recog 2.3.6 → 2.3.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +17 -5
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +34 -29
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +20 -0
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +215 -11
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +225 -12
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +2371 -17
  43. data/xml/http_cookies.xml +82 -7
  44. data/xml/http_servers.xml +863 -43
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +19 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +30 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +96 -0
  58. data/xml/sip_banners.xml +192 -17
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +166 -9
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +863 -122
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +253 -78
  77. data/xml/telnet_banners.xml +419 -14
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +39 -15
  80. data/xml/x509_subjects.xml +545 -64
  81. metadata +30 -6
data/xml/http_cookies.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.cookie" protocol="http" database_type="service">
3
3
  <!--
4
4
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
5
5
  servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
9
  <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
9
10
  <param pos="1" name="cookie"/>
@@ -12,6 +13,7 @@
12
13
  <param pos="0" name="service.product" value="ColdFusion"/>
13
14
  <param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
14
15
  </fingerprint>
16
+
15
17
  <fingerprint pattern="^ANsession\d+=(\S+);.*">
16
18
  <description>Array Networks Secure Access Gateway / SSL VPN</description>
17
19
  <example>ANsession0002262072457555=IPMI; path=/;secure</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="service.family" value="Secure Access Gateway"/>
21
23
  <param pos="0" name="hw.device" value="VPN"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
24
27
  <description>Apache</description>
25
28
  <param pos="1" name="cookie"/>
@@ -29,6 +32,7 @@
29
32
  <param pos="0" name="service.product" value="HTTPD"/>
30
33
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="^(JServSessionIdroot)=.*">
33
37
  <description>Apache JServ</description>
34
38
  <param pos="1" name="cookie"/>
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="service.family" value="JServ"/>
37
41
  <param pos="0" name="service.product" value="JServ"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
40
45
  <description>ATG Dynamo</description>
41
46
  <param pos="1" name="cookie"/>
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="service.family" value="Dynamo"/>
44
49
  <param pos="0" name="service.product" value="Dynamo"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
47
53
  <description>BEA WebLogic (with timestamp)</description>
48
54
  <param pos="1" name="cookie"/>
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="service.product" value="WebLogic"/>
53
59
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^(WebLogicSession)=.*">
56
63
  <description>BEA WebLogic (no timestamp)</description>
57
64
  <param pos="1" name="cookie"/>
@@ -60,6 +67,7 @@
60
67
  <param pos="0" name="service.product" value="WebLogic"/>
61
68
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
62
69
  </fingerprint>
70
+
63
71
  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
64
72
  <description>BlueCoat Proxy</description>
65
73
  <param pos="1" name="cookie"/>
@@ -67,20 +75,22 @@
67
75
  <param pos="0" name="service.family" value="Proxy"/>
68
76
  <param pos="0" name="service.product" value="Proxy"/>
69
77
  </fingerprint>
78
+
70
79
  <fingerprint pattern="^(CAKEPHP)=.*">
71
80
  <description>CakePHP - http://www.cakephp.org/</description>
72
81
  <param pos="1" name="cookie"/>
73
82
  <param pos="0" name="service.family" value="PHP"/>
74
83
  <param pos="0" name="service.product" value="CakePHP"/>
75
84
  </fingerprint>
85
+
76
86
  <!--
77
87
  For the following two Cisco Content Service Switch fingerprints:
78
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
79
89
  unfortunately, there's no separator so it's hard to tell what the
80
90
  actual break is between the pieces of data.
81
-
82
91
  http://www.cisco.com/warp/public/117/AP_cookies.html
83
92
  -->
93
+
84
94
  <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
85
95
  <description>Cisco 11000 Series Content Service Switch (CSS)</description>
86
96
  <param pos="1" name="cookie"/>
@@ -90,6 +100,7 @@
90
100
  <param pos="0" name="service.family" value="Content Service Switch"/>
91
101
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^(ARPT)=.*">
94
105
  <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
95
106
  <param pos="1" name="cookie"/>
@@ -97,6 +108,7 @@
97
108
  <param pos="0" name="service.family" value="Content Service Switch"/>
98
109
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
99
110
  </fingerprint>
111
+
100
112
  <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
101
113
  <description>Cisco ASA VPN</description>
102
114
  <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
@@ -109,13 +121,15 @@
109
121
  <param pos="0" name="service.product" value="HTTP"/>
110
122
  <param pos="0" name="os.vendor" value="Cisco"/>
111
123
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
112
- <param pos="0" name="os.product" value="VPN"/>
124
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
125
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
113
126
  <param pos="0" name="hw.vendor" value="Cisco"/>
114
127
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
115
128
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
116
129
  <param pos="0" name="hw.device" value="Firewall"/>
117
130
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
118
131
  </fingerprint>
132
+
119
133
  <fingerprint pattern="^(st8id)=.*">
120
134
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
121
135
  <param pos="1" name="cookie"/>
@@ -123,14 +137,31 @@
123
137
  <param pos="0" name="service.family" value="Application Protection System"/>
124
138
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
125
139
  </fingerprint>
126
- <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS])=.*">
140
+
141
+ <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=.*">
127
142
  <description>Citrix NetScaler</description>
128
143
  <example>NSC_AAAC=xyz;</example>
144
+ <example>NSC_TEMP=xyz;</example>
129
145
  <param pos="0" name="os.vendor" value="Citrix"/>
130
146
  <param pos="0" name="os.family" value="NetScaler"/>
131
147
  <param pos="0" name="os.device" value="Network Management Device"/>
132
148
  <param pos="0" name="os.product" value="NetScaler"/>
149
+ <param pos="0" name="service.vendor" value="Citrix"/>
150
+ <param pos="0" name="service.family" value="NetScaler"/>
151
+ <param pos="0" name="service.device" value="Network Management Device"/>
152
+ <param pos="0" name="service.product" value="NetScaler"/>
153
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
154
+ </fingerprint>
155
+
156
+ <fingerprint pattern="^DSSignInURL=/">
157
+ <description>Pulse Secure VPN</description>
158
+ <example>DSSignInURL=/; path=/; secure</example>
159
+ <param pos="0" name="os.vendor" value="Pulse Secure"/>
160
+ <param pos="0" name="os.family" value="SSL-VPN"/>
161
+ <param pos="0" name="os.device" value="SSL-VPN"/>
162
+ <param pos="0" name="os.product" value="SSL-VPN"/>
133
163
  </fingerprint>
164
+
134
165
  <fingerprint pattern="^(EktGUID|ecm)=.*">
135
166
  <description>Ektron CMS400.net</description>
136
167
  <param pos="1" name="cookie"/>
@@ -138,8 +169,10 @@
138
169
  <param pos="0" name="service.family" value="CMS400.NET"/>
139
170
  <param pos="0" name="service.product" value="CMS400.NET"/>
140
171
  </fingerprint>
141
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
172
+
173
+ <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
142
174
  <description>F5 BIG-IP LTM - Server variant</description>
175
+ <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
143
176
  <param pos="1" name="cookie"/>
144
177
  <param pos="2" name="loadbalancer.poolname"/>
145
178
  <param pos="0" name="service.vendor" value="F5"/>
@@ -147,6 +180,7 @@
147
180
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
148
181
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
149
182
  </fingerprint>
183
+
150
184
  <fingerprint pattern="^(BigIPCookie)=.*">
151
185
  <description>F5 BIG-IP LTM</description>
152
186
  <param pos="1" name="cookie"/>
@@ -155,6 +189,7 @@
155
189
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
156
190
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
157
191
  </fingerprint>
192
+
158
193
  <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
159
194
  <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
160
195
  <param pos="1" name="cookie"/>
@@ -162,6 +197,7 @@
162
197
  <param pos="0" name="service.family" value="HAProxy"/>
163
198
  <param pos="0" name="service.product" value="HAProxy"/>
164
199
  </fingerprint>
200
+
165
201
  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
166
202
  <description>IBM Tivoli Access Manager for e-business WebSEAL
167
203
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
@@ -173,6 +209,7 @@
173
209
  <param pos="0" name="service.family" value="Tivoli"/>
174
210
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
175
211
  </fingerprint>
212
+
176
213
  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
177
214
  <description>IBM Tivoli Access Manager for e-business WebSeal
178
215
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
@@ -182,6 +219,7 @@
182
219
  <param pos="0" name="service.family" value="Tivoli"/>
183
220
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
184
221
  </fingerprint>
222
+
185
223
  <fingerprint pattern="^(IBMCBR)=.*">
186
224
  <description>IBM WebSphere Load Balancer</description>
187
225
  <param pos="1" name="cookie"/>
@@ -189,12 +227,14 @@
189
227
  <param pos="0" name="service.family" value="WebSphere"/>
190
228
  <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
191
229
  </fingerprint>
230
+
192
231
  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
193
232
  <description>Joom!Fish http://www.joomfish.net/</description>
194
233
  <param pos="1" name="cookie"/>
195
234
  <param pos="0" name="service.family" value="Joom!Fish"/>
196
235
  <param pos="0" name="service.product" value="Joom!Fish"/>
197
236
  </fingerprint>
237
+
198
238
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
199
239
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
200
240
  <param pos="1" name="cookie"/>
@@ -203,6 +243,7 @@
203
243
  <param pos="0" name="service.product" value="Commerce Server"/>
204
244
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
205
245
  </fingerprint>
246
+
206
247
  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
207
248
  <description>Microsoft IIS (ASP.NET)
208
249
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
@@ -218,6 +259,7 @@
218
259
  <param pos="0" name="service.component.product" value="ASP.NET"/>
219
260
  <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
220
261
  </fingerprint>
262
+
221
263
  <fingerprint pattern="^(AlteonP)=.*">
222
264
  <description>Nortel Alteon Web Switch</description>
223
265
  <param pos="1" name="cookie"/>
@@ -225,6 +267,7 @@
225
267
  <param pos="0" name="service.family" value="Alteon"/>
226
268
  <param pos="0" name="service.product" value="Alteon Web Switch"/>
227
269
  </fingerprint>
270
+
228
271
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
229
272
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
230
273
  <param pos="1" name="cookie"/>
@@ -232,6 +275,7 @@
232
275
  <param pos="0" name="service.family" value="Content Server"/>
233
276
  <param pos="0" name="service.product" value="Content Server"/>
234
277
  </fingerprint>
278
+
235
279
  <fingerprint pattern="^(parkinglot)=.*">
236
280
  <description>Oversee Webserver</description>
237
281
  <param pos="1" name="cookie"/>
@@ -239,6 +283,7 @@
239
283
  <param pos="0" name="service.family" value="Webserver"/>
240
284
  <param pos="0" name="service.product" value="Webserver"/>
241
285
  </fingerprint>
286
+
242
287
  <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
243
288
  <description>PHP - http://www.php.net/ref.session</description>
244
289
  <param pos="1" name="cookie"/>
@@ -247,6 +292,7 @@
247
292
  <param pos="0" name="service.product" value="PHP"/>
248
293
  <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
249
294
  </fingerprint>
295
+
250
296
  <fingerprint pattern="^(RMID)=.*">
251
297
  <description>RealMedia OpenAdStream</description>
252
298
  <param pos="1" name="cookie"/>
@@ -254,6 +300,7 @@
254
300
  <param pos="0" name="service.family" value="OpenAdStream"/>
255
301
  <param pos="0" name="service.product" value="OpenAdStream"/>
256
302
  </fingerprint>
303
+
257
304
  <fingerprint pattern="^(RoxenUserID)=.*">
258
305
  <description>Roxen WebServer</description>
259
306
  <param pos="1" name="cookie"/>
@@ -261,6 +308,7 @@
261
308
  <param pos="0" name="service.family" value="WebServer"/>
262
309
  <param pos="0" name="service.product" value="WebServer"/>
263
310
  </fingerprint>
311
+
264
312
  <fingerprint pattern="^(_sn)=.*">
265
313
  <description>Siebel CRM</description>
266
314
  <param pos="1" name="cookie"/>
@@ -268,6 +316,7 @@
268
316
  <param pos="0" name="service.family" value="CRM"/>
269
317
  <param pos="0" name="service.product" value="CRM"/>
270
318
  </fingerprint>
319
+
271
320
  <!-- This fingerprint is not specific enough. Multiple products are sold under
272
321
  the brand iPlanet/Sun ONE/Sun Java.
