recog 2.3.6 → 2.3.11

data/xml/ftp_banners.xml

@@ -1,9 +1,10 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
   <!--
   FTP greeting messages (part of the banner after the response code) are matched
   against these patterns to fingerprint FTP servers.
   -->
+
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
     <description>Microsoft FTP Server on Windows NT</description>
     <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
     <description>Microsoft FTP Server on Windows 2000</description>
     <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
     <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
     <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^Microsoft FTP Service$">
     <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
     <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+
   <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
     <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
     <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
     <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on various OS</description>
     <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server with a version</description>
     <example host.name="example.com" os.version="10.3">example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server without a version</description>
     <example host.name="example.com">example.com FTP server (Version:  Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
     <description>Simple tnftpd banner with a version</description>
     <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="2" name="service.version"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris</description>
     <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris 5.7-5.10</description>
     <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
     <description>SunOS 5.6 (Solaris 2.6)</description>
     <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
     <description>ProFTPD on Debian Linux</description>
     <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
     <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
     <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="2" name="os.product"/>
     <param pos="3" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
     <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
     <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="hw.product" value="ReadyNAS"/>
     <param pos="2" name="host.ip"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
     <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
     <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="hw.product" value="ReadyNAS"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
     <description>ProFTPD on a wired Linksys device</description>
     <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="2" name="os.product"/>
     <param pos="3" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
     <description>ProFTPD with version info but no obvious OS info</description>
     <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="2" name="proftpd.server.name"/>
     <param pos="3" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
     <description>ProFTPD with only version info</description>
     <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
     <description>ProFTPD with no version info</description>
     <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
     <description>ProFTPD with no version info, parenthetical form</description>
     <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
     <param pos="1" name="host.ip"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD Server$">
     <description>ProFTPD with no version info, short form</description>
     <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD\s*$">
     <description>ProFTPD with no version info, super short form</description>
     <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
   </fingerprint>
+
   <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
     <description>ProFTPD no valid servers configured</description>
     <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
     <description>ProFTPD with version info - truncated</description>
     <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
     <param pos="2" name="proftpd.server.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
     <description>ProFTPD with version info but no obvious OS info, take 2</description>
     <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -323,8 +351,10 @@ example.com FTP server (Version:  Mac OS X Server) ready.
     <param pos="0" name="service.vendor" value="ProFTPD Project"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
     <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
@@ -334,6 +364,7 @@ more stuff
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
     <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
     <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -346,6 +377,7 @@ more text
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
   </fingerprint>
+
   <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
     <description>Basic Pure-FTPd banner, no version</description>
     <example>Welcome to Pure-FTPd</example>
@@ -353,6 +385,7 @@ more text
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
   </fingerprint>
+
   <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
     <description>Older Pure-FTPd versions</description>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
@@ -362,6 +395,7 @@ more text
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
     <description>Serv-U (only runs on Windows)</description>
     <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
@@ -376,6 +410,7 @@ more text
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
     <description>zftpserver (only runs on Windows)</description>
     <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -387,6 +422,7 @@ more text
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+
   <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
     <description>vsFTPd (Very Secure FTP Daemon)</description>
