingerprint pattern="^MS .NET Remoting, MS .NET CLR (\d+\.\d+\.\d+\.\d+)$">
260
309
  <description>Microsoft .NET Remoting and Common Language Runtime (CLR)</description>
261
310
  <example>MS .NET Remoting, MS .NET CLR 2.0.50727.42</example>
@@ -271,6 +320,7 @@
271
320
  <param pos="0" name="os.product" value="Windows"/>
272
321
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
273
322
  </fingerprint>
323
+
274
324
  <fingerprint pattern="^Microsoft-WinCE/(\d\.\d+)$">
275
325
  <description>Windows CE embedded devices, including HP iPAQ, Palm Treo, Motorola phones, and many more</description>
276
326
  <example os.version="4.10">Microsoft-WinCE/4.10</example>
@@ -287,6 +337,7 @@
287
337
  <param pos="1" name="os.version"/>
288
338
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:{os.version}"/>
289
339
  </fingerprint>
340
+
290
341
  <fingerprint pattern="^Microsoft-PWS/(\d\.\d+)$">
291
342
  <description>Microsoft Personal Web Server runs on Windows 9x, ME, etc.</description>
292
343
  <example>Microsoft-PWS/4.0</example>
@@ -300,6 +351,7 @@
300
351
  <param pos="0" name="os.product" value="Windows"/>
301
352
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
302
353
  </fingerprint>
354
+
303
355
  <fingerprint pattern="^Microsoft-PWS-95/(\d\.\d+)$">
304
356
  <description>Microsoft Personal Web Server for Windows 95</description>
305
357
  <example>Microsoft-PWS-95/4.0</example>
@@ -313,6 +365,7 @@
313
365
  <param pos="0" name="os.product" value="Windows 95"/>
314
366
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_95:-"/>
315
367
  </fingerprint>
368
+
316
369
  <fingerprint pattern="(?i)^mt-daapd(?:/(.+))?$">
317
370
  <description>Firefly Media Server</description>
318
371
  <example service.version="0.2.4.1">mt-daapd/0.2.4.1</example>
@@ -321,6 +374,7 @@
321
374
  <param pos="0" name="service.product" value="Media Server"/>
322
375
  <param pos="1" name="service.version"/>
323
376
  </fingerprint>
377
+
324
378
  <fingerprint pattern="^Apache[ -]Coyote/(\d\.\d)$">
325
379
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Coyote variant</description>
326
380
  <example>Apache-Coyote/1.1</example>
@@ -334,6 +388,7 @@
334
388
  <param pos="0" name="service.component.family" value="Coyote"/>
335
389
  <param pos="1" name="service.component.version"/>
336
390
  </fingerprint>
391
+
337
392
  <fingerprint pattern="^Apache Tomcat$">
338
393
  <description>HTTP connector for Apache Tomcat with no version</description>
339
394
  <example>Apache Tomcat</example>
@@ -342,6 +397,7 @@
342
397
  <param pos="0" name="service.family" value="Tomcat"/>
343
398
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
344
399
  </fingerprint>
400
+
345
401
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
346
402
  <description>JBoss with embedded Tomcat</description>
347
403
  <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -355,6 +411,7 @@
355
411
  <param pos="2" name="service.component.version"/>
356
412
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
357
413
  </fingerprint>
414
+
358
415
  <fingerprint pattern="^Servlet [\d\.]+; Tomcat-(\S+)/JBoss-(\S+) \(build: .*\)$">
359
416
  <description>JBoss with embedded Tomcat - Tomcat build variant</description>
360
417
  <example service.version="4.0.1sp1" service.component.version="5.0.28">Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)</example>
@@ -368,6 +425,7 @@
368
425
  <param pos="1" name="service.component.version"/>
369
426
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
370
427
  </fingerprint>
428
+
371
429
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-([\S]+)(?: \(build.*)?/JBossWeb-(\S+)$">
372
430
  <description>JBoss with JBossweb</description>
373
431
  <example service.version="4.2.3.GA" service.component.version="2.0">Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0</example>
@@ -376,10 +434,12 @@
376
434
  <param pos="0" name="service.product" value="JBoss EAP"/>
377
435
  <param pos="1" name="service.version"/>
378
436
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
379
- <param pos="0" name="service.component.vendor" value="RedHat"/>
437
+ <param pos="0" name="service.component.vendor" value="Red Hat"/>
380
438
  <param pos="0" name="service.component.product" value="JBossWeb"/>
381
439
  <param pos="2" name="service.component.version"/>
440
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:redhat:jboss_web_framework_kit:{service.component.version}"/>
382
441
  </fingerprint>
442
+
383
443
  <fingerprint pattern="^Servlet\/[\d\.]+; JBossAS-(.*)$">
384
444
  <description>JBoss AS</description>
385
445
  <example service.version="6">Servlet/3.0; JBossAS-6</example>
@@ -388,6 +448,7 @@
388
448
  <param pos="1" name="service.version"/>
389
449
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_wildfly_application_server:{service.version}"/>
390
450
  </fingerprint>
451
+
391
452
  <fingerprint pattern="^JBoss-EAP\/(\d+)$">
392
453
  <description>JBoss EAP</description>
393
454
  <example service.version="7">JBoss-EAP/7</example>
@@ -397,6 +458,7 @@
397
458
  <param pos="1" name="service.version"/>
398
459
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
399
460
  </fingerprint>
461
+
400
462
  <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
401
463
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Apache variant</description>
402
464
  <example service.version="4.0.6">Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
@@ -411,6 +473,7 @@
411
473
  <param pos="0" name="service.component.family" value="Apache Tomcat HTTP Connector"/>
412
474
  <param pos="0" name="service.component.product" value="Apache Tomcat HTTP Connector"/>
413
475
  </fingerprint>
476
+
414
477
  <fingerprint pattern="^Tomcat Web Server/(\d\.[\dA-Z.]+)(?: Final)?(?:\s\(([^\)]+)\))?$">
415
478
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server</description>
416
479
  <example>Tomcat Web Server/3.2.2 (JSP 1.1; Servlet 2.2; Java 1.3.1; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)</example>
@@ -424,15 +487,18 @@
424
487
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
425
488
  <param pos="2" name="tomcat.info"/>
426
489
  </fingerprint>
427
- <fingerprint pattern="^Tomcat/(\S+)$">
428
- <description>Apache tomcat with minimal version information</description>
429
- <example>Tomcat/2.1</example>
490
+
491
+ <fingerprint pattern="^(?:Apache )?Tomcat/([\d.]+)$">
492
+ <description>Apache Tomcat with version information</description>
493
+ <example service.version="2.1">Tomcat/2.1</example>
494
+ <example service.version="9.0.5">Apache Tomcat/9.0.5</example>
430
495
  <param pos="0" name="service.vendor" value="Apache"/>
431
496
  <param pos="0" name="service.product" value="Tomcat"/>
432
497
  <param pos="0" name="service.family" value="Tomcat"/>
433
498
  <param pos="1" name="service.version"/>
434
499
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
435
500
  </fingerprint>
501
+
436
502
  <fingerprint pattern="^PDR-M800/1.0$">
437
503
  <description>Merit LILIN PDR M800</description>
438
504
  <example>PDR-M800/1.0</example>
@@ -440,6 +506,7 @@
440
506
  <param pos="0" name="hw.product" value="PDR M800"/>
441
507
  <param pos="0" name="hw.device" value="DVR"/>
442
508
  </fingerprint>
509
+
443
510
  <fingerprint pattern="^PHP/(\S+)$">
444
511
  <description>PHP</description>
445
512
  <example service.component.version="4.4.2-1build1">PHP/4.4.2-1build1</example>
@@ -447,13 +514,16 @@
447
514
  <param pos="0" name="service.component.product" value="PHP"/>
448
515
  <param pos="1" name="service.component.version"/>
449
516
  </fingerprint>
517
+
450
518
  <!-- TODO: Capture ZendServer version in fingerprint -->
519
+
451
520
  <fingerprint pattern="^PHP/(\S+)\s+ZendServer/\S+$">
452
521
  <description>PHP with ZendServer</description>
453
522
  <example service.component.version="5.3.14">PHP/5.3.14 ZendServer/5.0</example>
454
523
  <param pos="0" name="service.component.product" value="PHP"/>
455
524
  <param pos="1" name="service.component.version"/>
456
525
  </fingerprint>
526
+
457
527
  <fingerprint pattern="^Oracle Application Server Containers for J2EE 10g \(([\d.]+)\)$">
458
528
  <description>Oracle Application Server Containers for J2EE 10g</description>
459
529
  <example>Oracle Application Server Containers for J2EE 10g (9.0.4.0.0)</example>
@@ -462,6 +532,7 @@
462
532
  <param pos="0" name="service.family" value="Oracle"/>
463
533
  <param pos="1" name="service.version"/>
464
534
  </fingerprint>
535
+
465
536
  <fingerprint pattern="^Oracle Containers for J2EE$">
466
537
  <description>Oracle Application Server Containers for J2EE</description>
467
538
  <example>Oracle Containers for J2EE</example>
@@ -469,6 +540,7 @@
469
540
  <param pos="0" name="service.product" value="Oracle Application Server Containers"/>
470
541
  <param pos="0" name="service.family" value="Oracle"/>
471
542
  </fingerprint>
543
+
472
544
  <fingerprint pattern="^Oracle Application Server/10g \(([\d.]+)\) Apache/([12][\d.]+)\s*(.*)$">
473
545
  <description>Oracle Application Server 10g with Apache info (powered by Apache)</description>
474
546
  <example>Oracle Application Server/10g (10.1.2) Apache/1.3.34 (Unix) mod_perl/1.29 mod_jk/1.2.14 OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=119642322340,0)</example>
@@ -481,7 +553,9 @@
481
553
  <param pos="0" name="apache.variant" value="Oracle"/>
482
554
  <param pos="1" name="apache.variant.version"/>
483
555
  </fingerprint>
556
+
484
557
  <!-- TODO: this needs to be improved -->
558
+
485
559
  <fingerprint pattern="^Oracle-Application-Server-\d+[ig](?:[ /]([\d.]+) (?:\(.*\)|Oracle-HTTP-Server\s*(.*)))?$">
486
560
  <description>Oracle Application Server 10g (powered by Apache)</description>
487
561
  <example>Oracle-Application-Server-11g</example>
@@ -498,6 +572,7 @@
498
572
  <param pos="0" name="apache.variant" value="Oracle"/>
499
573
  <param pos="1" name="apache.variant.version"/>
500
574
  </fingerprint>
575
+
501
576
  <fingerprint pattern="^Oracle9iAS/([\d.]+) Oracle HTTP Server\s*(.*)$">
502
577
  <description>Oracle 9i Application Server</description>
503
578
  <example>Oracle9iAS/9.0.2.3.0 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.3.0 (N)</example>
@@ -510,6 +585,7 @@
510
585
  <param pos="0" name="apache.variant" value="Oracle"/>
511
586
  <param pos="1" name="apache.variant.version"/>
512
587
  </fingerprint>
588
+
513
589
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache/([12][\d.]*)\s*(.*)$">
514
590
  <description>Oracle HTTP Server (powered by Apache) - version string variant</description>
515
591
  <example>Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a</example>
@@ -523,6 +599,7 @@
523
599
  <param pos="2" name="apache.info"/>
524
600
  <param pos="0" name="apache.variant" value="Oracle"/>
525
601
  </fingerprint>
602
+
526
603
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache$">
527
604
  <description>Oracle HTTP Server (powered by Apache)</description>
528
605
  <example>Oracle HTTP Server Powered by Apache</example>
@@ -532,6 +609,25 @@
532
609
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
533
610
  <param pos="0" name="apache.variant" value="Oracle"/>
534
611
  </fingerprint>
612
+
613
+ <fingerprint pattern="^Oracle-Web-Cache-11g/([\d.]+) \(N;ecid=[^)]+\)$">
614
+ <description>Oracle Web Cache</description>
615
+ <example service.version="11.1.1.9.0">Oracle-Web-Cache-11g/11.1.1.9.0 (N;ecid=93620137613024,0:1)</example>
616
+ <param pos="0" name="service.vendor" value="Oracle"/>
617
+ <param pos="0" name="service.product" value="Web Cache"/>
618
+ <param pos="1" name="service.version"/>
619
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:web_cache:{service.version}"/>
620
+ </fingerprint>
621
+
622
+ <fingerprint pattern="^OracleAS-Web-Cache-10g/([\d.]+).*">
623
+ <description>Oracle Application Server Web Cache</description>
624
+ <example service.version="10.1.2.3.0">OracleAS-Web-Cache-10g/10.1.2.3.0</example>
625
+ <param pos="0" name="service.vendor" value="Oracle"/>
626
+ <param pos="0" name="service.product" value="Application Server Web Cache"/>
627
+ <param pos="1" name="service.version"/>
628
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_web_cache:{service.version}"/>
629
+ </fingerprint>
630
+
535
631
  <fingerprint pattern="^HP Apache-based Web Server/([012][\d.]*)\s*\(Unix\)\s*(.*)$">
536
632
  <description>Apache running on HP-UX</description>
537
633
  <example>HP Apache-based Web Server/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c</example>
@@ -548,6 +644,7 @@
548
644
  <param pos="0" name="os.product" value="HP-UX"/>
549
645
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
550
646
  </fingerprint>
647
+
551
648
  <fingerprint pattern="^CompaqHTTPServer/([0-9.]*)(?: HP System Management Homepage(?:/.*)?)?$">
552
649
  <description>HP/Compaq HTTP Server</description>
553
650
  <example>CompaqHTTPServer/9.9 HP System Management Homepage/2.1.5.146</example>
@@ -560,6 +657,7 @@
560
657
  <param pos="0" name="service.family" value="Compaq HTTP Server"/>
561
658
  <param pos="1" name="service.version"/>
562
659
  </fingerprint>
660
+
563
661
  <fingerprint pattern="^HPSMH$">
564
662
  <description>HP System Management Homepage (SMH)</description>
565
663
  <example>HPSMH</example>
@@ -567,6 +665,7 @@
567
665
  <param pos="0" name="service.family" value="SMH"/>
568
666
  <param pos="0" name="service.product" value="SMH"/>
569
667
  </fingerprint>
668
+
570
669
  <fingerprint pattern="(?i)^eHTTP[/ ]v?(\d+\.\d+)">
571
670
  <description>HTTP Server present on seemingly only HP ProCurve network devices</description>
572
671
  <example service.version="1.1">EHTTP/1.1</example>
@@ -579,6 +678,7 @@
579
678
  <param pos="0" name="os.family" value="ProCurve"/>
580
679
  <param pos="0" name="os.certainty" value="0.75"/>
581
680
  </fingerprint>
681
+
582
682
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
583
683
  <description>HP Openview Coda (Communications Daemon)</description>
584
684
  <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
@@ -593,6 +693,7 @@
593
693
  <param pos="0" name="service.component.product" value="CODA"/>
594
694
  <param pos="1" name="service.component.version"/>
595
695
  </fingerprint>
696
+
596
697
  <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
597
698
  <description>OpenView Reverse Channel Proxy (RCP)</description>
598
699
  <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
@@ -605,6 +706,7 @@
605
706
  <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
606
707
  <param pos="1" name="service.component.version"/>
607
708
  </fingerprint>
709
+
608
710
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
609
711
  <description>HP Openview LLBServer (Local Location Broker)</description>
610
712
  <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
@@ -618,6 +720,7 @@
618
720
  <param pos="0" name="service.component.product" value="LLBServer"/>
619
721
  <param pos="1" name="service.component.version"/>
620
722
  </fingerprint>
723
+
621
724
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
622
725
  <description>OpenView Communication Broker (ovbbccb)</description>
623
726
  <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
@@ -631,6 +734,7 @@
631
734
  <param pos="0" name="service.component.product" value="Communication Broker"/>
632
735
  <param pos="1" name="service.component.version"/>
633
736
  </fingerprint>
737
+
634
738
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
635
739
  <description>OpenView Communication Broker (ovbbccb) with no version</description>
636
740
  <example>BBC 11.13.007; ovbbccb unknown version</example>
@@ -642,6 +746,7 @@
642
746
  <param pos="0" name="service.component.family" value="OpenView"/>
643
747
  <param pos="0" name="service.component.product" value="Communication Broker"/>
644
748
  </fingerprint>
749
+
645
750
  <fingerprint pattern="^UOS$">
646
751
  <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
647
752
  <example>UOS</example>
@@ -655,6 +760,7 @@
655
760
  <param pos="0" name="hw.family" value="TippingPoint"/>
656
761
  <param pos="0" name="hw.device" value="IPS"/>
657
762
  </fingerprint>
763
+
658
764
  <fingerprint pattern="^uc-httpd[ \/]([\d.]+)$">
659
765
  <description>Xiongmai Tech uc-httpd</description>
660
766
  <example service.version="1.0.0">uc-httpd 1.0.0</example>
@@ -663,6 +769,7 @@
663
769
  <param pos="0" name="service.product" value="uc-httpd"/>
664
770
  <param pos="1" name="service.version"/>
665
771
  </fingerprint>
772
+
666
773
  <fingerprint pattern="^micro_httpd$">
667
774
  <description>ACME micro_httpd</description>
668
775
  <example>micro_httpd</example>
@@ -670,6 +777,7 @@
670
777
  <param pos="0" name="service.product" value="micro_httpd"/>
671
778
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:micro_httpd:-"/>
672
779
  </fingerprint>
780
+
673
781
  <fingerprint pattern="^mini_httpd$">
674
782
  <description>ACME mini_httpd</description>
675
783
  <example>mini_httpd</example>
@@ -677,6 +785,7 @@
677
785
  <param pos="0" name="service.product" value="mini_httpd"/>
678
786
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
679
787
  </fingerprint>
788
+
680
789
  <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
681
790
  <description>LiteSpeed</description>
682
791
  <example>LiteSpeed</example>
@@ -685,6 +794,7 @@
685
794
  <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
686
795
  <param pos="1" name="service.version"/>
687
796
  </fingerprint>
797
+
688
798
  <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
689
799
  <description>Idea Web Server</description>
690
800
  <example service.version="0.83.74">IdeaWebServer/0.83.74</example>
@@ -693,6 +803,7 @@
693
803
  <param pos="0" name="service.product" value="Idea Web Server"/>
694
804
  <param pos="1" name="service.version"/>
695
805
  </fingerprint>
806
+
696
807
  <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
697
808
  <description>OpenResty OpenResty</description>
698
809
  <example>openresty</example>
@@ -700,14 +811,18 @@
700
811
  <param pos="0" name="service.vendor" value="OpenResty"/>
701
812
  <param pos="0" name="service.product" value="OpenResty"/>
702
813