273
322
  <fingerprint pattern="^(iPlanetUserId)=.*">
@@ -277,7 +326,9 @@
277
326
  <param pos="0" name="service.family" value="???"/>
278
327
  <param pos="0" name="service.product" value="???"/>
279
328
  </fingerprint>
329
+
280
330
  -->
331
+
281
332
  <fingerprint pattern="^(NSES40Session)=.*">
282
333
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
283
334
  <param pos="1" name="cookie"/>
@@ -287,6 +338,7 @@
287
338
  <param pos="0" name="service.version" value="4.0"/>
288
339
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
289
340
  </fingerprint>
341
+
290
342
  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
291
343
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
292
344
  <param pos="1" name="cookie"/>
@@ -295,6 +347,7 @@
295
347
  <param pos="0" name="service.product" value="Java System Application Server"/>
296
348
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
297
349
  </fingerprint>
350
+
298
351
  <fingerprint pattern="^(fe_typo_user)=.*">
299
352
  <description>TYPO3 CMS - http://typo3.com/</description>
300
353
  <param pos="1" name="cookie"/>
@@ -302,6 +355,7 @@
302
355
  <param pos="0" name="service.family" value="CMS"/>
303
356
  <param pos="0" name="service.product" value="CMS"/>
304
357
  </fingerprint>
358
+
305
359
  <fingerprint pattern="^(SaneID)=.*">
306
360
  <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
307
361
  <param pos="1" name="cookie"/>
@@ -309,6 +363,7 @@
309
363
  <param pos="0" name="service.family" value="NetTracker"/>
310
364
  <param pos="0" name="service.product" value="NetTracker"/>
311
365
  </fingerprint>
366
+
312
367
  <fingerprint pattern="^(__utm[a-z])=.*">
313
368
  <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
314
369
  <param pos="1" name="cookie"/>
@@ -316,6 +371,7 @@
316
371
  <param pos="0" name="service.family" value="Urchin"/>
317
372
  <param pos="0" name="service.product" value="Urchin Tracking Module"/>
318
373
  </fingerprint>
374
+
319
375
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
320
376
  <description>Vignette</description>
321
377
  <param pos="1" name="cookie"/>
@@ -323,6 +379,7 @@
323
379
  <param pos="0" name="service.family" value="Vignette"/>
324
380
  <param pos="0" name="service.product" value="Vignette"/>
325
381
  </fingerprint>
382
+
326
383
  <fingerprint pattern="^(wgSession)=.*">
327
384
  <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
328
385
  <param pos="1" name="cookie"/>
@@ -330,6 +387,7 @@
330
387
  <param pos="0" name="service.family" value="WebGUI"/>
331
388
  <param pos="0" name="service.product" value="WebGUI"/>
332
389
  </fingerprint>
390
+
333
391
  <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
334
392
  <description>WebTrends</description>
335
393
  <param pos="1" name="cookie"/>
@@ -337,20 +395,24 @@
337
395
  <param pos="0" name="service.family" value="WebTrends"/>
338
396
  <param pos="0" name="service.product" value="WebTrends"/>
339
397
  </fingerprint>
398
+
340
399
  <fingerprint pattern="^(_ZopeId)=.*">
341
400
  <description>Zope</description>
342
401
  <param pos="1" name="cookie"/>
343
402
  <param pos="0" name="service.family" value="Zope"/>
344
403
  <param pos="0" name="service.product" value="Zope"/>
345
404
  </fingerprint>
405
+
346
406
  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
347
407
  <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
348
408
  <param pos="1" name="cookie"/>
349
409
  <param pos="2" name="service.version"/>
350
410
  <param pos="0" name="service.vendor" value="Oracle"/>
351
411
  <param pos="0" name="service.family" value="OracleAS"/>
352
- <param pos="0" name="service.product" value="OracleAS Portal"/>
412
+ <param pos="0" name="service.product" value="Application Server Portal"/>
413
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
353
414
  </fingerprint>
415
+
354
416
  <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
355
417
  <description>HP System Management Homepage (SMH)</description>
356
418
  <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
@@ -359,6 +421,7 @@
359
421
  <param pos="0" name="service.family" value="SMH"/>
360
422
  <param pos="0" name="service.product" value="SMH"/>
361
423
  </fingerprint>
424
+
362
425
  <fingerprint pattern="^MoodleSession=">
363
426
  <description>Moodle</description>
364
427
  <example>MoodleSession=uohhsgcain708q5l4gqcmmb5s2; path=/</example>
@@ -367,6 +430,14 @@
367
430
  <param pos="0" name="service.component.product" value="Moodle"/>
368
431
  <param pos="0" name="service.component.cpe23" value="cpe:/a:moodle:moodle:-"/>
369
432
  </fingerprint>
433
+
434
+ <fingerprint pattern="_arachni_webui_session=">
435
+ <description>Arachni Security Scanner</description>
436
+ <example>_arachni_webui_session=el2MMEVVcld3Q2dBc3UvSmtQYmlPckpxSE2CMmlwd1Nja2lvUk5tRG5XYTlnRHJuVVVTblVNMTBOdGhrUU02dzC0K1I0Mnk3d1I3SUlCcngwQkliV3Y5VDBnVVZkOWJsS0VGSlYwM1RGMlVzVDNKcXlrdFNQZ0lIM1VBN3RDZFIrZTBrdjZmdSt0YnV2djh1RFE0S1czUmZQcGxNNW9UWVQydXFCZmNHZDRmTlg4cWludE5SUDRYU2JwdWw4Qmk3dEpDV3ZBejRkbU9ueFJKNG1HenplUEJjem9LU09IM0Z6ZHM4YU00aVpKUHJRVzR3SG8rRzBjWG9jclpqZGd2dmp2TnVGbjkvb0lmanZvM3lPZGhXb3c9PS0tR0dXVWppWnorMG1NNjlXTkYvaEswUT09--44b846e66f558667d7503010a726e2388803136f; path=/; HttpOnly</example>
437
+ <param pos="0" name="service.vendor" value="Arachni"/>
438
+ <param pos="0" name="service.product" value="Arachni"/>
439
+ </fingerprint>
440
+
370
441
  <!--
371
442
  Ignore various cookies that are very generic cookies for session IDs
372
443
  that are not necessarily indicative of any particular
@@ -374,12 +445,14 @@
374
445
  a similar cookie name, you must ensure that it is located prior to
375
446
  these and this is enforced by rspec.
376
447
  -->
448
+
377
449
  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
378
450
  <description>Ignore simple JSESSIONID and related cookies</description>
379
451
  <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
380
452
  <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
381
453
  <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
382
454
  </fingerprint>
455
+
383
456
  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
384
457
  <description>Ignore simple SESSIONID and related cookies</description>
385
458
  <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
@@ -387,8 +460,10 @@
387
460
  <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
388
461
  <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
389
462
  </fingerprint>
463
+
390
464
  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
391
465
  <description>Ignore simple SID and related cookies</description>
392
466
  <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
393
467
  </fingerprint>
394
- </fingerprints>
468
+
469
+ </fingerprints>
data/xml/http_servers.xml CHANGED
@@ -1,6 +1,7 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
3
3
  <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
4
+
4
5
  <fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
5
6
  <description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
6
7
  <example service.version="220.68">AirTunes/220.68</example>
@@ -9,6 +10,7 @@
9
10
  <param pos="1" name="service.version"/>
10
11
  <param pos="0" name="hw.device" value="Media Server"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="(?i)^cpsrvd(?:/([\d\.]+))?$">
13
15
  <description>cPanel Service Daemon</description>
14
16
  <example service.version="11.44.3.0">cpsrvd/11.44.3.0</example>
@@ -17,6 +19,7 @@
17
19
  <param pos="0" name="service.product" value="cPanel Service Daemon"/>
18
20
  <param pos="1" name="service.version"/>
19
21
  </fingerprint>
22
+
20
23
  <fingerprint pattern="(?i)^cwpsrv$">
21
24
  <description>CentOS Web Panel</description>
22
25
  <example>cwpsrv</example>
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Linux"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^Stronghold/(\d\.\d) Apache/([012][\d.]*)\s*(.*)$">
31
35
  <description>Red Hat Stronghold Enterprise Apache</description>
32
36
  <example service.version="1.3.19" service.cpe23="cpe:/a:apache:http_server:1.3.19" service.component.cpe23="cpe:/a:redhat:stronghold:3.0">Stronghold/3.0 Apache/1.3.19 RedHat/3014c</example>
@@ -47,6 +51,7 @@
47
51
  <param pos="0" name="os.family" value="Linux"/>
48
52
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
49
53
  </fingerprint>
54
+
50
55
  <fingerprint pattern="(?i)^Apache/\d$">
51
56
  <description>Apache returning only its major version number</description>
52
57
  <example>Apache/1</example>
@@ -56,6 +61,17 @@
56
61
  <param pos="0" name="service.family" value="Apache"/>
57
62
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
58
63
  </fingerprint>
64
+
65
+ <fingerprint pattern="^Apache ([\d.]+)$">
66
+ <description>Apache returning just version number</description>
67
+ <example service.version="1.3.29">Apache 1.3.29</example>
68
+ <param pos="0" name="service.vendor" value="Apache"/>
69
+ <param pos="0" name="service.product" value="HTTPD"/>
70
+ <param pos="0" name="service.family" value="Apache"/>
71
+ <param pos="1" name="service.version"/>
72
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
73
+ </fingerprint>
74
+
59
75
  <fingerprint pattern="(?i)^Apache$">
60
76
  <description>Apache returning no version information</description>
61
77
  <example>Apache</example>
@@ -65,6 +81,7 @@
65
81
  <param pos="0" name="service.family" value="Apache"/>
66
82
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
67
83
  </fingerprint>
84
+
68
85
  <fingerprint pattern="(?i)^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$">
69
86
  <description>Apache</description>
70
87
  <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
@@ -90,6 +107,7 @@
90
107
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
91
108
  <param pos="2" name="apache.info"/>
92
109
  </fingerprint>
110
+
93
111
  <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
94
112
  <description>Apache CouchDB</description>
95
113
  <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
@@ -98,11 +116,13 @@
98
116
  <param pos="1" name="service.version"/>
99
117
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:couchdb:{service.version}"/>
100
118
  </fingerprint>
119
+
101
120
  <fingerprint pattern="^support@arraynetworks.net$">
102
121
  <description>Array Networks device</description>
103
122
  <example>support@arraynetworks.net</example>
104
123
  <param pos="0" name="service.vendor" value="Array Networks"/>
105
124
  </fingerprint>
125
+
106
126
  <fingerprint pattern="^Check Point SVN foundation$">
107
127
  <description>Check Point Firewall NG</description>
108
128
  <example>Check Point SVN foundation</example>
@@ -120,6 +140,25 @@
120
140
  <param pos="0" name="hw.family" value="Firewall-1"/>
121
141
  <param pos="0" name="hw.product" value="Firewall-1"/>
122
142
  </fingerprint>
143
+
144
+ <fingerprint pattern="^CPWS$">
145
+ <description>Check Point Firewall NG - short version</description>
146
+ <example>CPWS</example>
147
+ <param pos="0" name="service.vendor" value="Check Point"/>
148
+ <param pos="0" name="service.product" value="Firewall-1"/>
149
+ <param pos="0" name="service.family" value="Firewall-1"/>
150
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
151
+ <param pos="0" name="os.vendor" value="Check Point"/>
152
+ <param pos="0" name="os.device" value="Firewall"/>
153
+ <param pos="0" name="os.family" value="Firewall-1"/>
154
+ <param pos="0" name="os.product" value="GAiA OS"/>
155
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
156
+ <param pos="0" name="hw.vendor" value="Check Point"/>
157
+ <param pos="0" name="hw.device" value="Firewall"/>
158
+ <param pos="0" name="hw.family" value="Firewall-1"/>
159
+ <param pos="0" name="hw.product" value="Firewall-1"/>
160
+ </fingerprint>
161
+
123
162
  <fingerprint pattern="^Microsoft-IIS/([1234]\.0)$">
124
163
  <description>Microsoft IIS 1.0 - 4.0 runs on Windows NT 4.0</description>
125
164
  <example>Microsoft-IIS/4.0</example>
@@ -134,6 +173,7 @@
134
173
  <param pos="0" name="os.version" value="4.0"/>
135
174
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:4.0"/>
136
175
  </fingerprint>
176
+
137
177
  <fingerprint pattern="^Microsoft-IIS/5.0$">
138
178
  <description>Microsoft IIS 5.0 runs on Windows 2000</description>
139
179
  <example>Microsoft-IIS/5.0</example>
@@ -147,6 +187,7 @@
147
187
  <param pos="0" name="os.product" value="Windows 2000"/>
148
188
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
149
189
  </fingerprint>
190
+
150
191
  <fingerprint pattern="^Microsoft-IIS/5.1$">
151
192
  <description>Microsoft IIS 5.1 runs on Windows XP</description>
152
193
  <example>Microsoft-IIS/5.1</example>
@@ -160,6 +201,7 @@
160
201
  <param pos="0" name="os.product" value="Windows XP"/>
161
202
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
162
203
  </fingerprint>
204
+
163
205
  <fingerprint pattern="^Microsoft-IIS/6.0$">
164
206
  <description>Microsoft IIS 6.0 runs on Windows Server 2003 (and Windows XP x64)</description>
165
207
  <example>Microsoft-IIS/6.0</example>
@@ -173,6 +215,7 @@
173
215
  <param pos="0" name="os.product" value="Windows Server 2003"/>
174
216
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
175
217
  </fingerprint>
218
+
176
219
  <fingerprint pattern="^Microsoft-IIS/7.0$">
177
220
  <description>Microsoft IIS 7.0 runs on Windows Server 2008 (and Windows Vista)</description>
178
221
  <example>Microsoft-IIS/7.0</example>
@@ -186,6 +229,7 @@
186
229
  <param pos="0" name="os.product" value="Windows Server 2008"/>
187
230
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
188
231
  </fingerprint>
232
+
189
233
  <fingerprint pattern="^Microsoft-IIS/7.5$">
190
234
  <description>Microsoft IIS 7.5 runs on Windows Server 2008 R2 (and Windows 7)</description>
191
235
  <example>Microsoft-IIS/7.5</example>
@@ -199,6 +243,7 @@
199
243
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
200
244
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
201
245
  </fingerprint>
246
+
202
247
  <fingerprint pattern="^Microsoft-IIS/8.0$">
203
248
  <description>Microsoft IIS 8.0 runs on Windows Server 2012 (and Windows 8)</description>
204
249
  <example>Microsoft-IIS/8.0</example>
@@ -212,6 +257,7 @@
212
257
  <param pos="0" name="os.product" value="Windows Server 2012"/>
213
258
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
214
259
  </fingerprint>
260
+
215
261
  <fingerprint pattern="^Microsoft-IIS/8.5$">
216
262
  <description>Microsoft IIS 8.5 runs on Windows Server 2012 R2 (and Windows 8.1)</description>
217
263
  <example>Microsoft-IIS/8.5</example>
@@ -225,6 +271,7 @@
225
271
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
226
272
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
227
273
  </fingerprint>
274
+
228
275
  <fingerprint pattern="^Microsoft-IIS/10.0$">
229
276
  <description>Microsoft IIS 10.0 runs on Windows Server 2016 and 2019</description>
230
277
  <example>Microsoft-IIS/10.0</example>
@@ -235,8 +282,8 @@
235
282
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:10.0"/>
236
283
  <param pos="0" name="os.vendor" value="Microsoft"/>
237
284
  <param pos="0" name="os.family" value="Windows"/>
238
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
239
285
  </fingerprint>
286
+
240
287
  <fingerprint pattern="^Microsoft-IIS/([\d\.]+)$">
241
288
  <description>Microsoft IIS new, unknown Windows version</description>
242
289
  <example>Microsoft-IIS/9.0</example>
@@ -246,6 +293,7 @@
246
293
  <param pos="1" name="service.version"/>
247
294
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
248
295
  </fingerprint>
296
+
249
297
  <fingerprint pattern="^Microsoft-IIS$">
250
298
  <description>Microsoft IIS, no version information</description>
251
299
  <example>Microsoft-IIS</example>
@@ -256,6 +304,7 @@
256
304
  <param pos="0" name="os.vendor" value="Microsoft"/>
257
305
  <param pos="0" name="os.family" value="Windows"/>
258
306
  </fingerprint>
307
+
259
308
  <fingerprint pattern="^MS .NET Remoting, MS .NET CLR (\d+\.\d+\.\d+\.\d+)$">
260
309
  <description>Microsoft .NET Remoting and Common Language Runtime (CLR)</description>
261
310
  <example>MS .NET Remoting, MS .NET CLR 2.0.50727.42</example>
@@ -271,6 +320,7 @@
271
320
  <param pos="0" name="os.product" value="Windows"/>
272
321
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
273
322