     <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
@@ -396,6 +432,7 @@ more text
     <param pos="1" name="service.version"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
     <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
     <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
@@ -403,6 +440,7 @@ more text
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
     <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
     <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
@@ -410,6 +448,7 @@ more text
     <param pos="0" name="service.product" value="vsFTPd Extended"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^OOPS: .*vsftp.*$">
     <description>vsFTPd (Very Secure FTP Daemon) error message</description>
     <example>OOPS: vsftpd: root is not mounted.</example>
@@ -417,6 +456,7 @@ more text
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
   </fingerprint>
+
   <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
     <description>FileZilla FTP Server</description>
     <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
@@ -427,6 +467,7 @@ more text
     <param pos="0" name="service.product" value="FileZilla FTP Server"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^\s*APC FTP server ready\.$">
     <description>APC device</description>
     <example>APC FTP server ready.</example>
@@ -437,6 +478,7 @@ more text
     <param pos="0" name="hw.vendor" value="APC"/>
     <param pos="0" name="hw.device" value="Power device"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
     <description>APC power/cooling device</description>
     <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -453,6 +495,7 @@ more text
     <param pos="0" name="hw.vendor" value="APC"/>
     <param pos="0" name="hw.device" value="Power device"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
     <description>EMC Celerra</description>
     <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -470,6 +513,7 @@ more text
     <param pos="0" name="hw.device" value="Storage"/>
     <param pos="0" name="hw.product" value="Celerra"/>
   </fingerprint>
+
   <fingerprint pattern="^JD FTP Server Ready.*$">
     <description>HP JetDirect printer</description>
     <example>JD FTP Server Ready</example>
@@ -486,6 +530,7 @@ more text
     <param pos="0" name="hw.family" value="JetDirect"/>
     <param pos="0" name="hw.product" value="JetDirect"/>
   </fingerprint>
+
   <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
     <description>Check Point FireWall-1</description>
     <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -503,6 +548,7 @@ more text
     <param pos="0" name="hw.family" value="Firewall-1"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^Blue Coat FTP Service$">
     <description>Blue Coat security appliances</description>
     <example>Blue Coat FTP Service</example>
@@ -511,11 +557,13 @@ more text
     <param pos="0" name="os.vendor" value="Blue Coat"/>
     <param pos="0" name="os.device" value="Web proxy"/>
   </fingerprint>
+
   <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
     <description>Nepenthes honeypot</description>
     <param pos="0" name="service.family" value="Nepenthes"/>
     <param pos="0" name="service.product" value="Nepenthes"/>
   </fingerprint>
+
   <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
     <description>IBM z/OS FTP Service</description>
     <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -526,8 +574,10 @@ more text
     <param pos="0" name="os.family" value="z/OS"/>
     <param pos="0" name="os.device" value="Mainframe"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
     <description>IBM 4690 FTP Service</description>
     <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -538,6 +588,7 @@ more text
     <param pos="0" name="os.family" value="4690"/>
     <param pos="0" name="os.device" value="Point of sale"/>
   </fingerprint>
+
   <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
     <description>NcFTPd Server
       http://www.ncftp.com/ncftpd/</description>
@@ -546,6 +597,7 @@ more text
     <param pos="0" name="service.product" value="NcFTPd Server"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
     <description>D-Link DCS-2100 wireless internet camera</description>
     <example>hostname DCS-2100 FTP server ready.</example>
@@ -554,6 +606,7 @@ more text
     <param pos="0" name="os.device" value="Web cam"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^Secure Gateway FTP server ready\.$">
     <description>Raptor firewall</description>
     <example>Secure Gateway FTP server ready.</example>
@@ -562,6 +615,7 @@ more text
     <param pos="0" name="os.product" value="Raptor"/>
     <param pos="0" name="os.device" value="Firewall"/>
   </fingerprint>
+
   <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
     <description>Sun StorEdge disk array</description>
     <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -570,6 +624,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="0" name="os.device" value="Storage"/>
   </fingerprint>
+
   <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
     <description>Axis Network Camera</description>
     <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -582,28 +637,47 @@ more text
     <param pos="0" name="hw.device" value="Web cam"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.device" value="Web cam"/>
   </fingerprint>
-  <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
-    <description>Axis Audio/Video encoders/servers</description>
+
+  <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
+    <description>Axis Video encoders/servers</description>
     <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
     <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
     <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
     <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
     <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
     <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
+    <param pos="0" name="hw.vendor" value="Axis"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="0" name="hw.device" value="Video Encoder"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+  </fingerprint>