  <param pos="1" name="service.version"/>
814
+ <param pos="0" name="service.cpe23" value="cpe:/a:openresty:openresty:{service.version}"/>
703
815
  </fingerprint>
816
+
704
817
  <fingerprint pattern="^gunicorn\/([\d.]+)+$">
705
818
  <description>Gunicorn Gunicorn</description>
706
819
  <example service.version="19.7.1">gunicorn/19.7.1</example>
707
820
  <param pos="0" name="service.vendor" value="Gunicorn"/>
708
821
  <param pos="0" name="service.product" value="Gunicorn"/>
709
822
  <param pos="1" name="service.version"/>
823
+ <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:{service.version}"/>
710
824
  </fingerprint>
825
+
711
826
  <fingerprint pattern="^Serv-U\/([\d.]+)$">
712
827
  <description>Serv-U HTTP interface</description>
713
828
  <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
@@ -716,6 +831,26 @@
716
831
  <param pos="0" name="service.product" value="FTP Server"/>
717
832
  <param pos="1" name="service.version"/>
718
833
  </fingerprint>
834
+
835
+ <fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
836
+ <description>Wing FTP HTTP interface - with version</description>
837
+ <example service.version="3.6.0">Wing FTP Server/3.6.0(customer name here)</example>
838
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
839
+ <param pos="0" name="service.family" value="Wing FTP"/>
840
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
841
+ <param pos="1" name="service.version"/>
842
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:{service.version}"/>
843
+ </fingerprint>
844
+
845
+ <fingerprint pattern="^Wing FTP Server\([^)]*\)$">
846
+ <description>Wing FTP HTTP interface - no version</description>
847
+ <example>Wing FTP Server(customer name here)</example>
848
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
849
+ <param pos="0" name="service.family" value="Wing FTP"/>
850
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
851
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:-"/>
852
+ </fingerprint>
853
+
719
854
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
720
855
  <description>Sonos Bridge/ZoneBridge</description>
721
856
  <example hw.model="BR100" hw.version="47.2-59120">Linux UPnP/1.0 Sonos/47.2-59120 (BR100)</example>
@@ -726,6 +861,7 @@
726
861
  <param pos="2" name="hw.model"/>
727
862
  <param pos="0" name="os.product" value="Linux"/>
728
863
  </fingerprint>
864
+
729
865
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
730
866
  <description>Sonos Subwoofer Speaker</description>
731
867
  <example>Linux UPnP/1.0 Sonos/31.3-22220 (ANVIL)</example>
@@ -735,6 +871,7 @@
735
871
  <param pos="1" name="hw.version"/>
736
872
  <param pos="0" name="os.product" value="Linux"/>
737
873
  </fingerprint>
874
+
738
875
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ZP(S?\d+)\)$">
739
876
  <description>Sonos PLAY/ZonePlayer wireless speaker</description>
740
877
  <example hw.model="S1" hw.version="39.2-47040c">Linux UPnP/1.0 Sonos/39.2-47040c (ZPS1)</example>
@@ -747,6 +884,7 @@
747
884
  <param pos="2" name="hw.model"/>
748
885
  <param pos="0" name="os.product" value="Linux"/>
749
886
  </fingerprint>
887
+
750
888
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(WD(\d+)\)$">
751
889
  <description>Sonos Wireless Dock</description>
752
890
  <example hw.model="100" hw.version="36.4-41270">Linux UPnP/1.0 Sonos/36.4-41270 (WD100)</example>
@@ -757,6 +895,7 @@
757
895
  <param pos="2" name="hw.model"/>
758
896
  <param pos="0" name="os.product" value="Linux"/>
759
897
  </fingerprint>
898
+
760
899
  <fingerprint pattern="^Varnish(?:[- ]Cache)?$">
761
900
  <description>Varnish Cache</description>
762
901
  <example>Varnish</example>
@@ -766,6 +905,7 @@
766
905
  <param pos="0" name="service.product" value="Varnish"/>
767
906
  <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
768
907
  </fingerprint>
908
+
769
909
  <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
770
910
  <description>Tengine</description>
771
911
  <example>Tengine</example>
@@ -775,6 +915,7 @@
775
915
  <param pos="0" name="service.product" value="Tengine"/>
776
916
  <param pos="1" name="service.version"/>
777
917
  </fingerprint>
918
+
778
919
  <fingerprint pattern="^Mikrotik HttpProxy$">
779
920
  <description>MikroTik RouterOS - Proxy service</description>
780
921
  <example>Mikrotik HttpProxy</example>
@@ -787,6 +928,7 @@
787
928
  <param pos="0" name="hw.vendor" value="MikroTik"/>
788
929
  <param pos="0" name="hw.device" value="Router"/>
789
930
  </fingerprint>
931
+
790
932
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
791
933
  <description>RealMedia Helix Server - Windows</description>
792
934
  <example>Helix Server Version 9.0.4.960 (win32) (RealServer compatible)</example>
@@ -799,6 +941,7 @@
799
941
  <param pos="0" name="service.family" value="Helix Server"/>
800
942
  <param pos="1" name="service.version"/>
801
943
  </fingerprint>
944
+
802
945
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(linux-\S+\) \(RealServer compatible\)$">
803
946
  <description>RealMedia Helix Server - Linux</description>
804
947
  <example>Helix Server Version 9.0.4.960 (linux-2.2-libc6-i586-server) (RealServer compatible)</example>
@@ -809,6 +952,7 @@
809
952
  <param pos="0" name="service.family" value="Helix Server"/>
810
953
  <param pos="1" name="service.version"/>
811
954
  </fingerprint>
955
+
812
956
  <fingerprint pattern="^ReeCam IP Camera$">
813
957
  <description>Shenzhen ReeCam cameras</description>
814
958
  <example>ReeCam IP Camera</example>
@@ -816,12 +960,14 @@
816
960
  <param pos="0" name="hw.product" value="ReeCam"/>
817
961
  <param pos="0" name="hw.device" value="Web cam"/>
818
962
  </fingerprint>
963
+
819
964
  <fingerprint pattern="^Netwave IP Camera$">
820
965
  <description>Netwave cameras</description>
821
966
  <example>Netwave IP Camera</example>
822
967
  <param pos="0" name="hw.vendor" value="Netwave"/>
823
968
  <param pos="0" name="hw.device" value="Web cam"/>
824
969
  </fingerprint>
970
+
825
971
  <fingerprint pattern="^Cougar/([0-9.]*)$">
826
972
  <description>Windows Media Services (older versions)</description>
827
973
  <example>Cougar/9.01.01.3841</example>
@@ -834,6 +980,7 @@
834
980
  <param pos="0" name="service.family" value="Windows Media Services"/>
835
981
  <param pos="1" name="service.version"/>
836
982
  </fingerprint>
983
+
837
984
  <fingerprint pattern="^WMServer/([0-9.]*)$">
838
985
  <description>Windows Media Services (newer versions)</description>
839
986
  <example>WMServer/9.1.1.3841</example>
@@ -846,6 +993,7 @@
846
993
  <param pos="0" name="service.family" value="Windows Media Services"/>
847
994
  <param pos="1" name="service.version"/>
848
995
  </fingerprint>
996
+
849
997
  <fingerprint pattern="^Microsoft-HTTPAPI/(?:[0-9\.]*)$">
850
998
  <description>Generic Microsoft HTTP service</description>
851
999
  <example>Microsoft-HTTPAPI/2.0</example>
@@ -854,6 +1002,7 @@
854
1002
  <param pos="0" name="os.product" value="Windows"/>
855
1003
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
856
1004
  </fingerprint>
1005
+
857
1006
  <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
858
1007
  <description>Generic IP Cameras</description>
859
1008
  <example>camera</example>
@@ -861,6 +1010,7 @@
861
1010
  <example>Mini Dome IP Camera</example>
862
1011
  <param pos="0" name="hw.device" value="Web cam"/>
863
1012
  </fingerprint>
1013
+
864
1014
  <fingerprint pattern="^ASP.NET$">
865
1015
  <description>Something written in ASP.NET</description>
866
1016
  <example>ASP.NET</example>
@@ -870,6 +1020,7 @@
870
1020
  <param pos="0" name="os.certainty" value="0.6"/>
871
1021
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
872
1022
  </fingerprint>
1023
+
873
1024
  <fingerprint pattern="^[Xx]itami$">
874
1025
  <description>Xitami web server</description>
875
1026
  <example>Xitami</example>
@@ -877,6 +1028,7 @@
877
1028
  <param pos="0" name="service.product" value="HTTP"/>
878
1029
  <param pos="0" name="service.family" value="Webserver"/>
879
1030
  </fingerprint>
1031
+
880
1032
  <fingerprint pattern="^VCS-VIDOS-NVR$">
881
1033
  <description>Bosch VCS VIDOS-NVR network video recorder</description>
882
1034
  <example>VCS-VIDOS-NVR</example>
@@ -886,12 +1038,14 @@
886
1038
  <param pos="0" name="hw.vendor" value="Bosch"/>
887
1039
  <param pos="0" name="hw.device" value="DVR"/>
888
1040
  </fingerprint>
1041
+
889
1042
  <fingerprint pattern="^FUHO-DVR$">
890
1043
  <description>FUHO Surveillance/DVR</description>
891
1044
  <example>FUHO-DVR</example>
892
1045
  <param pos="0" name="hw.vendor" value="FUHO"/>
893
1046
  <param pos="0" name="hw.device" value="DVR"/>
894
1047
  </fingerprint>
1048
+
895
1049
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
896
1050
  <description>HeiTel Digital Video Recorder</description>
897
1051
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -901,6 +1055,7 @@
901
1055
  <param pos="0" name="hw.vendor" value="HeiTel"/>
902
1056
  <param pos="0" name="hw.device" value="DVR"/>
903
1057
  </fingerprint>
1058
+
904
1059
  <fingerprint pattern="^MiniServ/([0-9.]*)$">
905
1060
  <description>mini_httpd</description>
906
1061
  <example>MiniServ/0.01</example>
@@ -908,6 +1063,7 @@
908
1063
  <param pos="0" name="service.family" value="WebServer"/>
909
1064
  <param pos="1" name="service.version"/>
910
1065
  </fingerprint>
1066
+
911
1067
  <fingerprint pattern="^IBM HTTP Server/(V\d+R\d+M\d+)$">
912
1068
  <description>IBM HTTP server running on AS/400</description>
913
1069
  <example>IBM HTTP Server/V5R3M0</example>
@@ -920,7 +1076,9 @@
920
1076
  <param pos="0" name="os.family" value="OS/400"/>
921
1077
  <param pos="0" name="os.product" value="OS/400"/>
922
1078
  <param pos="1" name="os.version"/>
1079
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
923
1080
  </fingerprint>
1081
+
924
1082
  <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
925
1083
  <description>IBM HTTP Server</description>
926
1084
  <example>IBM_HTTP_SERVER/1.3.19.2 Apache/1.3.20 (Win32)</example>
@@ -942,6 +1100,7 @@
942
1100
  <param pos="0" name="apache.variant" value="IBM"/>
943
1101
  <param pos="1" name="apache.variant.version"/>
944
1102
  </fingerprint>
1103
+
945
1104
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$">
946
1105
  <description>IBM HTTP Server with hardly useful version info</description>
947
1106
  <example>IBM-HTTP-Server/1.0</example>
@@ -953,6 +1112,7 @@
953
1112
  <param pos="0" name="apache.variant" value="IBM"/>
954
1113
  <param pos="1" name="apache.variant.version"/>
955
1114
  </fingerprint>
1115
+
956
1116
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
957
1117
  <description>IBM HTTP Server with no version info</description>
958
1118
  <example>IBM_HTTP_SERVER</example>
@@ -963,9 +1123,11 @@
963
1123
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
964
1124
  <param pos="0" name="apache.variant" value="IBM"/>
965
1125
  </fingerprint>
1126
+
966
1127
  <!--
967
1128
  Netscape/Sun's Application Server
968
1129
  -->
1130
+
969
1131
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server( \d\.[\d_]+)?$">
970
1132
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
971
1133
  <example>Sun-Java-System/Application-Server</example>
@@ -975,6 +1137,7 @@
975
1137
  <param pos="1" name="service.version"/>
976
1138
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:{service.version}"/>
977
1139
  </fingerprint>
1140
+
978
1141
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server Platform Edition (\d\.[\d_]+)?$">
979
1142
  <description>Sun Java System Application Server Platform Edition(formerly iPlanet Application Server, Sun ONE Application Server)</description>
980
1143
  <example>Sun Java System Application Server Platform Edition 9.0</example>
@@ -984,22 +1147,35 @@
984
1147
  <param pos="0" name="service.product" value="Java System Application Server Platform Edition"/>
985
1148
  <param pos="1" name="service.version"/>
986
1149
  </fingerprint>
1150
+
987
1151
  <fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
988
1152
  <description>Glassfish with version information</description>
989
- <example>Sun GlassFish Enterprise Server v2.1</example>
1153
+ <example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
1154
+ <param pos="0" name="service.vendor" value="Sun"/>
1155
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1156
+ <param pos="1" name="service.version"/>
1157
+ </fingerprint>
1158
+
1159
+ <fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
1160
+ <description>Glassfish Open Source Edition with version information</description>
1161
+ <example service.version="4.1.2">GlassFish Server Open Source Edition 4.1.2</example>
1162
+ <example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
990
1163
  <param pos="0" name="service.vendor" value="Sun"/>
991
- <param pos="0" name="service.product" value="GlassFish"/>
1164
+ <param pos="0" name="service.product" value="GlassFish Server"/>
992
1165
  <param pos="1" name="service.version"/>
993
1166
  </fingerprint>
1167
+
994
1168
  <fingerprint pattern="^GlassFish$">
995
1169
  <description>Glassfish without version information</description>
996
1170
  <example>GlassFish</example>
997
1171
  <param pos="0" name="service.vendor" value="Sun"/>
998
- <param pos="0" name="service.product" value="GlassFish"/>
1172
+ <param pos="0" name="service.product" value="GlassFish Server"/>
999
1173
  </fingerprint>
1174
+
1000
1175
  <!--
1001
1176
  Netscape/Sun's Web Server
1002
1177
  -->
1178
+
1003
1179
  <fingerprint pattern="^Netscape-Enterprise/(\d+\.[\w\s.]+)$">
1004
1180
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
1005
1181
  <example>Netscape-Enterprise/3.5.1</example>
@@ -1011,6 +1187,7 @@
1011
1187
  <param pos="1" name="service.version"/>
1012
1188
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:{service.version}"/>
1013
1189
  </fingerprint>
1190
+
1014
1191
  <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
1015
1192
  <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web Server and Sun ONE Web Server)</description>
1016
1193
  <example>Sun-Java-System-Web-Server/7.0</example>
@@ -1020,19 +1197,20 @@
1020
1197
  <param pos="0" name="service.product" value="Java System Web Server"/>
1021
1198
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:-"/>
1022
1199
  </fingerprint>
1200
+
1023
1201
  <!--
1024
1202
  Netscape/Sun's Web Proxy Server
1025
1203
  -->
1204
+
1026
1205
  <!--
1027
1206
  Header seen on admin port 8081 (not regular proxy port 8080) of Sun Java
1028
1207
  System Web Proxy Server 3.6 Service Pack 4 running on Windows:
1029
-
1030
1208
  Server: Netscape-Administrator/3.54
1031
-
1032
1209
  However this header might be used by Web Server too, so it might be
1033
1210
  impossible to differentiate Web Server from Web Proxy Server. Also note how
1034
1211
  there seems to be no relation between 3.54 and "3.6 Service Pack 4".
1035
1212
  -->
1213
+
1036
1214
  <fingerprint pattern="^iPlanet-Web-Proxy-Server/(.*)$">
1037
1215
  <description>iPlanet WebProxy Server (subsequently Sun ONE WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1038
1216
  <example>iPlanet-Web-Proxy-Server/3.6</example>
@@ -1043,6 +1221,7 @@
1043
1221
  <param pos="1" name="service.version"/>
1044
1222
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1045
1223
  </fingerprint>
1224
+
1046
1225
  <fingerprint pattern="^Sun-ONE-Web-Proxy-Server/(.*)$">
1047
1226
  <description>Sun ONE WebProxy Server (formerly iPlanet WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1048
1227
  <example service.version="3.6-SP4">Sun-ONE-Web-Proxy-Server/3.6-SP4</example>
@@ -1052,6 +1231,7 @@
1052
1231
  <param pos="1" name="service.version"/>
1053
1232
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1054
1233
  </fingerprint>
1234
+
1055
1235
  <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(\d\.[\d.]+)$">
1056
1236
  <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server, Sun ONE WebProxy Server)</description>
1057
1237
  <example>Sun-Java-System-Web-Proxy-Server/4.0.2</example>
@@ -1062,6 +1242,7 @@
1062
1242
  <param pos="1" name="service.version"/>
1063
1243
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1064
1244
  </fingerprint>
1245
+
1065
1246
  <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
1066
1247
  <description>Sun Integrated Lights Out Manager (ILOM) usually bundled with Sun Fire servers</description>
1067
1248
  <example>Sun-ILOM-Web-Server/1.0</example>
@@ -1071,6 +1252,7 @@
1071
1252
  <param pos="0" name="hw.vendor" value="Sun"/>
1072
1253
  <param pos="0" name="hw.family" value="Sun Fire"/>
1073
1254
  </fingerprint>
1255
+
1074
1256
  <fingerprint pattern="^HP-iLO-Server/(?:[\S]+)">
1075
1257
  <description>HP Integrated Lights Out Manager (iLO). Version in the Server header (found on in iLO4) is the firmware version and is not currently used.</description>
1076
1258
  <example>HP-iLO-Server/1.30</example>
@@ -1085,12 +1267,14 @@
1085
1267
  <param pos="0" name="os.family" value="iLO"/>
1086
1268
  <param pos="0" name="os.device" value="Lights Out Management"/>
1087
1269
  </fingerprint>
1270
+
1088
1271
  <!--
1089
1272
  TODO:
1090
-
1091
1273
  Sun_WebServer/2.1
1092
1274
  -->
1275
+
1093
1276
  <!-- Mort Bay Jetty 1.0 to 6.x -->
1277
+
1094
1278
  <fingerprint pattern="^Jetty\/([1-6]\.[\w.]+)(?: \(([^)]*))?">
1095
1279
  <description>Mort Bay Jetty with info</description>
1096
1280
  <example service.version="4.0.1" jetty.info="SunOS 5.8 sparc">Jetty/4.0.1 (SunOS 5.8 sparc)</example>
@@ -1105,6 +1289,7 @@
1105
1289
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1106
1290
  <param pos="2" name="jetty.info"/>
1107
1291
  </fingerprint>
1292
+
1108
1293
  <fingerprint pattern="^Jetty\(([1-6]\S+)\)$">
1109
1294
  <description>Mort Bay Jetty</description>
1110
1295
  <example service.version="1.4.5">Jetty(1.4.5)</example>
@@ -1115,10 +1300,12 @@
1115
1300
  <param pos="1" name="service.version"/>
1116
1301
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1117
1302
  </fingerprint>
1303
+
1118
1304
  <!--
1119
1305
  Jetty moved to Eclipse.org at version 7, CVEs after this version are
1120
1306
  associated with Eclipse CPEs.
