recog 2.3.5 → 2.3.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (86) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +17 -5
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +7 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +34 -29
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +21 -0
  12. data/features/data/successful_tests.xml +1 -1
  13. data/features/data/tests_with_warnings.xml +1 -1
  14. data/features/match.feature +4 -0
  15. data/features/support/aruba.rb +3 -0
  16. data/features/verify.feature +8 -4
  17. data/identifiers/README.md +56 -0
  18. data/identifiers/hw_device.txt +77 -0
  19. data/identifiers/hw_family.txt +96 -0
  20. data/identifiers/hw_product.txt +328 -0
  21. data/identifiers/os_architecture.txt +20 -0
  22. data/identifiers/os_device.txt +94 -0
  23. data/identifiers/os_family.txt +325 -0
  24. data/identifiers/os_product.txt +420 -0
  25. data/identifiers/service_family.txt +272 -0
  26. data/identifiers/service_product.txt +556 -0
  27. data/identifiers/software_class.txt +26 -0
  28. data/identifiers/software_family.txt +91 -0
  29. data/identifiers/software_product.txt +333 -0
  30. data/identifiers/vendor.txt +890 -0
  31. data/lib/recog/fingerprint.rb +46 -0
  32. data/lib/recog/version.rb +1 -1
  33. data/requirements.txt +1 -1
  34. data/spec/data/verification_fingerprints.xml +86 -0
  35. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  36. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  37. data/spec/lib/recog/fingerprint_spec.rb +89 -0
  38. data/update_cpes.py +1 -1
  39. data/xml/apache_modules.xml +292 -5
  40. data/xml/apache_os.xml +50 -2
  41. data/xml/architecture.xml +19 -7
  42. data/xml/dns_versionbind.xml +113 -11
  43. data/xml/favicons.xml +1700 -0
  44. data/xml/ftp_banners.xml +287 -15
  45. data/xml/h323_callresp.xml +112 -12
  46. data/xml/hp_pjl_id.xml +47 -5
  47. data/xml/html_title.xml +2371 -17
  48. data/xml/http_cookies.xml +82 -7
  49. data/xml/http_servers.xml +839 -41
  50. data/xml/http_wwwauth.xml +154 -27
  51. data/xml/imap_banners.xml +19 -13
  52. data/xml/ldap_searchresult.xml +81 -9
  53. data/xml/mdns_device-info_txt.xml +194 -17
  54. data/xml/mdns_workstation_txt.xml +4 -2
  55. data/xml/mysql_banners.xml +554 -45
  56. data/xml/mysql_error.xml +113 -6
  57. data/xml/nntp_banners.xml +10 -2
  58. data/xml/ntp_banners.xml +95 -11
  59. data/xml/operating_system.xml +90 -3
  60. data/xml/pop_banners.xml +30 -31
  61. data/xml/rsh_resp.xml +11 -2
  62. data/xml/rtsp_servers.xml +96 -0
  63. data/xml/sip_banners.xml +192 -17
  64. data/xml/sip_user_agents.xml +69 -3
  65. data/xml/smb_native_lm.xml +10 -2
  66. data/xml/smb_native_os.xml +80 -2
  67. data/xml/smtp_banners.xml +166 -9
  68. data/xml/smtp_debug.xml +6 -4
  69. data/xml/smtp_ehlo.xml +7 -5
  70. data/xml/smtp_expn.xml +13 -4
  71. data/xml/smtp_help.xml +23 -4
  72. data/xml/smtp_mailfrom.xml +5 -2
  73. data/xml/smtp_noop.xml +6 -5
  74. data/xml/smtp_quit.xml +5 -4
  75. data/xml/smtp_rcptto.xml +5 -2
  76. data/xml/smtp_rset.xml +4 -4
  77. data/xml/smtp_turn.xml +4 -4
  78. data/xml/smtp_vrfy.xml +14 -4
  79. data/xml/snmp_sysdescr.xml +862 -122
  80. data/xml/snmp_sysobjid.xml +47 -2
  81. data/xml/ssh_banners.xml +1153 -192
  82. data/xml/telnet_banners.xml +419 -14
  83. data/xml/x11_banners.xml +27 -4
  84. data/xml/x509_issuers.xml +39 -15
  85. data/xml/x509_subjects.xml +545 -64
  86. metadata +32 -6
data/xml/pop_banners.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
3
3
  <!--
4
4
  POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
9
  <description>OSX Cyrus POP</description>
9
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
19
20
  <param pos="1" name="host.domain"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
22
24
  <description>CMU Cyrus POP</description>
23
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
@@ -28,6 +30,7 @@
28
30
  <param pos="2" name="service.version"/>
29
31
  <param pos="1" name="host.domain"/>
30
32
  </fingerprint>
33
+
31
34
  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
32
35
  <description>IBM Lotus Notes/Domino</description>
33
36
  <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
@@ -36,6 +39,7 @@
36
39
  <param pos="0" name="service.product" value="Lotus Domino"/>
37
40
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
38
41
  </fingerprint>
42
+
39
43
  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
40
44
  <description>IBM Lotus Notes/Domino - Release variant</description>
41
45
  <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
@@ -45,6 +49,7 @@
45
49
  <param pos="1" name="service.version"/>
46
50
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
47
51
  </fingerprint>
52
+
48
53
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
49
54
  <description>Qpopper with Sphera mods</description>
50
55
  <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
@@ -54,6 +59,7 @@
54
59
  <param pos="1" name="service.version"/>
55
60
  <param pos="2" name="host.domain"/>
56
61
  </fingerprint>
62
+
57
63
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
58
64
  <description>Qpopper with MySQL auth module</description>
59
65
  <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
@@ -66,6 +72,7 @@
66
72
  <param pos="2" name="service.component.version"/>