+
+  <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
+    <description>Axis Audio encoders/servers</description>
     <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
     <param pos="0" name="hw.vendor" value="Axis"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
+    <param pos="0" name="hw.device" value="Audio Encoder"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
     <description>Axis Door Controllers</description>
     <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
     <param pos="0" name="hw.vendor" value="Axis"/>
-    <param pos="0" name="hw.device" value="Building Automation"/>
+    <param pos="0" name="hw.device" value="Access Control"/>
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
     <description>Axis print servers</description>
     <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -614,6 +688,7 @@ more text
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
     <description>Ricoh Aficio multifunction device</description>
     <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -629,6 +704,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
     <description>Ricoh NRG multifunction device</description>
     <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -647,6 +723,7 @@ more text
     <param pos="0" name="hw.device" value="Multifunction Device"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
     <description>Xerox WorkCentre</description>
     <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -661,6 +738,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
     <description>Xerox Phaser Laser Printer</description>
     <example>Xerox Phaser 6130N</example>
@@ -674,6 +752,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
     <description>Xerox Wide Format Series of Printers</description>
     <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -686,6 +765,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
     <description>FUJI XEROX DocuPrint Series of Printers</description>
     <example>FUJI XEROX DocuPrint 3055</example>
@@ -696,6 +776,7 @@ more text
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
+
   <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
     <description>Lexmark printer with MAC address</description>
     <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -707,6 +788,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
     <description>Lexmark printer with OS version</description>
     <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -717,6 +799,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
     <description>Lexmark printer</description>
     <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -726,6 +809,17 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
+  <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
+    <description>Kyocera Multifunction Device</description>
+    <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
+    <param pos="0" name="os.vendor" value="Kyocera"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="0" name="hw.vendor" value="Kyocera"/>
+    <param pos="0" name="hw.device" value="Multifunction Device"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+
   <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
     <description>VxWorks with version information</description>
     <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -737,6 +831,7 @@ more text
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
     <description>VxWorks without version information</description>
     <example>Tornado-vxWorks FTP server ready</example>
@@ -744,6 +839,7 @@ more text
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
   </fingerprint>
+
   <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
     <description>VxWorks 6 with version information</description>
     <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -751,24 +847,27 @@ more text
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
     <description>VxWorks on Tenor MultiPath with version information</description>
-    <example os.version="5.4.2"><![CDATA[<38785ca0>  Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
+    <example os.version="5.4.2">&lt;38785ca0&gt;  Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
     <description>VxWorks with Secure NetLinx</description>
     <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^ADC iScale$">
     <description>ADC iScale</description>
     <example>ADC iScale</example>
@@ -777,6 +876,7 @@ more text
     <param pos="0" name="os.vendor" value="ADC"/>
     <param pos="0" name="os.product" value="iScale"/>
   </fingerprint>
+
   <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
     <description>Taskalfa Series of Printers</description>
     <example>TASKalfa 300ci FTP server</example>
@@ -790,6 +890,7 @@ more text
     <param pos="0" name="hw.device" value="Multifunction Device"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
     <description>SAVIN Printer FTP Server</description>
     <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -810,6 +911,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
     <description>OCE IM series Printer</description>
     <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -820,6 +922,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
     <description>OCE Printer</description>
     <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -829,6 +932,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
     <description>MPI Technologies Linkcom Express FTP Server with os version</description>
     <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -838,6 +942,7 @@ more text
     <param pos="1" name="hw.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
     <description>MPI Technologies Linkcom Express FTP Server</description>
     <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -846,6 +951,7 @@ more text
     <param pos="0" name="hw.device" value="Print server"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
     <description>IBM Infoprint FTP</description>
     <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -858,6 +964,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