1121
1307
  -->
1308
+
1122
1309
  <fingerprint pattern="^Jetty\((\S+)\)$">
1123
1310
  <description>Eclipse Jetty</description>
1124
1311
  <example service.version="7.6.9.v20130131">Jetty(7.6.9.v20130131)</example>
@@ -1130,6 +1317,7 @@
1130
1317
  <param pos="1" name="service.version"/>
1131
1318
  <param pos="0" name="service.cpe23" value="cpe:/a:eclipse:jetty:{service.version}"/>
1132
1319
  </fingerprint>
1320
+
1133
1321
  <fingerprint pattern="^(?i)squid/(\d+\.[\w.\-\+]+)$">
1134
1322
  <description>Squid Web Proxy with a version</description>
1135
1323
  <example service.version="2.3.STABLE1">Squid/2.3.STABLE1</example>
@@ -1141,6 +1329,7 @@
1141
1329
  <param pos="1" name="service.version"/>
1142
1330
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:{service.version}"/>
1143
1331
  </fingerprint>
1332
+
1144
1333
  <fingerprint pattern="^(?i)squid$">
1145
1334
  <description>Squid Web Proxy without a version</description>
1146
1335
  <example>Squid</example>
@@ -1150,6 +1339,7 @@
1150
1339
  <param pos="0" name="service.family" value="Squid"/>
1151
1340
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:-"/>
1152
1341
  </fingerprint>
1342
+
1153
1343
  <fingerprint pattern="^thttpd/(\d\.[\w.]+)-MX\s*.*$">
1154
1344
  <description>thttpd with SSL support</description>
1155
1345
  <example>thttpd/2.19-MX Jan 24 2006</example>
@@ -1158,6 +1348,7 @@
1158
1348
  <param pos="1" name="service.version"/>
1159
1349
  <param pos="0" name="thttpd.mx-patch" value="enabled"/>
1160
1350
  </fingerprint>
1351
+
1161
1352
  <fingerprint pattern="^thttpd(?:/(\d\.[\w.]+)\s*.*)?$">
1162
1353
  <description>thttpd</description>
1163
1354
  <example>thttpd</example>
@@ -1169,15 +1360,18 @@
1169
1360
  <param pos="0" name="service.family" value="thttpd"/>
1170
1361
  <param pos="1" name="service.version"/>
1171
1362
  </fingerprint>
1172
- <fingerprint pattern="^lighttpd(?:/(\d[\d.]+))?.*$">
1363
+
1364
+ <fingerprint pattern="(?i)^lighttpd(?:/(\d[\d.]+))?.*$">
1173
1365
  <description>Lighttpd</description>
1174
1366
  <example>lighttpd</example>
1367
+ <example>Lighttpd</example>
1175
1368
  <example service.version="1.4.16">lighttpd/1.4.16</example>
1176
1369
  <example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
1177
1370
  <param pos="0" name="service.product" value="lighttpd"/>
1178
1371
  <param pos="0" name="service.family" value="lighttpd"/>
1179
1372
  <param pos="1" name="service.version"/>
1180
1373
  </fingerprint>
1374
+
1181
1375
  <fingerprint pattern="^nginx$">
1182
1376
  <description>nginx without version info</description>
1183
1377
  <example>nginx</example>
@@ -1186,6 +1380,7 @@
1186
1380
  <param pos="0" name="service.vendor" value="nginx"/>
1187
1381
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
1188
1382
  </fingerprint>
1383
+
1189
1384
  <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
1190
1385
  <description>nginx with version info and/or mods</description>
1191
1386
  <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
@@ -1198,6 +1393,7 @@
1198
1393
  <param pos="1" name="service.version"/>
1199
1394
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
1200
1395
  </fingerprint>
1396
+
1201
1397
  <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
1202
1398
  <description>IBM Lotus Notes/Domino with no useful version info</description>
1203
1399
  <example>Lotus</example>
@@ -1209,6 +1405,7 @@
1209
1405
  <param pos="0" name="service.family" value="Lotus Domino"/>
1210
1406
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
1211
1407
  </fingerprint>
1408
+
1212
1409
  <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
1213
1410
  <description>IBM Lotus Notes/Domino with version info</description>
1214
1411
  <example>Lotus-Domino/5.0.8</example>
@@ -1219,6 +1416,7 @@
1219
1416
  <param pos="1" name="service.version"/>
1220
1417
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
1221
1418
  </fingerprint>
1419
+
1222
1420
  <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
1223
1421
  <description>BEA WebLogic</description>
1224
1422
  <example service.version="8.1 SP3">WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
@@ -1230,6 +1428,7 @@
1230
1428
  <param pos="1" name="service.version"/>
1231
1429
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:{service.version}"/>
1232
1430
  </fingerprint>
1431
+
1233
1432
  <fingerprint pattern="^WebSphere Application Server/(\d+\.\d+)$">
1234
1433
  <description>IBM WebSphere</description>
1235
1434
  <example service.version="5.0">WebSphere Application Server/5.0</example>
@@ -1238,7 +1437,9 @@
1238
1437
  <param pos="0" name="service.product" value="WebSphere"/>
1239
1438
  <param pos="0" name="service.family" value="WebSphere"/>
1240
1439
  <param pos="1" name="service.version"/>
1440
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:websphere:{service.version}"/>
1241
1441
  </fingerprint>
1442
+
1242
1443
  <fingerprint pattern="^Resin/(\S+)$">
1243
1444
  <description>Caucho Resin</description>
1244
1445
  <example>Resin/2.1.13</example>
@@ -1250,6 +1451,7 @@
1250
1451
  <param pos="1" name="service.version"/>
1251
1452
  <param pos="0" name="service.cpe23" value="cpe:/a:caucho:resin:{service.version}"/>
1252
1453
  </fingerprint>
1454
+
1253
1455
  <fingerprint pattern="^Ipswitch-IMail/(\d\.\d+)$">
1254
1456
  <description>Ipswitch IMail Server</description>
1255
1457
  <example>Ipswitch-IMail/5.08</example>
@@ -1265,6 +1467,7 @@
1265
1467
  <param pos="0" name="os.product" value="Windows"/>
1266
1468
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1267
1469
  </fingerprint>
1470
+
1268
1471
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1269
1472
  <description>Aprelium Technologies Abyss Web Server X1 (free personal edition) on Windows</description>
1270
1473
  <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
@@ -1278,6 +1481,7 @@
1278
1481
  <param pos="0" name="os.product" value="Windows"/>
1279
1482
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1280
1483
  </fingerprint>
1484
+
1281
1485
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X2-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1282
1486
  <description>Aprelium Technologies Abyss Web Server X2 (licensed professional edition) on Windows</description>
1283
1487
  <param pos="0" name="service.vendor" value="Aprelium Technologies"/>
@@ -1289,6 +1493,7 @@
1289
1493
  <param pos="0" name="os.product" value="Windows"/>
1290
1494
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1291
1495
  </fingerprint>
1496
+
1292
1497
  <fingerprint pattern="^Microsoft (Commerce Server\s*(?:2002|2007)?, (?:Enterprise|Standard|Evaluation|Developer) Edition)$">
1293
1498
  <description>Microsoft Commerce Server</description>
1294
1499
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -1299,6 +1504,7 @@
1299
1504
  <param pos="0" name="os.product" value="Windows"/>
1300
1505
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1301
1506
  </fingerprint>
1507
+
1302
1508
  <fingerprint pattern="^NetWare-Enterprise-Web-Server/(\d+\.\d+)$">
1303
1509
  <description>NetWare Enterprise Web Server (runs on NetWare 5.1)</description>
1304
1510
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1313,6 +1519,7 @@
1313
1519
  <param pos="1" name="os.version"/>
1314
1520
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:{os.version}"/>
1315
1521
  </fingerprint>
1522
+
1316
1523
  <fingerprint pattern="^NetWare HTTP Stack$">
1317
1524
  <description>NetWare HTTP stack (runs on 6.0 and 6.5)</description>
1318
1525
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1323,6 +1530,7 @@
1323
1530
  <param pos="0" name="os.product" value="NetWare"/>
1324
1531
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
1325
1532
  </fingerprint>
1533
+
1326
1534
  <fingerprint pattern="^Novell-HTTP-Server/3.1R1$">
1327
1535
  <description>NetWare HTTP Server (runs on NetWare 4.11)</description>
1328
1536
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1336,6 +1544,7 @@
1336
1544
  <param pos="0" name="os.version" value="4.11"/>
1337
1545
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.11"/>
1338
1546
  </fingerprint>
1547
+
1339
1548
  <fingerprint pattern="^Novell-HTTP-Server/2.51R1$">
1340
1549
  <description>NetWare HTTP Server (runs on NetWare 4.1)</description>
1341
1550
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1349,6 +1558,7 @@
1349
1558
  <param pos="0" name="os.version" value="4.1"/>
1350
1559
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.1"/>
1351
1560
  </fingerprint>
1561
+
1352
1562
  <fingerprint pattern="^Netscape-FastTrack/(\d+\.[\w\s.]+)$">
1353
1563
  <description>Netscape FastTrack Server</description>
1354
1564
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1357,6 +1567,7 @@
1357
1567
  <param pos="1" name="service.version"/>
1358
1568
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:fasttrack_server:{service.version}"/>
1359
1569
  </fingerprint>
1570
+
1360
1571
  <fingerprint pattern="^Netscape-Commerce/(\d+\.[\w\s.]+)$">
1361
1572
  <description>Netscape Commerce Server</description>
1362
1573
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1365,19 +1576,95 @@
1365
1576
  <param pos="1" name="service.version"/>
1366
1577
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:commerce_server:{service.version}"/>
1367
1578
  </fingerprint>
1579
+
1368
1580
  <!--
1369
1581
  TODO
1370
-
1371
1582
  "Powered by PowerBSD - Apache"
1372
1583
  "SSE(Apache)"
1373
1584
  -->
1585
+
1374
1586
  <fingerprint pattern="^SAP J2EE Engine/(\d+\.\d+)$">
1375
- <description>SAP NetWeaver Web AS (Application Server)</description>
1587
+ <description>SAP NetWeaver Application Server Java - short version</description>
1588
+ <example service.version="7.01">SAP J2EE Engine/7.01</example>
1589
+ <param pos="0" name="service.vendor" value="SAP"/>
1590
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1591
+ <param pos="0" name="service.family" value="NetWeaver"/>
1592
+ <param pos="1" name="service.version"/>
1593
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1594
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1595
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1596
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1597
+ </fingerprint>
1598
+
1599
+ <fingerprint pattern="^SAP NetWeaver Application Server$">
1600
+ <description>SAP NetWeaver Application Server without version</description>
1601
+ <example>SAP NetWeaver Application Server</example>
1602
+ <param pos="0" name="service.vendor" value="SAP"/>
1603
+ <param pos="0" name="service.product" value="NetWeaver Application Server"/>
1604
+ <param pos="0" name="service.family" value="NetWeaver"/>
1605
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1606
+ </fingerprint>
1607
+
1608
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / AS Java ([\d.]+)$">
1609
+ <description>SAP NetWeaver Application Server Java</description>
1610
+ <example service.version="7.30" service.component.version="7.22">SAP NetWeaver Application Server 7.22 / AS Java 7.30</example>
1611
+ <param pos="0" name="service.vendor" value="SAP"/>
1612
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1613
+ <param pos="0" name="service.family" value="NetWeaver"/>
1614
+ <param pos="2" name="service.version"/>
1615
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1616
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1617
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1618
+ <param pos="1" name="service.component.version"/>
1619
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1620
+ </fingerprint>
1621
+
1622
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / ICM ([\d.]+)$">
1623
+ <description>SAP NetWeaver Application Server - Internet Communication Manager</description>
1624
+ <example service.version="7.21" service.component.version="7.21">SAP NetWeaver Application Server 7.21 / ICM 7.21</example>
1625
+ <param pos="0" name="service.vendor" value="SAP"/>
1626
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1627
+ <param pos="0" name="service.family" value="NetWeaver"/>
1628
+ <param pos="2" name="service.version"/>
1629
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1630
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1631
+ <param pos="1" name="service.component.version"/>
1632
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1633
+ </fingerprint>
1634
+
1635
+ <fingerprint pattern="^SAP NetWeaver Application Server \(ICM\)$">
1636
+ <description>SAP NetWeaver Application Server - Internet Communication Manager without version</description>
1637
+ <example>SAP NetWeaver Application Server (ICM)</example>
1638
+ <param pos="0" name="service.vendor" value="SAP"/>
1639
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1640
+ <param pos="0" name="service.family" value="NetWeaver"/>
1641
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1642
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1643
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1644
+ </fingerprint>
1645
+
1646
+ <fingerprint pattern="^SAP NetWeaver Application Server / ABAP ([\d.]+)$">
1647
+ <description>SAP NetWeaver Application Server - Advanced Business Application Programming</description>
1648
+ <example service.version="731">SAP NetWeaver Application Server / ABAP 731</example>
1376
1649
  <param pos="0" name="service.vendor" value="SAP"/>
1377
- <param pos="0" name="service.product" value="NetWeaver Web AS"/>
1650
+ <param pos="0" name="service.product" value="NetWeaver AS ABAP"/>
1378
1651
  <param pos="0" name="service.family" value="NetWeaver"/>
1379
1652
  <param pos="1" name="service.version"/>
1653
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_as_abap:{service.version}"/>
1654
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1655
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1656
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1657
+ </fingerprint>
1658
+
1659
+ <fingerprint pattern="^SQLAnywhere/([\d.]+)$">
1660
+ <description>SAP SQLAnywhere</description>
1661
+ <example service.version="16.0.0.2207">SQLAnywhere/16.0.0.2207</example>
1662
+ <param pos="0" name="service.vendor" value="SAP"/>
1663
+ <param pos="0" name="service.product" value="SQL Anywhere"/>
1664
+ <param pos="1" name="service.version"/>
1665
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:sql_anywhere:{service.version}"/>
1380
1666
  </fingerprint>
1667
+
1381
1668
  <fingerprint pattern="^OpenVPN-AS$">
1382
1669
  <description>OpenVPN Access Server</description>
1383
1670
  <example>OpenVPN-AS</example>
@@ -1385,27 +1672,30 @@
1385
1672
  <param pos="0" name="service.product" value="Access Server"/>
1386
1673
  <param pos="0" name="hw.device" value="VPN"/>
1387
1674
  </fingerprint>
1675
+
1388
1676
  <fingerprint pattern="^SonicWALL (SSL-?VPN(?: (?:\d+))?) Web Server\.?$">
1389
1677
  <description>SonicWALL SSL-VPN device</description>
1390
1678
  <example>SonicWALL SSLVPN Web Server</example>
1391
1679
  <example>SonicWALL SSL-VPN Web Server</example>
1392
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1680
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1393
1681
  <param pos="0" name="service.product" value="SSL-VPN"/>
1394
1682
  <param pos="0" name="service.family" value="SSL-VPN"/>
1395
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1683
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1396
1684
  <param pos="0" name="os.device" value="VPN"/>
1397
1685
  <param pos="0" name="os.family" value="SSL-VPN"/>
1398
1686
  <param pos="1" name="os.product"/>
1399
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1687
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1400
1688
  <param pos="0" name="hw.device" value="VPN"/>
1401
1689
  </fingerprint>
1690
+
1402
1691
  <fingerprint pattern="^SonicWALL$">
1403
1692
  <description>SonicWALL device</description>
1404
1693
  <example>SonicWALL</example>
1405
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1694
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1406
1695
  <param pos="0" name="service.product" value="HTTP"/>
1407
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1696
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1408
1697
  </fingerprint>
1698
+
1409
1699
  <fingerprint pattern="^NetCache appliance \(NetApp/+(\d+\.\d+[\w.]+)\)$">
1410
1700
  <description>NetCache appliance (product line formerly owned by Network Appliances, now owned by Blue Coat Systems).</description>
1411
1701
  <example service.version="5.3.1R3">NetCache appliance (NetApp/5.3.1R3)</example>
@@ -1423,6 +1713,7 @@
1423
1713
  <param pos="0" name="os.family" value="NetCache"/>
1424
1714
  <param pos="0" name="os.product" value="NetCache"/>
1425
1715
  </fingerprint>
1716
+
1426
1717
  <fingerprint pattern="^NetApp/+(.*)$">
1427
1718
  <description>NetApp file servers</description>
1428
1719
  <example>NetApp/7.3.4P1</example>
@@ -1436,6 +1727,7 @@
1436
1727
  <param pos="1" name="os.version"/>
1437
1728
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
1438
1729
  </fingerprint>
1730
+
1439
1731
  <fingerprint pattern="^BlueCoat-Security-Appliance$">
1440
1732
  <description>Blue Coat security appliance</description>
1441
1733
  <example>BlueCoat-Security-Appliance</example>
@@ -1444,6 +1736,7 @@
1444
1736
  <param pos="0" name="os.family" value="Blue Coat"/>
1445
1737
  <param pos="0" name="os.product" value="Appliance"/>
1446
1738
  </fingerprint>
1739
+
1447
1740
  <fingerprint pattern="^(?:BigIP|BIG-IP)$">
1448
1741
  <description>F5 BIG-IP</description>
1449
1742
  <param pos="0" name="service.vendor" value="F5"/>
@@ -1453,6 +1746,15 @@
1453
1746
  <param pos="0" name="os.family" value="Linux"/>
1454
1747
  <param pos="0" name="os.product" value="Linux"/>
1455
1748
  </fingerprint>
1749
+
1750
+ <fingerprint pattern="^TargetWeb/[\d\.]+ \(TargetOS\)$">
1751
+ <description>Mercurity Security TargetOS</description>
1752
+ <example>TargetWeb/2011.0 (TargetOS)</example>
1753
+ <param pos="0" name="hw.vendor" value="Mercury Security"/>
1754
+ <param pos="0" name="hw.device" value="Access Control"/>
1755
+ <param pos="0" name="hw.product" value="EP-series"/>
1756
+ </fingerprint>
1757
+
1456
1758
  <fingerprint pattern="^Foundry Networks(?:/(\d+\.\d+))?$">
1457
1759
  <description>Foundry Networks device (though not sure which)</description>
1458
1760
  <param pos="0" name="service.vendor" value="Foundry"/>
@@ -1460,6 +1762,7 @@
1460
1762
  <param pos="1" name="service.version"/>
1461
1763
  <param pos="0" name="os.vendor" value="Foundry"/>
1462
1764
  </fingerprint>
1765
+
1463
1766
  <fingerprint pattern="^HP-Chai(?:Server|SOE)/(\d+\.\d+)$">
1464
1767
  <description>HP Printer running the Chai embedded web server</description>
1465
1768
  <example>HP-ChaiServer/2.2</example>
@@ -1477,6 +1780,7 @@
1477
1780
  <param pos="0" name="hw.product" value="JetDirect"/>
1478
1781
  <param pos="0" name="hw.device" value="Printer"/>
1479
1782
  </fingerprint>
1783
+
1480
1784
  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
1481
1785
  <description>HP Printer</description>
1482
1786
  <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
@@ -1494,6 +1798,7 @@
1494
1798
  <param pos="0" name="hw.product" value="JetDirect"/>
1495
1799
  <param pos="0" name="hw.device" value="Printer"/>
1496
1800
  </fingerprint>
1801
+
1497
1802
  <fingerprint pattern="^HTTP/1\.0$">
1498
1803
  <description>Old HP printers identify themselves as "HTTP/1.0"</description>
1499
1804