  </fingerprint>
323
+
274
324
  <fingerprint pattern="^Microsoft-WinCE/(\d\.\d+)$">
275
325
  <description>Windows CE embedded devices, including HP iPAQ, Palm Treo, Motorola phones, and many more</description>
276
326
  <example os.version="4.10">Microsoft-WinCE/4.10</example>
@@ -287,6 +337,7 @@
287
337
  <param pos="1" name="os.version"/>
288
338
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:{os.version}"/>
289
339
  </fingerprint>
340
+
290
341
  <fingerprint pattern="^Microsoft-PWS/(\d\.\d+)$">
291
342
  <description>Microsoft Personal Web Server runs on Windows 9x, ME, etc.</description>
292
343
  <example>Microsoft-PWS/4.0</example>
@@ -300,6 +351,7 @@
300
351
  <param pos="0" name="os.product" value="Windows"/>
301
352
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
302
353
  </fingerprint>
354
+
303
355
  <fingerprint pattern="^Microsoft-PWS-95/(\d\.\d+)$">
304
356
  <description>Microsoft Personal Web Server for Windows 95</description>
305
357
  <example>Microsoft-PWS-95/4.0</example>
@@ -313,6 +365,7 @@
313
365
  <param pos="0" name="os.product" value="Windows 95"/>
314
366
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_95:-"/>
315
367
  </fingerprint>
368
+
316
369
  <fingerprint pattern="(?i)^mt-daapd(?:/(.+))?$">
317
370
  <description>Firefly Media Server</description>
318
371
  <example service.version="0.2.4.1">mt-daapd/0.2.4.1</example>
@@ -321,6 +374,7 @@
321
374
  <param pos="0" name="service.product" value="Media Server"/>
322
375
  <param pos="1" name="service.version"/>
323
376
  </fingerprint>
377
+
324
378
  <fingerprint pattern="^Apache[ -]Coyote/(\d\.\d)$">
325
379
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Coyote variant</description>
326
380
  <example>Apache-Coyote/1.1</example>
@@ -334,6 +388,7 @@
334
388
  <param pos="0" name="service.component.family" value="Coyote"/>
335
389
  <param pos="1" name="service.component.version"/>
336
390
  </fingerprint>
391
+
337
392
  <fingerprint pattern="^Apache Tomcat$">
338
393
  <description>HTTP connector for Apache Tomcat with no version</description>
339
394
  <example>Apache Tomcat</example>
@@ -342,6 +397,7 @@
342
397
  <param pos="0" name="service.family" value="Tomcat"/>
343
398
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
344
399
  </fingerprint>
400
+
345
401
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
346
402
  <description>JBoss with embedded Tomcat</description>
347
403
  <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -355,6 +411,7 @@
355
411
  <param pos="2" name="service.component.version"/>
356
412
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
357
413
  </fingerprint>
414
+
358
415
  <fingerprint pattern="^Servlet [\d\.]+; Tomcat-(\S+)/JBoss-(\S+) \(build: .*\)$">
359
416
  <description>JBoss with embedded Tomcat - Tomcat build variant</description>
360
417
  <example service.version="4.0.1sp1" service.component.version="5.0.28">Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)</example>
@@ -368,6 +425,7 @@
368
425
  <param pos="1" name="service.component.version"/>
369
426
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
370
427
  </fingerprint>
428
+
371
429
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-([\S]+)(?: \(build.*)?/JBossWeb-(\S+)$">
372
430
  <description>JBoss with JBossweb</description>
373
431
  <example service.version="4.2.3.GA" service.component.version="2.0">Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0</example>
@@ -376,10 +434,12 @@
376
434
  <param pos="0" name="service.product" value="JBoss EAP"/>
377
435
  <param pos="1" name="service.version"/>
378
436
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
379
- <param pos="0" name="service.component.vendor" value="RedHat"/>
437
+ <param pos="0" name="service.component.vendor" value="Red Hat"/>
380
438
  <param pos="0" name="service.component.product" value="JBossWeb"/>
381
439
  <param pos="2" name="service.component.version"/>
440
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:redhat:jboss_web_framework_kit:{service.component.version}"/>
382
441
  </fingerprint>
442
+
383
443
  <fingerprint pattern="^Servlet\/[\d\.]+; JBossAS-(.*)$">
384
444
  <description>JBoss AS</description>
385
445
  <example service.version="6">Servlet/3.0; JBossAS-6</example>
@@ -388,6 +448,7 @@
388
448
  <param pos="1" name="service.version"/>
389
449
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_wildfly_application_server:{service.version}"/>
390
450
  </fingerprint>
451
+
391
452
  <fingerprint pattern="^JBoss-EAP\/(\d+)$">
392
453
  <description>JBoss EAP</description>
393
454
  <example service.version="7">JBoss-EAP/7</example>
@@ -397,6 +458,7 @@
397
458
  <param pos="1" name="service.version"/>
398
459
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
399
460
  </fingerprint>
461
+
400
462
  <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
401
463
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Apache variant</description>
402
464
  <example service.version="4.0.6">Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
@@ -411,6 +473,7 @@
411
473
  <param pos="0" name="service.component.family" value="Apache Tomcat HTTP Connector"/>
412
474
  <param pos="0" name="service.component.product" value="Apache Tomcat HTTP Connector"/>
413
475
  </fingerprint>
476
+
414
477
  <fingerprint pattern="^Tomcat Web Server/(\d\.[\dA-Z.]+)(?: Final)?(?:\s\(([^\)]+)\))?$">
415
478
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server</description>
416
479
  <example>Tomcat Web Server/3.2.2 (JSP 1.1; Servlet 2.2; Java 1.3.1; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)</example>
@@ -424,15 +487,18 @@
424
487
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
425
488
  <param pos="2" name="tomcat.info"/>
426
489
  </fingerprint>
427
- <fingerprint pattern="^Tomcat/(\S+)$">
428
- <description>Apache tomcat with minimal version information</description>
429
- <example>Tomcat/2.1</example>
490
+
491
+ <fingerprint pattern="^(?:Apache )?Tomcat/([\d.]+)$">
492
+ <description>Apache Tomcat with version information</description>
493
+ <example service.version="2.1">Tomcat/2.1</example>
494
+ <example service.version="9.0.5">Apache Tomcat/9.0.5</example>
430
495
  <param pos="0" name="service.vendor" value="Apache"/>
431
496
  <param pos="0" name="service.product" value="Tomcat"/>
432
497
  <param pos="0" name="service.family" value="Tomcat"/>
433
498
  <param pos="1" name="service.version"/>
434
499
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
435
500
  </fingerprint>
501
+
436
502
  <fingerprint pattern="^PDR-M800/1.0$">
437
503
  <description>Merit LILIN PDR M800</description>
438
504
  <example>PDR-M800/1.0</example>
@@ -440,6 +506,7 @@
440
506
  <param pos="0" name="hw.product" value="PDR M800"/>
441
507
  <param pos="0" name="hw.device" value="DVR"/>
442
508
  </fingerprint>
509
+
443
510
  <fingerprint pattern="^PHP/(\S+)$">
444
511
  <description>PHP</description>
445
512
  <example service.component.version="4.4.2-1build1">PHP/4.4.2-1build1</example>
@@ -447,13 +514,16 @@
447
514
  <param pos="0" name="service.component.product" value="PHP"/>
448
515
  <param pos="1" name="service.component.version"/>
449
516
  </fingerprint>
517
+
450
518
  <!-- TODO: Capture ZendServer version in fingerprint -->
519
+
451
520
  <fingerprint pattern="^PHP/(\S+)\s+ZendServer/\S+$">
452
521
  <description>PHP with ZendServer</description>
453
522
  <example service.component.version="5.3.14">PHP/5.3.14 ZendServer/5.0</example>
454
523
  <param pos="0" name="service.component.product" value="PHP"/>
455
524
  <param pos="1" name="service.component.version"/>
456
525
  </fingerprint>
526
+
457
527
  <fingerprint pattern="^Oracle Application Server Containers for J2EE 10g \(([\d.]+)\)$">
458
528
  <description>Oracle Application Server Containers for J2EE 10g</description>
459
529
  <example>Oracle Application Server Containers for J2EE 10g (9.0.4.0.0)</example>
@@ -462,6 +532,7 @@
462
532
  <param pos="0" name="service.family" value="Oracle"/>
463
533
  <param pos="1" name="service.version"/>
464
534
  </fingerprint>
535
+
465
536
  <fingerprint pattern="^Oracle Containers for J2EE$">
466
537
  <description>Oracle Application Server Containers for J2EE</description>
467
538
  <example>Oracle Containers for J2EE</example>
@@ -469,6 +540,7 @@
469
540
  <param pos="0" name="service.product" value="Oracle Application Server Containers"/>
470
541
  <param pos="0" name="service.family" value="Oracle"/>
471
542
  </fingerprint>
543
+
472
544
  <fingerprint pattern="^Oracle Application Server/10g \(([\d.]+)\) Apache/([12][\d.]+)\s*(.*)$">
473
545
  <description>Oracle Application Server 10g with Apache info (powered by Apache)</description>
474
546
  <example>Oracle Application Server/10g (10.1.2) Apache/1.3.34 (Unix) mod_perl/1.29 mod_jk/1.2.14 OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=119642322340,0)</example>
@@ -481,7 +553,9 @@
481
553
  <param pos="0" name="apache.variant" value="Oracle"/>
482
554
  <param pos="1" name="apache.variant.version"/>
483
555
  </fingerprint>
556
+
484
557
  <!-- TODO: this needs to be improved -->
558
+
485
559
  <fingerprint pattern="^Oracle-Application-Server-\d+[ig](?:[ /]([\d.]+) (?:\(.*\)|Oracle-HTTP-Server\s*(.*)))?$">
486
560
  <description>Oracle Application Server 10g (powered by Apache)</description>
487
561
  <example>Oracle-Application-Server-11g</example>
@@ -498,6 +572,7 @@
498
572
  <param pos="0" name="apache.variant" value="Oracle"/>
499
573
  <param pos="1" name="apache.variant.version"/>
500
574
  </fingerprint>
575
+
501
576
  <fingerprint pattern="^Oracle9iAS/([\d.]+) Oracle HTTP Server\s*(.*)$">
502
577
  <description>Oracle 9i Application Server</description>
503
578
  <example>Oracle9iAS/9.0.2.3.0 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.3.0 (N)</example>
@@ -510,6 +585,7 @@
510
585
  <param pos="0" name="apache.variant" value="Oracle"/>
511
586
  <param pos="1" name="apache.variant.version"/>
512
587
  </fingerprint>
588
+
513
589
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache/([12][\d.]*)\s*(.*)$">
514
590
  <description>Oracle HTTP Server (powered by Apache) - version string variant</description>
515
591
  <example>Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a</example>
@@ -523,6 +599,7 @@
523
599
  <param pos="2" name="apache.info"/>
524
600
  <param pos="0" name="apache.variant" value="Oracle"/>
525
601
  </fingerprint>
602
+
526
603
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache$">
527
604
  <description>Oracle HTTP Server (powered by Apache)</description>
528
605
  <example>Oracle HTTP Server Powered by Apache</example>
@@ -532,6 +609,25 @@
532
609
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
533
610
  <param pos="0" name="apache.variant" value="Oracle"/>
534
611
  </fingerprint>
612
+
613
+ <fingerprint pattern="^Oracle-Web-Cache-11g/([\d.]+) \(N;ecid=[^)]+\)$">
614
+ <description>Oracle Web Cache</description>
615
+ <example service.version="11.1.1.9.0">Oracle-Web-Cache-11g/11.1.1.9.0 (N;ecid=93620137613024,0:1)</example>
616
+ <param pos="0" name="service.vendor" value="Oracle"/>
617
+ <param pos="0" name="service.product" value="Web Cache"/>
618
+ <param pos="1" name="service.version"/>
619
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:web_cache:{service.version}"/>
620
+ </fingerprint>
621
+
622
+ <fingerprint pattern="^OracleAS-Web-Cache-10g/([\d.]+).*">
623
+ <description>Oracle Application Server Web Cache</description>
624
+ <example service.version="10.1.2.3.0">OracleAS-Web-Cache-10g/10.1.2.3.0</example>
625
+ <param pos="0" name="service.vendor" value="Oracle"/>
626
+ <param pos="0" name="service.product" value="Application Server Web Cache"/>
627
+ <param pos="1" name="service.version"/>
628
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_web_cache:{service.version}"/>
629
+ </fingerprint>
630
+
535
631
  <fingerprint pattern="^HP Apache-based Web Server/([012][\d.]*)\s*\(Unix\)\s*(.*)$">
536
632
  <description>Apache running on HP-UX</description>
537
633
  <example>HP Apache-based Web Server/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c</example>
@@ -548,6 +644,7 @@
548
644
  <param pos="0" name="os.product" value="HP-UX"/>
549
645
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
550
646
  </fingerprint>
647
+
551
648
  <fingerprint pattern="^CompaqHTTPServer/([0-9.]*)(?: HP System Management Homepage(?:/.*)?)?$">
552
649
  <description>HP/Compaq HTTP Server</description>
553
650
  <example>CompaqHTTPServer/9.9 HP System Management Homepage/2.1.5.146</example>
@@ -560,6 +657,7 @@
560
657
  <param pos="0" name="service.family" value="Compaq HTTP Server"/>
561
658
  <param pos="1" name="service.version"/>
562
659
  </fingerprint>
660
+
563
661
  <fingerprint pattern="^HPSMH$">
564
662
  <description>HP System Management Homepage (SMH)</description>
565
663
  <example>HPSMH</example>
@@ -567,6 +665,7 @@
567
665
  <param pos="0" name="service.family" value="SMH"/>
568
666
  <param pos="0" name="service.product" value="SMH"/>
569
667
  </fingerprint>
668
+
570
669
  <fingerprint pattern="(?i)^eHTTP[/ ]v?(\d+\.\d+)">
571
670
  <description>HTTP Server present on seemingly only HP ProCurve network devices</description>
572
671
  <example service.version="1.1">EHTTP/1.1</example>
@@ -579,6 +678,7 @@
579
678
  <param pos="0" name="os.family" value="ProCurve"/>
580
679
  <param pos="0" name="os.certainty" value="0.75"/>
581
680
  </fingerprint>
681
+
582
682
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
583
683
  <description>HP Openview Coda (Communications Daemon)</description>
584
684
  <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
@@ -593,6 +693,7 @@
593
693
  <param pos="0" name="service.component.product" value="CODA"/>
594
694
  <param pos="1" name="service.component.version"/>
595
695
  </fingerprint>
696
+
596
697
  <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
597
698
  <description>OpenView Reverse Channel Proxy (RCP)</description>
598
699
  <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
@@ -605,6 +706,7 @@
605
706
  <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
606
707
  <param pos="1" name="service.component.version"/>
607
708
  </fingerprint>
709
+
608
710
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
609
711
  <description>HP Openview LLBServer (Local Location Broker)</description>
610
712
  <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
@@ -618,6 +720,7 @@
618
720
  <param pos="0" name="service.component.product" value="LLBServer"/>
619
721
  <param pos="1" name="service.component.version"/>
620
722
  </fingerprint>
723
+
621
724
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
622
725
  <description>OpenView Communication Broker (ovbbccb)</description>
623
726
  <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
@@ -631,6 +734,7 @@
631
734
  <param pos="0" name="service.component.product" value="Communication Broker"/>
632
735
  <param pos="1" name="service.component.version"/>
633
736
  </fingerprint>
737
+
634
738
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
635
739
  <description>OpenView Communication Broker (ovbbccb) with no version</description>
636
740
  <example>BBC 11.13.007; ovbbccb unknown version</example>
@@ -642,6 +746,7 @@
642
746
  <param pos="0" name="service.component.family" value="OpenView"/>
643
747
  <param pos="0" name="service.component.product" value="Communication Broker"/>
644
748
  </fingerprint>
749
+
645
750
  <fingerprint pattern="^UOS$">
646
751
  <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
647
752
  <example>UOS</example>
@@ -655,6 +760,7 @@
655
760
  <param pos="0" name="hw.family" value="TippingPoint"/>
656
761
  <param pos="0" name="hw.device" value="IPS"/>
657
762
  </fingerprint>
763
+
658
764
  <fingerprint pattern="^uc-httpd[ \/]([\d.]+)$">
659
765
  <description>Xiongmai Tech uc-httpd</description>
660
766
  <example service.version="1.0.0">uc-httpd 1.0.0</example>
@@ -663,6 +769,7 @@
663
769
  <param pos="0" name="service.product" value="uc-httpd"/>
664
770
  <param pos="1" name="service.version"/>
665
771
  </fingerprint>
772
+
666
773
  <fingerprint pattern="^micro_httpd$">
667
774
  <description>ACME micro_httpd</description>
668
775
  <example>micro_httpd</example>
@@ -670,6 +777,7 @@
670
777
  <param pos="0" name="service.product" value="micro_httpd"/>
671