     <description>Gestetner Printer FTP</description>
     <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -870,6 +977,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
     <description>Gestetner Printer FTP - short banner</description>
     <example>Gestetner MPC2500</example>
@@ -877,6 +985,7 @@ more text
     <param pos="0" name="os.device" value="Multifunction Device"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
+
   <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
     <description>Lexmark Marknet Printers FTP</description>
     <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -886,6 +995,7 @@ more text
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
     <description>Source Technologies ST9600 Series Secure Printer</description>
     <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -898,6 +1008,7 @@ more text
     <param pos="2" name="os.product"/>
     <param pos="3" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
     <description>Lexmark ProXXX Series of Printers</description>
     <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -910,6 +1021,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Lexmark Forms Printer</description>
     <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -924,6 +1036,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Toshiba e-STUDIO Printer with MAC address</description>
     <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -937,6 +1050,7 @@ more text
     <param pos="0" name="hw.device" value="Multifunction Device"/>
     <param pos="0" name="hw.product" value="e-STUDIO"/>
   </fingerprint>
+
   <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Toshiba e-STUDIO Printer</description>
     <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -948,6 +1062,7 @@ more text
     <param pos="0" name="hw.device" value="Multifunction Device"/>
     <param pos="0" name="hw.product" value="e-STUDIO"/>
   </fingerprint>
+
   <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
     <description>Lexmark Optra Printer</description>
     <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -962,6 +1077,7 @@ more text
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
     <description>Sharp Printer/Copier/Scanne</description>
     <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -983,6 +1099,7 @@ more text
     <param pos="0" name="hw.family" value="MX Series"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
     <description>Kyocera Printer with version string</description>
     <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -995,6 +1112,7 @@ more text
     <param pos="0" name="hw.device" value="Multifunction Device"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
     <description>Kyocera Printer</description>
     <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1008,6 +1126,7 @@ more text
     <param pos="0" name="hw.family" value="FS"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
     <description>Extended Systems ExtendNet Print Server</description>
     <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1029,6 +1148,7 @@ more text
     <param pos="0" name="hw.device" value="Print server"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
     <description>SATO Printer</description>
     <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1039,6 +1159,7 @@ more text
     <param pos="0" name="hw.vendor" value="SATO"/>
     <param pos="0" name="hw.device" value="Printer"/>
   </fingerprint>
+
   <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
     <description>AMTDatasouth Fastmark M5</description>
     <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1056,6 +1177,7 @@ more text
     <param pos="0" name="hw.product" value="Fastmark M5"/>
     <param pos="0" name="hw.device" value="Printer"/>
   </fingerprint>
+
   <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
     <description>EFI FTP Print Server</description>
     <example>EFI FTP Print server ready.</example>
@@ -1065,7 +1187,9 @@ more text
     <param pos="0" name="os.product" value="Fiery Print Server"/>
     <param pos="0" name="os.device" value="Print server"/>
   </fingerprint>
+
   <!-- Conjectured based on known MX FTP fingerprints -->
+
   <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
     <description>Sharp AR Series multifunction device</description>
     <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1079,6 +1203,7 @@ more text
     <param pos="0" name="hw.family" value="AR Series"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
     <description>Konica Minolta FTP Server - w/o version</description>
     <example>KONICA MINOLTA FTP server ready.</example>
@@ -1091,6 +1216,7 @@ more text
     <param pos="0" name="hw.vendor" value="Konica Minolta"/>
     <param pos="0" name="hw.product" value="Printer"/>
   </fingerprint>
+
   <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
     <description>Konica Minolta FTP Server</description>
     <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1108,6 +1234,7 @@ more text
     <param pos="0" name="service.product" value="KM FTPD"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
     <description>ZebraNet Print Server FTP</description>
     <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1121,12 +1248,26 @@ more text
     <param pos="0" name="hw.device" value="Print server"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
+  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
+    <description>Dell Laser Printer</description>
+    <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
+    <param pos="0" name="os.vendor" value="Dell"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="hw.vendor" value="Dell"/>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="host.mac"/>
+    <param pos="3" name="hw.product"/>
+  </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
     <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
     <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
     <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
     <description>Cisco TelePresence</description>
     <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1142,6 +1283,7 @@ more text
     <param pos="2" name="hw.model"/>
