recog 2.3.6 → 2.3.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +17 -5
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +34 -29
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +20 -0
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +215 -11
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +225 -12
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +2371 -17
  43. data/xml/http_cookies.xml +82 -7
  44. data/xml/http_servers.xml +863 -43
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +19 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +30 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +96 -0
  58. data/xml/sip_banners.xml +192 -17
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +166 -9
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +863 -122
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +253 -78
  77. data/xml/telnet_banners.xml +419 -14
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +39 -15
  80. data/xml/x509_subjects.xml +545 -64
  81. metadata +30 -6
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
3
  <!--
4
4
  FTP greeting messages (part of the banner after the response code) are matched
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
9
  <description>Microsoft FTP Server on Windows NT</description>
9
10
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
20
  <param pos="1" name="host.name"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
24
  <description>Microsoft FTP Server on Windows 2000</description>
23
25
  <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
32
34
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
35
  <param pos="1" name="host.name"/>
34
36
  </fingerprint>
37
+
35
38
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
40
  <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
45
48
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
49
  <param pos="1" name="host.name"/>
47
50
  </fingerprint>
51
+
48
52
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
54
  <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
58
62
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
63
  <param pos="1" name="host.name"/>
60
64
  </fingerprint>
65
+
61
66
  <fingerprint pattern="^Microsoft FTP Service$">
62
67
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
68
  <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
70
75
  <param pos="0" name="os.product" value="Windows"/>
71
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
77
  </fingerprint>
78
+
73
79
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
82
88
  <param pos="1" name="host.name"/>
83
89
  <param pos="2" name="service.version"/>
84
90
  </fingerprint>
91
+
85
92
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
94
101
  <param pos="1" name="host.name"/>
95
102
  <param pos="2" name="service.version"/>
96
103
  </fingerprint>
104
+
97
105
  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
106
  <description>WU-FTPD on various OS</description>
99
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
105
113
  <param pos="1" name="host.name"/>
106
114
  <param pos="2" name="service.version"/>
107
115
  </fingerprint>
116
+
108
117
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
118
  <description>FTPD on Mac OS X Server with a version</description>
110
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.
119
128
  <param pos="2" name="os.version"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
130
  </fingerprint>
131
+
122
132
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
133
  <description>FTPD on Mac OS X Server without a version</description>
124
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
132
142
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
143
  <param pos="1" name="host.name"/>
134
144
  </fingerprint>
145
+
135
146
  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
147
  <description>Simple tnftpd banner with a version</description>
137
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
139
150
  <param pos="2" name="service.version"/>
140
151
  <param pos="1" name="host.name"/>
141
152
  </fingerprint>
153
+
142
154
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
155
  <description>SunOS/Solaris</description>
144
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
149
161
  <param pos="2" name="os.version"/>
150
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
163
  </fingerprint>
164
+
152
165
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
166
  <description>SunOS/Solaris 5.7-5.10</description>
154
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
160
173
  <param pos="2" name="os.version"/>
161
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
165
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
170
184
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
185
  <param pos="1" name="host.name"/>
172
186
  </fingerprint>
187
+
173
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
189
  <description>ProFTPD on Debian Linux</description>
175
190
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
184
199
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
200
  <param pos="2" name="host.name"/>
186
201
  </fingerprint>
202
+
187
203
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
204
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
205
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
197
213
  <param pos="2" name="os.product"/>
198
214
  <param pos="3" name="host.name"/>
199
215
  </fingerprint>
216
+
200
217
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
218
  <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
219
  <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
210
227
  <param pos="0" name="hw.product" value="ReadyNAS"/>
211
228
  <param pos="2" name="host.ip"/>
212
229
  </fingerprint>
230
+
213
231
  <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
232
  <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
233
  <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
222
240
  <param pos="0" name="hw.product" value="ReadyNAS"/>
223
241
  <param pos="1" name="host.name"/>
224
242
  </fingerprint>
243
+
225
244
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
245
  <description>ProFTPD on a wired Linksys device</description>
227
246
  <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
234
253
  <param pos="2" name="os.product"/>
235
254
  <param pos="3" name="host.name"/>
236
255
  </fingerprint>
256
+
237
257
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
258
  <description>ProFTPD with version info but no obvious OS info</description>
239
259
  <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
247
267
  <param pos="2" name="proftpd.server.name"/>
248
268
  <param pos="3" name="host.name"/>
249
269
  </fingerprint>
270
+
250
271
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
272
  <description>ProFTPD with only version info</description>
252
273
  <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
256
277
  <param pos="1" name="service.version"/>
257
278
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
279
  </fingerprint>
280
+
259
281
  <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
282
  <description>ProFTPD with no version info</description>
261
283
  <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
265
287
  <param pos="0" name="service.product" value="ProFTPD"/>
266
288
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
289
  </fingerprint>
290
+
268
291
  <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
292
  <description>ProFTPD with no version info, parenthetical form</description>
270
293
  <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
277
300
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
301
  <param pos="1" name="host.ip"/>
279
302
  </fingerprint>
303
+
280
304
  <fingerprint pattern="^ProFTPD Server$">
281
305
  <description>ProFTPD with no version info, short form</description>
282
306
  <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
285
309
  <param pos="0" name="service.product" value="ProFTPD"/>
286
310
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
311
  </fingerprint>
312
+
288
313
  <fingerprint pattern="^ProFTPD\s*$">
289
314
  <description>ProFTPD with no version info, super short form</description>
290
315
  <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
294
319
  <param pos="0" name="service.product" value="ProFTPD"/>
295
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
321
  </fingerprint>
322
+
297
323
  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
324
  <description>ProFTPD no valid servers configured</description>
299
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
304
330
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
331
  <param pos="1" name="host.name"/>
306
332
  </fingerprint>
333
+
307
334
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
335
  <description>ProFTPD with version info - truncated</description>
309
336
  <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
316
343
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
344
  <param pos="2" name="proftpd.server.name"/>
318
345
  </fingerprint>
346
+
319
347
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
348
  <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
349
  <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -323,8 +351,10 @@ example.com FTP server (Version: Mac OS X Server) ready.