  <param pos="0" name="service.vendor" value="HP"/>
@@ -1508,6 +1813,7 @@
1508
1813
  <param pos="0" name="hw.product" value="JetDirect"/>
1509
1814
  <param pos="0" name="hw.device" value="Printer"/>
1510
1815
  </fingerprint>
1816
+
1511
1817
  <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
1512
1818
  <description>Embedded HTTP server used by many vendors and device
1513
1819
  types, including APC, 3Com, Andover Controls, Cisco VoIP, D-Link,
@@ -1522,6 +1828,7 @@
1522
1828
  <param pos="0" name="service.product" value="RomPager"/>
1523
1829
  <param pos="1" name="service.version"/>
1524
1830
  </fingerprint>
1831
+
1525
1832
  <fingerprint pattern="^YAMAHA-RT$">
1526
1833
  <description>Yamaha RT series routers</description>
1527
1834
  <param pos="0" name="service.vendor" value="Yamaha"/>
@@ -1534,6 +1841,7 @@
1534
1841
  <param pos="0" name="hw.vendor" value="Yamaha"/>
1535
1842
  <param pos="0" name="hw.device" value="Router"/>
1536
1843
  </fingerprint>
1844
+
1537
1845
  <fingerprint pattern="^(?:Canon Http|CANON HTTP) Server (?:Ver)?(?:\d+\.\d+)$">
1538
1846
  <description>Canon Multifunction Printer/Copiers</description>
1539
1847
  <param pos="0" name="service.vendor" value="Canon"/>
@@ -1542,6 +1850,7 @@
1542
1850
  <param pos="0" name="hw.vendor" value="Canon"/>
1543
1851
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1544
1852
  </fingerprint>
1853
+
1545
1854
  <fingerprint pattern=".*Linksys.*">
1546
1855
  <description>Linksys Wireless Access Point</description>
1547
1856
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -1549,6 +1858,7 @@
1549
1858
  <param pos="0" name="hw.vendor" value="Linksys"/>
1550
1859
  <param pos="0" name="hw.device" value="WAP"/>
1551
1860
  </fingerprint>
1861
+
1552
1862
  <fingerprint pattern="^cisco-IOS$">
1553
1863
  <description>Cisco IOS</description>
1554
1864
  <example>cisco-IOS</example>
@@ -1563,6 +1873,7 @@
1563
1873
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1564
1874
  <param pos="0" name="hw.vendor" value="Cisco"/>
1565
1875
  </fingerprint>
1876
+
1566
1877
  <fingerprint pattern="^cisco-IOS/([^\s]+) HTTP-server/.*$">
1567
1878
  <description>Cisco IOS with version information</description>
1568
1879
  <example>cisco-IOS/12.1 HTTP-server/1.0(1)</example>
@@ -1577,6 +1888,7 @@
1577
1888
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
1578
1889
  <param pos="0" name="hw.vendor" value="Cisco"/>
1579
1890
  </fingerprint>
1891
+
1580
1892
  <fingerprint pattern="^Cisco AWARE (.*)$">
1581
1893
  <description>Cisco ASA</description>
1582
1894
  <example>Cisco AWARE 2.0</example>
@@ -1585,13 +1897,15 @@
1585
1897
  <param pos="0" name="service.product" value="HTTP"/>
1586
1898
  <param pos="0" name="os.vendor" value="Cisco"/>
1587
1899
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
1588
- <param pos="0" name="os.product" value="VPN"/>
1900
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
1901
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
1589
1902
  <param pos="0" name="hw.vendor" value="Cisco"/>
1590
1903
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
1591
1904
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
1592
1905
  <param pos="0" name="hw.device" value="Firewall"/>
1593
1906
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
1594
1907
  </fingerprint>
1908
+
1595
1909
  <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1596
1910
  <description>Cradlepoint HTTP service</description>
1597
1911
  <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
@@ -1599,6 +1913,7 @@
1599
1913
  <param pos="0" name="service.vendor" value="Cradlepoint"/>
1600
1914
  <param pos="0" name="service.product" value="HTTP"/>
1601
1915
  </fingerprint>
1916
+
1602
1917
  <fingerprint pattern="^DesktopAuthority/(.*)$">
1603
1918
  <description>ScriptLogic DesktopAuthority</description>
1604
1919
  <param pos="1" name="service.version"/>
@@ -1610,6 +1925,7 @@
1610
1925
  <param pos="0" name="os.product" value="Windows"/>
1611
1926
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1612
1927
  </fingerprint>
1928
+
1613
1929
  <fingerprint pattern="^Agent-ListenServer-HttpSvr/.*$">
1614
1930
  <description>McAfee ePolicy Orchestrator</description>
1615
1931
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1617,6 +1933,14 @@
1617
1933
  <param pos="0" name="service.family" value="ePolicy Orchestrator"/>
1618
1934
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:epolicy_orchestrator:-"/>
1619
1935
  </fingerprint>
1936
+
1937
+ <fingerprint pattern="^LANDesk Management Agent/.*$">
1938
+ <description>LANDesk Management Agent</description>
1939
+ <param pos="0" name="service.vendor" value="LANDesk"/>
1940
+ <param pos="0" name="service.product" value="Management Agent"/>
1941
+ <param pos="0" name="service.family" value="Management Agent"/>
1942
+ </fingerprint>
1943
+
1620
1944
  <fingerprint pattern="^EWS-NIC\d/(\S+)$">
1621
1945
  <description>Xerox Embedded Web Server (EWS)</description>
1622
1946
  <example service.version="6.31">EWS-NIC3/6.31</example>
@@ -1631,6 +1955,7 @@
1631
1955
  <param pos="0" name="hw.vendor" value="Xerox"/>
1632
1956
  <param pos="0" name="hw.device" value="Printer"/>
1633
1957
  </fingerprint>
1958
+
1634
1959
  <fingerprint pattern="^Adaptec ASM (\S+)$">
1635
1960
  <description>Adaptec - Adaptec Storage Manager (runs on Windows Only)</description>
1636
1961
  <param pos="0" name="service.vendor" value="Adaptec"/>
@@ -1642,6 +1967,7 @@
1642
1967
  <param pos="0" name="os.product" value="Windows"/>
1643
1968
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1644
1969
  </fingerprint>
1970
+
1645
1971
  <fingerprint pattern="^JRun Web Server$">
1646
1972
  <description>Macromedia (formerly Allaire) JRun</description>
1647
1973
  <param pos="0" name="service.vendor" value="Macromedia"/>
@@ -1649,6 +1975,7 @@
1649
1975
  <param pos="0" name="service.product" value="JRun"/>
1650
1976
  <param pos="0" name="service.cpe23" value="cpe:/a:macromedia:jrun:-"/>
1651
1977
  </fingerprint>
1978
+
1652
1979
  <fingerprint pattern="^(?:Raptor )?Simple, Secure Web Server ([\d.]+)$">
1653
1980
  <description>Symantec Raptor Firewall</description>
1654
1981
  <example>Simple, Secure Web Server 1.1</example>
@@ -1659,6 +1986,7 @@
1659
1986
  <param pos="0" name="os.product" value="Raptor"/>
1660
1987
  <param pos="1" name="os.version"/>
1661
1988
  </fingerprint>
1989
+
1662
1990
  <fingerprint pattern="^IPG(\d+)$">
1663
1991
  <description>Systech Internet Payment Gateway</description>
1664
1992
  <example hw.model="8000">IPG8000</example>
@@ -1667,6 +1995,7 @@
1667
1995
  <param pos="0" name="hw.product" value="Internet Payment Gateway"/>
1668
1996
  <param pos="1" name="hw.model"/>
1669
1997
  </fingerprint>
1998
+
1670
1999
  <fingerprint pattern="^NS_(\d\.\d)$">
1671
2000
  <description>Citrix NetScaler</description>
1672
2001
  <example>NS_6.1</example>
@@ -1674,8 +2003,14 @@
1674
2003
  <param pos="0" name="os.family" value="NetScaler"/>
1675
2004
  <param pos="0" name="os.device" value="Network Management Device"/>
1676
2005
  <param pos="0" name="os.product" value="NetScaler"/>
1677
- <param pos="1" name="os.version"/>
2006
+ <param pos="0" name="service.vendor" value="Citrix"/>
2007
+ <param pos="0" name="service.family" value="NetScaler"/>
2008
+ <param pos="0" name="service.device" value="Network Management Device"/>
2009
+ <param pos="0" name="service.product" value="NetScaler"/>
2010
+ <param pos="1" name="service.version"/>
2011
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:{service.version}"/>
1678
2012
  </fingerprint>
2013
+
1679
2014
  <fingerprint pattern="^Rumpus$">
1680
2015
  <description>Rumpus FTP Server, Web File Manager interface</description>
1681
2016
  <example>Rumpus</example>
@@ -1684,6 +2019,7 @@
1684
2019
  <param pos="0" name="os.product" value="Mac OS X"/>
1685
2020
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1686
2021
  </fingerprint>
2022
+
1687
2023
  <fingerprint pattern="^servermgrd$">
1688
2024
  <description>Mac OS X Server administrative daemon</description>
1689
2025
  <example>servermgrd</example>
@@ -1692,6 +2028,7 @@
1692
2028
  <param pos="0" name="os.product" value="Mac OS X"/>
1693
2029
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1694
2030
  </fingerprint>
2031
+
1695
2032
  <fingerprint pattern="^(RMC Webserver|RAC_ONE_HTTP) (\d\.\d)$">
1696
2033
  <description>Dell Remote Access Controller</description>
1697
2034
  <param pos="0" name="os.vendor" value="Dell"/>
@@ -1702,6 +2039,7 @@
1702
2039
  <param pos="1" name="service.product"/>
1703
2040
  <param pos="2" name="service.version"/>
1704
2041
  </fingerprint>
2042
+
1705
2043
  <fingerprint pattern="^Xerox_MicroServer/Xerox11$">
1706
2044
  <description>Xerox Document Centre</description>
1707
2045
  <param pos="0" name="os.vendor" value="Xerox"/>
@@ -1713,6 +2051,7 @@
1713
2051
  <param pos="0" name="hw.product" value="Document Centre"/>
1714
2052
  <param pos="0" name="hw.device" value="Printer"/>
1715
2053
  </fingerprint>
2054
+
1716
2055
  <fingerprint pattern="^TSM_HTTP/\d\.\d$">
1717
2056
  <description>IBM Tivoli Storage Manager</description>
1718
2057
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -1720,11 +2059,13 @@
1720
2059
  <param pos="0" name="service.product" value="Tivoli Storage Manager"/>
1721
2060
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:tivoli_storage_manager:-"/>
1722
2061
  </fingerprint>
2062
+
1723
2063
  <fingerprint pattern="^D-Link MiniAVServer$">
1724
2064
  <description>D-Link embedded web server for web cams</description>
1725
2065
  <param pos="0" name="os.vendor" value="D-Link"/>
1726
2066
  <param pos="0" name="os.device" value="Web cam"/>
1727
2067
  </fingerprint>
2068
+
1728
2069
  <fingerprint pattern="^ListManagerWeb/(\S+) .*$">
1729
2070
  <description>Lyris ListManager</description>
1730
2071
  <example>ListManagerWeb/8.8a (based on Tcl-Webserver/3.4.2)</example>
@@ -1732,16 +2073,18 @@
1732
2073
  <param pos="0" name="service.product" value="ListManager"/>
1733
2074
  <param pos="1" name="service.version"/>
1734
2075
  </fingerprint>
2076
+
1735
2077
  <fingerprint pattern="^kHTTPd (\S+)" certainty="0.50">
1736
2078
  <description>TUX web server, an in-kernel Linux HTTP Accelerator</description>
1737
2079
  <example>kHTTPd 0.1.6</example>
1738
- <param pos="0" name="service.product" value="TUX web server"/>
2080
+ <param pos="0" name="service.product" value="TUX Web Server"/>
1739
2081
  <param pos="1" name="service.version"/>
1740
2082
  <param pos="0" name="os.vendor" value="Linux"/>
1741
2083
  <param pos="0" name="os.family" value="Linux"/>
1742
2084
  <param pos="0" name="os.product" value="Linux"/>
1743
2085
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
1744
2086
  </fingerprint>
2087
+
1745
2088
  <fingerprint pattern="^RealVNC/(?:\S+)$">
1746
2089
  <description>RealVNC built-in webserver</description>
1747
2090
  <example>RealVNC/4.0</example>
@@ -1749,9 +2092,20 @@
1749
2092
  <param pos="0" name="service.product" value="RealVNC"/>
1750
2093
  <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
1751
2094
  </fingerprint>
1752
- <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
1753
- <description>EmWeb variants</description>
1754
- <example>Agranat-EmWeb/R4_01</example>
2095
+
2096
+ <fingerprint pattern="^SecureTransport (\d+[\d\.]+) \(build: (\d+)\)$">
2097
+ <description>AxWay SecureTransport</description>
2098
+ <example>SecureTransport 5.3.6 (build: 412)</example>
2099
+ <param pos="0" name="service.vendor" value="Axway"/>
2100
+ <param pos="0" name="service.product" value="SecureTransport"/>
2101
+ <param pos="1" name="service.version"/>
2102
+ <param pos="0" name="service.cpe23" value="cpe:/a:axway:securetransport:{service.version}"/>
2103
+ <param pos="2" name="securetransport.build"/>
2104
+ </fingerprint>
2105
+
2106
+ <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
2107
+ <description>EmWeb variants</description>
2108
+ <example>Agranat-EmWeb/R4_01</example>
1755
2109
  <example>Agranat-EmWeb/R5_1_2</example>
1756
2110
  <example>Agranat-EmWeb/R5_2_4</example>
1757
2111
  <example>Agranat-EmWeb/R5_2_6</example>
@@ -1772,6 +2126,7 @@
1772
2126
  <param pos="0" name="service.product" value="EmWeb"/>
1773
2127
  <param pos="2" name="service.version"/>
1774
2128
  </fingerprint>
2129
+
1775
2130
  <fingerprint pattern="^NSC/\S+ \(JVM\)$">
1776
2131
  <description>Rapid7 NSC</description>
1777
2132
  <example>NSC/0.6.4 (JVM)</example>
@@ -1779,6 +2134,7 @@
1779
2134
  <param pos="0" name="service.product" value="Nexpose"/>
1780
2135
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1781
2136
  </fingerprint>
2137
+
1782
2138
  <fingerprint pattern="^Security Console$">
1783
2139
  <description>Rapid7 Nexpose Security Console</description>
1784
2140
  <example>Security Console</example>
@@ -1786,6 +2142,7 @@
1786
2142
  <param pos="0" name="service.product" value="Nexpose"/>
1787
2143
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1788
2144
  </fingerprint>
2145
+
1789
2146
  <fingerprint pattern="^Polycom SoundPoint IP Telephone HTTPd$">
1790
2147
  <description>Polycom Soundpoint IP Telephone</description>
1791
2148
  <example>Polycom SoundPoint IP Telephone HTTPd</example>
@@ -1795,23 +2152,21 @@
1795
2152
  <param pos="0" name="hw.family" value="SoundPoint"/>
1796
2153
  <param pos="0" name="hw.device" value="VoIP"/>
1797
2154
  </fingerprint>
2155
+
1798
2156
  <!-- 4D WebSTAR was aquired by Kerio but it seems that both
1799
2157
  Kerio and 4D have branched the product. The 4D banners
1800
2158
  use the new version scheme (just 2004 it would appear):
1801
-
1802
2159
  4D_WebStar_D/2004
1803
-
1804
2160
  whereas Kerio banners are:
1805
-
1806
2161
  4D_WebSTAR_S/5.3.2 (MacOS X)
1807
2162
  4D_WebStar_D/7.8
1808
2163
  4D_WebSTAR_S/5.4.1 (MacOS X)
1809
-
1810
2164
  WebSTAR/4.4 ID/72547
1811
2165
  WebSTAR/4.5(SSL) ID/82535
1812
2166
  WebSTAR NetCloak
1813
2167
  WebSTAR/4.5(SSL) ID/85282
1814
2168
  -->
2169
+
1815
2170
  <!--
1816
2171
  <fingerprint pattern="^4D_WebSTAR_S/2004$">
1817
2172
  <description>4D 4th Dimension 2004</description>
@@ -1822,6 +2177,7 @@
1822
2177
  <param pos="0" name="os.family" value="Windows"/>
1823
2178
  <param pos="0" name="os.product" value="Windows"/>
1824
2179
  </fingerprint>
2180
+
1825
2181
  <fingerprint pattern="^4D_WebSTAR_S/5.3.2 \(MacOS X\)$">
1826
2182
  <description>Kerio WebSTAR</description>
1827
2183
  <param pos="0" name="service.vendor" value="Kerio"/>
@@ -1832,7 +2188,9 @@
1832
2188
  <param pos="0" name="os.family" value="Windows"/>
1833
2189
  <param pos="0" name="os.product" value="Windows"/>
1834
2190
  </fingerprint>
2191
+
1835
2192
  -->
2193
+
1836
2194
  <fingerprint pattern="^SentinelProtectionServer/((?:\d+\.)*\d+)$">
1837
2195
  <description>Sentinel Protection Server - Embedded httpd in SafeNet's memory key dongles</description>
1838
2196
  <example service.version="7.1">SentinelProtectionServer/7.1</example>
@@ -1844,6 +2202,7 @@
1844
2202
  <param pos="0" name="service.family" value="Sentinel"/>
1845
2203
  <param pos="1" name="service.version"/>
1846
2204
  </fingerprint>
2205
+
1847
2206
  <fingerprint pattern="^SentinelKeysServer/((?:\d+\.)*\d+)$">
1848
2207
  <description>Sentinel Key Server - Embedded httpd in SafeNet's memory key dongles</description>
1849
2208
  <example service.version="1.3.1">SentinelKeysServer/1.3.1</example>
@@ -1854,6 +2213,7 @@
1854
2213
  <param pos="0" name="service.family" value="Sentinel"/>
1855
2214
  <param pos="1" name="service.version"/>
1856
2215
  </fingerprint>
2216
+
1857
2217
  <fingerprint pattern="^CherryPy/((?:\d+\.)*\d+)$">
1858
2218
  <description>Web server component of CherryPy web application framework.</description>
1859
2219
  <example>CherryPy/3.1.2</example>
@@ -1864,6 +2224,7 @@
1864
2224
  <param pos="1" name="service.version"/>
1865
2225
  <param pos="0" name="service.cpe23" value="cpe:/a:cherrypy:cherrypy:{service.version}"/>
1866
2226
  </fingerprint>
2227
+
1867
2228
  <fingerprint pattern="(?i)^TornadoServer/((?:\d+\.)*\d+)$">
1868
2229
  <description>Tornado Python web framework and asynchronous networking library.</description>
1869
2230
  <example>TornadoServer/4.0.2</example>
@@ -1873,6 +2234,7 @@
1873
2234
  <param pos="1" name="service.version"/>
1874
2235
  <param pos="0" name="service.cpe23" value="cpe:/a:tornadoweb:tornado:{service.version}"/>
1875
2236
  </fingerprint>
2237
+
1876
2238
  <fingerprint pattern="(?i)^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
1877
2239
  <description>SimpleHTTPRequestHandler Python class is a simple HTTP request handler.</description>
1878
2240
  <example>SimpleHTTP/0.6 Python/2.7.6</example>
@@ -1883,6 +2245,7 @@
1883
2245
  <param pos="1" name="service.version"/>
1884
2246
  <param pos="2" name="python.version"/>
1885
2247
  </fingerprint>
2248
+
1886
2249
  <fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
1887
2250
  <description>Apache variant for web access to HP printers.</description>
1888
2251
  <example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
@@ -1895,6 +2258,7 @@
1895
2258
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
1896
2259
  <param pos="2" name="apache.info"/>
1897
2260
  </fingerprint>
2261
+
1898
2262
  <fingerprint pattern="^HP Web Jetadmin ([\d\.]+)(?: \([^\)]+\))?$">
1899
2263
  <description>HP printers, perhaps Apache, but we can't say for sure</description>
1900
2264
  <example service.version="10.3.85669">HP Web Jetadmin 10.3.85669</example>
@@ -1904,6 +2268,19 @@
1904
2268
  <param pos="1" name="service.version"/>
1905
2269
  <param pos="0" name="service.cpe23" value="cpe:/a:hp:web_jetadmin:{service.version}"/>
1906
2270
  </fingerprint>
2271
+
2272
+ <fingerprint pattern="^KM-MFP-http/V([\d\.]+)$">
2273
+ <description>Kyocera Printers</description>
2274
+ <example service.version="0.0.1">KM-MFP-http/V0.0.1</example>
2275
+ <param pos="0" name="os.vendor" value="Kyocera"/>
2276
+ <param pos="0" name="os.device" value="Multifunction Device"/>
2277
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
2278
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
2279
+ <param pos="0" name="service.vendor" value="Kyocera"/>
2280
+ <param pos="0" name="service.product" value="KM-MFP-HTTP"/>
2281
+ <param pos="1" name="service.version"/>
2282
+ </fingerprint>
2283
+
1907
2284
  <fingerprint pattern="^Citrix Web PN Server$">
1908
2285
  <description>Citrix Web PN (Program Neighborhood) Server is an HTTP server used by Citrix products</description>
1909
2286
  <example>Citrix Web PN Server</example>
@@ -1911,6 +2288,7 @@
1911
2288
  <param pos="0" name="service.product" value="Web PN Server"/>
1912
2289
  <param pos="0" name="service.family" value="Web PN Server"/>
1913
2290
  </fingerprint>
2291
+
1914
2292
  <fingerprint pattern="^Lotus Expeditor Web Container/((?:\d+\.)*\d+)$">
1915
2293
  <description>Expeditor is a framework used by IBM in many products in the Lotus brand, such as Sametime and Notes.</description>
1916
2294
  <example>Lotus Expeditor Web Container/6.1</example>
@@ -1920,10 +2298,12 @@
1920
2298
  <param pos="0" name="service.family" value="Lotus Expeditor"/>
1921
2299
  <param pos="1" name="service.version"/>
1922
2300
  </fingerprint>
2301
+
1923
2302
  <!-- GoAhead software was acquired by Oracle in 2011. They later handed this
1924
2303
  off to (E)Mbedthis. Version 3.0 released in October 2012 appears to be
1925
2304
  the first version to fully be Mbedthis software.