67
73
  <param pos="3" name="host.domain"/>
68
74
  </fingerprint>
75
+
69
76
  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
70
77
  <description>Qpopper missing version info</description>
71
78
  <example>Qpopper (version 4.0.16) at foo.example.com</example>
@@ -77,6 +84,7 @@
77
84
  <param pos="1" name="service.version"/>
78
85
  <param pos="2" name="host.domain"/>
79
86
  </fingerprint>
87
+
80
88
  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
81
89
  <description>Qpopper with missing version info</description>
82
90
  <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
@@ -86,6 +94,7 @@
86
94
  <param pos="1" name="qpopper.version"/>
87
95
  <param pos="2" name="host.domain"/>
88
96
  </fingerprint>
97
+
89
98
  <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
90
99
  <description>Microsoft Exchange Server 2003</description>
91
100
  <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
@@ -100,6 +109,7 @@
100
109
  <param pos="0" name="os.product" value="Windows"/>
101
110
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
102
111
  </fingerprint>
112
+
103
113
  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
104
114
  <description>Microsoft Exchange Server 2000</description>
105
115
  <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
@@ -114,6 +124,7 @@
114
124
  <param pos="0" name="os.product" value="Windows"/>
115
125
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
116
126
  </fingerprint>
127
+
117
128
  <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
118
129
  <description>Microsoft Exchange Server</description>
119
130
  <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
@@ -127,6 +138,7 @@
127
138
  <param pos="0" name="os.product" value="Windows"/>
128
139
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
129
140
  </fingerprint>
141
+
130
142
  <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
131
143
  <description>Microsoft POP3 Services on Windows 2003</description>
132
144
  <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
@@ -139,6 +151,7 @@
139
151
  <param pos="0" name="os.product" value="Windows Server 2003"/>
140
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
141
153
  </fingerprint>
154
+
142
155
  <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
143
156
  <description>Microsoft Exchange Server 2007</description>
144
157
  <example>Microsoft Exchange Server 2007 POP3 service ready</example>
@@ -151,6 +164,7 @@
151
164
  <param pos="0" name="os.product" value="Windows"/>
152
165
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
153
166
  </fingerprint>
167
+
154
168
  <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
155
169
  <description>Microsoft Exchange Server, generic</description>
156
170
  <example>The Microsoft Exchange POP3 service is ready.</example>
@@ -163,12 +177,14 @@
163
177
  <param pos="0" name="os.product" value="Windows"/>
164
178
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
165
179
  </fingerprint>
180
+
166
181
  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
167
182
  <description>Dovecot Secure POP Server</description>
168
183
  <param pos="0" name="service.family" value="Dovecot"/>
169
184
  <param pos="0" name="service.product" value="Dovecot"/>
170
185
  <param pos="1" name="host.name"/>
171
186
  </fingerprint>
187
+
172
188
  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
173
189
  <description>VMware Zimbra POP</description>
174
190
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
@@ -177,6 +193,7 @@
177
193
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
178
194
  <param pos="1" name="host.name"/>
179
195
  </fingerprint>
196
+
180
197
  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
181
198
  <description>VMware Zimbra POP with version</description>
182
199
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
@@ -186,12 +203,14 @@
186
203
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
187
204
  <param pos="1" name="host.name"/>
188
205
  </fingerprint>
206
+
189
207
  <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
190
208
  <description>Generic masked POP3 server</description>
191
209
  <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
192
210
  <example>&lt;84427.1298535083@foo.example.com&gt;</example>
193
211
  <param pos="1" name="host.name"/>
194
212
  </fingerprint>
213
+
195
214
  <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
196
215
  <description>Apple Open Directory</description>
197
216
  <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
@@ -205,6 +224,7 @@
205
224
  <param pos="0" name="os.certainty" value="0.5"/>
206
225
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
207
226
  </fingerprint>
227
+
208
228
  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
209
229
  <description>TCP/IP Services for OpenVMS POP server</description>
210
230
  <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
@@ -218,6 +238,7 @@
218
238
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
219
239
  <param pos="2" name="host.name"/>
220
240
  </fingerprint>
241
+
221
242
  <fingerprint pattern="^Hello there\.$">
222
243
  <description>Courier MTA POP</description>
223
244
  <example>Hello there.</example>
@@ -225,6 +246,7 @@
225
246