323
351
  <param pos="0" name="service.vendor" value="ProFTPD Project"/>
324
352
  <param pos="0" name="service.product" value="ProFTPD"/>
325
353
  <param pos="1" name="service.version"/>
354
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
326
355
  <param pos="2" name="host.name"/>
327
356
  </fingerprint>
357
+
328
358
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
329
359
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
330
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
@@ -334,6 +364,7 @@ more stuff
334
364
  <param pos="0" name="service.product" value="Pure-FTPd"/>
335
365
  <param pos="1" name="service.version"/>
336
366
  </fingerprint>
367
+
337
368
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
338
369
  <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
339
370
  <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -346,6 +377,7 @@ more text
346
377
  <param pos="0" name="service.family" value="Pure-FTPd"/>
347
378
  <param pos="0" name="service.product" value="Pure-FTPd"/>
348
379
  </fingerprint>
380
+
349
381
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
350
382
  <description>Basic Pure-FTPd banner, no version</description>
351
383
  <example>Welcome to Pure-FTPd</example>
@@ -353,6 +385,7 @@ more text
353
385
  <param pos="0" name="service.family" value="Pure-FTPd"/>
354
386
  <param pos="0" name="service.product" value="Pure-FTPd"/>
355
387
  </fingerprint>
388
+
356
389
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
357
390
  <description>Older Pure-FTPd versions</description>
358
391
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
@@ -362,6 +395,7 @@ more text
362
395
  <param pos="0" name="service.product" value="Pure-FTPd"/>
363
396
  <param pos="1" name="service.version"/>
364
397
  </fingerprint>
398
+
365
399
  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
366
400
  <description>Serv-U (only runs on Windows)</description>
367
401
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
@@ -376,6 +410,7 @@ more text
376
410
  <param pos="0" name="os.product" value="Windows"/>
377
411
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
378
412
  </fingerprint>
413
+
379
414
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
380
415
  <description>zftpserver (only runs on Windows)</description>
381
416
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -387,6 +422,7 @@ more text
387
422
  <param pos="0" name="os.product" value="Windows"/>
388
423
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
389
424
  </fingerprint>
425
+
390
426
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
391
427
  <description>vsFTPd (Very Secure FTP Daemon)</description>
392
428
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
@@ -396,6 +432,7 @@ more text
396
432
  <param pos="1" name="service.version"/>
397
433
  <param pos="2" name="host.name"/>
398
434
  </fingerprint>
435
+
399
436
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
400
437
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
401
438
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
@@ -403,6 +440,7 @@ more text
403
440
  <param pos="0" name="service.product" value="vsFTPd"/>
404
441
  <param pos="1" name="service.version"/>
405
442
  </fingerprint>
443
+
406
444
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
407
445
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
408
446
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
@@ -410,6 +448,7 @@ more text
410
448
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
411
449
  <param pos="1" name="service.version"/>
412
450
  </fingerprint>
451
+
413
452
  <fingerprint pattern="^OOPS: .*vsftp.*$">
414
453
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
415
454
  <example>OOPS: vsftpd: root is not mounted.</example>
@@ -417,6 +456,7 @@ more text
417
456
  <param pos="0" name="service.family" value="vsFTPd"/>
418
457
  <param pos="0" name="service.product" value="vsFTPd"/>
419
458
  </fingerprint>
459
+
420
460
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
421
461
  <description>FileZilla FTP Server</description>
422
462
  <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
@@ -427,6 +467,7 @@ more text
427
467
  <param pos="0" name="service.product" value="FileZilla FTP Server"/>
428
468
  <param pos="1" name="service.version"/>
429
469
  </fingerprint>
470
+
430
471
  <fingerprint pattern="^\s*APC FTP server ready\.$">
431
472
  <description>APC device</description>
432
473
  <example>APC FTP server ready.</example>
@@ -437,6 +478,7 @@ more text
437
478
  <param pos="0" name="hw.vendor" value="APC"/>
438
479
  <param pos="0" name="hw.device" value="Power device"/>
439
480
  </fingerprint>
481
+
440
482
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
441
483
  <description>APC power/cooling device</description>
442
484
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -453,6 +495,7 @@ more text
453
495
  <param pos="0" name="hw.vendor" value="APC"/>
454
496
  <param pos="0" name="hw.device" value="Power device"/>
455
497
  </fingerprint>
498
+
456
499
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
457
500
  <description>EMC Celerra</description>
458
501
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -470,6 +513,7 @@ more text
470
513
  <param pos="0" name="hw.device" value="Storage"/>
471
514
  <param pos="0" name="hw.product" value="Celerra"/>
472
515
  </fingerprint>
516
+
473
517
  <fingerprint pattern="^JD FTP Server Ready.*$">
474
518
  <description>HP JetDirect printer</description>
475
519
  <example>JD FTP Server Ready</example>
@@ -486,6 +530,7 @@ more text
486
530
  <param pos="0" name="hw.family" value="JetDirect"/>
487
531
  <param pos="0" name="hw.product" value="JetDirect"/>
488
532
  </fingerprint>
533
+
489
534
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
490
535
  <description>Check Point FireWall-1</description>
491
536
  <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -503,6 +548,7 @@ more text
503
548
  <param pos="0" name="hw.family" value="Firewall-1"/>
504
549
  <param pos="1" name="host.name"/>
505
550
  </fingerprint>
551
+
506
552
  <fingerprint pattern="^Blue Coat FTP Service$">
507
553
  <description>Blue Coat security appliances</description>
508
554
  <example>Blue Coat FTP Service</example>
@@ -511,11 +557,13 @@ more text
511
557
  <param pos="0" name="os.vendor" value="Blue Coat"/>
512
558
  <param pos="0" name="os.device" value="Web proxy"/>
513
559
  </fingerprint>
560
+
514
561
  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
515