1926
2305
  -->
2306
+
1927
2307
  <fingerprint pattern="^GoAhead-(?:Webs|http)$">
1928
2308
  <description>GoAhead-Webs - no version</description>
1929
2309
  <example>GoAhead-Webs</example>
@@ -1931,16 +2311,20 @@
1931
2311
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1932
2312
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1933
2313
  </fingerprint>
1934
- <fingerprint pattern="^GoAhead-(?:Webs|http)\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
2314
+
2315
+ <fingerprint pattern="(?i)^GoAhead(?:-Webs|-http)?\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
1935
2316
  <description>GoAhead-Webs - version</description>
1936
2317
  <example service.version="2.5.0">GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.4.2-OPEN</example>
2318
+ <example service.version="2.5.0">Goahead/2.5.0 PeerSec-MatrixSSL/3.2.1-OPEN</example>
1937
2319
  <example>GoAhead-Webs/2.5.0</example>
1938
2320
  <param pos="0" name="service.vendor" value="Oracle"/>
1939
2321
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1940
2322
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1941
2323
  <param pos="1" name="service.version"/>
1942
2324
  </fingerprint>
2325
+
1943
2326
  <!-- MBedthis changed its name/branding to Embedthis-->
2327
+
1944
2328
  <fingerprint pattern="^Mbedthis-App[Ww]eb/([\d.]+)$">
1945
2329
  <description>Mbedthis Appweb</description>
1946
2330
  <example service.version="2.4.0">Mbedthis-Appweb/2.4.0</example>
@@ -1952,6 +2336,7 @@
1952
2336
  <param pos="0" name="service.family" value="Appweb"/>
1953
2337
  <param pos="1" name="service.version"/>
1954
2338
  </fingerprint>
2339
+
1955
2340
  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
1956
2341
  <description>Embedthis AppWeb</description>
1957
2342
  <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
@@ -1963,6 +2348,7 @@
1963
2348
  <param pos="1" name="service.version"/>
1964
2349
  <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
1965
2350
  </fingerprint>
2351
+
1966
2352
  <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
1967
2353
  <description>Web server for Avaya Aura Communication Manager Branch, a SIP-based communications platform.</description>
1968
2354
  <example>Avaya CMBE/2.0.0</example>
@@ -1971,7 +2357,9 @@
1971
2357
  <param pos="0" name="service.product" value="Aura Communication Manager"/>
1972
2358
  <param pos="0" name="service.family" value="Aura"/>
1973
2359
  <param pos="1" name="service.version"/>
2360
+ <param pos="0" name="service.cpe23" value="cpe:/a:avaya:aura_communication_manager:{service.version}"/>
1974
2361
  </fingerprint>
2362
+
1975
2363
  <fingerprint pattern="^Rapid Logic/((?:\d+\.)*\d+)$">
1976
2364
  <description>Embedded web server by Rapid Logic, which was acquired by Wind River.</description>
1977
2365
  <example service.version="1.1">Rapid Logic/1.1</example>
@@ -1980,6 +2368,7 @@
1980
2368
  <param pos="0" name="service.product" value="Rapid Logic"/>
1981
2369
  <param pos="1" name="service.version"/>
1982
2370
  </fingerprint>
2371
+
1983
2372
  <fingerprint pattern="^WindRiver-WebServer/((?:\d+\.)*\d+)$">
1984
2373
  <description>Wind River HTTP server</description>
1985
2374
  <example service.version="4.4">WindRiver-WebServer/4.4</example>
@@ -1987,6 +2376,7 @@
1987
2376
  <param pos="0" name="service.product" value="WebServer"/>
1988
2377
  <param pos="1" name="service.version"/>
1989
2378
  </fingerprint>
2379
+
1990
2380
  <fingerprint pattern="^Sophos Email Appliance$">
1991
2381
  <description>Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
1992
2382
  <example>Sophos Email Appliance</example>
@@ -1995,6 +2385,7 @@
1995
2385
  <param pos="0" name="os.vendor" value="Sophos"/>
1996
2386
  <param pos="0" name="os.product" value="Email Appliance"/>
1997
2387
  </fingerprint>
2388
+
1998
2389
  <fingerprint pattern="^CUPS\/((?:\d\.)+\d+)(?:\s*IPP\/\d+\.\d+)?$">
1999
2390
  <description>Server for the CUPS web interface.</description>
2000
2391
  <example service.version="1.1">CUPS/1.1</example>
@@ -2005,6 +2396,7 @@
2005
2396
  <param pos="1" name="service.version"/>
2006
2397
  <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:{service.version}"/>
2007
2398
  </fingerprint>
2399
+
2008
2400
  <fingerprint pattern="^TwistedWeb/([\d.rc]+)$">
2009
2401
  <description>Twisted Matrix Labs - TwistedWeb</description>
2010
2402
  <example>TwistedWeb/2.5.0</example>
@@ -2015,6 +2407,7 @@
2015
2407
  <param pos="0" name="service.family" value="Twisted Web"/>
2016
2408
  <param pos="1" name="service.version"/>
2017
2409
  </fingerprint>
2410
+
2018
2411
  <fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
2019
2412
  <description>A small HTTP server</description>
2020
2413
  <example>mini_httpd/1.14 23jun2000</example>
@@ -2024,6 +2417,7 @@
2024
2417
  <param pos="0" name="service.family" value="mini_httpd"/>
2025
2418
  <param pos="1" name="service.version"/>
2026
2419
  </fingerprint>
2420
+
2027
2421
  <fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
2028
2422
  <description>A Ruby-based web server.</description>
2029
2423
  <example>thin 1.2.4 codename Flaming Astroboy</example>
@@ -2032,6 +2426,7 @@
2032
2426
  <param pos="0" name="service.family" value="Thin"/>
2033
2427
  <param pos="1" name="service.version"/>
2034
2428
  </fingerprint>
2429
+
2035
2430
  <fingerprint pattern="^Avocent DSView \d+/((?:\d+\.)*\d+)$">
2036
2431
  <description>Web server interface for controlling data centers.</description>
2037
2432
  <example>Avocent DSView 3/3.7.0.71</example>
@@ -2042,6 +2437,7 @@
2042
2437
  <param pos="1" name="service.version"/>
2043
2438
  <param pos="0" name="service.cpe23" value="cpe:/a:avocent:dsview:{service.version}"/>
2044
2439
  </fingerprint>
2440
+
2045
2441
  <fingerprint pattern="^Mongrel ((?:\d+\.)*\d+)$">
2046
2442
  <description>Ruby-based web server and HTTP library.</description>
2047
2443
  <example>Mongrel 1.1.5</example>
@@ -2050,6 +2446,7 @@
2050
2446
  <param pos="0" name="service.family" value="Mongrel"/>
2051
2447
  <param pos="1" name="service.version"/>
2052
2448
  </fingerprint>
2449
+
2053
2450
  <fingerprint pattern="^Microplex emHTTPD/((?:\d+\.)*\d+)$">
2054
2451
  <description>Embedded web server used by Microplex.</description>
2055
2452
  <example>Microplex emHTTPD/1.0</example>
@@ -2062,6 +2459,7 @@
2062
2459
  <param pos="0" name="os.vendor" value="Microplex"/>
2063
2460
  <param pos="0" name="os.device" value="Print server"/>
2064
2461
  </fingerprint>
2462
+
2065
2463
  <fingerprint pattern="^UPS_Server/((?:\d+\.)*\d+)$">
2066
2464
  <description>An embedded web server used for UPS management; primarily by Eaton, but also by APC.</description>
2067
2465
  <example>UPS_Server/1.0</example>
@@ -2073,6 +2471,7 @@
2073
2471
  <param pos="0" name="os.vendor" value="Eaton"/>
2074
2472
  <param pos="0" name="os.device" value="UPS"/>
2075
2473
  </fingerprint>
2474
+
2076
2475
  <fingerprint pattern="^JC-HTTPD/((?:\d+\.)*\d+)$">
2077
2476
  <description>An embedded web server, used notably by Oki and Kyocera in printers.</description>
2078
2477
  <example>JC-HTTPD/1.11.14</example>
@@ -2081,6 +2480,7 @@
2081
2480
  <param pos="0" name="service.family" value="JC-HTTPD"/>
2082
2481
  <param pos="1" name="service.version"/>
2083
2482
  </fingerprint>
2483
+
2084
2484
  <fingerprint pattern="^JC-SHTTPD/((?:\d+\.)*\d+)$">
2085
2485
  <description>An embedded web server.</description>
2086
2486
  <example>JC-SHTTPD/1.17.20</example>
@@ -2089,15 +2489,18 @@
2089
2489
  <param pos="0" name="service.family" value="JC-SHTTPD"/>
2090
2490
  <param pos="1" name="service.version"/>
2091
2491
  </fingerprint>
2092
- <fingerprint pattern="^Oracle XML DB/Oracle\S+ Enterprise Edition Release ((?:\d+\.)*\d+) - Production$">
2492
+
2493
+ <fingerprint pattern="^Oracle XML DB/Oracle\S+ (?:Enterprise Edition )?Release ((?:\d+\.)*\d+) - Production$">
2093
2494
  <description>Web server providing web services for Oracle's XML DB - with version string</description>
2094
- <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2495
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2095
2496
  <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9 - Production</example>
2497
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Release 9.2.0.1.0 - Production</example>
2096
2498
  <param pos="0" name="service.vendor" value="Oracle"/>
2097
2499
  <param pos="0" name="service.product" value="XML DB"/>
2098
2500
  <param pos="0" name="service.family" value="Oracle"/>
2099
2501
  <param pos="1" name="service.version"/>
2100
2502
  </fingerprint>
2503
+
2101
2504
  <fingerprint pattern="^Oracle XML DB/Oracle Database$">
2102
2505
  <description>Web server providing web services for Oracle's XML DB</description>
2103
2506
  <example>Oracle XML DB/Oracle Database</example>
@@ -2105,6 +2508,7 @@
2105
2508
  <param pos="0" name="service.product" value="XML DB"/>
2106
2509
  <param pos="0" name="service.family" value="Oracle"/>
2107
2510
  </fingerprint>
2511
+
2108
2512
  <fingerprint pattern="^sfcHttpd$">
2109
2513
  <description>Server for HTTP interface to sfcb, a lightweight CIM server</description>
2110
2514
  <example>sfcHttpd</example>
@@ -2112,6 +2516,7 @@
2112
2516
  <param pos="0" name="service.product" value="sfcb"/>
2113
2517
  <param pos="0" name="service.family" value="sfcb"/>
2114
2518
  </fingerprint>
2519
+
2115
2520
  <fingerprint pattern="^PanWeb Server/ -">
2116
2521
  <description>HTTP and HTTPS server found on Palo Alto Networks devices</description>
2117
2522
  <example>PanWeb Server/ -</example>
@@ -2122,6 +2527,7 @@
2122
2527
  <param pos="0" name="os.device" value="Firewall"/>
2123
2528
  <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
2124
2529
  </fingerprint>
2530
+
2125
2531
  <fingerprint pattern="^Ews/((?:\d+\.)*\d+)$">
2126
2532
  <description>IBM Network Printer Manager.</description>
2127
2533
  <example>Ews/0.1</example>
@@ -2131,9 +2537,11 @@
2131
2537
  <param pos="0" name="service.family" value="Network Printer Manager"/>
2132
2538
  <param pos="1" name="service.version"/>
2133
2539
  </fingerprint>
2540
+
2134
2541
  <!-- NOTE: '$ProjectRevision: {some version string} $' has been seen in a
2135
2542
  variety of products including printers, PDUs, etc.
2136
2543
  -->
2544
+
2137
2545
  <fingerprint pattern="^\$ProjectRevision: 4.0.2.38 \$$">
2138
2546
  <description>This banner is seen on some HP LaserJet printers.</description>
2139
2547
  <example>$ProjectRevision: 4.0.2.38 $</example>
@@ -2141,6 +2549,7 @@
2141
2549
  <param pos="0" name="os.device" value="Printer"/>
2142
2550
  <param pos="0" name="os.family" value="LaserJet"/>
2143
2551
  </fingerprint>
2552
+
2144
2553
  <fingerprint pattern="^WEBrick/([\d\.]+) .*$">
2145
2554
  <description>WEBrick default setup</description>
2146
2555
  <example>WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
@@ -2148,12 +2557,14 @@
2148
2557
  <param pos="0" name="service.product" value="WEBrick"/>
2149
2558
  <param pos="1" name="service.version"/>
2150
2559
  </fingerprint>
2560
+
2151
2561
  <fingerprint pattern="^Aspen/(\S+)">
2152
2562
  <description>Aspen web server</description>
2153
2563
  <example service.version="0.8">Aspen/0.8</example>
2154
2564
  <param pos="0" name="service.product" value="Aspen"/>
2155
2565
  <param pos="1" name="service.version"/>
2156
2566
  </fingerprint>
2567
+
2157
2568
  <fingerprint pattern="^Boa/([\d\.]+\S*)">
2158
2569
  <description>Boa web server</description>
2159
2570
  <example service.version="0.94.14rc21">Boa/0.94.14rc21</example>
@@ -2164,7 +2575,9 @@
2164
2575
  <param pos="0" name="service.product" value="Boa"/>
2165
2576
  <param pos="1" name="service.version"/>
2166
2577
  </fingerprint>
2578
+
2167
2579
  <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
2580
+
2168
2581
  <fingerprint pattern="^Cross Web Server$">
2169
2582
  <description>Web server found on DVR and webcam servers sourced from HiSilicon</description>
2170
2583
  <example>Cross Web Server</example>
@@ -2174,7 +2587,9 @@
2174
2587
  <param pos="0" name="os.device" value="DVR"/>
2175
2588
  <param pos="0" name="hw.device" value="DVR"/>
2176
2589
  </fingerprint>
2590
+
2177
2591
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
2592
+
2178
2593
  <fingerprint pattern="^(?:Hikvision|DNVRS|DVRDVS)-Webs$">
2179
2594
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
2180
2595
  <example>Hikvision-Webs</example>
@@ -2184,8 +2599,10 @@
2184
2599
  <param pos="0" name="service.product" value="Hikvision Web Server"/>
2185
2600
  <param pos="0" name="os.vendor" value="Hikvision"/>
2186
2601
  <param pos="0" name="os.device" value="DVR"/>
2602
+ <param pos="0" name="hw.vendor" value="Hikvision"/>
2187
2603
  <param pos="0" name="hw.device" value="DVR"/>
2188
2604
  </fingerprint>
2605
+
2189
2606
  <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
2190
2607
  <description>Web server found on ARRIS cable modems</description>
2191
2608
  <example>NET-DK/1.0</example>
@@ -2198,12 +2615,14 @@
2198
2615
  <param pos="0" name="hw.vendor" value="ARRIS"/>
2199
2616
  <param pos="0" name="hw.device" value="Cable Modem"/>
2200
2617
  </fingerprint>
2618
+
2201
2619
  <fingerprint pattern="^2wire Gateway$">
2202
2620
  <description>Web server found on some Arris/2wire devices</description>
2203
2621
  <example>2wire Gateway</example>
2204
2622
  <param pos="0" name="service.vendor" value="ARRIS"/>
2205
2623
  <param pos="0" name="service.product" value="2wire"/>
2206
2624
  </fingerprint>
2625
+
2207
2626
  <!-- junit says,
2208
2627
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
2209
2628
  Figure out if we have a way to support matching empty strings later.