  <param pos="0" name="service.family" value="Courier MTA"/>
226
247
  <param pos="0" name="service.product" value="Courier POP"/>
227
248
  </fingerprint>
249
+
228
250
  <fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
229
251
  <description>CMailServer</description>
230
252
  <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
@@ -234,6 +256,7 @@
234
256
  <param pos="0" name="os.vendor" value="Microsoft"/>
235
257
  <param pos="1" name="service.version"/>
236
258
  </fingerprint>
259
+
237
260
  <fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
238
261
  <description>POP3 Bigfoot server</description>
239
262
  <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
@@ -242,6 +265,7 @@
242
265
  <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
243
266
  <param pos="1" name="service.version"/>
244
267
  </fingerprint>
268
+
245
269
  <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
246
270
  <description>CCProxy POP3 server</description>
247
271
  <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
@@ -252,6 +276,7 @@
252
276
  <param pos="0" name="service.product" value="CCProxy"/>
253
277
  <param pos="1" name="service.version"/>
254
278
  </fingerprint>
279
+
255
280
  <fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
256
281
  <description>WinWebmail POP3</description>
257
282
  <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
@@ -263,6 +288,7 @@
263
288
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
264
289
  <param pos="1" name="service.version"/>
265
290
  </fingerprint>
291
+
266
292
  <fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
267
293
  <description>BlackJumboDog</description>
268
294
  <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
@@ -274,6 +300,7 @@
274
300
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
275
301
  <param pos="1" name="service.version"/>
276
302
  </fingerprint>
303
+
277
304
  <!--
278
305
  ; Mandrake 8.1 - uses UW IMAP
279
306
  ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -283,66 +310,38 @@
283
310
  // +OK POP3 [158.122.12.70] v2003.83mdk server ready
284
311
  // +OK POP3 [161.58.53.189] 2006b.94 server ready
285
312
  // +OK POP3 [192.168.0.250] v2000.70rh server ready
286
-
287
313
  ; Lotus Domino - NOTE: POP versions do not map to Domino version
288
314
  // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
289
315
  ( call ?j_popPatterns add
290
316
  "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
291
317
  ( call ?j_popNames add "Lotus-Domino" )
292
-
293
318
  // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
294
-
295
319
  // Ipswitch IMail
296
320
  // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
297
-
298
321
  // +OK X1 POP3 Mail Server
299
-
300
322
  // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
301
-
302
323
  // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
303
-
304
324
  // +OK IdeaPop3Server v0.50 ready.
305
-
306
325
  // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
307
-
308
326
  // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
309
-
310
327
  // +OK xxx CMailServer 5.2 POP3 Service Ready
311
-
312
328
  // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
313
-
314
329
  // +OK Gordano Messaging Suite POP3 server ready
315
330
  // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
316
-
317
331
  // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
318
-
319
-
320
332
  // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
321
-
322
333
  // +OK Welcome to MailEnable POP3 Server
323
-
324
334
  // +OK GroupWise POP3 server ready
325
-
326
335
  // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
327
-
328
336
  // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
329
-
330
337
  // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
331
-
332
338
  // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
333
-
334
339
  // +OK Solid POP3 server ready
335
-
336
340
  // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
337
-
338
341
  // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
339
-
340
342
  // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
341
-
342
343
  // +OK DPOP Version number supressed.
343
-
344
344
  // +OK XPOP3 0.0.1 server ready
345
-
346
345
  -ERR (Proxy) connect error:socket error:No route to host
347
346
  -ERR No permission
348
347
  -ERR sorry, POP server too busy right now. Try again later.
@@ -494,6 +493,6 @@
494
493
  // apparently this is a P3Scan Proxy bug
495
494
  // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
496
495
  Oops, that would loop!
497
-
498
496
  -->
499
- </fingerprints>
497
+
498
+ </fingerprints>
data/xml/rsh_resp.xml CHANGED
@@ -1,14 +1,16 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="rsh" database_type="service">
3
3
  <!--
4
4
  Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
5
5
  -->
6
+
6
7
  <fingerprint pattern="^.Permission denied: Error 0$">
7
8
  <description>Digital Unix rlogind</description>
8
9
  <example>xPermission denied: Error 0</example>
9
10
  <param pos="0" name="os.vendor" value="HP"/>
10
11
  <param pos="0" name="os.family" value="Digital Unix"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
13
15
  <description>Windows rlogind</description>
14
16
  <example>xWinsock RSHD/NT: Protocol negotiation error.