778
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:micro_httpd:-"/>
672
779
  </fingerprint>
780
+
673
781
  <fingerprint pattern="^mini_httpd$">
674
782
  <description>ACME mini_httpd</description>
675
783
  <example>mini_httpd</example>
@@ -677,6 +785,7 @@
677
785
  <param pos="0" name="service.product" value="mini_httpd"/>
678
786
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
679
787
  </fingerprint>
788
+
680
789
  <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
681
790
  <description>LiteSpeed</description>
682
791
  <example>LiteSpeed</example>
@@ -685,6 +794,7 @@
685
794
  <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
686
795
  <param pos="1" name="service.version"/>
687
796
  </fingerprint>
797
+
688
798
  <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
689
799
  <description>Idea Web Server</description>
690
800
  <example service.version="0.83.74">IdeaWebServer/0.83.74</example>
@@ -693,6 +803,7 @@
693
803
  <param pos="0" name="service.product" value="Idea Web Server"/>
694
804
  <param pos="1" name="service.version"/>
695
805
  </fingerprint>
806
+
696
807
  <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
697
808
  <description>OpenResty OpenResty</description>
698
809
  <example>openresty</example>
@@ -700,14 +811,18 @@
700
811
  <param pos="0" name="service.vendor" value="OpenResty"/>
701
812
  <param pos="0" name="service.product" value="OpenResty"/>
702
813
  <param pos="1" name="service.version"/>
814
+ <param pos="0" name="service.cpe23" value="cpe:/a:openresty:openresty:{service.version}"/>
703
815
  </fingerprint>
816
+
704
817
  <fingerprint pattern="^gunicorn\/([\d.]+)+$">
705
818
  <description>Gunicorn Gunicorn</description>
706
819
  <example service.version="19.7.1">gunicorn/19.7.1</example>
707
820
  <param pos="0" name="service.vendor" value="Gunicorn"/>
708
821
  <param pos="0" name="service.product" value="Gunicorn"/>
709
822
  <param pos="1" name="service.version"/>
823
+ <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:{service.version}"/>
710
824
  </fingerprint>
825
+
711
826
  <fingerprint pattern="^Serv-U\/([\d.]+)$">
712
827
  <description>Serv-U HTTP interface</description>
713
828
  <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
@@ -716,6 +831,26 @@
716
831
  <param pos="0" name="service.product" value="FTP Server"/>
717
832
  <param pos="1" name="service.version"/>
718
833
  </fingerprint>
834
+
835
+ <fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
836
+ <description>Wing FTP HTTP interface - with version</description>
837
+ <example service.version="3.6.0">Wing FTP Server/3.6.0(customer name here)</example>
838
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
839
+ <param pos="0" name="service.family" value="Wing FTP"/>
840
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
841
+ <param pos="1" name="service.version"/>
842
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:{service.version}"/>
843
+ </fingerprint>
844
+
845
+ <fingerprint pattern="^Wing FTP Server\([^)]*\)$">
846
+ <description>Wing FTP HTTP interface - no version</description>
847
+ <example>Wing FTP Server(customer name here)</example>
848
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
849
+ <param pos="0" name="service.family" value="Wing FTP"/>
850
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
851
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:-"/>
852
+ </fingerprint>
853
+
719
854
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
720
855
  <description>Sonos Bridge/ZoneBridge</description>
721
856
  <example hw.model="BR100" hw.version="47.2-59120">Linux UPnP/1.0 Sonos/47.2-59120 (BR100)</example>
@@ -726,6 +861,7 @@
726
861
  <param pos="2" name="hw.model"/>
727
862
  <param pos="0" name="os.product" value="Linux"/>
728
863
  </fingerprint>
864
+
729
865
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
730
866
  <description>Sonos Subwoofer Speaker</description>
731
867
  <example>Linux UPnP/1.0 Sonos/31.3-22220 (ANVIL)</example>
@@ -735,6 +871,7 @@
735
871
  <param pos="1" name="hw.version"/>
736
872
  <param pos="0" name="os.product" value="Linux"/>
737
873
  </fingerprint>
874
+
738
875
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ZP(S?\d+)\)$">
739
876
  <description>Sonos PLAY/ZonePlayer wireless speaker</description>
740
877
  <example hw.model="S1" hw.version="39.2-47040c">Linux UPnP/1.0 Sonos/39.2-47040c (ZPS1)</example>
@@ -747,6 +884,7 @@
747
884
  <param pos="2" name="hw.model"/>
748
885
  <param pos="0" name="os.product" value="Linux"/>
749
886
  </fingerprint>
887
+
750
888
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(WD(\d+)\)$">
751
889
  <description>Sonos Wireless Dock</description>
752
890
  <example hw.model="100" hw.version="36.4-41270">Linux UPnP/1.0 Sonos/36.4-41270 (WD100)</example>
@@ -757,6 +895,7 @@
757
895
  <param pos="2" name="hw.model"/>
758
896
  <param pos="0" name="os.product" value="Linux"/>
759
897
  </fingerprint>
898
+
760
899
  <fingerprint pattern="^Varnish(?:[- ]Cache)?$">
761
900
  <description>Varnish Cache</description>
762
901
  <example>Varnish</example>
@@ -766,6 +905,7 @@
766
905
  <param pos="0" name="service.product" value="Varnish"/>
767
906
  <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
768
907
  </fingerprint>
908
+
769
909
  <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
770
910
  <description>Tengine</description>
771
911
  <example>Tengine</example>
@@ -775,6 +915,7 @@
775
915
  <param pos="0" name="service.product" value="Tengine"/>
776
916
  <param pos="1" name="service.version"/>
777
917
  </fingerprint>
918
+
778
919
  <fingerprint pattern="^Mikrotik HttpProxy$">
779
920
  <description>MikroTik RouterOS - Proxy service</description>
780
921
  <example>Mikrotik HttpProxy</example>
@@ -787,6 +928,7 @@
787
928
  <param pos="0" name="hw.vendor" value="MikroTik"/>
788
929
  <param pos="0" name="hw.device" value="Router"/>
789
930
  </fingerprint>
931
+
790
932
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
791
933
  <description>RealMedia Helix Server - Windows</description>
792
934
  <example>Helix Server Version 9.0.4.960 (win32) (RealServer compatible)</example>
@@ -799,6 +941,7 @@
799
941
  <param pos="0" name="service.family" value="Helix Server"/>
800
942
  <param pos="1" name="service.version"/>
801
943
  </fingerprint>
944
+
802
945
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(linux-\S+\) \(RealServer compatible\)$">
803
946
  <description>RealMedia Helix Server - Linux</description>
804
947
  <example>Helix Server Version 9.0.4.960 (linux-2.2-libc6-i586-server) (RealServer compatible)</example>
@@ -809,6 +952,7 @@
809
952
  <param pos="0" name="service.family" value="Helix Server"/>
810
953
  <param pos="1" name="service.version"/>
811
954
  </fingerprint>
955
+
812
956
  <fingerprint pattern="^ReeCam IP Camera$">
813
957
  <description>Shenzhen ReeCam cameras</description>
814
958
  <example>ReeCam IP Camera</example>
@@ -816,12 +960,14 @@
816
960
  <param pos="0" name="hw.product" value="ReeCam"/>
817
961
  <param pos="0" name="hw.device" value="Web cam"/>
818
962
  </fingerprint>
963
+
819
964
  <fingerprint pattern="^Netwave IP Camera$">
820
965
  <description>Netwave cameras</description>
821
966
  <example>Netwave IP Camera</example>
822
967
  <param pos="0" name="hw.vendor" value="Netwave"/>
823
968
  <param pos="0" name="hw.device" value="Web cam"/>
824
969
  </fingerprint>
970
+
825
971
  <fingerprint pattern="^Cougar/([0-9.]*)$">
826
972
  <description>Windows Media Services (older versions)</description>
827
973
  <example>Cougar/9.01.01.3841</example>
@@ -834,6 +980,7 @@
834
980
  <param pos="0" name="service.family" value="Windows Media Services"/>
835
981
  <param pos="1" name="service.version"/>
836
982
  </fingerprint>
983
+
837
984
  <fingerprint pattern="^WMServer/([0-9.]*)$">
838
985
  <description>Windows Media Services (newer versions)</description>
839
986
  <example>WMServer/9.1.1.3841</example>
@@ -846,6 +993,7 @@
846
993
  <param pos="0" name="service.family" value="Windows Media Services"/>
847
994
  <param pos="1" name="service.version"/>
848
995
  </fingerprint>
996
+
849
997
  <fingerprint pattern="^Microsoft-HTTPAPI/(?:[0-9\.]*)$">
850
998
  <description>Generic Microsoft HTTP service</description>
851
999
  <example>Microsoft-HTTPAPI/2.0</example>
@@ -854,6 +1002,7 @@
854
1002
  <param pos="0" name="os.product" value="Windows"/>
855
1003
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
856
1004
  </fingerprint>
1005
+
857
1006
  <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
858
1007
  <description>Generic IP Cameras</description>
859
1008
  <example>camera</example>
@@ -861,6 +1010,7 @@
861
1010
  <example>Mini Dome IP Camera</example>
862
1011
  <param pos="0" name="hw.device" value="Web cam"/>
863
1012
  </fingerprint>
1013
+
864
1014
  <fingerprint pattern="^ASP.NET$">
865
1015
  <description>Something written in ASP.NET</description>
866
1016
  <example>ASP.NET</example>
@@ -870,6 +1020,7 @@
870
1020
  <param pos="0" name="os.certainty" value="0.6"/>
871
1021
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
872
1022
  </fingerprint>
1023
+
873
1024
  <fingerprint pattern="^[Xx]itami$">
874
1025
  <description>Xitami web server</description>
875
1026
  <example>Xitami</example>
@@ -877,6 +1028,7 @@
877
1028
  <param pos="0" name="service.product" value="HTTP"/>
878
1029
  <param pos="0" name="service.family" value="Webserver"/>
879
1030
  </fingerprint>
1031
+
880
1032
  <fingerprint pattern="^VCS-VIDOS-NVR$">
881
1033
  <description>Bosch VCS VIDOS-NVR network video recorder</description>
882
1034
  <example>VCS-VIDOS-NVR</example>
@@ -886,12 +1038,14 @@
886
1038
  <param pos="0" name="hw.vendor" value="Bosch"/>
887
1039
  <param pos="0" name="hw.device" value="DVR"/>
888
1040
  </fingerprint>
1041
+
889
1042
  <fingerprint pattern="^FUHO-DVR$">
890
1043
  <description>FUHO Surveillance/DVR</description>
891
1044
  <example>FUHO-DVR</example>
892
1045
  <param pos="0" name="hw.vendor" value="FUHO"/>
893
1046
  <param pos="0" name="hw.device" value="DVR"/>
894
1047
  </fingerprint>
1048
+
895
1049
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
896
1050
  <description>HeiTel Digital Video Recorder</description>
897
1051
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -901,6 +1055,7 @@
901
1055
  <param pos="0" name="hw.vendor" value="HeiTel"/>
902
1056
  <param pos="0" name="hw.device" value="DVR"/>
903
1057
  </fingerprint>
1058
+
904
1059
  <fingerprint pattern="^MiniServ/([0-9.]*)$">
905
1060
  <description>mini_httpd</description>
906
1061
  <example>MiniServ/0.01</example>
@@ -908,6 +1063,7 @@
908
1063
  <param pos="0" name="service.family" value="WebServer"/>
909
1064
  <param pos="1" name="service.version"/>
910
1065
  </fingerprint>
1066
+
911
1067
  <fingerprint pattern="^IBM HTTP Server/(V\d+R\d+M\d+)$">
912
1068
  <description>IBM HTTP server running on AS/400</description>
913
1069
  <example>IBM HTTP Server/V5R3M0</example>
@@ -920,7 +1076,9 @@
920
1076
  <param pos="0" name="os.family" value="OS/400"/>
921
1077
  <param pos="0" name="os.product" value="OS/400"/>
922
1078
  <param pos="1" name="os.version"/>
1079
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
923
1080
  </fingerprint>
1081
+
924
1082
  <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
925
1083
  <description>IBM HTTP Server</description>
926
1084
  <example>IBM_HTTP_SERVER/1.3.19.2 Apache/1.3.20 (Win32)</example>
@@ -942,6 +1100,7 @@
942
1100
  <param pos="0" name="apache.variant" value="IBM"/>
943
1101
  <param pos="1" name="apache.variant.version"/>
944
1102
  </fingerprint>
1103
+
945
1104
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$">
946
1105
  <description>IBM HTTP Server with hardly useful version info</description>
947
1106
  <example>IBM-HTTP-Server/1.0</example>
@@ -953,6 +1112,7 @@
953
1112
  <param pos="0" name="apache.variant" value="IBM"/>
954
1113
  <param pos="1" name="apache.variant.version"/>
955
1114
  </fingerprint>
1115
+
956
1116
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
957
1117
  <description>IBM HTTP Server with no version info</description>
958
1118
  <example>IBM_HTTP_SERVER</example>
@@ -963,9 +1123,11 @@
963
1123
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
964
1124
  <param pos="0" name="apache.variant" value="IBM"/>
965
1125
  </fingerprint>
1126
+
966
1127
  <!--
967
1128
  Netscape/Sun's Application Server
968
1129
  -->
1130
+
969
1131
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server( \d\.[\d_]+)?$">
970
1132
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
971
1133
  <example>Sun-Java-System/Application-Server</example>
@@ -975,6 +1137,7 @@
975
1137
  <param pos="1" name="service.version"/>
976
1138
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:{service.version}"/>
977
1139
  </fingerprint>
1140
+
978
1141
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server Platform Edition (\d\.[\d_]+)?$">
979
1142
  <description>Sun Java System Application Server Platform Edition(formerly iPlanet Application Server, Sun ONE Application Server)</description>
980
1143
  <example>Sun Java System Application Server Platform Edition 9.0</example>
@@ -984,22 +1147,35 @@
984
1147
  <param pos="0" name="service.product" value="Java System Application Server Platform Edition"/>
985
1148
  <param pos="1" name="service.version"/>
986
1149
  </fingerprint>
1150
+
987
1151
  <fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
988
1152
  <description>Glassfish with version information</description>
989
- <example>Sun GlassFish Enterprise Server v2.1</example>
1153
+ <example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
1154
+ <param pos="0" name="service.vendor" value="Sun"/>
1155
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1156
+ <param pos="1" name="service.version"/>
1157
+ </fingerprint>
1158
+
1159
+ <fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
1160
+ <description>Glassfish Open Source Edition with version information</description>
1161
+ <example service.version="4.1.2">GlassFish Server Open Source Edition 4.1.2</example>
1162
+ <example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
990
1163
  <param pos="0" name="service.vendor" value="Sun"/>
991
- <param pos="0" name="service.product" value="GlassFish"/>
1164
+ <param pos="0" name="service.product" value="GlassFish Server"/>
992
1165
  <param pos="1" name="service.version"/>
993
1166
  </fingerprint>
1167
+
994
1168
  <fingerprint pattern="^GlassFish$">
995
1169
  <description>Glassfish without version information</description>
996
1170
  <example>GlassFish</example>
997
1171
  <param pos="0" name="service.vendor" value="Sun"/>
998
- <param pos="0" name="service.product" value="GlassFish"/>
1172
+ <param pos="0" name="service.product" value="GlassFish Server"/>
999
1173
  </fingerprint>
1174
+
1000
1175
  <!--
1001
1176
  Netscape/Sun's Web Server
1002
1177
  -->
1178
+
1003
1179
  <fingerprint pattern="^Netscape-Enterprise/(\d+\.[\w\s.]+)$">
1004
1180
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
1005
1181
  <example>Netscape-Enterprise/3.5.1</example>
@@ -1011,6 +1187,7 @@
1011
1187
  <param pos="1" name="service.version"/>
1012
1188
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:{service.version}"/>
1013
1189
  </fingerprint>
1190
+
1014
1191
  <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
1015
1192
  <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web Server and Sun ONE Web Server)</description>
1016
1193
  <example>Sun-Java-System-Web-Server/7.0</example>
@@ -1020,19 +1197,20 @@
1020
1197
  <param pos="0" name="service.product" value="Java System Web Server"/>
1021
1198
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:-"/>
1022
1199
  </fingerprint>
1200
+
1023
1201
  <!--
1024
1202
  Netscape/Sun's Web Proxy Server
1025
1203
  -->
1204
+
1026
1205
  <!--
1027
1206
  Header seen on admin port 8081 (not regular proxy port 8080) of Sun Java
1028
1207
  System Web Proxy Server 3.6 Service Pack 4 running on Windows:
1029
-
1030
1208
  Server: Netscape-Administrator/3.54
1031
-
1032
1209
  However this header might be used by Web Server too, so it might be
1033
1210
  impossible to differentiate Web Server from Web Proxy Server. Also note how
1034
1211
  there seems to be no relation between 3.54 and "3.6 Service Pack 4".