     <param pos="3" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1152,6 +1294,7 @@ more text
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1161,6 +1304,7 @@ more text
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
     <description>MikroTik</description>
     <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1170,6 +1314,7 @@ more text
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
     <description>MikroTik w/o hostname</description>
     <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
@@ -1178,6 +1323,7 @@ more text
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
     <description>FTPD on an Asus Wireless Access Point/Router</description>
     <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1189,6 +1335,7 @@ more text
     <param pos="0" name="hw.device" value="WAP"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
     <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
     <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1199,6 +1346,7 @@ more text
     <param pos="0" name="hw.device" value="DSL Modem"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
     <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
     <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1208,6 +1356,7 @@ more text
     <param pos="0" name="hw.device" value="WAP"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
     <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
     <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1221,6 +1370,7 @@ more text
     <param pos="0" name="hw.family" value="FRITZ!Box"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
     <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
     <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1228,10 +1378,11 @@ more text
     <param pos="0" name="service.product" value="inetutils ftpd"/>
     <param pos="0" name="service.vendor" value="GNU"/>
     <param pos="1" name="service.version"/>
-    <param pos="0" name="hw.vendor" value="ZyXEL"/>
+    <param pos="0" name="hw.vendor" value="Zyxel"/>
     <param pos="0" name="hw.family" value="WiMax"/>
     <param pos="0" name="hw.device" value="WAP"/>
   </fingerprint>
+
   <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
     <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
     <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1243,6 +1394,7 @@ more text
     <param pos="1" name="hw.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+
   <fingerprint pattern="^DiskStation FTP server ready\.$">
     <description>FTPD on a Synology DiskStation NAS</description>
     <example>DiskStation FTP server ready.</example>
@@ -1255,6 +1407,7 @@ more text
     <param pos="0" name="hw.family" value="DiskStation"/>
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
+
   <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
     <description>FTPD on a Synology device</description>
     <example>Synology FTP server ready.</example>
@@ -1266,6 +1419,7 @@ more text
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="hw.vendor" value="Synology"/>
   </fingerprint>
+
   <fingerprint pattern="^.Welcome to MyBookLive.$">
     <description>FTPD on Western Digital My Book Live NAS</description>
     <example>"Welcome to MyBookLive"</example>
@@ -1274,6 +1428,7 @@ more text
     <param pos="0" name="hw.product" value="My Book Live"/>
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
+
   <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
     <description>Multicraft FTPD Server</description>
     <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1283,6 +1438,7 @@ more text
     <param pos="0" name="service.vendor" value="Multicraft"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
     <description>Bftpd FTPD Server</description>
     <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1294,6 +1450,7 @@ more text
     <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
     <param pos="2" name="host.ip"/>
   </fingerprint>
+
   <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
     <description>ProFTPD on QNAP Turbo Station NAS</description>
     <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1309,6 +1466,7 @@ more text
     <param pos="0" name="hw.device" value="NAS"/>
     <param pos="2" name="host.ip"/>
   </fingerprint>
+
   <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
     <description>Twisted (Python) FTP Server</description>
     <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1318,6 +1476,7 @@ more text
     <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
     <description>Gene6 FTP Server on Windows</description>
     <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1331,6 +1490,7 @@ more text
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+
   <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
     <description>WS_FTP FTP Server on Windows - X2 variant</description>
     <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1346,6 +1506,7 @@ more text
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
     <description>WS_FTP FTP Server on Windows - V2 variant</description>
     <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1359,24 +1520,27 @@ more text
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+
   <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
     <description>ZyXEL Unified Security Gateway</description>
     <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
     <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
     <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
-    <param pos="0" name="service.vendor" value="ZyXEL"/>
+    <param pos="0" name="service.vendor" value="Zyxel"/>
     <param pos="0" name="service.family" value="Unified Security Gateway"/>
     <param pos="0" name="service.product" value="FTPD"/>
     <param pos="2" name="host.ip"/>
-    <param pos="0" name="hw.vendor" value="ZyXEL"/>
+    <param pos="0" name="hw.vendor" value="Zyxel"/>
     <param pos="0" name="hw.family" value="Unified Security Gateway"/>
     <param pos="1" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^Welcome to TP-LINK FTP server$">
     <description>FTPD on a TP-LINK device (no version/host info)</description>