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="0" name="os.family" value="Windows"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
22
25
  <description>Solaris rlogind</description>
23
26
  <example>xpermission denied.
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Solaris"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
31
35
  <description>AIX rlogind</description>
32
36
  <example>xrlogind: Accxs refusx.
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="os.product" value="AIX"/>
37
41
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
40
45
  <description>A/UX rlogind</description>
41
46
  <example>xrlogind: Host name for your address (127.0.0.1) unknown.
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="os.vendor" value="Apple"/>
44
49
  <param pos="0" name="os.family" value="A/UX"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
47
53
  <description>HP-UX rexecd</description>
48
54
  <example>xrexecd: Login incorrect.
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="os.product" value="HP-UX"/>
53
59
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
56
63
  <description>AIX rexecd</description>
57
64
  <example>xrexecd: 0-1 The login is not correct.
@@ -61,6 +68,7 @@
61
68
  <param pos="0" name="os.product" value="AIX"/>
62
69
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
63
70
  </fingerprint>
71
+
64
72
  <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
65
73
  <description>HP-UX rshd</description>
66
74
  <example>xremshd: getservbyname
@@ -73,4 +81,5 @@
73
81
  <param pos="0" name="os.product" value="HP-UX"/>
74
82
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ </fingerprints>
data/xml/rtsp_servers.xml ADDED
@@ -0,0 +1,96 @@
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
+ <fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
3
+ <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
4
+ <description>Flussonic Media Server</description>
5
+ <example service.version="19.04">Flussonic (http://www.flussonic.com/) 19.04</example>
6
+ <example service.version="20.01">Flussonic (http://www.flussonic.com/) 20.01</example>
7
+ <param pos="0" name="service.vendor" value="Flussonic"/>
8
+ <param pos="0" name="service.product" value="Flussonic Media Server"/>
9
+ <param pos="1" name="service.version"/>
10
+ </fingerprint>
11
+
12
+ <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
13
+ <description>Hipcam IP camera running the RealServer RTSP server.</description>
14
+ <example service.version="1.0">Hipcam RealServer/V1.0</example>
15
+ <param pos="0" name="service.vendor" value="RealNetworks"/>
16
+ <param pos="0" name="service.product" value="RealServer"/>
17
+ <param pos="1" name="service.version"/>
18
+ <param pos="0" name="hw.vendor" value="Hipcam"/>
19
+ <param pos="0" name="hw.device" value="IP Camera"/>
20
+ </fingerprint>
21
+
22
+ <fingerprint pattern="^Dahua Rtsp Server$">
23
+ <description>Dahua IP Camera</description>
24
+ <example>Dahua Rtsp Server</example>
25
+ <param pos="0" name="service.vendor" value="Dahua"/>
26
+ <param pos="0" name="hw.vendor" value="Dahua"/>
27
+ <param pos="0" name="hw.device" value="IP Camera"/>
28
+ </fingerprint>
29
+
30
+ <fingerprint pattern="^GStreamer RTSP server$">
31
+ <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
32
+ <example>GStreamer RTSP server</example>
33
+ <param pos="0" name="service.vendor" value="GStreamer"/>
34
+ <param pos="0" name="service.product" value="GStreamer RTSP Server"/>
35
+ </fingerprint>
36
+
37
+ <fingerprint pattern="^WMServer\/([\d\.]+)$">
38
+ <description>Windows Media Server</description>
39
+ <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
40
+ <example service.version="9.5.6001.22609">WMServer/9.5.6001.22609</example>
41
+ <param pos="0" name="service.vendor" value="Microsoft"/>
42
+ <param pos="0" name="service.product" value="Windows Media Server"/>
43
+ <param pos="0" name="service.family" value="Windows Media Server"/>
44
+ <param pos="1" name="service.version"/>
45
+ <param pos="0" name="os.vendor" value="Microsoft"/>
46
+ <param pos="0" name="os.family" value="Windows"/>
47
+ </fingerprint>
48
+
49
+ <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
50
+ <description>Wowza Media Systems Streaming Video Services</description>
51
+ <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
52
+ <example service.version="3.6.4" service.version.version="9641" service.product="Media Server">Wowza Media Server 3.6.4 build9641</example>