1035
1212
  -->
1213
+
1036
1214
  <fingerprint pattern="^iPlanet-Web-Proxy-Server/(.*)$">
1037
1215
  <description>iPlanet WebProxy Server (subsequently Sun ONE WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1038
1216
  <example>iPlanet-Web-Proxy-Server/3.6</example>
@@ -1043,6 +1221,7 @@
1043
1221
  <param pos="1" name="service.version"/>
1044
1222
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1045
1223
  </fingerprint>
1224
+
1046
1225
  <fingerprint pattern="^Sun-ONE-Web-Proxy-Server/(.*)$">
1047
1226
  <description>Sun ONE WebProxy Server (formerly iPlanet WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1048
1227
  <example service.version="3.6-SP4">Sun-ONE-Web-Proxy-Server/3.6-SP4</example>
@@ -1052,6 +1231,7 @@
1052
1231
  <param pos="1" name="service.version"/>
1053
1232
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1054
1233
  </fingerprint>
1234
+
1055
1235
  <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(\d\.[\d.]+)$">
1056
1236
  <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server, Sun ONE WebProxy Server)</description>
1057
1237
  <example>Sun-Java-System-Web-Proxy-Server/4.0.2</example>
@@ -1062,6 +1242,7 @@
1062
1242
  <param pos="1" name="service.version"/>
1063
1243
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1064
1244
  </fingerprint>
1245
+
1065
1246
  <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
1066
1247
  <description>Sun Integrated Lights Out Manager (ILOM) usually bundled with Sun Fire servers</description>
1067
1248
  <example>Sun-ILOM-Web-Server/1.0</example>
@@ -1071,6 +1252,7 @@
1071
1252
  <param pos="0" name="hw.vendor" value="Sun"/>
1072
1253
  <param pos="0" name="hw.family" value="Sun Fire"/>
1073
1254
  </fingerprint>
1255
+
1074
1256
  <fingerprint pattern="^HP-iLO-Server/(?:[\S]+)">
1075
1257
  <description>HP Integrated Lights Out Manager (iLO). Version in the Server header (found on in iLO4) is the firmware version and is not currently used.</description>
1076
1258
  <example>HP-iLO-Server/1.30</example>
@@ -1085,12 +1267,14 @@
1085
1267
  <param pos="0" name="os.family" value="iLO"/>
1086
1268
  <param pos="0" name="os.device" value="Lights Out Management"/>
1087
1269
  </fingerprint>
1270
+
1088
1271
  <!--
1089
1272
  TODO:
1090
-
1091
1273
  Sun_WebServer/2.1
1092
1274
  -->
1275
+
1093
1276
  <!-- Mort Bay Jetty 1.0 to 6.x -->
1277
+
1094
1278
  <fingerprint pattern="^Jetty\/([1-6]\.[\w.]+)(?: \(([^)]*))?">
1095
1279
  <description>Mort Bay Jetty with info</description>
1096
1280
  <example service.version="4.0.1" jetty.info="SunOS 5.8 sparc">Jetty/4.0.1 (SunOS 5.8 sparc)</example>
@@ -1105,6 +1289,7 @@
1105
1289
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1106
1290
  <param pos="2" name="jetty.info"/>
1107
1291
  </fingerprint>
1292
+
1108
1293
  <fingerprint pattern="^Jetty\(([1-6]\S+)\)$">
1109
1294
  <description>Mort Bay Jetty</description>
1110
1295
  <example service.version="1.4.5">Jetty(1.4.5)</example>
@@ -1115,10 +1300,12 @@
1115
1300
  <param pos="1" name="service.version"/>
1116
1301
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1117
1302
  </fingerprint>
1303
+
1118
1304
  <!--
1119
1305
  Jetty moved to Eclipse.org at version 7, CVEs after this version are
1120
1306
  associated with Eclipse CPEs.
1121
1307
  -->
1308
+
1122
1309
  <fingerprint pattern="^Jetty\((\S+)\)$">
1123
1310
  <description>Eclipse Jetty</description>
1124
1311
  <example service.version="7.6.9.v20130131">Jetty(7.6.9.v20130131)</example>
@@ -1130,6 +1317,7 @@
1130
1317
  <param pos="1" name="service.version"/>
1131
1318
  <param pos="0" name="service.cpe23" value="cpe:/a:eclipse:jetty:{service.version}"/>
1132
1319
  </fingerprint>
1320
+
1133
1321
  <fingerprint pattern="^(?i)squid/(\d+\.[\w.\-\+]+)$">
1134
1322
  <description>Squid Web Proxy with a version</description>
1135
1323
  <example service.version="2.3.STABLE1">Squid/2.3.STABLE1</example>
@@ -1141,6 +1329,7 @@
1141
1329
  <param pos="1" name="service.version"/>
1142
1330
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:{service.version}"/>
1143
1331
  </fingerprint>
1332
+
1144
1333
  <fingerprint pattern="^(?i)squid$">
1145
1334
  <description>Squid Web Proxy without a version</description>
1146
1335
  <example>Squid</example>
@@ -1150,6 +1339,7 @@
1150
1339
  <param pos="0" name="service.family" value="Squid"/>
1151
1340
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:-"/>
1152
1341
  </fingerprint>
1342
+
1153
1343
  <fingerprint pattern="^thttpd/(\d\.[\w.]+)-MX\s*.*$">
1154
1344
  <description>thttpd with SSL support</description>
1155
1345
  <example>thttpd/2.19-MX Jan 24 2006</example>
@@ -1158,6 +1348,7 @@
1158
1348
  <param pos="1" name="service.version"/>
1159
1349
  <param pos="0" name="thttpd.mx-patch" value="enabled"/>
1160
1350
  </fingerprint>
1351
+
1161
1352
  <fingerprint pattern="^thttpd(?:/(\d\.[\w.]+)\s*.*)?$">
1162
1353
  <description>thttpd</description>
1163
1354
  <example>thttpd</example>
@@ -1169,15 +1360,18 @@
1169
1360
  <param pos="0" name="service.family" value="thttpd"/>
1170
1361
  <param pos="1" name="service.version"/>
1171
1362
  </fingerprint>
1172
- <fingerprint pattern="^lighttpd(?:/(\d[\d.]+))?.*$">
1363
+
1364
+ <fingerprint pattern="(?i)^lighttpd(?:/(\d[\d.]+))?.*$">
1173
1365
  <description>Lighttpd</description>
1174
1366
  <example>lighttpd</example>
1367
+ <example>Lighttpd</example>
1175
1368
  <example service.version="1.4.16">lighttpd/1.4.16</example>
1176
1369
  <example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
1177
1370
  <param pos="0" name="service.product" value="lighttpd"/>
1178
1371
  <param pos="0" name="service.family" value="lighttpd"/>
1179
1372
  <param pos="1" name="service.version"/>
1180
1373
  </fingerprint>
1374
+
1181
1375
  <fingerprint pattern="^nginx$">
1182
1376
  <description>nginx without version info</description>
1183
1377
  <example>nginx</example>
@@ -1186,6 +1380,7 @@
1186
1380
  <param pos="0" name="service.vendor" value="nginx"/>
1187
1381
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
1188
1382
  </fingerprint>
1383
+
1189
1384
  <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
1190
1385
  <description>nginx with version info and/or mods</description>
1191
1386
  <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
@@ -1198,6 +1393,7 @@
1198
1393
  <param pos="1" name="service.version"/>
1199
1394
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
1200
1395
  </fingerprint>
1396
+
1201
1397
  <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
1202
1398
  <description>IBM Lotus Notes/Domino with no useful version info</description>
1203
1399
  <example>Lotus</example>
@@ -1209,6 +1405,7 @@
1209
1405
  <param pos="0" name="service.family" value="Lotus Domino"/>
1210
1406
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
1211
1407
  </fingerprint>
1408
+
1212
1409
  <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
1213
1410
  <description>IBM Lotus Notes/Domino with version info</description>
1214
1411
  <example>Lotus-Domino/5.0.8</example>
@@ -1219,6 +1416,7 @@
1219
1416
  <param pos="1" name="service.version"/>
1220
1417
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
1221
1418
  </fingerprint>
1419
+
1222
1420
  <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
1223
1421
  <description>BEA WebLogic</description>
1224
1422
  <example service.version="8.1 SP3">WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
@@ -1230,6 +1428,7 @@
1230
1428
  <param pos="1" name="service.version"/>
1231
1429
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:{service.version}"/>
1232
1430
  </fingerprint>
1431
+
1233
1432
  <fingerprint pattern="^WebSphere Application Server/(\d+\.\d+)$">
1234
1433
  <description>IBM WebSphere</description>
1235
1434
  <example service.version="5.0">WebSphere Application Server/5.0</example>
@@ -1238,7 +1437,9 @@
1238
1437
  <param pos="0" name="service.product" value="WebSphere"/>
1239
1438
  <param pos="0" name="service.family" value="WebSphere"/>
1240
1439
  <param pos="1" name="service.version"/>
1440
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:websphere:{service.version}"/>
1241
1441
  </fingerprint>
1442
+
1242
1443
  <fingerprint pattern="^Resin/(\S+)$">
1243
1444
  <description>Caucho Resin</description>
1244
1445
  <example>Resin/2.1.13</example>
@@ -1250,6 +1451,7 @@
1250
1451
  <param pos="1" name="service.version"/>
1251
1452
  <param pos="0" name="service.cpe23" value="cpe:/a:caucho:resin:{service.version}"/>
1252
1453
  </fingerprint>
1454
+
1253
1455
  <fingerprint pattern="^Ipswitch-IMail/(\d\.\d+)$">
1254
1456
  <description>Ipswitch IMail Server</description>
1255
1457
  <example>Ipswitch-IMail/5.08</example>
@@ -1265,6 +1467,7 @@
1265
1467
  <param pos="0" name="os.product" value="Windows"/>
1266
1468
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1267
1469
  </fingerprint>
1470
+
1268
1471
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1269
1472
  <description>Aprelium Technologies Abyss Web Server X1 (free personal edition) on Windows</description>
1270
1473
  <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
@@ -1278,6 +1481,7 @@
1278
1481
  <param pos="0" name="os.product" value="Windows"/>
1279
1482
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1280
1483
  </fingerprint>
1484
+
1281
1485
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X2-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1282
1486
  <description>Aprelium Technologies Abyss Web Server X2 (licensed professional edition) on Windows</description>
1283
1487
  <param pos="0" name="service.vendor" value="Aprelium Technologies"/>
@@ -1289,6 +1493,7 @@
1289
1493
  <param pos="0" name="os.product" value="Windows"/>
1290
1494
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1291
1495
  </fingerprint>
1496
+
1292
1497
  <fingerprint pattern="^Microsoft (Commerce Server\s*(?:2002|2007)?, (?:Enterprise|Standard|Evaluation|Developer) Edition)$">
1293
1498
  <description>Microsoft Commerce Server</description>
1294
1499
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -1299,6 +1504,7 @@
1299
1504
  <param pos="0" name="os.product" value="Windows"/>
1300
1505
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1301
1506
  </fingerprint>
1507
+
1302
1508
  <fingerprint pattern="^NetWare-Enterprise-Web-Server/(\d+\.\d+)$">
1303
1509
  <description>NetWare Enterprise Web Server (runs on NetWare 5.1)</description>
1304
1510
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1313,6 +1519,7 @@
1313
1519
  <param pos="1" name="os.version"/>
1314
1520
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:{os.version}"/>
1315
1521
  </fingerprint>
1522
+
1316
1523
  <fingerprint pattern="^NetWare HTTP Stack$">
1317
1524
  <description>NetWare HTTP stack (runs on 6.0 and 6.5)</description>
1318
1525
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1323,6 +1530,7 @@
1323
1530
  <param pos="0" name="os.product" value="NetWare"/>
1324
1531
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
1325
1532
  </fingerprint>
1533
+
1326
1534
  <fingerprint pattern="^Novell-HTTP-Server/3.1R1$">
1327
1535
  <description>NetWare HTTP Server (runs on NetWare 4.11)</description>
1328
1536
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1336,6 +1544,7 @@
1336
1544
  <param pos="0" name="os.version" value="4.11"/>
1337
1545
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.11"/>
1338
1546
  </fingerprint>
1547
+
1339
1548
  <fingerprint pattern="^Novell-HTTP-Server/2.51R1$">
1340
1549
  <description>NetWare HTTP Server (runs on NetWare 4.1)</description>
1341
1550
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1349,6 +1558,7 @@
1349
1558
  <param pos="0" name="os.version" value="4.1"/>
1350
1559
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.1"/>
1351
1560
  </fingerprint>
1561
+
1352
1562
  <fingerprint pattern="^Netscape-FastTrack/(\d+\.[\w\s.]+)$">
1353
1563
  <description>Netscape FastTrack Server</description>
1354
1564
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1357,6 +1567,7 @@
1357
1567
  <param pos="1" name="service.version"/>
1358
1568
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:fasttrack_server:{service.version}"/>
1359
1569
  </fingerprint>
1570
+
1360
1571
  <fingerprint pattern="^Netscape-Commerce/(\d+\.[\w\s.]+)$">
1361
1572
  <description>Netscape Commerce Server</description>
1362
1573
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1365,19 +1576,113 @@
1365
1576
  <param pos="1" name="service.version"/>
1366
1577
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:commerce_server:{service.version}"/>
1367
1578
  </fingerprint>
1579
+
1368
1580
  <!--
1369
1581
  TODO
1370
-
1371
1582
  "Powered by PowerBSD - Apache"
1372
1583
  "SSE(Apache)"
1373
1584
  -->
1585
+
1374
1586
  <fingerprint pattern="^SAP J2EE Engine/(\d+\.\d+)$">
1375
- <description>SAP NetWeaver Web AS (Application Server)</description>
1587
+ <description>SAP NetWeaver Application Server Java - short version</description>
1588
+ <example service.version="7.01">SAP J2EE Engine/7.01</example>
1589
+ <param pos="0" name="service.vendor" value="SAP"/>
1590
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1591
+ <param pos="0" name="service.family" value="NetWeaver"/>
1592
+ <param pos="1" name="service.version"/>
1593
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1594
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1595
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1596
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1597
+ </fingerprint>
1598
+
1599
+ <fingerprint pattern="^SAP NetWeaver Application Server$">
1600
+ <description>SAP NetWeaver Application Server without version</description>
1601
+ <example>SAP NetWeaver Application Server</example>
1602
+ <param pos="0" name="service.vendor" value="SAP"/>
1603
+ <param pos="0" name="service.product" value="NetWeaver Application Server"/>
1604
+ <param pos="0" name="service.family" value="NetWeaver"/>
1605
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1606
+ </fingerprint>
1607
+
1608
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / AS Java ([\d.]+)$">
1609
+ <description>SAP NetWeaver Application Server Java</description>
1610
+ <example service.version="7.30" service.component.version="7.22">SAP NetWeaver Application Server 7.22 / AS Java 7.30</example>