562
  <description>Nepenthes honeypot</description>
516
563
  <param pos="0" name="service.family" value="Nepenthes"/>
517
564
  <param pos="0" name="service.product" value="Nepenthes"/>
518
565
  </fingerprint>
566
+
519
567
  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
520
568
  <description>IBM z/OS FTP Service</description>
521
569
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -526,8 +574,10 @@ more text
526
574
  <param pos="0" name="os.family" value="z/OS"/>
527
575
  <param pos="0" name="os.device" value="Mainframe"/>
528
576
  <param pos="1" name="os.version"/>
577
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
529
578
  <param pos="2" name="host.name"/>
530
579
  </fingerprint>
580
+
531
581
  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
532
582
  <description>IBM 4690 FTP Service</description>
533
583
  <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -538,6 +588,7 @@ more text
538
588
  <param pos="0" name="os.family" value="4690"/>
539
589
  <param pos="0" name="os.device" value="Point of sale"/>
540
590
  </fingerprint>
591
+
541
592
  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
542
593
  <description>NcFTPd Server
543
594
  http://www.ncftp.com/ncftpd/</description>
@@ -546,6 +597,7 @@ more text
546
597
  <param pos="0" name="service.product" value="NcFTPd Server"/>
547
598
  <param pos="1" name="host.name"/>
548
599
  </fingerprint>
600
+
549
601
  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
550
602
  <description>D-Link DCS-2100 wireless internet camera</description>
551
603
  <example>hostname DCS-2100 FTP server ready.</example>
@@ -554,6 +606,7 @@ more text
554
606
  <param pos="0" name="os.device" value="Web cam"/>
555
607
  <param pos="1" name="host.name"/>
556
608
  </fingerprint>
609
+
557
610
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
558
611
  <description>Raptor firewall</description>
559
612
  <example>Secure Gateway FTP server ready.</example>
@@ -562,6 +615,7 @@ more text
562
615
  <param pos="0" name="os.product" value="Raptor"/>
563
616
  <param pos="0" name="os.device" value="Firewall"/>
564
617
  </fingerprint>
618
+
565
619
  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
566
620
  <description>Sun StorEdge disk array</description>
567
621
  <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -570,6 +624,7 @@ more text
570
624
  <param pos="1" name="os.product"/>
571
625
  <param pos="0" name="os.device" value="Storage"/>
572
626
  </fingerprint>
627
+
573
628
  <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
574
629
  <description>Axis Network Camera</description>
575
630
  <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -582,28 +637,47 @@ more text
582
637
  <param pos="0" name="hw.device" value="Web cam"/>
583
638
  <param pos="1" name="hw.product"/>
584
639
  <param pos="2" name="hw.version"/>
640
+ <param pos="0" name="os.vendor" value="AXIS"/>
641
+ <param pos="0" name="os.family" value="Linux"/>
642
+ <param pos="0" name="os.device" value="Web cam"/>
585
643
  </fingerprint>
586
- <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
587
- <description>Axis Audio/Video encoders/servers</description>
644
+
645
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
646
+ <description>Axis Video encoders/servers</description>
588
647
  <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
589
648
  <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
590
649
  <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
591
650
  <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
592
651
  <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
593
652
  <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
653
+ <param pos="0" name="hw.vendor" value="Axis"/>
654
+ <param pos="1" name="hw.product"/>
655
+ <param pos="2" name="hw.version"/>
656
+ <param pos="0" name="hw.device" value="Video Encoder"/>
657
+ <param pos="0" name="os.vendor" value="AXIS"/>
658
+ <param pos="0" name="os.family" value="Linux"/>
659
+ </fingerprint>
660
+
661
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
662
+ <description>Axis Audio encoders/servers</description>
594
663
  <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
595
664
  <param pos="0" name="hw.vendor" value="Axis"/>
596
665
  <param pos="1" name="hw.product"/>
597
666
  <param pos="2" name="hw.version"/>
667
+ <param pos="0" name="hw.device" value="Audio Encoder"/>
668
+ <param pos="0" name="os.vendor" value="AXIS"/>
669
+ <param pos="0" name="os.family" value="Linux"/>
598
670
  </fingerprint>
671
+
599
672
  <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
600
673
  <description>Axis Door Controllers</description>
601
674
  <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
602
675
  <param pos="0" name="hw.vendor" value="Axis"/>
603
- <param pos="0" name="hw.device" value="Building Automation"/>
676
+ <param pos="0" name="hw.device" value="Access Control"/>
604
677
  <param pos="1" name="hw.product"/>
605
678
  <param pos="2" name="hw.version"/>
606
679
  </fingerprint>
680
+
607
681
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
608
682
  <description>Axis print servers</description>
609
683
  <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -614,6 +688,7 @@ more text
614
688
  <param pos="1" name="hw.product"/>
615
689
  <param pos="2" name="hw.version"/>
616
690
  </fingerprint>
691
+
617
692
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
618
693
  <description>Ricoh Aficio multifunction device</description>
619
694
  <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -629,6 +704,7 @@ more text
629
704
  <param pos="1" name="os.product"/>
630
705
  <param pos="2" name="os.version"/>
631
706
  </fingerprint>
707
+
632
708
  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
633
709
  <description>Ricoh NRG multifunction device</description>
634
710
  <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -647,6 +723,7 @@ more text
647
723
  <param pos="0" name="hw.device" value="Multifunction Device"/>
648
724
  <param pos="1" name="hw.product"/>
649
725
  </fingerprint>
726
+
650
727
  <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
651
728
  <description>Xerox WorkCentre</description>
652
729
  <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -661,6 +738,7 @@ more text
661
738
  <param pos="0" name="hw.device" value="Printer"/>
662
739
  <param pos="1" name="hw.product"/>
663
740
  </fingerprint>
741
+
664
742
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
665
743
  <description>Xerox Phaser Laser Printer</description>