53
+ <param pos="0" name="service.vendor" value="Wowza Media Systems"/>
54
+ <param pos="1" name="service.product"/>
55
+ <param pos="2" name="service.version"/>
56
+ <param pos="3" name="service.version.version"/>
57
+ </fingerprint>
58
+
59
+ <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
60
+ <description>Foscam IP Camera</description>
61
+ <example>HiIpcam/V100R003 VodServer/1.0.0</example>
62
+ <param pos="0" name="hw.vendor" value="Foscam"/>
63
+ <param pos="0" name="hw.device" value="IP Camera"/>
64
+ </fingerprint>
65
+
66
+ <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
67
+ <description>Indigo Security IP Camera</description>
68
+ <example>Indigo-Security/1.0</example>
69
+ <param pos="0" name="hw.vendor" value="Indigo Security"/>
70
+ <param pos="0" name="hw.device" value="IP Camera"/>
71
+ </fingerprint>
72
+
73
+ <fingerprint pattern="^Cisco MediaSense Media Server$">
74
+ <description>Cisco MediaSense Media Server (RTSP)</description>
75
+ <example>Cisco MediaSense Media Server</example>
76
+ <param pos="0" name="service.vendor" value="Cisco"/>
77
+ <param pos="0" name="service.product" value="MediaSense"/>
78
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:mediasense:-"/>
79
+ <param pos="0" name="os.vendor" value="Cisco"/>
80
+ <param pos="0" name="hw.vendor" value="Cisco"/>
81
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
82
+ <param pos="0" name="hw.product" value="MediaSense"/>
83
+ </fingerprint>
84
+
85
+ <fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
86
+ <description>Avigilon IP Camera</description>
87
+ <example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
88
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
89
+ <param pos="0" name="hw.device" value="IP Camera"/>
90
+ <param pos="0" name="os.vendor" value="Avigilon"/>
91
+ <param pos="0" name="os.family" value="Linux"/>
92
+ <param pos="0" name="os.product" value="Linux"/>
93
+ <param pos="1" name="os.version"/>
94
+ </fingerprint>
95
+
96
+ </fingerprints>
data/xml/sip_banners.xml CHANGED
@@ -1,28 +1,50 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.server" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP Server header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
- <fingerprint pattern="^Cisco-SIPGateway/IOS-(\d+)\.x$">
7
- <description>Cisco IOS with SIPGateway with only major version</description>
6
+
7
+ <!-- Cisco/Tandberg Products -->
8
+
9
+ <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
10
+ <description>Cisco IOS SIP Gateway w/ Vague Version</description>
8
11
  <example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
12
+ <param pos="0" name="service.vendor" value="Cisco"/>
13
+ <param pos="0" name="service.family" value="IOS"/>
14
+ <param pos="0" name="service.product" value="IOS"/>
15
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:-"/>
9
16
  <param pos="0" name="os.vendor" value="Cisco"/>
17
+ <param pos="0" name="os.family" value="IOS"/>
10
18
  <param pos="0" name="os.product" value="IOS"/>
19
+ <param pos="0" name="os.certainty" value="0.8"/>
11
20
  <param pos="1" name="os.version"/>
12
21
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
22
+ <param pos="0" name="hw.vendor" value="Cisco"/>
23
+ <param pos="0" name="hw.device" value="Router"/>
13
24
  </fingerprint>
14
- <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.a-zA-Z]+)$">
15
- <description>Cisco IOS with SIPGateway</description>
25
+
26
+ <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)$">
27
+ <description>Cisco IOS SIP Gateway w/ Full Version</description>
28
+ <example os.version="15.2.4.M3">Cisco-SIPGateway/IOS-15.2.4.M3</example>
16
29
  <example os.version="15.2.2.T1">Cisco-SIPGateway/IOS-15.2.2.T1</example>
17
30
  <example os.version="15.2.3.T">Cisco-SIPGateway/IOS-15.2.3.T</example>
18
31
  <example os.version="15.4.3.S5">Cisco-SIPGateway/IOS-15.4.3.S5</example>
19
32
  <example os.version="15.6.3.M0a">Cisco-SIPGateway/IOS-15.6.3.M0a</example>
20
33
  <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>
34
+ <param pos="0" name="service.vendor" value="Cisco"/>
35
+ <param pos="0" name="service.family" value="IOS"/>
36
+ <param pos="0" name="service.product" value="IOS"/>
37
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:-"/>
21
38
  <param pos="0" name="os.vendor" value="Cisco"/>
39
+ <param pos="0" name="os.family" value="IOS"/>
22
40
  <param pos="0" name="os.product" value="IOS"/>