1611
+ <param pos="0" name="service.vendor" value="SAP"/>
1612
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1613
+ <param pos="0" name="service.family" value="NetWeaver"/>
1614
+ <param pos="2" name="service.version"/>
1615
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1616
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1617
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1618
+ <param pos="1" name="service.component.version"/>
1619
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1620
+ </fingerprint>
1621
+
1622
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / ICM ([\d.]+)$">
1623
+ <description>SAP NetWeaver Application Server - Internet Communication Manager</description>
1624
+ <example service.version="7.21" service.component.version="7.21">SAP NetWeaver Application Server 7.21 / ICM 7.21</example>
1625
+ <param pos="0" name="service.vendor" value="SAP"/>
1626
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1627
+ <param pos="0" name="service.family" value="NetWeaver"/>
1628
+ <param pos="2" name="service.version"/>
1629
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1630
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1631
+ <param pos="1" name="service.component.version"/>
1632
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1633
+ </fingerprint>
1634
+
1635
+ <fingerprint pattern="^SAP NetWeaver Application Server \(ICM\)$">
1636
+ <description>SAP NetWeaver Application Server - Internet Communication Manager without version</description>
1637
+ <example>SAP NetWeaver Application Server (ICM)</example>
1638
+ <param pos="0" name="service.vendor" value="SAP"/>
1639
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1640
+ <param pos="0" name="service.family" value="NetWeaver"/>
1641
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1642
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1643
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1644
+ </fingerprint>
1645
+
1646
+ <fingerprint pattern="^SAP NetWeaver Application Server / ABAP ([\d.]+)$">
1647
+ <description>SAP NetWeaver Application Server - Advanced Business Application Programming</description>
1648
+ <example service.version="731">SAP NetWeaver Application Server / ABAP 731</example>
1376
1649
  <param pos="0" name="service.vendor" value="SAP"/>
1377
- <param pos="0" name="service.product" value="NetWeaver Web AS"/>
1650
+ <param pos="0" name="service.product" value="NetWeaver AS ABAP"/>
1378
1651
  <param pos="0" name="service.family" value="NetWeaver"/>
1379
1652
  <param pos="1" name="service.version"/>
1653
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_as_abap:{service.version}"/>
1654
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1655
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1656
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1657
+ </fingerprint>
1658
+
1659
+ <fingerprint pattern="^SAP Internet Graphics Server$">
1660
+ <description>SAP Internet Graphics Server</description>
1661
+ <example>SAP Internet Graphics Server</example>
1662
+ <param pos="0" name="service.vendor" value="SAP"/>
1663
+ <param pos="0" name="service.product" value="Internet Graphics Server"/>
1664
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1665
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1666
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1667
+ </fingerprint>
1668
+
1669
+ <fingerprint pattern="^SAP Message Server, release ([\d.]+) \(LNK\)$">
1670
+ <description>SAP Message Server</description>
1671
+ <example service.version="753">SAP Message Server, release 753 (LNK)</example>
1672
+ <param pos="0" name="service.vendor" value="SAP"/>
1673
+ <param pos="0" name="service.product" value="SAP Message Server"/>
1674
+ <param pos="1" name="service.version"/>
1675
+ </fingerprint>
1676
+
1677
+ <fingerprint pattern="^SQLAnywhere/([\d.]+)$">
1678
+ <description>SAP SQLAnywhere</description>
1679
+ <example service.version="16.0.0.2207">SQLAnywhere/16.0.0.2207</example>
1680
+ <param pos="0" name="service.vendor" value="SAP"/>
1681
+ <param pos="0" name="service.product" value="SQL Anywhere"/>
1682
+ <param pos="1" name="service.version"/>
1683
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:sql_anywhere:{service.version}"/>
1380
1684
  </fingerprint>
1685
+
1381
1686
  <fingerprint pattern="^OpenVPN-AS$">
1382
1687
  <description>OpenVPN Access Server</description>
1383
1688
  <example>OpenVPN-AS</example>
@@ -1385,27 +1690,30 @@
1385
1690
  <param pos="0" name="service.product" value="Access Server"/>
1386
1691
  <param pos="0" name="hw.device" value="VPN"/>
1387
1692
  </fingerprint>
1693
+
1388
1694
  <fingerprint pattern="^SonicWALL (SSL-?VPN(?: (?:\d+))?) Web Server\.?$">
1389
1695
  <description>SonicWALL SSL-VPN device</description>
1390
1696
  <example>SonicWALL SSLVPN Web Server</example>
1391
1697
  <example>SonicWALL SSL-VPN Web Server</example>
1392
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1698
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1393
1699
  <param pos="0" name="service.product" value="SSL-VPN"/>
1394
1700
  <param pos="0" name="service.family" value="SSL-VPN"/>
1395
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1701
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1396
1702
  <param pos="0" name="os.device" value="VPN"/>
1397
1703
  <param pos="0" name="os.family" value="SSL-VPN"/>
1398
1704
  <param pos="1" name="os.product"/>
1399
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1705
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1400
1706
  <param pos="0" name="hw.device" value="VPN"/>
1401
1707
  </fingerprint>
1708
+
1402
1709
  <fingerprint pattern="^SonicWALL$">
1403
1710
  <description>SonicWALL device</description>
1404
1711
  <example>SonicWALL</example>
1405
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1712
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1406
1713
  <param pos="0" name="service.product" value="HTTP"/>
1407
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1714
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1408
1715
  </fingerprint>
1716
+
1409
1717
  <fingerprint pattern="^NetCache appliance \(NetApp/+(\d+\.\d+[\w.]+)\)$">
1410
1718
  <description>NetCache appliance (product line formerly owned by Network Appliances, now owned by Blue Coat Systems).</description>
1411
1719
  <example service.version="5.3.1R3">NetCache appliance (NetApp/5.3.1R3)</example>
@@ -1423,6 +1731,7 @@
1423
1731
  <param pos="0" name="os.family" value="NetCache"/>
1424
1732
  <param pos="0" name="os.product" value="NetCache"/>
1425
1733
  </fingerprint>
1734
+
1426
1735
  <fingerprint pattern="^NetApp/+(.*)$">
1427
1736
  <description>NetApp file servers</description>
1428
1737
  <example>NetApp/7.3.4P1</example>
@@ -1436,6 +1745,7 @@
1436
1745
  <param pos="1" name="os.version"/>
1437
1746
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
1438
1747
  </fingerprint>
1748
+
1439
1749
  <fingerprint pattern="^BlueCoat-Security-Appliance$">
1440
1750
  <description>Blue Coat security appliance</description>
1441
1751
  <example>BlueCoat-Security-Appliance</example>
@@ -1444,6 +1754,7 @@
1444
1754
  <param pos="0" name="os.family" value="Blue Coat"/>
1445
1755
  <param pos="0" name="os.product" value="Appliance"/>
1446
1756
  </fingerprint>
1757
+
1447
1758
  <fingerprint pattern="^(?:BigIP|BIG-IP)$">
1448
1759
  <description>F5 BIG-IP</description>
1449
1760
  <param pos="0" name="service.vendor" value="F5"/>
@@ -1453,6 +1764,15 @@
1453
1764
  <param pos="0" name="os.family" value="Linux"/>
1454
1765
  <param pos="0" name="os.product" value="Linux"/>
1455
1766
  </fingerprint>
1767
+
1768
+ <fingerprint pattern="^TargetWeb/[\d\.]+ \(TargetOS\)$">
1769
+ <description>Mercurity Security TargetOS</description>
1770
+ <example>TargetWeb/2011.0 (TargetOS)</example>
1771
+ <param pos="0" name="hw.vendor" value="Mercury Security"/>
1772
+ <param pos="0" name="hw.device" value="Access Control"/>
1773
+ <param pos="0" name="hw.product" value="EP-series"/>
1774
+ </fingerprint>
1775
+
1456
1776
  <fingerprint pattern="^Foundry Networks(?:/(\d+\.\d+))?$">
1457
1777
  <description>Foundry Networks device (though not sure which)</description>
1458
1778
  <param pos="0" name="service.vendor" value="Foundry"/>
@@ -1460,6 +1780,7 @@
1460
1780
  <param pos="1" name="service.version"/>
1461
1781
  <param pos="0" name="os.vendor" value="Foundry"/>
1462
1782
  </fingerprint>
1783
+
1463
1784
  <fingerprint pattern="^HP-Chai(?:Server|SOE)/(\d+\.\d+)$">
1464
1785
  <description>HP Printer running the Chai embedded web server</description>
1465
1786
  <example>HP-ChaiServer/2.2</example>
@@ -1477,6 +1798,7 @@
1477
1798
  <param pos="0" name="hw.product" value="JetDirect"/>
1478
1799
  <param pos="0" name="hw.device" value="Printer"/>
1479
1800
  </fingerprint>
1801
+
1480
1802
  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
1481
1803
  <description>HP Printer</description>
1482
1804
  <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
@@ -1494,6 +1816,7 @@
1494
1816
  <param pos="0" name="hw.product" value="JetDirect"/>
1495
1817
  <param pos="0" name="hw.device" value="Printer"/>
1496
1818
  </fingerprint>
1819
+
1497
1820
  <fingerprint pattern="^HTTP/1\.0$">
1498
1821
  <description>Old HP printers identify themselves as "HTTP/1.0"</description>
1499
1822
  <param pos="0" name="service.vendor" value="HP"/>
@@ -1508,6 +1831,7 @@
1508
1831
  <param pos="0" name="hw.product" value="JetDirect"/>
1509
1832
  <param pos="0" name="hw.device" value="Printer"/>
1510
1833
  </fingerprint>
1834
+
1511
1835
  <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
1512
1836
  <description>Embedded HTTP server used by many vendors and device
1513
1837
  types, including APC, 3Com, Andover Controls, Cisco VoIP, D-Link,
@@ -1522,6 +1846,7 @@
1522
1846
  <param pos="0" name="service.product" value="RomPager"/>
1523
1847
  <param pos="1" name="service.version"/>
1524
1848
  </fingerprint>
1849
+
1525
1850
  <fingerprint pattern="^YAMAHA-RT$">
1526
1851
  <description>Yamaha RT series routers</description>
1527
1852
  <param pos="0" name="service.vendor" value="Yamaha"/>
@@ -1534,6 +1859,7 @@
1534
1859
  <param pos="0" name="hw.vendor" value="Yamaha"/>
1535
1860
  <param pos="0" name="hw.device" value="Router"/>
1536
1861
  </fingerprint>
1862
+
1537
1863
  <fingerprint pattern="^(?:Canon Http|CANON HTTP) Server (?:Ver)?(?:\d+\.\d+)$">
1538
1864
  <description>Canon Multifunction Printer/Copiers</description>
1539
1865
  <param pos="0" name="service.vendor" value="Canon"/>
@@ -1542,6 +1868,7 @@
1542
1868
  <param pos="0" name="hw.vendor" value="Canon"/>
1543
1869
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1544
1870
  </fingerprint>
1871
+
1545
1872
  <fingerprint pattern=".*Linksys.*">
1546
1873
  <description>Linksys Wireless Access Point</description>
1547
1874
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -1549,6 +1876,7 @@
1549
1876
  <param pos="0" name="hw.vendor" value="Linksys"/>
1550
1877
  <param pos="0" name="hw.device" value="WAP"/>
1551
1878
  </fingerprint>
1879
+
1552
1880
  <fingerprint pattern="^cisco-IOS$">
1553
1881
  <description>Cisco IOS</description>
1554
1882
  <example>cisco-IOS</example>
@@ -1563,6 +1891,7 @@
1563
1891
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1564
1892
  <param pos="0" name="hw.vendor" value="Cisco"/>
1565
1893
  </fingerprint>
1894
+
1566
1895
  <fingerprint pattern="^cisco-IOS/([^\s]+) HTTP-server/.*$">
1567
1896
  <description>Cisco IOS with version information</description>
1568
1897
  <example>cisco-IOS/12.1 HTTP-server/1.0(1)</example>
@@ -1577,6 +1906,7 @@
1577
1906
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
1578
1907
  <param pos="0" name="hw.vendor" value="Cisco"/>
1579
1908
  </fingerprint>
1909
+
1580
1910
  <fingerprint pattern="^Cisco AWARE (.*)$">
1581
1911
  <description>Cisco ASA</description>
1582
1912
  <example>Cisco AWARE 2.0</example>
@@ -1585,13 +1915,15 @@
1585
1915
  <param pos="0" name="service.product" value="HTTP"/>
1586
1916
  <param pos="0" name="os.vendor" value="Cisco"/>
1587
1917
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
1588
- <param pos="0" name="os.product" value="VPN"/>
1918
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
1919
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
1589
1920
  <param pos="0" name="hw.vendor" value="Cisco"/>
1590
1921
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
1591
1922
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
1592
1923
  <param pos="0" name="hw.device" value="Firewall"/>
1593
1924
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
1594
1925
  </fingerprint>
1926
+
1595
1927
  <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1596
1928
  <description>Cradlepoint HTTP service</description>
1597
1929
  <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
@@ -1599,6 +1931,7 @@
1599
1931
  <param pos="0" name="service.vendor" value="Cradlepoint"/>
1600
1932
  <param pos="0" name="service.product" value="HTTP"/>
1601
1933
  </fingerprint>
1934
+
1602
1935
  <fingerprint pattern="^DesktopAuthority/(.*)$">
1603
1936
  <description>ScriptLogic DesktopAuthority</description>
1604
1937
  <param pos="1" name="service.version"/>
@@ -1610,6 +1943,7 @@
1610
1943
  <param pos="0" name="os.product" value="Windows"/>
1611
1944
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1612
1945
  </fingerprint>
1946
+
1613
1947
  <fingerprint pattern="^Agent-ListenServer-HttpSvr/.*$">
1614
1948
  <description>McAfee ePolicy Orchestrator</description>
1615
1949
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1617,6 +1951,14 @@
1617
1951
  <param pos="0" name="service.family" value="ePolicy Orchestrator"/>
1618
1952
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:epolicy_orchestrator:-"/>
1619
1953
  </fingerprint>
1954
+
1955
+ <fingerprint pattern="^LANDesk Management Agent/.*$">
1956
+ <description>LANDesk Management Agent</description>
1957
+ <param pos="0" name="service.vendor" value="LANDesk"/>
1958
+ <param pos="0" name="service.product" value="Management Agent"/>
1959
+ <param pos="0" name="service.family" value="Management Agent"/>
1960
+ </fingerprint>
1961
+
1620
1962
  <fingerprint pattern="^EWS-NIC\d/(\S+)$">