666
744
  <example>Xerox Phaser 6130N</example>
@@ -674,6 +752,7 @@ more text
674
752
  <param pos="0" name="hw.device" value="Printer"/>
675
753
  <param pos="1" name="hw.product"/>
676
754
  </fingerprint>
755
+
677
756
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
678
757
  <description>Xerox Wide Format Series of Printers</description>
679
758
  <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -686,6 +765,7 @@ more text
686
765
  <param pos="0" name="hw.device" value="Printer"/>
687
766
  <param pos="1" name="hw.product"/>
688
767
  </fingerprint>
768
+
689
769
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
690
770
  <description>FUJI XEROX DocuPrint Series of Printers</description>
691
771
  <example>FUJI XEROX DocuPrint 3055</example>
@@ -696,6 +776,7 @@ more text
696
776
  <param pos="0" name="os.device" value="Printer"/>
697
777
  <param pos="1" name="os.product"/>
698
778
  </fingerprint>
779
+
699
780
  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
700
781
  <description>Lexmark printer with MAC address</description>
701
782
  <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -707,6 +788,7 @@ more text
707
788
  <param pos="0" name="hw.device" value="Printer"/>
708
789
  <param pos="2" name="hw.product"/>
709
790
  </fingerprint>
791
+
710
792
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
711
793
  <description>Lexmark printer with OS version</description>
712
794
  <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -717,6 +799,7 @@ more text
717
799
  <param pos="0" name="hw.device" value="Printer"/>
718
800
  <param pos="1" name="hw.product"/>
719
801
  </fingerprint>
802
+
720
803
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
721
804
  <description>Lexmark printer</description>
722
805
  <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -726,6 +809,17 @@ more text
726
809
  <param pos="0" name="hw.device" value="Printer"/>
727
810
  <param pos="1" name="hw.product"/>
728
811
  </fingerprint>
812
+
813
+ <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
814
+ <description>Kyocera Multifunction Device</description>
815
+ <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
816
+ <param pos="0" name="os.vendor" value="Kyocera"/>
817
+ <param pos="0" name="os.device" value="Multifunction Device"/>
818
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
819
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
820
+ <param pos="1" name="hw.product"/>
821
+ </fingerprint>
822
+
729
823
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
730
824
  <description>VxWorks with version information</description>
731
825
  <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -737,6 +831,7 @@ more text
737
831
  <param pos="1" name="os.version"/>
738
832
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
739
833
  </fingerprint>
834
+
740
835
  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
741
836
  <description>VxWorks without version information</description>
742
837
  <example>Tornado-vxWorks FTP server ready</example>
@@ -744,6 +839,7 @@ more text
744
839
  <param pos="0" name="os.product" value="VxWorks"/>
745
840
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
746
841
  </fingerprint>
842
+
747
843
  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
748
844
  <description>VxWorks 6 with version information</description>
749
845
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -751,24 +847,27 @@ more text
751
847
  <param pos="0" name="os.vendor" value="Wind River"/>
752
848
  <param pos="0" name="os.product" value="VxWorks"/>
753
849
  <param pos="1" name="os.version"/>
754
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
850
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
755
851
  </fingerprint>
852
+
756
853
  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
757
854
  <description>VxWorks on Tenor MultiPath with version information</description>
758
- <example os.version="5.4.2"><![CDATA[<38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
855
+ <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
759
856
  <param pos="0" name="os.vendor" value="Wind River"/>
760
857
  <param pos="0" name="os.product" value="VxWorks"/>
761
858
  <param pos="1" name="os.version"/>
762
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
859
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
763
860
  </fingerprint>
861
+
764
862
  <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
765
863
  <description>VxWorks with Secure NetLinx</description>
766
864
  <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
767
865
  <param pos="0" name="os.vendor" value="Wind River"/>
768
866
  <param pos="0" name="os.product" value="VxWorks"/>
769
867
  <param pos="1" name="os.version"/>
770
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
868
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
771
869
  </fingerprint>
870
+
772
871
  <fingerprint pattern="^ADC iScale$">
773
872
  <description>ADC iScale</description>
774
873
  <example>ADC iScale</example>
@@ -777,6 +876,7 @@ more text
777
876
  <param pos="0" name="os.vendor" value="ADC"/>
778
877
  <param pos="0" name="os.product" value="iScale"/>
779
878
  </fingerprint>
879
+
780
880
  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
781
881
  <description>Taskalfa Series of Printers</description>
782
882
  <example>TASKalfa 300ci FTP server</example>
@@ -790,6 +890,7 @@ more text
790
890
  <param pos="0" name="hw.device" value="Multifunction Device"/>
791
891
  <param pos="1" name="hw.product"/>
792
892
  </fingerprint>
893
+
793
894
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
794
895
  <description>SAVIN Printer FTP Server</description>
795
896
  <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -810,6 +911,7 @@ more text
810
911
  <param pos="0" name="hw.device" value="Printer"/>
811
912
  <param pos="1" name="hw.product"/>
812
913
  </fingerprint>
914
+
813
915
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
814
916
  <description>OCE IM series Printer</description>
815
917
  <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -820,6 +922,7 @@ more text
820
922
  <param pos="1" name="os.product"/>
821
923
  <param pos="2" name="os.version"/>
822
924
  </fingerprint>
925
+
823
926
  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
824
927
  <description>OCE Printer</description>
825
928
  <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -829,6 +932,7 @@ more text
829
932
  <param pos="1" name="os.product"/>
830
933
  <param pos="2" name="os.version"/>