41
+ <param pos="0" name="os.certainty" value="1.0"/>
23
42
  <param pos="1" name="os.version"/>
24
43
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
44
+ <param pos="0" name="hw.vendor" value="Cisco"/>
45
+ <param pos="0" name="hw.device" value="Router"/>
25
46
  </fingerprint>
47
+
26
48
  <fingerprint pattern="^Cisco-CP-?(\d+G?)(?:-\S+)?/([\d\.]+)">
27
49
  <description>Cisco CP VoIP Phone</description>
28
50
  <example hw.model="7960G" hw.version="8.0">Cisco-CP7960G/8.0</example>
@@ -37,6 +59,7 @@
37
59
  <param pos="1" name="hw.model"/>
38
60
  <param pos="2" name="hw.version"/>
39
61
  </fingerprint>
62
+
40
63
  <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
41
64
  <description>Cisco/Linksys SPA VoIP Phone</description>
42
65
  <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
@@ -54,6 +77,7 @@
54
77
  <param pos="1" name="hw.model"/>
55
78
  <param pos="2" name="hw.version"/>
56
79
  </fingerprint>
80
+
57
81
  <fingerprint pattern="(?:Cisco|Linksys)(?: |/)(PAP2T?)(?:-|/)(\S+)$">
58
82
  <description>Cisco/Linksys VoIP / Internet Phone adapter</description>
59
83
  <example hw.version="3.1.22(LS)" hw.model="PAP2">PhoneSystems.net aabbccddeeff Linksys/PAP2-3.1.22(LS)</example>
@@ -69,6 +93,7 @@
69
93
  <param pos="1" name="hw.model"/>
70
94
  <param pos="2" name="hw.version"/>
71
95
  </fingerprint>
96
+
72
97
  <fingerprint pattern="^Cisco/(SRP\d+)-([\d\.]+)">
73
98
  <description>Cisco Services Ready Platforms (SRP) Router</description>
74
99
  <example hw.model="SRP541" hw.version="1.2.6">Cisco/SRP541-1.2.6(003)</example>
@@ -81,6 +106,7 @@
81
106
  <param pos="1" name="hw.model"/>
82
107
  <param pos="2" name="hw.version"/>
83
108
  </fingerprint>
109
+
84
110
  <fingerprint pattern="(?:Cisco|Linksys)/(WRP\d+)-(\S+)$">
85
111
  <description>Cisco/Linksys WRP Wireless Router</description>
86
112
  <example hw.version="2.00.26" hw.model="WRP400">aabbccddeeff_FinalStage_Linksys/WRP400-2.00.26</example>
@@ -94,6 +120,43 @@
94
120
  <param pos="1" name="hw.model"/>
95
121
  <param pos="2" name="hw.version"/>
96
122
  </fingerprint>
123
+
124
+ <fingerprint pattern="^TANDBERG/(\d+) \((.*)\) Cisco-(\S+)$">
125
+ <description>Cisco/Tandberg TelePresence w/Cisco Model Name</description>
126
+ <example os.version="TC7.3.7.01c84fd" tandberg.model="528" hw.product="EX60">TANDBERG/528 (TC7.3.7.01c84fd) Cisco-EX60</example>
127
+ <example os.version="ce9.6.0.76c1685b70e" tandberg.model="529" hw.product="RoomKitMini">TANDBERG/529 (ce9.6.0.76c1685b70e) Cisco-RoomKitMini</example>
128
+ <param pos="0" name="os.vendor" value="Tandberg"/>
129
+ <param pos="0" name="os.family" value="Linux"/>
130
+ <param pos="0" name="os.product" value="Linux"/>
131
+ <param pos="1" name="tandberg.model"/>
132
+ <param pos="2" name="os.version"/>
133
+ <param pos="0" name="hw.vendor" value="Cisco"/>
134
+ <param pos="0" name="hw.family" value="TelePresence"/>
135
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
136
+ <param pos="3" name="hw.product"/>
137
+ </fingerprint>
138
+
139
+ <fingerprint pattern="^(TANDBERG/(\d+)) \((\S+).*\)$">
140
+ <description>Cisco/Tandberg TelePresence</description>
141
+ <example os.version="TC7.0.2.aecf2d9" tandberg.model="519" hw.product="TANDBERG/519">TANDBERG/519 (TC7.0.2.aecf2d9)</example>
142
+ <example os.version="X12.5.2" tandberg.model="4137" hw.product="TANDBERG/4137">TANDBERG/4137 (X12.5.2 (TEST SW))</example>
143
+ <example os.version="X8.2.1" hw.product="TANDBERG/4130">TANDBERG/4130 (X8.2.1)</example>
144
+ <example os.version="XC2.2.1-b2bua-1.0" hw.product="TANDBERG/4353" tandberg.model="4353">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
145
+ <example os.version="TC5.1.4.295090" hw.product="TANDBERG/516" tandberg.model="516">TANDBERG/516 (TC5.1.4.295090)</example>
146
+ <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>
147
+ <param pos="0" name="os.vendor" value="Tandberg"/>
148
+ <param pos="0" name="os.family" value="Linux"/>
149
+ <param pos="0" name="os.product" value="Linux"/>
150
+ <param pos="2" name="tandberg.model"/>
151
+ <param pos="3" name="os.version"/>
152
+ <param pos="0" name="hw.vendor" value="Cisco"/>
153
+ <param pos="0" name="hw.family" value="TelePresence"/>
154
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
155
+ <param pos="1" name="hw.product"/>
156
+ </fingerprint>
157
+
158
+ <!-- Various -->
159
+
97
160
  <fingerprint pattern="EnGenius_Router$">
98
161