1621
1963
  <description>Xerox Embedded Web Server (EWS)</description>
1622
1964
  <example service.version="6.31">EWS-NIC3/6.31</example>
@@ -1631,6 +1973,7 @@
1631
1973
  <param pos="0" name="hw.vendor" value="Xerox"/>
1632
1974
  <param pos="0" name="hw.device" value="Printer"/>
1633
1975
  </fingerprint>
1976
+
1634
1977
  <fingerprint pattern="^Adaptec ASM (\S+)$">
1635
1978
  <description>Adaptec - Adaptec Storage Manager (runs on Windows Only)</description>
1636
1979
  <param pos="0" name="service.vendor" value="Adaptec"/>
@@ -1642,6 +1985,7 @@
1642
1985
  <param pos="0" name="os.product" value="Windows"/>
1643
1986
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1644
1987
  </fingerprint>
1988
+
1645
1989
  <fingerprint pattern="^JRun Web Server$">
1646
1990
  <description>Macromedia (formerly Allaire) JRun</description>
1647
1991
  <param pos="0" name="service.vendor" value="Macromedia"/>
@@ -1649,6 +1993,7 @@
1649
1993
  <param pos="0" name="service.product" value="JRun"/>
1650
1994
  <param pos="0" name="service.cpe23" value="cpe:/a:macromedia:jrun:-"/>
1651
1995
  </fingerprint>
1996
+
1652
1997
  <fingerprint pattern="^(?:Raptor )?Simple, Secure Web Server ([\d.]+)$">
1653
1998
  <description>Symantec Raptor Firewall</description>
1654
1999
  <example>Simple, Secure Web Server 1.1</example>
@@ -1659,6 +2004,7 @@
1659
2004
  <param pos="0" name="os.product" value="Raptor"/>
1660
2005
  <param pos="1" name="os.version"/>
1661
2006
  </fingerprint>
2007
+
1662
2008
  <fingerprint pattern="^IPG(\d+)$">
1663
2009
  <description>Systech Internet Payment Gateway</description>
1664
2010
  <example hw.model="8000">IPG8000</example>
@@ -1667,6 +2013,7 @@
1667
2013
  <param pos="0" name="hw.product" value="Internet Payment Gateway"/>
1668
2014
  <param pos="1" name="hw.model"/>
1669
2015
  </fingerprint>
2016
+
1670
2017
  <fingerprint pattern="^NS_(\d\.\d)$">
1671
2018
  <description>Citrix NetScaler</description>
1672
2019
  <example>NS_6.1</example>
@@ -1674,8 +2021,14 @@
1674
2021
  <param pos="0" name="os.family" value="NetScaler"/>
1675
2022
  <param pos="0" name="os.device" value="Network Management Device"/>
1676
2023
  <param pos="0" name="os.product" value="NetScaler"/>
1677
- <param pos="1" name="os.version"/>
2024
+ <param pos="0" name="service.vendor" value="Citrix"/>
2025
+ <param pos="0" name="service.family" value="NetScaler"/>
2026
+ <param pos="0" name="service.device" value="Network Management Device"/>
2027
+ <param pos="0" name="service.product" value="NetScaler"/>
2028
+ <param pos="1" name="service.version"/>
2029
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:{service.version}"/>
1678
2030
  </fingerprint>
2031
+
1679
2032
  <fingerprint pattern="^Rumpus$">
1680
2033
  <description>Rumpus FTP Server, Web File Manager interface</description>
1681
2034
  <example>Rumpus</example>
@@ -1684,6 +2037,7 @@
1684
2037
  <param pos="0" name="os.product" value="Mac OS X"/>
1685
2038
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1686
2039
  </fingerprint>
2040
+
1687
2041
  <fingerprint pattern="^servermgrd$">
1688
2042
  <description>Mac OS X Server administrative daemon</description>
1689
2043
  <example>servermgrd</example>
@@ -1692,6 +2046,7 @@
1692
2046
  <param pos="0" name="os.product" value="Mac OS X"/>
1693
2047
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1694
2048
  </fingerprint>
2049
+
1695
2050
  <fingerprint pattern="^(RMC Webserver|RAC_ONE_HTTP) (\d\.\d)$">
1696
2051
  <description>Dell Remote Access Controller</description>
1697
2052
  <param pos="0" name="os.vendor" value="Dell"/>
@@ -1702,6 +2057,7 @@
1702
2057
  <param pos="1" name="service.product"/>
1703
2058
  <param pos="2" name="service.version"/>
1704
2059
  </fingerprint>
2060
+
1705
2061
  <fingerprint pattern="^Xerox_MicroServer/Xerox11$">
1706
2062
  <description>Xerox Document Centre</description>
1707
2063
  <param pos="0" name="os.vendor" value="Xerox"/>
@@ -1713,6 +2069,7 @@
1713
2069
  <param pos="0" name="hw.product" value="Document Centre"/>
1714
2070
  <param pos="0" name="hw.device" value="Printer"/>
1715
2071
  </fingerprint>
2072
+
1716
2073
  <fingerprint pattern="^TSM_HTTP/\d\.\d$">
1717
2074
  <description>IBM Tivoli Storage Manager</description>
1718
2075
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -1720,11 +2077,13 @@
1720
2077
  <param pos="0" name="service.product" value="Tivoli Storage Manager"/>
1721
2078
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:tivoli_storage_manager:-"/>
1722
2079
  </fingerprint>
2080
+
1723
2081
  <fingerprint pattern="^D-Link MiniAVServer$">
1724
2082
  <description>D-Link embedded web server for web cams</description>
1725
2083
  <param pos="0" name="os.vendor" value="D-Link"/>
1726
2084
  <param pos="0" name="os.device" value="Web cam"/>
1727
2085
  </fingerprint>
2086
+
1728
2087
  <fingerprint pattern="^ListManagerWeb/(\S+) .*$">
1729
2088
  <description>Lyris ListManager</description>
1730
2089
  <example>ListManagerWeb/8.8a (based on Tcl-Webserver/3.4.2)</example>
@@ -1732,16 +2091,18 @@
1732
2091
  <param pos="0" name="service.product" value="ListManager"/>
1733
2092
  <param pos="1" name="service.version"/>
1734
2093
  </fingerprint>
2094
+
1735
2095
  <fingerprint pattern="^kHTTPd (\S+)" certainty="0.50">
1736
2096
  <description>TUX web server, an in-kernel Linux HTTP Accelerator</description>
1737
2097
  <example>kHTTPd 0.1.6</example>
1738
- <param pos="0" name="service.product" value="TUX web server"/>
2098
+ <param pos="0" name="service.product" value="TUX Web Server"/>
1739
2099
  <param pos="1" name="service.version"/>
1740
2100
  <param pos="0" name="os.vendor" value="Linux"/>
1741
2101
  <param pos="0" name="os.family" value="Linux"/>
1742
2102
  <param pos="0" name="os.product" value="Linux"/>
1743
2103
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
1744
2104
  </fingerprint>
2105
+
1745
2106
  <fingerprint pattern="^RealVNC/(?:\S+)$">
1746
2107
  <description>RealVNC built-in webserver</description>
1747
2108
  <example>RealVNC/4.0</example>
@@ -1749,6 +2110,17 @@
1749
2110
  <param pos="0" name="service.product" value="RealVNC"/>
1750
2111
  <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
1751
2112
  </fingerprint>
2113
+
2114
+ <fingerprint pattern="^SecureTransport (\d+[\d\.]+) \(build: (\d+)\)$">
2115
+ <description>AxWay SecureTransport</description>
2116
+ <example>SecureTransport 5.3.6 (build: 412)</example>
2117
+ <param pos="0" name="service.vendor" value="Axway"/>
2118
+ <param pos="0" name="service.product" value="SecureTransport"/>
2119
+ <param pos="1" name="service.version"/>
2120
+ <param pos="0" name="service.cpe23" value="cpe:/a:axway:securetransport:{service.version}"/>
2121
+ <param pos="2" name="securetransport.build"/>
2122
+ </fingerprint>
2123
+
1752
2124
  <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
1753
2125
  <description>EmWeb variants</description>
1754
2126
  <example>Agranat-EmWeb/R4_01</example>
@@ -1772,6 +2144,7 @@
1772
2144
  <param pos="0" name="service.product" value="EmWeb"/>
1773
2145
  <param pos="2" name="service.version"/>
1774
2146
  </fingerprint>
2147
+
1775
2148
  <fingerprint pattern="^NSC/\S+ \(JVM\)$">
1776
2149
  <description>Rapid7 NSC</description>
1777
2150
  <example>NSC/0.6.4 (JVM)</example>
@@ -1779,6 +2152,7 @@
1779
2152
  <param pos="0" name="service.product" value="Nexpose"/>
1780
2153
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1781
2154
  </fingerprint>
2155
+
1782
2156
  <fingerprint pattern="^Security Console$">
1783
2157
  <description>Rapid7 Nexpose Security Console</description>
1784
2158
  <example>Security Console</example>
@@ -1786,6 +2160,7 @@
1786
2160
  <param pos="0" name="service.product" value="Nexpose"/>
1787
2161
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1788
2162
  </fingerprint>
2163
+
1789
2164
  <fingerprint pattern="^Polycom SoundPoint IP Telephone HTTPd$">
1790
2165
  <description>Polycom Soundpoint IP Telephone</description>
1791
2166
  <example>Polycom SoundPoint IP Telephone HTTPd</example>
@@ -1795,23 +2170,21 @@
1795
2170
  <param pos="0" name="hw.family" value="SoundPoint"/>
1796
2171
  <param pos="0" name="hw.device" value="VoIP"/>
1797
2172
  </fingerprint>
2173
+
1798
2174
  <!-- 4D WebSTAR was aquired by Kerio but it seems that both
1799
2175
  Kerio and 4D have branched the product. The 4D banners
1800
2176
  use the new version scheme (just 2004 it would appear):
1801
-
1802
2177
  4D_WebStar_D/2004
1803
-
1804
2178
  whereas Kerio banners are:
1805
-
1806
2179
  4D_WebSTAR_S/5.3.2 (MacOS X)
1807
2180
  4D_WebStar_D/7.8
1808
2181
  4D_WebSTAR_S/5.4.1 (MacOS X)
1809
-
1810
2182
  WebSTAR/4.4 ID/72547
1811
2183
  WebSTAR/4.5(SSL) ID/82535
1812
2184
  WebSTAR NetCloak
1813
2185
  WebSTAR/4.5(SSL) ID/85282
1814
2186
  -->
2187
+
1815
2188
  <!--
1816
2189
  <fingerprint pattern="^4D_WebSTAR_S/2004$">
1817
2190
  <description>4D 4th Dimension 2004</description>
@@ -1822,6 +2195,7 @@
1822
2195
  <param pos="0" name="os.family" value="Windows"/>
1823
2196
  <param pos="0" name="os.product" value="Windows"/>
1824
2197
  </fingerprint>
2198
+
1825
2199
  <fingerprint pattern="^4D_WebSTAR_S/5.3.2 \(MacOS X\)$">
1826
2200
  <description>Kerio WebSTAR</description>
1827
2201
  <param pos="0" name="service.vendor" value="Kerio"/>
@@ -1832,7 +2206,9 @@
1832
2206
  <param pos="0" name="os.family" value="Windows"/>
1833
2207
  <param pos="0" name="os.product" value="Windows"/>
1834
2208
  </fingerprint>
2209
+
1835
2210
  -->
2211
+
1836
2212
  <fingerprint pattern="^SentinelProtectionServer/((?:\d+\.)*\d+)$">
1837
2213
  <description>Sentinel Protection Server - Embedded httpd in SafeNet's memory key dongles</description>
1838
2214
  <example service.version="7.1">SentinelProtectionServer/7.1</example>
@@ -1844,6 +2220,7 @@
1844
2220
  <param pos="0" name="service.family" value="Sentinel"/>
1845
2221
  <param pos="1" name="service.version"/>
1846
2222
  </fingerprint>
2223
+
1847
2224
  <fingerprint pattern="^SentinelKeysServer/((?:\d+\.)*\d+)$">
1848
2225
  <description>Sentinel Key Server - Embedded httpd in SafeNet's memory key dongles</description>
1849
2226
  <example service.version="1.3.1">SentinelKeysServer/1.3.1</example>
@@ -1854,6 +2231,7 @@
1854
2231
  <param pos="0" name="service.family" value="Sentinel"/>
1855
2232
  <param pos="1" name="service.version"/>
1856
2233
  </fingerprint>
2234
+
1857
2235
  <fingerprint pattern="^CherryPy/((?:\d+\.)*\d+)$">
1858
2236
  <description>Web server component of CherryPy web application framework.</description>
1859
2237
  <example>CherryPy/3.1.2</example>
@@ -1864,6 +2242,7 @@
1864
2242
  <param pos="1" name="service.version"/>
1865
2243
  <param pos="0" name="service.cpe23" value="cpe:/a:cherrypy:cherrypy:{service.version}"/>
1866
2244
  </fingerprint>
2245
+
1867
2246
  <fingerprint pattern="(?i)^TornadoServer/((?:\d+\.)*\d+)$">
1868
2247
  <description>Tornado Python web framework and asynchronous networking library.</description>
1869
2248
  <example>TornadoServer/4.0.2</example>
@@ -1873,6 +2252,7 @@
1873
2252
  <param pos="1" name="service.version"/>
1874
2253
  <param pos="0" name="service.cpe23" value="cpe:/a:tornadoweb:tornado:{service.version}"/>
1875
2254
  </fingerprint>
2255
+
1876
2256
  <fingerprint pattern="(?i)^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
1877
2257
  <description>SimpleHTTPRequestHandler Python class is a simple HTTP request handler.</description>
1878
2258
  <example>SimpleHTTP/0.6 Python/2.7.6</example>
@@ -1883,6 +2263,7 @@
1883
2263
  <param pos="1" name="service.version"/>
1884
2264
  <param pos="2" name="python.version"/>
1885
2265
  </fingerprint>
2266
+
1886
2267
  <fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
1887
2268
  <description>Apache variant for web access to HP printers.</description>
1888
2269
  <example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
@@ -1895,6 +2276,7 @@
1895
2276
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
1896
2277
  <param pos="2" name="apache.info"/>
1897
2278
  </fingerprint>
2279
+
1898
2280
  <fingerprint pattern="^HP Web Jetadmin ([\d\.]+)(?: \([^\)]+\))?$">
1899
2281
  <description>HP printers, perhaps Apache, but we can't say for sure</description>
1900
2282
  <example service.version="10.3.85669">HP Web Jetadmin 10.3.85669</example>
@@ -1904,6 +2286,19 @@
1904
2286
  <param pos="1" name="service.version"/>
1905
2287
  <param pos="0" name="service.cpe23" value="cpe:/a:hp:web_jetadmin:{service.version}"/>
1906
2288
  </fingerprint>
2289
+
2290
+ <fingerprint pattern="^KM-MFP-http/V([\d\.]+)$">
2291
+ <description>Kyocera Printers</description>
2292
+ <example service.version="0.0.1">KM-MFP-http/V0.0.1</example>
2293
+ <param pos="0" name="os.vendor" value="Kyocera"/>
2294
+ <param pos="0" name="os.device" value="Multifunction Device"/>
2295
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
2296
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
2297
+ <param pos="0" name="service.vendor" value="Kyocera"/>
2298
+ <param pos="0" name="service.product" value="KM-MFP-HTTP"/>
2299
+ <param pos="1" name="service.version"/>
2300
+ </fingerprint>
2301
+
1907
2302
  <fingerprint pattern="^Citrix Web PN Server$">
1908
2303
  <description>Citrix Web PN (Program Neighborhood) Server is an HTTP server used by Citrix products</description>
1909
2304
  <example>Citrix Web PN Server</example>
@@ -1911,6 +2306,7 @@
1911
2306
  <param pos="0" name="service.product" value="Web PN Server"/>
1912
2307
  <param pos="0" name="service.family" value="Web PN Server"/>
1913
2308
  </fingerprint>
2309
+
1914
2310
  <fingerprint pattern="^Lotus Expeditor Web Container/((?:\d+\.)*\d+)$">
1915
2311
  <description>Expeditor is a framework used by IBM in many products in the Lotus brand, such as Sametime and Notes.</description>
1916
2312
  <example>Lotus Expeditor Web Container/6.1</example>
@@ -1920,10 +2316,12 @@
1920
2316
  <param pos="0" name="service.family" value="Lotus Expeditor"/>
1921
2317
  <param pos="1" name="service.version"/>
1922
2318
  </fingerprint>
2319
+
1923
2320
  <!-- GoAhead software was acquired by Oracle in 2011. They later handed this
1924
2321
  off to (E)Mbedthis. Version 3.0 released in October 2012 appears to be
1925
2322
  the first version to fully be Mbedthis software.