831
934
  </fingerprint>
935
+
832
936
  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
833
937
  <description>MPI Technologies Linkcom Express FTP Server with os version</description>
834
938
  <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -838,6 +942,7 @@ more text
838
942
  <param pos="1" name="hw.product"/>
839
943
  <param pos="2" name="os.version"/>
840
944
  </fingerprint>
945
+
841
946
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
842
947
  <description>MPI Technologies Linkcom Express FTP Server</description>
843
948
  <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -846,6 +951,7 @@ more text
846
951
  <param pos="0" name="hw.device" value="Print server"/>
847
952
  <param pos="1" name="hw.product"/>
848
953
  </fingerprint>
954
+
849
955
  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
850
956
  <description>IBM Infoprint FTP</description>
851
957
  <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -858,6 +964,7 @@ more text
858
964
  <param pos="1" name="os.product"/>
859
965
  <param pos="2" name="os.version"/>
860
966
  </fingerprint>
967
+
861
968
  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
862
969
  <description>Gestetner Printer FTP</description>
863
970
  <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -870,6 +977,7 @@ more text
870
977
  <param pos="1" name="os.product"/>
871
978
  <param pos="2" name="os.version"/>
872
979
  </fingerprint>
980
+
873
981
  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
874
982
  <description>Gestetner Printer FTP - short banner</description>
875
983
  <example>Gestetner MPC2500</example>
@@ -877,6 +985,7 @@ more text
877
985
  <param pos="0" name="os.device" value="Multifunction Device"/>
878
986
  <param pos="1" name="os.product"/>
879
987
  </fingerprint>
988
+
880
989
  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
881
990
  <description>Lexmark Marknet Printers FTP</description>
882
991
  <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -886,6 +995,7 @@ more text
886
995
  <param pos="1" name="os.product"/>
887
996
  <param pos="2" name="os.version"/>
888
997
  </fingerprint>
998
+
889
999
  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
890
1000
  <description>Source Technologies ST9600 Series Secure Printer</description>
891
1001
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -898,6 +1008,7 @@ more text
898
1008
  <param pos="2" name="os.product"/>
899
1009
  <param pos="3" name="os.version"/>
900
1010
  </fingerprint>
1011
+
901
1012
  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
902
1013
  <description>Lexmark ProXXX Series of Printers</description>
903
1014
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -910,6 +1021,7 @@ more text
910
1021
  <param pos="0" name="hw.device" value="Printer"/>
911
1022
  <param pos="2" name="hw.product"/>
912
1023
  </fingerprint>
1024
+
913
1025
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
914
1026
  <description>Lexmark Forms Printer</description>
915
1027
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -924,6 +1036,7 @@ more text
924
1036
  <param pos="0" name="hw.device" value="Printer"/>
925
1037
  <param pos="2" name="hw.product"/>
926
1038
  </fingerprint>
1039
+
927
1040
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
928
1041
  <description>Toshiba e-STUDIO Printer with MAC address</description>
929
1042
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -937,6 +1050,7 @@ more text
937
1050
  <param pos="0" name="hw.device" value="Multifunction Device"/>
938
1051
  <param pos="0" name="hw.product" value="e-STUDIO"/>
939
1052
  </fingerprint>
1053
+
940
1054
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
941
1055
  <description>Toshiba e-STUDIO Printer</description>
942
1056
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -948,6 +1062,7 @@ more text
948
1062
  <param pos="0" name="hw.device" value="Multifunction Device"/>
949
1063
  <param pos="0" name="hw.product" value="e-STUDIO"/>
950
1064
  </fingerprint>
1065
+
951
1066
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
952
1067
  <description>Lexmark Optra Printer</description>
953
1068
  <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -962,6 +1077,7 @@ more text
962
1077
  <param pos="0" name="hw.device" value="Printer"/>
963
1078
  <param pos="1" name="hw.product"/>
964
1079
  </fingerprint>
1080
+
965
1081
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
966
1082
  <description>Sharp Printer/Copier/Scanne</description>
967
1083
  <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -983,6 +1099,7 @@ more text
983
1099
  <param pos="0" name="hw.family" value="MX Series"/>
984
1100
  <param pos="1" name="hw.product"/>
985
1101
  </fingerprint>
1102
+
986
1103
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
987
1104
  <description>Kyocera Printer with version string</description>
988
1105
  <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -995,6 +1112,7 @@ more text
995
1112
  <param pos="0" name="hw.device" value="Multifunction Device"/>
996
1113
  <param pos="1" name="hw.product"/>
997
1114
  </fingerprint>
1115
+
998
1116
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
999
1117
  <description>Kyocera Printer</description>
1000
1118
  <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1008,6 +1126,7 @@ more text
1008
1126
  <param pos="0" name="hw.family" value="FS"/>
1009
1127
  <param pos="1" name="hw.product"/>
1010
1128
  </fingerprint>
1129
+
1011
1130
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1012
1131
  <description>Extended Systems ExtendNet Print Server</description>
1013
1132
  <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1029,6 +1148,7 @@ more text
1029
1148
  <param pos="0" name="hw.device" value="Print server"/>
1030
1149
  <param pos="1" name="hw.product"/>
1031
1150
  </fingerprint>
1151
+
1032
1152
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1033
1153
  <description>SATO Printer</description>
1034
1154
  <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1039,6 +1159,7 @@ more text
1039
1159
  <param pos="0" name="hw.vendor" value="SATO"/>
1040
1160
  <param pos="0" name="hw.device" value="Printer"/>
1041
1161
  </fingerprint>
1162
+
1042
1163
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1043
1164
  <description>AMTDatasouth Fastmark M5</description>
1044
1165
  <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1056,6 +1177,7 @@ more text
1056
1177
  <param pos="0" name="hw.product" value="Fastmark M5"/>
1057
1178
  <param pos="0" name="hw.device" value="Printer"/>