@@ -2211,20 +2630,26 @@
2211
2630
  <example></example>
2212
2631
  <description>A blank banner; assert nothing.</description>
2213
2632
  </fingerprint>
2633
+
2214
2634
  -->
2635
+
2215
2636
  <fingerprint pattern="^(?:(?:\d+.){3}\d+):\d{1,4}$">
2216
2637
  <description>A banner consisting of an IP address and port -- assert nothing.</description>
2217
2638
  <example>192.168.0.4:9999</example>
2218
2639
  </fingerprint>
2640
+
2219
2641
  <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
2220
2642
  <description>Obfuscated web server -- assert nothing.</description>
2221
2643
  <example>Web-Server/3.0</example>
2222
2644
  </fingerprint>
2645
+
2223
2646
  <fingerprint pattern="^httpd$">
2224
2647
  <description>httpd - generic -- assert nothing.</description>
2225
2648
  <example>httpd</example>
2226
2649
  </fingerprint>
2650
+
2227
2651
  <!-- Service provider equipment (CDNs, etc) -->
2652
+
2228
2653
  <fingerprint pattern="^AkamaiGHost$">
2229
2654
  <description>Akamai Global Host</description>
2230
2655
  <example>AkamaiGHost</example>
@@ -2233,6 +2658,7 @@
2233
2658
  <param pos="0" name="os.vendor" value="Akamai"/>
2234
2659
  <param pos="0" name="os.device" value="Web proxy"/>
2235
2660
  </fingerprint>
2661
+
2236
2662
  <fingerprint pattern="^gws$">
2237
2663
  <description>Google Web Services</description>
2238
2664
  <example>gws</example>
@@ -2240,6 +2666,7 @@
2240
2666
  <param pos="0" name="service.product" value="Google Web Services"/>
2241
2667
  <param pos="0" name="service.family" value="Google Web Server"/>
2242
2668
  </fingerprint>
2669
+
2243
2670
  <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
2244
2671
  <description>Google Front End for apps running on Google services.</description>
2245
2672
  <example>GFE/1.3</example>
@@ -2249,6 +2676,7 @@
2249
2676
  <param pos="0" name="service.family" value="Google Web Server"/>
2250
2677
  <param pos="1" name="service.version"/>
2251
2678
  </fingerprint>
2679
+
2252
2680
  <fingerprint pattern="^CloudFront$">
2253
2681
  <description>Amazon CloudFront web load balancer endpoint</description>
2254
2682
  <example>CloudFront</example>
@@ -2256,30 +2684,35 @@
2256
2684
  <param pos="0" name="service.product" value="CloudFront Load Balancer"/>
2257
2685
  <param pos="0" name="service.family" value="CloudFront"/>
2258
2686
  </fingerprint>
2687
+
2259
2688
  <fingerprint pattern="^Amazon-Cloud-Drive$">
2260
2689
  <description>Amazon Cloud Drive / Drive</description>
2261
2690
  <example>Amazon-Cloud-Drive</example>
2262
2691
  <param pos="0" name="service.vendor" value="Amazon"/>
2263
2692
  <param pos="0" name="service.product" value="Drive"/>
2264
2693
  </fingerprint>
2694
+
2265
2695
  <fingerprint pattern="^AmazonS3$">
2266
2696
  <description>Amazon S3 (Simple Cloud Storage Service)</description>
2267
2697
  <example>AmazonS3</example>
2268
2698
  <param pos="0" name="service.vendor" value="Amazon"/>
2269
2699
  <param pos="0" name="service.product" value="S3"/>
2270
2700
  </fingerprint>
2701
+
2271
2702
  <fingerprint pattern="^Amazon SimpleDB$">
2272
2703
  <description>Amazon SimpleDB / Simple Database Service</description>
2273
2704
  <example>Amazon SimpleDB</example>
2274
2705
  <param pos="0" name="service.vendor" value="Amazon"/>
2275
2706
  <param pos="0" name="service.product" value="SimpleDB"/>
2276
2707
  </fingerprint>
2708
+
2277
2709
  <fingerprint pattern="^AmazonSnowball$">
2278
2710
  <description>Amazon Snowball</description>
2279
2711
  <example>AmazonSnowball</example>
2280
2712
  <param pos="0" name="service.vendor" value="Amazon"/>
2281
2713
  <param pos="0" name="service.product" value="Snowball"/>
2282
2714
  </fingerprint>
2715
+
2283
2716
  <fingerprint pattern="^awselb/([\d.rc]+)$">
2284
2717
  <description>Amazon Elastic Load Balancing</description>
2285
2718
  <example service.version="2.0">awselb/2.0</example>
@@ -2287,6 +2720,7 @@
2287
2720
  <param pos="0" name="service.family" value="Elastic Load Balancing"/>
2288
2721
  <param pos="1" name="service.version"/>
2289
2722
  </fingerprint>
2723
+
2290
2724
  <fingerprint pattern="^cloudflare(?:-nginx)?$">
2291
2725
  <description>CloudFlare web load balancer endpoint</description>
2292
2726
  <example>cloudflare-nginx</example>
@@ -2295,13 +2729,16 @@
2295
2729
  <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
2296
2730
  <param pos="0" name="service.family" value="CloudFlare"/>
2297
2731
  </fingerprint>
2732
+
2298
2733
  <fingerprint pattern="^gSOAP/([\d\.]+)$">
2299
2734
  <description>gSOAP</description>
2300
2735
  <example service.version="2.7">gSOAP/2.7</example>
2301
2736
  <param pos="0" name="service.product" value="gSOAP"/>
2302
2737
  <param pos="1" name="service.version"/>
2303
2738
  </fingerprint>
2739
+
2304
2740
  <!-- Apple QuickTime streaming server -->
2741
+
2305
2742
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Panther">
2306
2743
  <description>QTSS on OS X 10.3</description>
2307
2744
  <example service.version="5.0">QTSS/5.0 (Build/452; Platform/MacOSX; Release/Panther; )</example>
@@ -2314,6 +2751,7 @@
2314
2751
  <param pos="0" name="service.product" value="QTSS"/>
2315
2752
  <param pos="1" name="service.version"/>
2316
2753
  </fingerprint>
2754
+
2317
2755
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Mac OS X">
2318
2756
  <description>QTSS OS X</description>
2319
2757
  <example service.version="6.1.0">QTSS/6.1.0 (Build/532; Platform/MacOSX; Release/Mac OS X Server; )</example>
@@ -2324,13 +2762,25 @@
2324
2762
  <param pos="0" name="service.product" value="QTSS"/>
2325
2763
  <param pos="1" name="service.version"/>
2326
2764
  </fingerprint>
2765
+
2327
2766
  <fingerprint pattern="^SEPM$">
2328
2767
  <description>Symantec Endpoint Protection Manager</description>
2329
2768
  <example>SEPM</example>
2330
2769
  <param pos="0" name="service.vendor" value="Symantec"/>
2331
- <param pos="0" name="service.product" value="Symantec Endpoint Protection Manager"/>
2332
- <param pos="0" name="service.family" value="Symantec Endpoint Protection Manager"/>
2770
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2771
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2772
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2333
2773
  </fingerprint>
2774
+
2775
+ <fingerprint pattern="^Symantec Endpoint Protection Manager$">
2776
+ <description>Symantec Endpoint Protection Manager - long variant</description>
2777
+ <example>Symantec Endpoint Protection Manager</example>
2778
+ <param pos="0" name="service.vendor" value="Symantec"/>
2779
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2780
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2781
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2782
+ </fingerprint>
2783
+
2334
2784
  <fingerprint pattern="^Intel\(R\) Active Management Technology\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2335
2785
  <description>Intel(R) Active Management Technology (AMT) with a version</description>
2336
2786
  <example service.version="7.1.86">Intel(R) Active Management Technology 7.1.86</example>
@@ -2339,6 +2789,7 @@
2339
2789
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2340
2790
  <param pos="1" name="service.version"/>
2341
2791
  </fingerprint>
2792
+
2342
2793
  <fingerprint pattern="^(?:AMT|Intel\(R\) Active Management Technology)$">
2343
2794
  <description>Intel(R) Active Management Technology (AMT) without a version</description>
2344
2795
  <example>AMT</example>
@@ -2347,6 +2798,7 @@
2347
2798
  <param pos="0" name="service.product" value="Intel(R) Active Management Technology"/>
2348
2799
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2349
2800
  </fingerprint>
2801
+
2350
2802
  <fingerprint pattern="^Intel\(R\) Standard Manageability\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2351
2803
  <description>Intel(R) Standard Manageability</description>
2352
2804
  <example service.version="5.0.50">Intel(R) Standard Manageability 5.0.50</example>
@@ -2356,6 +2808,7 @@
2356
2808
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2357
2809
  <param pos="1" name="service.version"/>
2358
2810
  </fingerprint>
2811
+
2359
2812
  <fingerprint pattern="^Sunny WebBox$">
2360
2813
  <description>Sunny WebBox</description>
2361
2814
  <example>Sunny WebBox</example>
@@ -2370,6 +2823,7 @@
2370
2823
  <param pos="0" name="os.product" value="Windows CE"/>
2371
2824
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
2372
2825
  </fingerprint>
2826
+
2373
2827
  <fingerprint pattern="^EnergyICT RTU \d+-\w+-\d+$">
2374
2828
  <description>EnergyICT RTU</description>
2375
2829
  <example>EnergyICT RTU 101-F25CE1-1524</example>
@@ -2377,6 +2831,7 @@
2377
2831
  <param pos="0" name="hw.product" value="RTU"/>
2378
2832
  <param pos="0" name="hw.device" value="Power device"/>
2379
2833
  </fingerprint>
2834
+
2380
2835
  <fingerprint pattern="^AV-TECH AV787 Video Web Server$">
2381
2836
  <description>AV-TECH AVC787 Video Web Server</description>
2382
2837
  <example>AV-TECH AV787 Video Web Server</example>
@@ -2387,11 +2842,13 @@
2387
2842
  <param pos="0" name="hw.product" value="AVC787"/>
2388
2843
  <param pos="0" name="hw.device" value="DVR"/>
2389
2844
  </fingerprint>
2845
+
2390
2846
  <fingerprint pattern="^Splunkd$">
2391
2847
  <description>Splunk HTTP server used in the web interface, forwarders, indexers and more</description>
2392
2848
  <example>Splunkd</example>
2393
2849
  <param pos="0" name="service.vendor" value="Splunk"/>
2394
2850
  </fingerprint>
2851
+
2395
2852
  <fingerprint pattern="^tivo-httpd-\S+$">
2396
2853
  <description>Tivo DVR</description>
2397
2854
  <example>tivo-httpd-1:20.7.4.RC35-D18-6:D18</example>
@@ -2399,6 +2856,7 @@
2399
2856
  <param pos="0" name="hw.family" value="DVR"/>
2400
2857
  <param pos="0" name="hw.device" value="DVR"/>
2401
2858
  </fingerprint>
2859
+
2402
2860
  <fingerprint pattern="^OpenTV/([\d\.]+)$">
2403
2861
  <description>OpenTV</description>
2404
2862
  <example os.version="5.40">OpenTV/5.40</example>
@@ -2408,7 +2866,28 @@
2408
2866
  <param pos="1" name="os.version"/>
2409
2867
  <param pos="0" name="hw.device" value="DVR"/>
2410
2868
  </fingerprint>
2869
+
2870
+ <fingerprint pattern="^kong/([\d.]+)$">
2871
+ <description>Kong Gateway</description>
2872
+ <example service.version="1.2.1">kong/1.2.1</example>
2873
+ <param pos="0" name="service.vendor" value="Kong"/>
2874
+ <param pos="0" name="service.family" value="Gateway"/>
2875
+ <param pos="0" name="service.product" value="Gateway"/>
2876
+ <param pos="1" name="service.version"/>
2877
+ </fingerprint>
2878
+
2879
+ <fingerprint pattern="^kong/([\d.-]+)-enterprise-edition$">
2880
+ <description>Kong Gateway - Enterprise Edition</description>
2881
+ <example service.version="0.30">kong/0.30-enterprise-edition</example>
2882
+ <example service.version="0.35-1">kong/0.35-1-enterprise-edition</example>
2883
+ <param pos="0" name="service.vendor" value="Kong"/>
2884
+ <param pos="0" name="service.family" value="Gateway"/>
2885
+ <param pos="0" name="service.product" value="Gateway"/>
2886
+ <param pos="1" name="service.version"/>
2887
+ </fingerprint>
2888
+
2411
2889
  <!-- Tridium previously had a product with the 'Niagra' spelling -->
2890
+
2412
2891
  <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
2413
2892
  <description>Tridium Niagara AX Framework</description>
2414
2893
  <example service.version="3.8.111">Niagara Web Server/3.8.111</example>
@@ -2417,6 +2896,7 @@
2417
2896
  <param pos="0" name="service.product" value="Niagara AX"/>
2418
2897
  <param pos="1" name="service.version"/>
2419
2898
  </fingerprint>
2899
+
2420
2900
  <fingerprint pattern="^Microsoft WinCE Fidelix v([\d.]+)$">
2421
2901
  <description>Fidelix Industrial Control Web Server</description>
2422
2902
  <example service.version="11.50.29">Microsoft WinCE Fidelix v11.50.29</example>
@@ -2431,12 +2911,14 @@
2431
2911
  <param pos="0" name="hw.vendor" value="Fidelix"/>
2432
2912
  <param pos="0" name="hw.device" value="Industrial Control"/>
2433
2913
  </fingerprint>
2914
+
2434
2915
  <fingerprint pattern="^chainpoint-node$">
2435
2916
  <description>Chainpoint Node</description>
2436
2917
  <example>chainpoint-node</example>
2437
2918
  <param pos="0" name="service.vendor" value="Chainpoint"/>
2438
2919
  <param pos="0" name="service.product" value="Node"/>
2439
2920
  </fingerprint>
2921
+
2440
2922
  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
2441
2923
  <description>AVM FRITZ! devices of various types</description>
2442
2924
  <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
@@ -2446,6 +2928,7 @@
2446
2928
  <param pos="3" name="os.version"/>
2447
2929
  <param pos="1" name="host.name"/>
2448
2930
  </fingerprint>
2931
+
2449
2932
  <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
2450
2933
  <description>Linux MiniUPnPd UPnP Server</description>
2451
2934
  <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
@@ -2458,6 +2941,7 @@
2458
2941
  <param pos="1" name="os.version"/>
2459
2942
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2460
2943
  </fingerprint>
2944
+
2461
2945
  <fingerprint pattern="^Tomato UPnP/\S+ MiniUPnPd/(\S+)$">
2462
2946
  <description>Tomato UPnP Server</description>
2463
2947
  <example>Tomato UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2466,6 +2950,7 @@
2466
2950
  <param pos="0" name="service.product" value="MiniUPnP"/>
2467
2951
  <param pos="1" name="service.version"/>
2468
2952
  </fingerprint>
2953
+
2469
2954
  <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/(\S+)$">
2470
2955
  <description>Asus WAP UPnP Server</description>
2471
2956
  <example>RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2475,6 +2960,7 @@
2475
2960
  <param pos="1" name="os.product"/>
2476
2961
  <param pos="0" name="os.device" value="WAP"/>
2477
2962
  </fingerprint>
2963
+
2478
2964
  <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2479
2965
  <description>DrayTek Vigor router UPnP Server</description>
2480
2966
  <example hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
@@ -2485,12 +2971,14 @@
2485
2971
  <param pos="1" name="hw.model"/>
2486
2972
  <param pos="0" name="hw.device" value="Router"/>
2487
2973
  </fingerprint>
2974
+
2488
2975
  <fingerprint pattern="(?i)Linux UPnP/\d\.\d Huawei-ATP-IGD$">
2489
2976
  <description>Huawei Echolife / Home Gateway (and possibly other) devices with UPnP</description>
2490
2977
  <example>Linux UPnP/1.0 Huawei-ATP-IGD</example>
2491
2978
  <param pos="0" name="hw.vendor" value="Huawei"/>
2492
2979
  <param pos="0" name="hw.device" value="Broadband router"/>
2493
2980
  </fingerprint>
2981
+
2494
2982
  <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/(\S+)$">
2495
2983
  <description>OpenWRT Kamikaze WAP UPnP Server</description>
2496
2984
  <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
@@ -2503,6 +2991,7 @@
2503
2991
  <param pos="0" name="os.product" value="Kamikaze"/>
2504
2992
  <param pos="0" name="os.device" value="WAP"/>
2505
2993
  </fingerprint>
2994
+
2506
2995
  <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/(\S+)$">
2507
2996
  <description>Netgear DG834G or WNDR3300 WAP UPnP Server</description>
2508
2997
  <example>Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
@@ -2511,6 +3000,7 @@
2511
3000
  <param pos="0" name="os.vendor" value="Netgear"/>
2512
3001
  <param pos="0" name="os.device" value="WAP"/>
2513
3002
  </fingerprint>
3003
+
2514
3004
  <fingerprint pattern="^[^/]+/(\S+) DLNADOC/\S+ UPnP/\S+ MiniDLNA/(\S+)$">
2515
3005
  <description>DLNADOC UPnP Server</description>
2516
3006
  <example>Debian/4.0r8 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0</example>
@@ -2523,6 +3013,7 @@
2523
3013
  <param pos="1" name="os.version"/>
2524
3014
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2525
3015
  </fingerprint>
3016
+
2526
3017
  <fingerprint pattern="(?i)^Debian\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2527
3018
  <description>miniupnpd on a Debian variant</description>
2528
3019
  <example os.version="wheezy/sid" service.version="1.8">Debian/wheezy/sid UPnP/1.1 MiniUPnPd/1.8</example>
@@ -2535,6 +3026,7 @@
2535
3026
  <param pos="1" name="os.version"/>
2536
3027
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
2537
3028
  </fingerprint>
3029
+
2538
3030
  <fingerprint pattern="(?i)^Fedora(?:Core)?\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2539
3031
  <description>miniupnpd on a Fedora variant</description>
2540
3032
  <example os.version="10" service.version="1.4">Fedora/10 UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2548,6 +3040,7 @@
2548
3040
  <param pos="1" name="os.version"/>
2549
3041
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
2550
3042
  </fingerprint>
3043
+
2551
3044
  <fingerprint pattern="(?i)^Ubuntu\/([\d\.]+) UPnP/\S+ MiniUPnPd/(\S+)$">
2552
3045
  <description>miniupnpd on an Ubuntu variant</description>
2553
3046
  <example os.version="10.04" service.version="1.0">Ubuntu/10.04 UPnP/1.0 miniupnpd/1.0</example>