  <description>EnGenius DuraFon IP Phone</description>
99
162
  <example>EnGenius_Router</example>
@@ -101,6 +164,7 @@
101
164
  <param pos="0" name="hw.product" value="DuraFon"/>
102
165
  <param pos="0" name="hw.device" value="VoIP"/>
103
166
  </fingerprint>
167
+
104
168
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
105
169
  <description>Huawei Softswitch</description>
106
170
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R006</example>
@@ -109,11 +173,13 @@
109
173
  <param pos="0" name="hw.product" value="Softswitch"/>
110
174
  <param pos="1" name="hw.model"/>
111
175
  </fingerprint>
176
+
112
177
  <fingerprint pattern="(?i)^SIP/1.0 \(Huawei\)$">
113
178
  <description>Huawei generic</description>
114
179
  <example>SIP/1.0 (Huawei)</example>
115
180
  <param pos="0" name="hw.vendor" value="Huawei"/>
116
181
  </fingerprint>
182
+
117
183
  <fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
118
184
  <description>Media5 Corporation SIP Stack</description>
119
185
  <example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
@@ -124,17 +190,7 @@
124
190
  <param pos="1" name="service.version"/>
125
191
  <param pos="0" name="hw.device" value="VoIP"/>
126
192
  </fingerprint>
127
- <fingerprint pattern="^TANDBERG/\d+ \(([a-zA-Z]+\d+(?:\.\d+)+).*\)">
128
- <description>Cisco TelePresence</description>
129
- <example os.version="X8.2.1">TANDBERG/4130 (X8.2.1)</example>
130
- <example os.version="XC2.2.1">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
131
- <example os.version="TC5.1.4.295090">TANDBERG/516 (TC5.1.4.295090)</example>
132
- <example os.version="TCNC5.1.4.295090">TANDBERG/517 (TCNC5.1.4.295090)</example>
133
- <example os.version="S5.30">TANDBERG/80 (S5.30)</example>
134
- <param pos="0" name="os.vendor" value="Cisco"/>
135
- <param pos="0" name="os.product" value="TelePresence"/>
136
- <param pos="1" name="os.version"/>
137
- </fingerprint>
193
+
138
194
  <fingerprint pattern="^Tilgin Vood ([^_\s]+)">
139
195
  <description>Tilgin Vood</description>
140
196
  <example hw.model="HG238x">Tilgin Vood HG238x_ESx000-02_07_03_26</example>
@@ -144,6 +200,7 @@
144
200
  <param pos="0" name="hw.product" value="Vood"/>
145
201
  <param pos="1" name="hw.model"/>
146
202
  </fingerprint>
203
+
147
204
  <fingerprint pattern="^(F\d{3})/VT?(\d(?:[\d\.A-Z]+))$">
148
205
  <description>ZTE GPON Router</description>
149
206
  <example hw.product="F620" hw.version="3.30.20P5T4S">F620/V3.30.20P5T4S</example>
@@ -154,6 +211,7 @@
154
211
  <param pos="1" name="hw.product"/>
155
212
  <param pos="2" name="hw.version"/>
156
213
  </fingerprint>
214
+
157
215
  <fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
158
216
  <description>ZTE ZXDSL router</description>
159
217
  <example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
@@ -163,6 +221,7 @@
163
221
  <param pos="1" name="hw.product"/>
164
222
  <param pos="2" name="hw.version"/>
165
223
  </fingerprint>
224
+
166
225
  <fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
167
226
  <description>ZTE ZXHN router</description>
168
227
  <example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
@@ -176,4 +235,120 @@
176
235
  <param pos="1" name="hw.product"/>
177
236
  <param pos="2" name="hw.version"/>
178
237
  </fingerprint>
179
- </fingerprints>
238
+
239
+ <fingerprint pattern="^Aastra ([^/]+)/([a-zA-Z0-9\.\-]+)$">
240
+ <description>Aastra IP Phone</description>
241
+ <example hw.product="6865i" os.version="4.2.0.2023">Aastra 6865i/4.2.0.2023</example>
242
+ <param pos="0" name="os.vendor" value="Aastra"/>
243
+ <param pos="0" name="os.family" value="VoIP"/>
244
+ <param pos="0" name="os.product" value="VoIP"/>
245
+ <param pos="2" name="os.version"/>
246
+ <param pos="0" name="hw.vendor" value="Aastra"/>
247
+ <param pos="0" name="hw.family" value="VoIP"/>
248
+ <param pos="0" name="hw.device" value="VoIP"/>
249
+ <param pos="1" name="hw.product"/>
250
+ </fingerprint>
251
+
252
+ <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
253
+ <description>Audiocodes-Sip-Gateway</description>
254
+ <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
255
+ <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
256
+ <example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
257
+ <param pos="0" name="os.vendor" value="AudioCodes"/>
258
+ <param pos="0" name="os.family" value="SIP Gateway"/>
259
+ <param pos="2" name="os.version"/>
260
+ <param pos="0" name="hw.vendor" value="AudioCodes"/>
261