1058
1179
  </fingerprint>
1180
+
1059
1181
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1060
1182
  <description>EFI FTP Print Server</description>
1061
1183
  <example>EFI FTP Print server ready.</example>
@@ -1065,7 +1187,9 @@ more text
1065
1187
  <param pos="0" name="os.product" value="Fiery Print Server"/>
1066
1188
  <param pos="0" name="os.device" value="Print server"/>
1067
1189
  </fingerprint>
1190
+
1068
1191
  <!-- Conjectured based on known MX FTP fingerprints -->
1192
+
1069
1193
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1070
1194
  <description>Sharp AR Series multifunction device</description>
1071
1195
  <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1079,6 +1203,7 @@ more text
1079
1203
  <param pos="0" name="hw.family" value="AR Series"/>
1080
1204
  <param pos="1" name="hw.product"/>
1081
1205
  </fingerprint>
1206
+
1082
1207
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1083
1208
  <description>Konica Minolta FTP Server - w/o version</description>
1084
1209
  <example>KONICA MINOLTA FTP server ready.</example>
@@ -1091,6 +1216,7 @@ more text
1091
1216
  <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1092
1217
  <param pos="0" name="hw.product" value="Printer"/>
1093
1218
  </fingerprint>
1219
+
1094
1220
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1095
1221
  <description>Konica Minolta FTP Server</description>
1096
1222
  <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1108,6 +1234,7 @@ more text
1108
1234
  <param pos="0" name="service.product" value="KM FTPD"/>
1109
1235
  <param pos="2" name="service.version"/>
1110
1236
  </fingerprint>
1237
+
1111
1238
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1112
1239
  <description>ZebraNet Print Server FTP</description>
1113
1240
  <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1121,12 +1248,26 @@ more text
1121
1248
  <param pos="0" name="hw.device" value="Print server"/>
1122
1249
  <param pos="1" name="hw.product"/>
1123
1250
  </fingerprint>
1251
+
1252
+ <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1253
+ <description>Dell Laser Printer</description>
1254
+ <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
1255
+ <param pos="0" name="os.vendor" value="Dell"/>
1256
+ <param pos="0" name="os.device" value="Printer"/>
1257
+ <param pos="0" name="hw.vendor" value="Dell"/>
1258
+ <param pos="0" name="hw.device" value="Printer"/>
1259
+ <param pos="1" name="host.name"/>
1260
+ <param pos="2" name="host.mac"/>
1261
+ <param pos="3" name="hw.product"/>
1262
+ </fingerprint>
1263
+
1124
1264
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1125
1265
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1126
1266
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1127
1267
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1128
1268
  <param pos="1" name="host.name"/>
1129
1269
  </fingerprint>
1270
+
1130
1271
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1131
1272
  <description>Cisco TelePresence</description>
1132
1273
  <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1142,6 +1283,7 @@ more text
1142
1283
  <param pos="2" name="hw.model"/>
1143
1284
  <param pos="3" name="os.version"/>
1144
1285
  </fingerprint>
1286
+
1145
1287
  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1146
1288
  <description>Digital/Compaq/HP Tru64 Unix</description>
1147
1289
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1152,6 +1294,7 @@ more text
1152
1294
  <param pos="2" name="os.version"/>
1153
1295
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1154
1296
  </fingerprint>
1297
+
1155
1298
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1156
1299
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1157
1300
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1161,6 +1304,7 @@ more text
1161
1304
  <param pos="1" name="host.name"/>
1162
1305
  <param pos="2" name="os.version"/>
1163
1306
  </fingerprint>
1307
+
1164
1308
  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1165
1309
  <description>MikroTik</description>
1166
1310
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1170,6 +1314,7 @@ more text
1170
1314
  <param pos="2" name="os.version"/>
1171
1315
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1172
1316
  </fingerprint>
1317
+
1173
1318
  <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1174
1319
  <description>MikroTik w/o hostname</description>
1175
1320
  <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
@@ -1178,6 +1323,7 @@ more text
1178
1323
  <param pos="1" name="os.version"/>
1179
1324
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1180
1325
  </fingerprint>
1326
+
1181
1327
  <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1182
1328
  <description>FTPD on an Asus Wireless Access Point/Router</description>
1183
1329
  <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1189,6 +1335,7 @@ more text
1189
1335
  <param pos="0" name="hw.device" value="WAP"/>
1190
1336
  <param pos="1" name="hw.product"/>
1191
1337
  </fingerprint>
1338
+
1192
1339
  <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1193
1340
  <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1194
1341
  <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1199,6 +1346,7 @@ more text
1199
1346
  <param pos="0" name="hw.device" value="DSL Modem"/>
1200
1347
  <param pos="1" name="hw.product"/>
1201
1348
  </fingerprint>
1349
+
1202
1350
  <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1203
1351
  <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1204
1352
  <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1208,6 +1356,7 @@ more text
1208
1356
  <param pos="0" name="hw.device" value="WAP"/>
1209
1357
  <param pos="1" name="hw.product"/>
1210
1358
  </fingerprint>
1359
+
1211
1360
  <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1212
1361
  <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1213
1362
  <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1221,6 +1370,7 @@ more text
1221
1370
  <param pos="0" name="hw.family" value="FRITZ!Box"/>
1222
1371
  <param pos="1" name="hw.product"/>
1223
1372
  </fingerprint>
1373
+
1224
1374
  <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1225
1375
  <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1226
1376
  <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1228,10 +1378,11 @@ more text
1228
1378
  <param pos="0" name="service.product" value="inetutils ftpd"/>
1229
1379
  <param pos="0" name="service.vendor" value="GNU"/>
1230
1380