     <example>Welcome to TP-LINK FTP server</example>
     <param pos="0" name="hw.vendor" value="TP-LINK"/>
   </fingerprint>
+
   <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
     <description>FTPD on a TP-LINK device with version, but no host info</description>
     <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May  1 20:51:49 2019</example>
@@ -1384,6 +1548,7 @@ more text
     <param pos="0" name="service.product" value="FTPD"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
     <description>ucftpd with version</description>
     <example service.version="Jul  2 2012-22:13:49">ucftpd(Jul  2 2012-22:13:49) FTP server ready.</example>
@@ -1392,18 +1557,21 @@ more text
     <param pos="0" name="service.product" value="ucftpd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ucftpd FTP server ready\.$">
     <description>ucftpd without version</description>
     <example>ucftpd FTP server ready.</example>
     <param pos="0" name="service.family" value="ucftpd"/>
     <param pos="0" name="service.product" value="ucftpd"/>
   </fingerprint>
+
   <fingerprint pattern="^Welcome to TBS FTP Server\.$">
     <description>TBS FTP Server</description>
     <example>Welcome to TBS FTP Server.</example>
     <param pos="0" name="service.family" value="TBS FTP Server"/>
     <param pos="0" name="service.product" value="TBS FTP Server"/>
   </fingerprint>
+
   <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+)  ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
     <description>Sofrel Remote Terminal Unit</description>
     <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427  ready. Time is 00:11:39 01/11/16.</example>
@@ -1414,6 +1582,7 @@ more text
     <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
     <param pos="3" name="system.time"/>
   </fingerprint>
+
   <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
     <description>ALCATEL Service Router running TiMOS</description>
     <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1424,11 +1593,13 @@ more text
     <param pos="0" name="hw.family" value="Service Router"/>
     <param pos="2" name="hw.product"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname</description>
     <example host.name="example.com">example.com FTP server ready.</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
     <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1436,6 +1607,7 @@ more text
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
     <description>Generic FTP fingerprint without a hostname</description>
     <example>FTP server is ready.</example>
@@ -1445,12 +1617,14 @@ more text
     <example>FTP Server</example>
     <example>FTP service ready.</example>
   </fingerprint>
+
   <fingerprint pattern="^Welcom to ProRat Ftp Server$">
     <description>The FTP server of the ProRat malware</description>
     <example>Welcom to ProRat Ftp Server</example>
     <param pos="0" name="service.vendor" value="Pro Group"/>
     <param pos="0" name="service.product" value="ProRat"/>
   </fingerprint>
+
   <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
     <description>Vermillion FTP Daemon</description>
     <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1464,6 +1638,7 @@ more text
     <param pos="2" name="service.version"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
     <description>QVT/Net FTP Server</description>
     <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1477,6 +1652,7 @@ more text
     <param pos="2" name="service.version"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+
   <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
     <description>Amazon Linux AMI</description>
     <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1485,8 +1661,10 @@ more text
     <param pos="0" name="os.product" value="Linux AMI"/>
     <param pos="1" name="os.version"/>
   </fingerprint>
+
   <!-- Below are banners for FTP service providers, not necessarily
        specific FTP servers-->
+
   <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
     <description>Idea FTP Server</description>
     <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1497,16 +1675,51 @@ more text
     <param pos="2" name="host.name"/>
     <param pos="3" name="host.ip"/>
   </fingerprint>
+
   <fingerprint pattern="^Amazon Ftp$">
     <description>Amazon FTP endpoint</description>
     <example>Amazon Ftp</example>
     <param pos="0" name="service.vendor" value="Amazon"/>
     <param pos="0" name="service.product" value="FTP Server"/>
   </fingerprint>
+
   <fingerprint pattern="^Dreamhost FTP Server$">
     <description>Dreamhost FTP endpoint</description>
     <example>Dreamhost FTP Server</example>
     <param pos="0" name="service.vendor" value="Dreamhost"/>
     <param pos="0" name="service.product" value="FTP Server"/>
   </fingerprint>
-</fingerprints>
+
+  <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
+    <description>IBM iSeries FTP</description>
+    <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.family" value="OS/400"/>
+    <param pos="0" name="os.product" value="OS/400"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
+  <fingerprint pattern="^HomeLogic FTP Server">
+    <description>ELAN Smart Home Controller</description>
+    <example>HomeLogic FTP Server Please Give User Name</example>
+    <param pos="0" name="hw.vendor" value="ELAN"/>
+    <param pos="0" name="hw.device" value="Building Automation"/>
+    <param pos="0" name="hw.product" value="Home Controller"/>
+    <param pos="0" name="os.vendor" value="ELAN"/>
+    <param pos="0" name="os.family" value="Linux"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
+    <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
+    <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
+    <param pos="0" name="hw.vendor" value="Honeywell"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
+    <param pos="0" name="hw.device" value="Printer"/>
+    <param pos="0" name="os.vendor" value="Honeywell"/>
+    <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
+    <param pos="0" name="os.device" value="Printer"/>
+  </fingerprint>
+
+</fingerprints>