@@ -2561,6 +3054,7 @@
2561
3054
  <param pos="1" name="os.version"/>
2562
3055
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
2563
3056
  </fingerprint>
3057
+
2564
3058
  <fingerprint pattern="(?i)^Ubuntu\/bionic UPnP/\S+ MiniUPnPd/(\S+)$">
2565
3059
  <description>miniupnpd on an Ubuntu bionic/18.04</description>
2566
3060
  <example os.version="18.04" service.version="1.4">Ubuntu/bionic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2571,6 +3065,7 @@
2571
3065
  <param pos="0" name="os.version" value="18.04"/>
2572
3066
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
2573
3067
  </fingerprint>
3068
+
2574
3069
  <fingerprint pattern="(?i)^Ubuntu\/yakkety UPnP/\S+ MiniUPnPd/(\S+)$">
2575
3070
  <description>miniupnpd on an Ubuntu yakkety/16.10</description>
2576
3071
  <example os.version="16.10" service.version="1.4">Ubuntu/yakkety UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2581,6 +3076,7 @@
2581
3076
  <param pos="0" name="os.version" value="16.10"/>
2582
3077
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.10"/>
2583
3078
  </fingerprint>
3079
+
2584
3080
  <fingerprint pattern="(?i)^Ubuntu\/xenial UPnP/\S+ MiniUPnPd/(\S+)$">
2585
3081
  <description>miniupnpd on an Ubuntu xenial/16.04</description>
2586
3082
  <example os.version="16.04" service.version="1.4">Ubuntu/xenial UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2591,6 +3087,7 @@
2591
3087
  <param pos="0" name="os.version" value="16.04"/>
2592
3088
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.04"/>
2593
3089
  </fingerprint>
3090
+
2594
3091
  <fingerprint pattern="(?i)^Ubuntu\/utopic UPnP/\S+ MiniUPnPd/(\S+)$">
2595
3092
  <description>miniupnpd on an Ubuntu utopic/14.10</description>
2596
3093
  <example os.version="14.10" service.version="1.4">Ubuntu/utopic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2601,6 +3098,7 @@
2601
3098
  <param pos="0" name="os.version" value="14.10"/>
2602
3099
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
2603
3100
  </fingerprint>
3101
+
2604
3102
  <fingerprint pattern="(?i)^Ubuntu\/trusty UPnP/\S+ MiniUPnPd/(\S+)$">
2605
3103
  <description>miniupnpd on an Ubuntu trusty/14.04</description>
2606
3104
  <example os.version="14.04" service.version="1.4">Ubuntu/trusty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2611,6 +3109,7 @@
2611
3109
  <param pos="0" name="os.version" value="14.04"/>
2612
3110
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.04"/>
2613
3111
  </fingerprint>
3112
+
2614
3113
  <fingerprint pattern="(?i)^Ubuntu\/saucy UPnP/\S+ MiniUPnPd/(\S+)$">
2615
3114
  <description>miniupnpd on an Ubuntu saucy/13.10</description>
2616
3115
  <example os.version="13.10" service.version="1.4">Ubuntu/saucy UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2621,6 +3120,7 @@
2621
3120
  <param pos="0" name="os.version" value="13.10"/>
2622
3121
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.10"/>
2623
3122
  </fingerprint>
3123
+
2624
3124
  <fingerprint pattern="(?i)^Ubuntu\/raring UPnP/\S+ MiniUPnPd/(\S+)$">
2625
3125
  <description>miniupnpd on an Ubuntu raring/13.04</description>
2626
3126
  <example os.version="13.04" service.version="1.4">Ubuntu/raring UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2631,6 +3131,7 @@
2631
3131
  <param pos="0" name="os.version" value="13.04"/>
2632
3132
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
2633
3133
  </fingerprint>
3134
+
2634
3135
  <fingerprint pattern="(?i)^Ubuntu\/quantal UPnP/\S+ MiniUPnPd/(\S+)$">
2635
3136
  <description>miniupnpd on an Ubuntu quantal/12.10</description>
2636
3137
  <example os.version="12.10" service.version="1.4">Ubuntu/quantal UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2641,6 +3142,7 @@
2641
3142
  <param pos="0" name="os.version" value="12.10"/>
2642
3143
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.10"/>
2643
3144
  </fingerprint>
3145
+
2644
3146
  <fingerprint pattern="(?i)^Ubuntu\/precise UPnP/\S+ MiniUPnPd/(\S+)$">
2645
3147
  <description>miniupnpd on an Ubuntu precise/12.04</description>
2646
3148
  <example os.version="12.04" service.version="1.4">Ubuntu/precise UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2651,6 +3153,7 @@
2651
3153
  <param pos="0" name="os.version" value="12.04"/>
2652
3154
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.04"/>
2653
3155
  </fingerprint>
3156
+
2654
3157
  <fingerprint pattern="(?i)^Ubuntu\/oneiric UPnP/\S+ MiniUPnPd/(\S+)$">
2655
3158
  <description>miniupnpd on an Ubuntu oneiric/11.10</description>
2656
3159
  <example os.version="11.10" service.version="1.4">Ubuntu/oneiric UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2661,6 +3164,7 @@
2661
3164
  <param pos="0" name="os.version" value="11.10"/>
2662
3165
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.10"/>
2663
3166
  </fingerprint>
3167
+
2664
3168
  <fingerprint pattern="(?i)^Ubuntu\/natty UPnP/\S+ MiniUPnPd/(\S+)$">
2665
3169
  <description>miniupnpd on an Ubuntu natty/11.04</description>
2666
3170
  <example os.version="11.04" service.version="1.4">Ubuntu/natty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2671,6 +3175,7 @@
2671
3175
  <param pos="0" name="os.version" value="11.04"/>
2672
3176
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.04"/>
2673
3177
  </fingerprint>
3178
+
2674
3179
  <fingerprint pattern="(?i)^Ubuntu\/maverick UPnP/\S+ MiniUPnPd/(\S+)$">
2675
3180
  <description>miniupnpd on an Ubuntu maverick/10.10</description>
2676
3181
  <example os.version="10.10" service.version="1.4">Ubuntu/maverick UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2681,6 +3186,7 @@
2681
3186
  <param pos="0" name="os.version" value="10.10"/>
2682
3187
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.10"/>
2683
3188
  </fingerprint>
3189
+
2684
3190
  <fingerprint pattern="(?i)^Ubuntu\/lucid UPnP/\S+ MiniUPnPd/(\S+)$">
2685
3191
  <description>miniupnpd on an Ubuntu lucid/10.04</description>
2686
3192
  <example os.version="10.04" service.version="1.4">Ubuntu/lucid UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2691,6 +3197,7 @@
2691
3197
  <param pos="0" name="os.version" value="10.04"/>
2692
3198
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
2693
3199
  </fingerprint>
3200
+
2694
3201
  <fingerprint pattern="(?i)^Ubuntu\/karmic UPnP/\S+ MiniUPnPd/(\S+)$">
2695
3202
  <description>miniupnpd on an Ubuntu karmic/9.10</description>
2696
3203
  <example os.version="9.10" service.version="1.4">Ubuntu/karmic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2701,6 +3208,7 @@
2701
3208
  <param pos="0" name="os.version" value="9.10"/>
2702
3209
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.10"/>
2703
3210
  </fingerprint>
3211
+
2704
3212
  <fingerprint pattern="(?i)^Ubuntu\/jaunty UPnP/\S+ MiniUPnPd/(\S+)$">
2705
3213
  <description>miniupnpd on an Ubuntu jaunty/9.04</description>
2706
3214
  <example os.version="9.04" service.version="1.4">Ubuntu/jaunty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2711,6 +3219,7 @@
2711
3219
  <param pos="0" name="os.version" value="9.04"/>
2712
3220
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.04"/>
2713
3221
  </fingerprint>
3222
+
2714
3223
  <fingerprint pattern="(?i)^Ubuntu\/hardy UPnP/\S+ MiniUPnPd/(\S+)$">
2715
3224
  <description>miniupnpd on an Ubuntu hardy/8.04</description>
2716
3225
  <example os.version="8.04" service.version="1.4">Ubuntu/hardy UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2721,6 +3230,7 @@
2721
3230
  <param pos="0" name="os.version" value="8.04"/>
2722
3231
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:8.04"/>
2723
3232
  </fingerprint>
3233
+
2724
3234
  <fingerprint pattern="(?i)^Linux Mips (\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2725
3235
  <description>Linux MIPS UPnP Server</description>
2726
3236
  <example>Linux Mips 2.4.20 UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2731,16 +3241,18 @@
2731
3241
  <param pos="1" name="os.version"/>
2732
3242
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2733
3243
  </fingerprint>
3244
+
2734
3245
  <fingerprint pattern="(?i)^SmoothWall Express/(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2735
3246
  <description>Smoothwall Express UPnP Server</description>
2736
3247
  <example os.version="3.0" service.version="1.0">SmoothWall Express/3.0 UPnP/1.0 miniupnpd/1.0</example>
2737
- <param pos="0" name="os.vendor" value="Smoothwall"/>
2738
- <param pos="0" name="os.product" value="Smoothwall"/>
3248
+ <param pos="0" name="os.vendor" value="SmoothWall"/>
3249
+ <param pos="0" name="os.product" value="SmoothWall"/>
2739
3250
  <param pos="1" name="os.version"/>
2740
3251
  <param pos="0" name="os.cpe23" value="cpe:/o:smoothwall:smoothwall:{os.version}"/>
2741
3252
  <param pos="0" name="service.product" value="MiniUPnP"/>
2742
3253
  <param pos="2" name="service.version"/>
2743
3254
  </fingerprint>
3255
+
2744
3256
  <fingerprint pattern="^(\S+) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
2745
3257
  <description>TVersity Media Server UPnP Server with Service Pack</description>
2746
3258
  <example>5.2.3790 2/Service Pack 1, UPnP/1.0, TVersity Media Server</example>
@@ -2749,6 +3261,7 @@
2749
3261
  <param pos="0" name="service.product" value="Media Server"/>
2750
3262
  <param pos="1" name="service.version"/>
2751
3263
  </fingerprint>
3264
+
2752
3265
  <fingerprint pattern="^(\S+) 2/, UPnP/\S+, TVersity Media Server$">
2753
3266
  <description>TVersity Media Server UPnP Server</description>
2754
3267
  <example>6.2.8400 2/, UPnP/1.0, TVersity Media Server</example>
@@ -2759,6 +3272,7 @@
2759
3272
  <param pos="0" name="service.product" value="Media Server"/>
2760
3273
  <param pos="1" name="service.version"/>
2761
3274
  </fingerprint>
3275
+
2762
3276
  <fingerprint pattern="^LINUX/([\d\.]+) UPnP/[\d\.]+ BRCM400/([\d\.]+)$">
2763
3277
  <description>Belkin/Linksys BRCM400 Wireless Router UPnP Server</description>
2764
3278
  <example>LINUX/2.4 UPnP/1.0 BRCM400/1.0</example>
@@ -2770,6 +3284,7 @@
2770
3284
  <param pos="1" name="os.version"/>
2771
3285
  <param pos="0" name="os.device" value="Router"/>
2772
3286
  </fingerprint>
3287
+
2773
3288
  <fingerprint pattern="^Linux-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2774
3289
  <description>PlayStation3 Media Server UPnP Server - linux</description>
2775
3290
  <example>Linux-amd64-2.6.18-238.9.1.el5, UPnP/1.0, PMS/1.52.1</example>
@@ -2782,6 +3297,7 @@
2782
3297
  <param pos="1" name="os.version"/>
2783
3298
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2784
3299
  </fingerprint>
3300
+
2785
3301
  <fingerprint pattern="^Windows_XP-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2786
3302
  <description>PlayStation3 Media Server UPnP Server - Windows XP</description>
2787
3303
  <example>Windows_XP-amd64-5.2, UPnP/1.0, PMS/1.54.0</example>
@@ -2794,6 +3310,7 @@
2794
3310
  <param pos="1" name="os.version"/>
2795
3311
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
2796
3312
  </fingerprint>
3313
+
2797
3314
  <fingerprint pattern="^Windows_7-x86-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2798
3315
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86</description>
2799
3316
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
@@ -2823,6 +3340,7 @@
2823
3340
  <param pos="1" name="os.version"/>
2824
3341
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2825
3342
  </fingerprint>
3343
+
2826
3344
  <fingerprint pattern="^Windows_7-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2827
3345
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86_64</description>
2828
3346
  <param pos="0" name="service.vendor" value="Sony"/>
@@ -2833,6 +3351,7 @@
2833
3351
  <param pos="1" name="os.version"/>
2834
3352
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2835
3353
  </fingerprint>
3354
+
2836
3355
  <fingerprint pattern="^Microsoft-Windows/6.2 UPnP/(?:\S+) UPnP-Device-Host/(?:\S+)$">
2837
3356
  <description>Windows 8 or Windows Server 2012 with unknown UPnP components</description>
2838
3357
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -2840,6 +3359,7 @@
2840
3359
  <param pos="0" name="os.certainty" value="0.65"/>
2841
3360
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_8:-"/>
2842
3361
  </fingerprint>
3362
+
2843
3363
  <fingerprint pattern="^Mac_OS_X-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2844
3364
  <description>PlayStation3 Media Server UPnP Server - macOS x86_64</description>
2845
3365
  <example>Mac_OS_X-x86_64-10.5.8, UPnP/1.0, PMS/1.20</example>
@@ -2851,6 +3371,7 @@
2851
3371
  <param pos="1" name="os.version"/>
2852
3372
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2853
3373
  </fingerprint>
3374
+
2854
3375
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/ReadyNAS$">
2855
3376
  <description>Free UPnP Entertainment Service UPnP Server - Linux on ReadyNAS</description>
2856
3377
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2863,6 +3384,7 @@
2863
3384
  <param pos="0" name="hw.family" value="ReadyNAS"/>
2864
3385
  <param pos="0" name="hw.product" value="ReadyNAS"/>
2865
3386
  </fingerprint>
3387
+
2866
3388
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2867
3389
  <description>Free UPnP Entertainment Service UPnP Server - Linux</description>
2868
3390
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2871,6 +3393,7 @@
2871
3393
  <param pos="1" name="os.version"/>
2872
3394
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2873
3395
  </fingerprint>
3396
+
2874
3397
  <fingerprint pattern="^FreeBSD/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2875
3398
  <description>Free UPnP Entertainment Service UPnP Server - FreeBSD</description>
2876
3399
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2879,6 +3402,7 @@
2879
3402
  <param pos="1" name="os.version"/>
2880
3403
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
2881
3404
  </fingerprint>
3405
+
2882
3406
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipUPnP/([\d\.]+)$">
2883
3407
  <description>D-Link WAP Dynamic DNS UPnP Server</description>
2884
3408
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2889,6 +3413,7 @@
2889
3413
  <param pos="1" name="os.version"/>
2890
3414
  <param pos="0" name="os.device" value="WAP"/>
2891
3415
  </fingerprint>
3416
+
2892
3417
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipGENADevice/([\d\.]+)$">
2893
3418
  <description>D-Link DGL-4300 Gaming Router UPnP Server</description>
2894
3419
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2899,11 +3424,25 @@
2899
3424
  <param pos="1" name="os.version"/>
2900
3425
  <param pos="0" name="os.device" value="Router"/>
2901
3426
  </fingerprint>
3427
+
3428
+ <fingerprint pattern="Linux, STUNNEL/1.0, (DIR-8\d+\w*) Ver (\S+)$">
3429
+ <description>D-Link DIR-8XX Router</description>
3430
+ <example hw.product="DIR-850L">Linux, STUNNEL/1.0, DIR-850L Ver 1.09</example>
3431
+ <example os.version="2.00W">Linux, STUNNEL/1.0, DIR-820LW Ver 2.00W</example>
3432
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3433
+ <param pos="1" name="hw.product"/>
3434
+ <param pos="0" name="hw.device" value="Router"/>
3435
+ <param pos="0" name="os.vendor" value="D-Link"/>
3436
+ <param pos="2" name="os.version"/>
3437
+ <param pos="0" name="os.device" value="Router"/>
3438
+ </fingerprint>
3439
+
2902
3440
  <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
2903
3441
  <description>D-Link generic</description>
2904
3442
  <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
2905
3443
  <param pos="0" name="hw.vendor" value="D-Link"/>
2906
3444
  </fingerprint>
3445
+
2907
3446
  <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
2908
3447
  <description>TP-Link WAP UPnP Server</description>
2909
3448
  <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -2915,14 +3454,72 @@
2915
3454
  <example>ipos/7.0 UPnP/1.0 TL-WR741N/1.0/2.0</example>
2916
3455
  <example>ipos/7.0 UPnP/1.0 TL-WR740N/1.0/2.0</example>
2917
3456
  <example>ipos/7.0 UPnP/1.0 TL-WR941N/2.0</example>
2918
- <param pos="0" name="service.vendor" value="TP-Link"/>
3457
+ <param pos="0" name="service.vendor" value="TP-LINK"/>
2919
3458
  <param pos="2" name="service.product"/>
2920
3459
  <param pos="3" name="service.version"/>
2921
- <param pos="0" name="os.vendor" value="TP-Link"/>
3460
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
2922
3461
  <param pos="0" name="os.product" value="ipOS"/>
2923
3462
  <param pos="1" name="os.version"/>
2924
3463
  <param pos="0" name="os.device" value="WAP"/>
2925
3464
  </fingerprint>
3465
+
3466
+ <fingerprint pattern="^Linux/(\S+\_eureka_1), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3467
+ <description>Siqura Video Encoder</description>
3468
+ <example>Linux/2.6.37_eureka_1, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3469
+ <param pos="0" name="hw.vendor" value="Siqura"/>
3470
+ <param pos="0" name="hw.device" value="Video Encoder"/>
3471
+ <param pos="0" name="os.vendor" value="Siqura"/>
3472
+ <param pos="0" name="os.family" value="Linux"/>
3473