  <param pos="1" name="service.version"/>
1231
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1381
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1232
1382
  <param pos="0" name="hw.family" value="WiMax"/>
1233
1383
  <param pos="0" name="hw.device" value="WAP"/>
1234
1384
  </fingerprint>
1385
+
1235
1386
  <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1236
1387
  <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1237
1388
  <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1243,6 +1394,7 @@ more text
1243
1394
  <param pos="1" name="hw.product"/>
1244
1395
  <param pos="2" name="os.version"/>
1245
1396
  </fingerprint>
1397
+
1246
1398
  <fingerprint pattern="^DiskStation FTP server ready\.$">
1247
1399
  <description>FTPD on a Synology DiskStation NAS</description>
1248
1400
  <example>DiskStation FTP server ready.</example>
@@ -1255,6 +1407,7 @@ more text
1255
1407
  <param pos="0" name="hw.family" value="DiskStation"/>
1256
1408
  <param pos="0" name="hw.device" value="NAS"/>
1257
1409
  </fingerprint>
1410
+
1258
1411
  <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1259
1412
  <description>FTPD on a Synology device</description>
1260
1413
  <example>Synology FTP server ready.</example>
@@ -1266,6 +1419,7 @@ more text
1266
1419
  <param pos="0" name="os.product" value="Linux"/>
1267
1420
  <param pos="0" name="hw.vendor" value="Synology"/>
1268
1421
  </fingerprint>
1422
+
1269
1423
  <fingerprint pattern="^.Welcome to MyBookLive.$">
1270
1424
  <description>FTPD on Western Digital My Book Live NAS</description>
1271
1425
  <example>"Welcome to MyBookLive"</example>
@@ -1274,6 +1428,7 @@ more text
1274
1428
  <param pos="0" name="hw.product" value="My Book Live"/>
1275
1429
  <param pos="0" name="hw.device" value="NAS"/>
1276
1430
  </fingerprint>
1431
+
1277
1432
  <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1278
1433
  <description>Multicraft FTPD Server</description>
1279
1434
  <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1283,6 +1438,7 @@ more text
1283
1438
  <param pos="0" name="service.vendor" value="Multicraft"/>
1284
1439
  <param pos="1" name="service.version"/>
1285
1440
  </fingerprint>
1441
+
1286
1442
  <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1287
1443
  <description>Bftpd FTPD Server</description>
1288
1444
  <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1294,6 +1450,7 @@ more text
1294
1450
  <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1295
1451
  <param pos="2" name="host.ip"/>
1296
1452
  </fingerprint>
1453
+
1297
1454
  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1298
1455
  <description>ProFTPD on QNAP Turbo Station NAS</description>
1299
1456
  <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1309,6 +1466,7 @@ more text
1309
1466
  <param pos="0" name="hw.device" value="NAS"/>
1310
1467
  <param pos="2" name="host.ip"/>
1311
1468
  </fingerprint>
1469
+
1312
1470
  <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1313
1471
  <description>Twisted (Python) FTP Server</description>
1314
1472
  <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1318,6 +1476,7 @@ more text
1318
1476
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1319
1477
  <param pos="1" name="service.version"/>
1320
1478
  </fingerprint>
1479
+
1321
1480
  <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1322
1481
  <description>Gene6 FTP Server on Windows</description>
1323
1482
  <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1331,6 +1490,7 @@ more text
1331
1490
  <param pos="0" name="os.product" value="Windows"/>
1332
1491
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1333
1492
  </fingerprint>
1493
+
1334
1494
  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1335
1495
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1336
1496
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1346,6 +1506,7 @@ more text
1346
1506
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1347
1507
  <param pos="1" name="host.name"/>
1348
1508
  </fingerprint>
1509
+
1349
1510
  <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1350
1511
  <description>WS_FTP FTP Server on Windows - V2 variant</description>
1351
1512
  <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1359,24 +1520,27 @@ more text
1359
1520
  <param pos="0" name="os.product" value="Windows"/>
1360
1521
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1361
1522
  </fingerprint>
1523
+
1362
1524
  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1363
1525
  <description>ZyXEL Unified Security Gateway</description>
1364
1526
  <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1365
1527
  <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1366
1528
  <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1367
- <param pos="0" name="service.vendor" value="ZyXEL"/>
1529
+ <param pos="0" name="service.vendor" value="Zyxel"/>
1368
1530
  <param pos="0" name="service.family" value="Unified Security Gateway"/>
1369
1531
  <param pos="0" name="service.product" value="FTPD"/>
1370
1532
  <param pos="2" name="host.ip"/>
1371
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1533
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1372
1534
  <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1373
1535
  <param pos="1" name="hw.product"/>
1374
1536
  </fingerprint>
1537
+
1375
1538
  <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1376
1539
  <description>FTPD on a TP-LINK device (no version/host info)</description>
1377
1540
  <example>Welcome to TP-LINK FTP server</example>
1378
1541
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
1379
1542
  </fingerprint>
1543
+
1380
1544
  <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1381
1545
  <description>FTPD on a TP-LINK device with version, but no host info</description>
1382
1546
  <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
@@ -1384,6 +1548,7 @@ more text
1384
1548
  <param pos="0" name="service.product" value="FTPD"/>
1385
1549
  <param pos="1" name="service.version"/>
1386
1550
  </fingerprint>
1551
+
1387
1552
  <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1388
1553
  <description>ucftpd with version</description>
1389
1554
  <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
@@ -1392,18 +1557,21 @@ more text
1392
1557
  <param pos="0" name="service.product" value="ucftpd"/>
1393
1558
  <param pos="1" name="service.version"/>
1394
1559
  </fingerprint>
1560
+
1395
1561
  <fingerprint pattern="^ucftpd FTP server ready\.$">
1396
1562
  <description>ucftpd without version</description>