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
262
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
263
+ <param pos="1" name="hw.product"/>
264
+ </fingerprint>
265
+
266
+ <fingerprint pattern="^Wildix GW-(\S+)$">
267
+ <description>Wildix SIP Gateway</description>
268
+ <example os.version="5.0.3.42145">Wildix GW-5.0.3.42145</example>
269
+ <param pos="0" name="os.vendor" value="Wildix"/>
270
+ <param pos="0" name="os.family" value="SIP Gateway"/>
271
+ <param pos="1" name="os.version"/>
272
+ <param pos="0" name="hw.vendor" value="Wildix"/>
273
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
274
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
275
+ <param pos="0" name="hw.product" value="SIP Gateway"/>
276
+ </fingerprint>
277
+
278
+ <fingerprint pattern="^Wildix GW$">
279
+ <description>Wildix SIP Gateway w/o Version</description>
280
+ <example>Wildix GW</example>
281
+ <param pos="0" name="os.vendor" value="Wildix"/>
282
+ <param pos="0" name="os.family" value="SIP Gateway"/>
283
+ <param pos="0" name="hw.vendor" value="Wildix"/>
284
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
285
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
286
+ <param pos="0" name="hw.product" value="SIP Gateway"/>
287
+ </fingerprint>
288
+
289
+ <fingerprint pattern="^Asterisk PBX (\S+)$">
290
+ <description>Asterisk PBX w/ Version</description>
291
+ <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
292
+ <example service.version="16.2.1~dfsg-1">Asterisk PBX 16.2.1~dfsg-1</example>
293
+ <param pos="0" name="service.vendor" value="Asterisk"/>
294
+ <param pos="0" name="service.family" value="PBX"/>
295
+ <param pos="0" name="service.product" value="PBX"/>
296
+ <param pos="1" name="service.version"/>
297
+ </fingerprint>
298
+
299
+ <fingerprint pattern="^Asterisk PBX$">
300
+ <description>Asterisk PBX w/o Version</description>
301
+ <example>Asterisk PBX</example>
302
+ <param pos="0" name="service.vendor" value="Asterisk"/>
303
+ <param pos="0" name="service.family" value="PBX"/>
304
+ <param pos="0" name="service.product" value="PBX"/>
305
+ </fingerprint>
306
+
307
+ <fingerprint pattern="^FPBX-(\S+)$">
308
+ <description>FreePBX</description>
309
+ <example service.version="12.0.70(11.20.0)">FPBX-12.0.70(11.20.0)</example>
310
+ <example service.version="2.11.0(11.20.0)">FPBX-2.11.0(11.20.0)</example>
311
+ <param pos="0" name="service.vendor" value="FreePBX"/>
312
+ <param pos="0" name="service.family" value="PBX"/>
313
+ <param pos="0" name="service.product" value="PBX"/>
314
+ <param pos="1" name="service.version"/>
315
+ </fingerprint>
316
+
317
+ <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
318
+ <description>Kamailio SIP Server</description>
319
+ <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
320
+ <param pos="0" name="service.vendor" value="Kamailio"/>
321
+ <param pos="0" name="service.family" value="SIP Server"/>
322
+ <param pos="0" name="service.product" value="SIP Server"/>
323
+ <param pos="1" name="service.version"/>
324
+ <param pos="2" name="kamailio.platform"/>
325
+ </fingerprint>
326
+
327
+ <!-- This match covers multiple product families and should be split up further -->
328
+
329
+ <fingerprint pattern="^Algo-([^/]+)/(.*)$">
330
+ <description>Algo SIP Device</description>
331
+ <example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
332
+ <param pos="0" name="os.vendor" value="Algo"/>
333
+ <param pos="0" name="os.family" value="SIP Device"/>
334
+ <param pos="2" name="os.version"/>
335
+ <param pos="0" name="hw.vendor" value="Algo"/>
336
+ <param pos="0" name="hw.family" value="SIP Device"/>
337
+ <param pos="0" name="hw.device" value="SIP Device"/>
338
+ <param pos="1" name="hw.product"/>
339
+ </fingerprint>
340
+
341
+ <fingerprint pattern="^(?:SIParator|Ingate-Firewall)/(\S+)$">
342
+ <description>Ingate SIParator Firewall</description>
343
+ <example os.version="5.0.10">Ingate-Firewall/5.0.10</example>
344
+ <example os.version="6.0.4">SIParator/6.0.4</example>
345
+ <param pos="0" name="os.vendor" value="Ingate"/>
346
+ <param pos="0" name="os.family" value="SIP Gateway"/>
347
+ <param pos="1" name="os.version"/>
348
+ <param pos="0" name="hw.vendor" value="Ingate"/>
349
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
350
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
351
+ <param pos="0" name="hw.product" value="SIParator Firewall"/>
352
+ </fingerprint>
353
+
354
+ </fingerprints>