+ <param pos="0" name="os.product" value="Linux"/>
3474
+ <param pos="1" name="os.version"/>
3475
+ <param pos="0" name="service.product" value="libupnp"/>
3476
+ <param pos="2" name="service.version"/>
3477
+ </fingerprint>
3478
+
3479
+ <fingerprint pattern="^Linux/(\S+\-Mozart-8G), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3480
+ <description>Steinsvik Orbit IP Camera (Truen TCAM Rebrand)</description>
3481
+ <example>Linux/2.6.28.9-Mozart-8G, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3482
+ <param pos="0" name="hw.vendor" value="Steinsvik"/>
3483
+ <param pos="0" name="hw.device" value="Web cam"/>
3484
+ <param pos="0" name="hw.product" value="Orbit IP Camera"/>
3485
+ <param pos="0" name="os.vendor" value="Steinsvik"/>
3486
+ <param pos="0" name="os.family" value="Linux"/>
3487
+ <param pos="0" name="os.product" value="Linux"/>
3488
+ <param pos="1" name="os.version"/>
3489
+ <param pos="0" name="service.product" value="libupnp"/>
3490
+ <param pos="2" name="service.version"/>
3491
+ </fingerprint>
3492
+
3493
+ <fingerprint pattern="^Linux/(\S+\-ami), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3494
+ <description>AMI MegaRAC LOM UPnP</description>
3495
+ <example>Linux/3.14.17-ami, UPnP/1.0, Portable SDK for UPnP devices/1.6.20</example>
3496
+ <param pos="0" name="hw.device" value="Lights Out Management"/>
3497
+ <param pos="0" name="hw.vendor" value="AMI"/>
3498
+ <param pos="0" name="hw.family" value="MegaRAC"/>
3499
+ <param pos="0" name="hw.product" value="MegaRAC"/>
3500
+ <param pos="0" name="os.device" value="Lights Out Management"/>
3501
+ <param pos="0" name="os.vendor" value="AMI"/>
3502
+ <param pos="0" name="os.family" value="Linux"/>
3503
+ <param pos="0" name="os.product" value="Linux"/>
3504
+ <param pos="1" name="os.version"/>
3505
+ <param pos="0" name="service.product" value="libupnp"/>
3506
+ <param pos="2" name="service.version"/>
3507
+ </fingerprint>
3508
+
3509
+ <fingerprint pattern="^Linux/(\S+\-axis[^,]+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3510
+ <description>Axis Network Camera</description>
3511
+ <example>Linux/4.9.94-axis5, UPnP/1.0, Portable SDK for UPnP devices/1.6.22</example>
3512
+ <param pos="0" name="hw.vendor" value="AXIS"/>
3513
+ <param pos="0" name="hw.device" value="Web cam"/>
3514
+ <param pos="0" name="os.vendor" value="AXIS"/>
3515
+ <param pos="0" name="os.device" value="Web cam"/>
3516
+ <param pos="0" name="os.family" value="Linux"/>
3517
+ <param pos="0" name="os.product" value="Linux"/>
3518
+ <param pos="1" name="os.version"/>
3519
+ <param pos="0" name="service.product" value="libupnp"/>
3520
+ <param pos="2" name="service.version"/>
3521
+ </fingerprint>
3522
+
2926
3523
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2927
3524
  <description>Portable SDK for UPnP Server - Linux</description>
2928
3525
  <example>Linux/2.4.20-46.7asp, UPnP/1.0, Portable SDK for UPnP devices/1.6.17</example>
@@ -2949,6 +3546,7 @@
2949
3546
  <param pos="1" name="os.version"/>
2950
3547
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2951
3548
  </fingerprint>
3549
+
2952
3550
  <fingerprint pattern="^Linux/(\S+) UPnP/[\d\.]+ DLNADOC/[\d\.]+ Portable SDK for UPnP devices/(\S+)$">
2953
3551
  <description>DLNADOC Portable SDK for UPnP Server - Linux DNLADOC variant</description>
2954
3552
  <example>Linux/3.0.8 UPnP/1.0 DLNADOC/1.50 Portable SDK for UPnP devices/1.6.6</example>
@@ -2960,6 +3558,7 @@
2960
3558
  <param pos="1" name="os.version"/>
2961
3559
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2962
3560
  </fingerprint>
3561
+
2963
3562
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
2964
3563
  <description>Intel SDK for UPnP Server with verbose banner</description>
2965
3564
  <example>Linux/2.6.10_dev-malta-mips2_fp_le, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
@@ -2971,12 +3570,14 @@
2971
3570
  <param pos="1" name="os.version"/>
2972
3571
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2973
3572
  </fingerprint>
3573
+
2974
3574
  <fingerprint pattern="^Linux, UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
2975
3575
  <description>Intel SDK for UPnP Server</description>
2976
3576
  <example>Linux, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
2977
3577
  <param pos="0" name="service.product" value="libupnp"/>
2978
3578
  <param pos="1" name="service.version"/>
2979
3579
  </fingerprint>
3580
+
2980
3581
  <fingerprint pattern="^Darwin/(\S+), UPnP/\S+, Portable SDK for UPnP devices/(\S+)$">
2981
3582
  <description>Portable SDK for UPnP Server - macOS</description>
2982
3583
  <example service.version="1.6.6" os.version="10.2.0">Darwin/10.2.0, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
@@ -2987,6 +3588,7 @@
2987
3588
  <param pos="1" name="os.version"/>
2988
3589
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2989
3590
  </fingerprint>
3591
+
2990
3592
  <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
2991
3593
  <description>Loxone Miniserver Smart Home</description>
2992
3594
  <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
@@ -2995,6 +3597,7 @@
2995
3597
  <param pos="0" name="hw.device" value="Building Automation"/>
2996
3598
  <param pos="1" name="host.name"/>
2997
3599
  </fingerprint>
3600
+
2998
3601
  <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
2999
3602
  <description>MikroTik RouterOS</description>
3000
3603
  <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
@@ -3005,6 +3608,7 @@
3005
3608
  <param pos="1" name="os.version"/>
3006
3609
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
3007
3610
  </fingerprint>
3611
+
3008
3612
  <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
3009
3613
  <description>Roku with a version</description>
3010
3614
  <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
@@ -3013,6 +3617,16 @@
3013
3617
  <param pos="0" name="hw.device" value="Media Server"/>
3014
3618
  <param pos="1" name="hw.version"/>
3015
3619
  </fingerprint>
3620
+
3621
+ <fingerprint pattern="^Roku/(\S+) UPnP/\S+ Roku/\S+$">
3622
+ <description>Roku with double versions</description>
3623
+ <example hw.version="9.2.0">Roku/9.2.0 UPnP/1.0 Roku/9.2.0</example>
3624
+ <param pos="0" name="hw.vendor" value="Roku"/>
3625
+ <param pos="0" name="hw.product" value="Roku"/>
3626
+ <param pos="0" name="hw.device" value="Media Server"/>
3627
+ <param pos="1" name="hw.version"/>
3628
+ </fingerprint>
3629
+
3016
3630
  <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
3017
3631
  <description>Roku without a version</description>
3018
3632
  <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
@@ -3020,6 +3634,7 @@
3020
3634
  <param pos="0" name="hw.product" value="Roku"/>
3021
3635
  <param pos="0" name="hw.device" value="Media Server"/>
3022
3636
  </fingerprint>
3637
+
3023
3638
  <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
3024
3639
  <description>Xbox Media Center UPnP Server</description>
3025
3640
  <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -3030,6 +3645,7 @@
3030
3645
  <param pos="0" name="service.product" value="XBMC"/>
3031
3646
  <param pos="1" name="service.version"/>
3032
3647
  </fingerprint>
3648
+
3033
3649
  <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
3034
3650
  <description>Synology DiskStation NAS with IP</description>
3035
3651
  <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
@@ -3042,6 +3658,7 @@
3042
3658
  <param pos="0" name="os.vendor" value="Synology"/>
3043
3659
  <param pos="1" name="host.ip"/>
3044
3660
  </fingerprint>
3661
+
3045
3662
  <fingerprint pattern="Synology/DSM/(\S+)$">
3046
3663
  <description>Synology DiskStation NAS with hostname</description>
3047
3664
  <example host.name="stuff">Synology/DSM/stuff</example>
@@ -3050,4 +3667,185 @@
3050
3667
  <param pos="0" name="hw.device" value="NAS"/>
3051
3668
  <param pos="1" name="host.name"/>
3052
3669
  </fingerprint>
3053
- </fingerprints>
3670
+
3671
+ <fingerprint pattern="^NetData Embedded HTTP Server v([a-zA-Z0-9\-\.]+)$">
3672
+ <description>NetData Embedded HTTP Server</description>
3673
+ <example service.version="1.16.1-146-g2f5e36ef">NetData Embedded HTTP Server v1.16.1-146-g2f5e36ef</example>
3674
+ <param pos="0" name="service.vendor" value="NetData"/>
3675
+ <param pos="0" name="service.product" value="NetData"/>
3676
+ <param pos="1" name="service.version"/>
3677
+ <param pos="0" name="service.cpe23" value="cpe:/a:netdata:netdata:{service.version}"/>
3678
+ </fingerprint>
3679
+
3680
+ <fingerprint pattern="^Solstice 2\.0+$">
3681
+ <description>SolsticePod</description>
3682
+ <example>Solstice 2.0</example>
3683
+ <param pos="0" name="hw.vendor" value="Mersive"/>
3684
+ <param pos="0" name="hw.device" value="Wireless Presenter"/>
3685
+ <param pos="0" name="hw.product" value="SolsticePod"/>
3686
+ </fingerprint>
3687
+
3688
+ <fingerprint pattern="^MLC ([^\/]+)/([\d\.]+)$">
3689
+ <description>Extron MediaLink Controller HTTP Server</description>
3690
+ <example extron.model="104 IP PLUS" hw.version="1.03">MLC 104 IP PLUS/1.03</example>
3691
+ <param pos="0" name="hw.vendor" value="Extron"/>
3692
+ <param pos="0" name="hw.device" value="Display Controller"/>
3693
+ <param pos="0" name="hw.product" value="{extron.model} MediaLink Controller"/>
3694
+ <param pos="0" name="os.vendor" value="Extron"/>
3695
+ <param pos="0" name="os.family" value="Linux"/>
3696
+ <param pos="1" name="extron.model"/>
3697
+ <param pos="2" name="hw.version"/>
3698
+ </fingerprint>
3699
+
3700
+ <fingerprint pattern="^Jetty \(Bluecat Networks\)$">
3701
+ <description>BlueCat Appliance</description>
3702
+ <example>Jetty (Bluecat Networks)</example>
3703
+ <param pos="0" name="hw.vendor" value="BlueCat"/>
3704
+ <param pos="0" name="hw.device" value="Network Appliance"/>
3705
+ </fingerprint>
3706
+
3707
+ <fingerprint pattern="^Crestron Webserver$">
3708
+ <description>Crestron Video Conferencing</description>
3709
+ <example>Crestron Webserver</example>
3710
+ <param pos="0" name="hw.vendor" value="Crestron"/>
3711
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
3712
+ <param pos="0" name="os.vendor" value="Crestron"/>
3713
+ <param pos="0" name="os.family" value="Linux"/>
3714
+ <param pos="0" name="os.device" value="Video Conferencing"/>
3715
+ </fingerprint>
3716
+
3717
+ <fingerprint pattern="^OPNsense$">
3718
+ <description>OPNsense Firewall</description>
3719
+ <example>OPNsense</example>
3720
+ <param pos="0" name="hw.vendor" value="OPNsense"/>
3721
+ <param pos="0" name="hw.device" value="Firewall"/>
3722
+ <param pos="0" name="hw.product" value="Firewall"/>
3723
+ <param pos="0" name="os.vendor" value="OPNsense"/>
3724
+ <param pos="0" name="os.product" value="FreeBSD"/>
3725
+ </fingerprint>
3726
+
3727
+ <fingerprint pattern="^ELAN Controller$">
3728
+ <description>ELAN Smart Home Controller</description>
3729
+ <example>ELAN Controller</example>
3730
+ <param pos="0" name="hw.vendor" value="ELAN"/>
3731
+ <param pos="0" name="hw.device" value="Building Automation"/>
3732
+ <param pos="0" name="hw.product" value="Home Controller"/>
3733
+ <param pos="0" name="os.vendor" value="ELAN"/>
3734
+ <param pos="0" name="os.family" value="Linux"/>
3735
+ </fingerprint>
3736
+
3737
+ <fingerprint pattern="^STR_SettingServer$">
3738
+ <description>Sony STR AV Receiver</description>
3739
+ <example>STR_SettingServer</example>
3740
+ <param pos="0" name="hw.vendor" value="Sony"/>
3741
+ <param pos="0" name="hw.device" value="Media Server"/>
3742
+ <param pos="0" name="hw.product" value="AV Receiver"/>
3743
+ </fingerprint>
3744
+
3745
+ <fingerprint pattern="^AV_Receiver/([\d\.]+) \(([^\)]+)\)$">
3746
+ <description>Yamaha AV Receiver</description>
3747
+ <example hw.version="3.1" hw.product="RX-V675">AV_Receiver/3.1 (RX-V675)</example>
3748
+ <param pos="0" name="hw.vendor" value="Yamaha"/>
3749
+ <param pos="0" name="hw.device" value="AV Receiver"/>
3750
+ <param pos="1" name="hw.version"/>
3751
+ <param pos="2" name="hw.product"/>
3752
+ </fingerprint>
3753
+
3754
+ <fingerprint pattern="^MWS 0.01$">
3755
+ <description>ANNKE IP Camera</description>
3756
+ <example>MWS 0.01</example>
3757
+ <param pos="0" name="hw.vendor" value="ANNKE"/>
3758
+ <param pos="0" name="hw.device" value="Web cam"/>
3759
+ <param pos="0" name="hw.product" value="IP Camera"/>
3760
+ </fingerprint>
3761
+
3762
+ <fingerprint pattern="^Icecast (\S+)$">
3763
+ <description>Icecast Streaming Media server</description>
3764
+ <example service.version="2.4.3">Icecast 2.4.3</example>
3765
+ <example service.version="2.4.0-kh13">Icecast 2.4.0-kh13</example>
3766
+ <param pos="0" name="service.vendor" value="Xiph"/>
3767
+ <param pos="0" name="service.product" value="Icecast"/>
3768
+ <param pos="1" name="service.version"/>
3769
+ <param pos="0" name="service.cpe23" value="cpe:/a:xiph:icecast:{service.version}"/>
3770
+ </fingerprint>
3771
+
3772
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) CE$">
3773
+ <description>Couchbase Sync Gateway Community Edition</description>
3774
+ <example service.version="2.5.0">Couchbase Sync Gateway/2.5.0 CE</example>
3775
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3776
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3777
+ <param pos="0" name="service.edition" value="Community Edition"/>
3778
+ <param pos="1" name="service.version"/>
3779
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3780
+ </fingerprint>
3781
+
3782
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) EE$">
3783
+ <description>Couchbase Sync Gateway Enterprise Edition</description>
3784
+ <example service.version="2.7.1">Couchbase Sync Gateway/2.7.1 EE</example>
3785
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3786
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3787
+ <param pos="0" name="service.edition" value="Enterprise Edition"/>
3788
+ <param pos="1" name="service.version"/>
3789
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3790
+ </fingerprint>
3791
+
3792
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+)$">
3793
+ <description>Couchbase Sync Gateway</description>
3794
+ <example service.version="1.3.0">Couchbase Sync Gateway/1.3.0</example>
3795
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3796
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3797
+ <param pos="1" name="service.version"/>
3798
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3799
+ </fingerprint>
3800
+
3801
+ <fingerprint pattern="^Couchbase Server$">
3802
+ <description>Couchbase Server without version</description>
3803
+ <example>Couchbase Server</example>
3804
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3805
+ <param pos="0" name="service.product" value="Couchbase Server"/>
3806
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:couchbase_server:-"/>
3807
+ </fingerprint>
3808
+
3809
+ <fingerprint pattern="^Kestrel$">
3810
+ <description>Kestrel web server implementation in ASP.NET core</description>
3811
+ <example>Kestrel</example>
3812
+ <param pos="0" name="service.vendor" value="Microsoft"/>
3813
+ <param pos="0" name="service.product" value="Kestrel web server"/>
3814
+ </fingerprint>
3815
+
3816
+ <fingerprint pattern="^stgw/([\d.]+)_([\d.]+)$">
3817
+ <description>Tencent Secure Tencent Gateway</description>
3818
+ <example service.version="1.3.12.9" service.component.version="1.13.5">stgw/1.3.12.9_1.13.5</example>
3819
+ <param pos="0" name="service.vendor" value="Tencent"/>
3820
+ <param pos="0" name="service.product" value="Secure Tencent Gateway"/>
3821
+ <param pos="1" name="service.version"/>
3822
+ <param pos="2" name="service.component.version"/>
3823
+ </fingerprint>
3824
+
3825
+ <fingerprint pattern="^axhttpd/([\d.]+)$">
3826
+ <description>axTLS Project axTLS web server</description>
3827
+ <example service.version="1.5.3">axhttpd/1.5.3</example>
3828
+ <param pos="0" name="service.vendor" value="axTLS Project"/>
3829
+ <param pos="0" name="service.product" value="axTLS"/>
3830
+ <param pos="1" name="service.version"/>
3831
+ <param pos="0" name="service.cpe23" value="cpe:/a:axtls_project:axtls:{service.version}"/>
3832
+ </fingerprint>
3833
+
3834
+ <fingerprint pattern="^tinyproxy/([\d.]+)$">
3835
+ <description>TinyProxy Project tinyproxy</description>
3836
+ <example service.version="1.8.2">tinyproxy/1.8.2</example>
3837
+ <param pos="0" name="service.vendor" value="Tinyproxy Project"/>
3838
+ <param pos="0" name="service.product" value="Tinyproxy"/>
3839
+ <param pos="1" name="service.version"/>
3840
+ <param pos="0" name="service.cpe23" value="cpe:/a:tinyproxy_project:tinyproxy:{service.version}"/>
3841
+ </fingerprint>
3842
+
3843
+ <fingerprint pattern="^Xfinity Broadband Router Server$">
3844
+ <description>Comcast Xfinity Broadband Router Server</description>
3845
+ <example>Xfinity Broadband Router Server</example>
3846
+ <param pos="0" name="hw.vendor" value="Comcast"/>
3847
+ <param pos="0" name="hw.product" value="Xfinity Broadband Router"/>
3848
+ <param pos="0" name="hw.device" value="Broadband router"/>
3849
+ </fingerprint>
3850
+
3851
+ </fingerprints>