1397
1563
  <example>ucftpd FTP server ready.</example>
1398
1564
  <param pos="0" name="service.family" value="ucftpd"/>
1399
1565
  <param pos="0" name="service.product" value="ucftpd"/>
1400
1566
  </fingerprint>
1567
+
1401
1568
  <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1402
1569
  <description>TBS FTP Server</description>
1403
1570
  <example>Welcome to TBS FTP Server.</example>
1404
1571
  <param pos="0" name="service.family" value="TBS FTP Server"/>
1405
1572
  <param pos="0" name="service.product" value="TBS FTP Server"/>
1406
1573
  </fingerprint>
1574
+
1407
1575
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1408
1576
  <description>Sofrel Remote Terminal Unit</description>
1409
1577
  <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
@@ -1414,6 +1582,7 @@ more text
1414
1582
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1415
1583
  <param pos="3" name="system.time"/>
1416
1584
  </fingerprint>
1585
+
1417
1586
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1418
1587
  <description>ALCATEL Service Router running TiMOS</description>
1419
1588
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1424,11 +1593,13 @@ more text
1424
1593
  <param pos="0" name="hw.family" value="Service Router"/>
1425
1594
  <param pos="2" name="hw.product"/>
1426
1595
  </fingerprint>
1596
+
1427
1597
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1428
1598
  <description>Generic FTP fingerprint with a hostname</description>
1429
1599
  <example host.name="example.com">example.com FTP server ready.</example>
1430
1600
  <param pos="1" name="host.name"/>
1431
1601
  </fingerprint>
1602
+
1432
1603
  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1433
1604
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1434
1605
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1436,6 +1607,7 @@ more text
1436
1607
  <param pos="1" name="host.name"/>
1437
1608
  <param pos="2" name="service.version"/>
1438
1609
  </fingerprint>
1610
+
1439
1611
  <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1440
1612
  <description>Generic FTP fingerprint without a hostname</description>
1441
1613
  <example>FTP server is ready.</example>
@@ -1445,12 +1617,14 @@ more text
1445
1617
  <example>FTP Server</example>
1446
1618
  <example>FTP service ready.</example>
1447
1619
  </fingerprint>
1620
+
1448
1621
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1449
1622
  <description>The FTP server of the ProRat malware</description>
1450
1623
  <example>Welcom to ProRat Ftp Server</example>
1451
1624
  <param pos="0" name="service.vendor" value="Pro Group"/>
1452
1625
  <param pos="0" name="service.product" value="ProRat"/>
1453
1626
  </fingerprint>
1627
+
1454
1628
  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1455
1629
  <description>Vermillion FTP Daemon</description>
1456
1630
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1464,6 +1638,7 @@ more text
1464
1638
  <param pos="2" name="service.version"/>
1465
1639
  <param pos="1" name="host.name"/>
1466
1640
  </fingerprint>
1641
+
1467
1642
  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1468
1643
  <description>QVT/Net FTP Server</description>
1469
1644
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1477,6 +1652,7 @@ more text
1477
1652
  <param pos="2" name="service.version"/>
1478
1653
  <param pos="1" name="host.name"/>
1479
1654
  </fingerprint>
1655
+
1480
1656
  <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1481
1657
  <description>Amazon Linux AMI</description>
1482
1658
  <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1485,8 +1661,10 @@ more text
1485
1661
  <param pos="0" name="os.product" value="Linux AMI"/>
1486
1662
  <param pos="1" name="os.version"/>
1487
1663
  </fingerprint>
1664
+
1488
1665
  <!-- Below are banners for FTP service providers, not necessarily
1489
1666
  specific FTP servers-->
1667
+
1490
1668
  <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1491
1669
  <description>Idea FTP Server</description>
1492
1670
  <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1497,16 +1675,51 @@ more text
1497
1675
  <param pos="2" name="host.name"/>
1498
1676
  <param pos="3" name="host.ip"/>
1499
1677
  </fingerprint>
1678
+
1500
1679
  <fingerprint pattern="^Amazon Ftp$">
1501
1680
  <description>Amazon FTP endpoint</description>
1502
1681
  <example>Amazon Ftp</example>
1503
1682
  <param pos="0" name="service.vendor" value="Amazon"/>
1504
1683
  <param pos="0" name="service.product" value="FTP Server"/>
1505
1684
  </fingerprint>
1685
+
1506
1686
  <fingerprint pattern="^Dreamhost FTP Server$">
1507
1687
  <description>Dreamhost FTP endpoint</description>
1508
1688
  <example>Dreamhost FTP Server</example>
1509
1689
  <param pos="0" name="service.vendor" value="Dreamhost"/>
1510
1690
  <param pos="0" name="service.product" value="FTP Server"/>
1511
1691
  </fingerprint>
1512
- </fingerprints>
1692
+
1693
+ <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1694
+ <description>IBM iSeries FTP</description>
1695
+ <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
1696
+ <param pos="0" name="os.vendor" value="IBM"/>
1697
+ <param pos="0" name="os.family" value="OS/400"/>
1698
+ <param pos="0" name="os.product" value="OS/400"/>
1699
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1700
+ <param pos="1" name="host.name"/>
1701
+ </fingerprint>
1702
+
1703
+ <fingerprint pattern="^HomeLogic FTP Server">
1704
+ <description>ELAN Smart Home Controller</description>
1705
+ <example>HomeLogic FTP Server Please Give User Name</example>
1706
+ <param pos="0" name="hw.vendor" value="ELAN"/>
1707
+ <param pos="0" name="hw.device" value="Building Automation"/>
1708
+ <param pos="0" name="hw.product" value="Home Controller"/>
1709
+ <param pos="0" name="os.vendor" value="ELAN"/>
1710
+ <param pos="0" name="os.family" value="Linux"/>
1711
+ </fingerprint>
1712
+
1713
+ <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
1714
+ <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
1715
+ <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
1716
+ <param pos="0" name="hw.vendor" value="Honeywell"/>
1717
+ <param pos="1" name="hw.model"/>
1718
+ <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
1719
+ <param pos="0" name="hw.device" value="Printer"/>
1720
+ <param pos="0" name="os.vendor" value="Honeywell"/>
1721
+ <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
1722
+ <param pos="0" name="os.device" value="Printer"/>
1723
+ </fingerprint>
1724
+
1725
+ </fingerprints>