1926
2323
  -->
2324
+
1927
2325
  <fingerprint pattern="^GoAhead-(?:Webs|http)$">
1928
2326
  <description>GoAhead-Webs - no version</description>
1929
2327
  <example>GoAhead-Webs</example>
@@ -1931,16 +2329,20 @@
1931
2329
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1932
2330
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1933
2331
  </fingerprint>
1934
- <fingerprint pattern="^GoAhead-(?:Webs|http)\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
2332
+
2333
+ <fingerprint pattern="(?i)^GoAhead(?:-Webs|-http)?\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
1935
2334
  <description>GoAhead-Webs - version</description>
1936
2335
  <example service.version="2.5.0">GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.4.2-OPEN</example>
2336
+ <example service.version="2.5.0">Goahead/2.5.0 PeerSec-MatrixSSL/3.2.1-OPEN</example>
1937
2337
  <example>GoAhead-Webs/2.5.0</example>
1938
2338
  <param pos="0" name="service.vendor" value="Oracle"/>
1939
2339
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1940
2340
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1941
2341
  <param pos="1" name="service.version"/>
1942
2342
  </fingerprint>
2343
+
1943
2344
  <!-- MBedthis changed its name/branding to Embedthis-->
2345
+
1944
2346
  <fingerprint pattern="^Mbedthis-App[Ww]eb/([\d.]+)$">
1945
2347
  <description>Mbedthis Appweb</description>
1946
2348
  <example service.version="2.4.0">Mbedthis-Appweb/2.4.0</example>
@@ -1952,6 +2354,7 @@
1952
2354
  <param pos="0" name="service.family" value="Appweb"/>
1953
2355
  <param pos="1" name="service.version"/>
1954
2356
  </fingerprint>
2357
+
1955
2358
  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
1956
2359
  <description>Embedthis AppWeb</description>
1957
2360
  <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
@@ -1963,6 +2366,7 @@
1963
2366
  <param pos="1" name="service.version"/>
1964
2367
  <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
1965
2368
  </fingerprint>
2369
+
1966
2370
  <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
1967
2371
  <description>Web server for Avaya Aura Communication Manager Branch, a SIP-based communications platform.</description>
1968
2372
  <example>Avaya CMBE/2.0.0</example>
@@ -1971,7 +2375,9 @@
1971
2375
  <param pos="0" name="service.product" value="Aura Communication Manager"/>
1972
2376
  <param pos="0" name="service.family" value="Aura"/>
1973
2377
  <param pos="1" name="service.version"/>
2378
+ <param pos="0" name="service.cpe23" value="cpe:/a:avaya:aura_communication_manager:{service.version}"/>
1974
2379
  </fingerprint>
2380
+
1975
2381
  <fingerprint pattern="^Rapid Logic/((?:\d+\.)*\d+)$">
1976
2382
  <description>Embedded web server by Rapid Logic, which was acquired by Wind River.</description>
1977
2383
  <example service.version="1.1">Rapid Logic/1.1</example>
@@ -1980,6 +2386,7 @@
1980
2386
  <param pos="0" name="service.product" value="Rapid Logic"/>
1981
2387
  <param pos="1" name="service.version"/>
1982
2388
  </fingerprint>
2389
+
1983
2390
  <fingerprint pattern="^WindRiver-WebServer/((?:\d+\.)*\d+)$">
1984
2391
  <description>Wind River HTTP server</description>
1985
2392
  <example service.version="4.4">WindRiver-WebServer/4.4</example>
@@ -1987,6 +2394,7 @@
1987
2394
  <param pos="0" name="service.product" value="WebServer"/>
1988
2395
  <param pos="1" name="service.version"/>
1989
2396
  </fingerprint>
2397
+
1990
2398
  <fingerprint pattern="^Sophos Email Appliance$">
1991
2399
  <description>Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
1992
2400
  <example>Sophos Email Appliance</example>
@@ -1995,6 +2403,7 @@
1995
2403
  <param pos="0" name="os.vendor" value="Sophos"/>
1996
2404
  <param pos="0" name="os.product" value="Email Appliance"/>
1997
2405
  </fingerprint>
2406
+
1998
2407
  <fingerprint pattern="^CUPS\/((?:\d\.)+\d+)(?:\s*IPP\/\d+\.\d+)?$">
1999
2408
  <description>Server for the CUPS web interface.</description>
2000
2409
  <example service.version="1.1">CUPS/1.1</example>
@@ -2005,6 +2414,7 @@
2005
2414
  <param pos="1" name="service.version"/>
2006
2415
  <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:{service.version}"/>
2007
2416
  </fingerprint>
2417
+
2008
2418
  <fingerprint pattern="^TwistedWeb/([\d.rc]+)$">
2009
2419
  <description>Twisted Matrix Labs - TwistedWeb</description>
2010
2420
  <example>TwistedWeb/2.5.0</example>
@@ -2015,6 +2425,7 @@
2015
2425
  <param pos="0" name="service.family" value="Twisted Web"/>
2016
2426
  <param pos="1" name="service.version"/>
2017
2427
  </fingerprint>
2428
+
2018
2429
  <fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
2019
2430
  <description>A small HTTP server</description>
2020
2431
  <example>mini_httpd/1.14 23jun2000</example>
@@ -2024,6 +2435,7 @@
2024
2435
  <param pos="0" name="service.family" value="mini_httpd"/>
2025
2436
  <param pos="1" name="service.version"/>
2026
2437
  </fingerprint>
2438
+
2027
2439
  <fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
2028
2440
  <description>A Ruby-based web server.</description>
2029
2441
  <example>thin 1.2.4 codename Flaming Astroboy</example>
@@ -2032,6 +2444,7 @@
2032
2444
  <param pos="0" name="service.family" value="Thin"/>
2033
2445
  <param pos="1" name="service.version"/>
2034
2446
  </fingerprint>
2447
+
2035
2448
  <fingerprint pattern="^Avocent DSView \d+/((?:\d+\.)*\d+)$">
2036
2449
  <description>Web server interface for controlling data centers.</description>
2037
2450
  <example>Avocent DSView 3/3.7.0.71</example>
@@ -2042,6 +2455,7 @@
2042
2455
  <param pos="1" name="service.version"/>
2043
2456
  <param pos="0" name="service.cpe23" value="cpe:/a:avocent:dsview:{service.version}"/>
2044
2457
  </fingerprint>
2458
+
2045
2459
  <fingerprint pattern="^Mongrel ((?:\d+\.)*\d+)$">
2046
2460
  <description>Ruby-based web server and HTTP library.</description>
2047
2461
  <example>Mongrel 1.1.5</example>
@@ -2050,6 +2464,7 @@
2050
2464
  <param pos="0" name="service.family" value="Mongrel"/>
2051
2465
  <param pos="1" name="service.version"/>
2052
2466
  </fingerprint>
2467
+
2053
2468
  <fingerprint pattern="^Microplex emHTTPD/((?:\d+\.)*\d+)$">
2054
2469
  <description>Embedded web server used by Microplex.</description>
2055
2470
  <example>Microplex emHTTPD/1.0</example>
@@ -2062,6 +2477,7 @@
2062
2477
  <param pos="0" name="os.vendor" value="Microplex"/>
2063
2478
  <param pos="0" name="os.device" value="Print server"/>
2064
2479
  </fingerprint>
2480
+
2065
2481
  <fingerprint pattern="^UPS_Server/((?:\d+\.)*\d+)$">
2066
2482
  <description>An embedded web server used for UPS management; primarily by Eaton, but also by APC.</description>
2067
2483
  <example>UPS_Server/1.0</example>
@@ -2073,6 +2489,7 @@
2073
2489
  <param pos="0" name="os.vendor" value="Eaton"/>
2074
2490
  <param pos="0" name="os.device" value="UPS"/>
2075
2491
  </fingerprint>
2492
+
2076
2493
  <fingerprint pattern="^JC-HTTPD/((?:\d+\.)*\d+)$">
2077
2494
  <description>An embedded web server, used notably by Oki and Kyocera in printers.</description>
2078
2495
  <example>JC-HTTPD/1.11.14</example>
@@ -2081,6 +2498,7 @@
2081
2498
  <param pos="0" name="service.family" value="JC-HTTPD"/>
2082
2499
  <param pos="1" name="service.version"/>
2083
2500
  </fingerprint>
2501
+
2084
2502
  <fingerprint pattern="^JC-SHTTPD/((?:\d+\.)*\d+)$">
2085
2503
  <description>An embedded web server.</description>
2086
2504
  <example>JC-SHTTPD/1.17.20</example>
@@ -2089,15 +2507,18 @@
2089
2507
  <param pos="0" name="service.family" value="JC-SHTTPD"/>
2090
2508
  <param pos="1" name="service.version"/>
2091
2509
  </fingerprint>
2092
- <fingerprint pattern="^Oracle XML DB/Oracle\S+ Enterprise Edition Release ((?:\d+\.)*\d+) - Production$">
2510
+
2511
+ <fingerprint pattern="^Oracle XML DB/Oracle\S+ (?:Enterprise Edition )?Release ((?:\d+\.)*\d+) - Production$">
2093
2512
  <description>Web server providing web services for Oracle's XML DB - with version string</description>
2094
- <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2513
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2095
2514
  <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9 - Production</example>
2515
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Release 9.2.0.1.0 - Production</example>
2096
2516
  <param pos="0" name="service.vendor" value="Oracle"/>
2097
2517
  <param pos="0" name="service.product" value="XML DB"/>
2098
2518
  <param pos="0" name="service.family" value="Oracle"/>
2099
2519
  <param pos="1" name="service.version"/>
2100
2520
  </fingerprint>
2521
+
2101
2522
  <fingerprint pattern="^Oracle XML DB/Oracle Database$">
2102
2523
  <description>Web server providing web services for Oracle's XML DB</description>
2103
2524
  <example>Oracle XML DB/Oracle Database</example>
@@ -2105,6 +2526,7 @@
2105
2526
  <param pos="0" name="service.product" value="XML DB"/>
2106
2527
  <param pos="0" name="service.family" value="Oracle"/>
2107
2528
  </fingerprint>
2529
+
2108
2530
  <fingerprint pattern="^sfcHttpd$">
2109
2531
  <description>Server for HTTP interface to sfcb, a lightweight CIM server</description>
2110
2532
  <example>sfcHttpd</example>
@@ -2112,6 +2534,7 @@
2112
2534
  <param pos="0" name="service.product" value="sfcb"/>
2113
2535
  <param pos="0" name="service.family" value="sfcb"/>
2114
2536
  </fingerprint>
2537
+
2115
2538
  <fingerprint pattern="^PanWeb Server/ -">
2116
2539
  <description>HTTP and HTTPS server found on Palo Alto Networks devices</description>
2117
2540
  <example>PanWeb Server/ -</example>
@@ -2122,6 +2545,7 @@
2122
2545
  <param pos="0" name="os.device" value="Firewall"/>
2123
2546
  <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
2124
2547
  </fingerprint>
2548
+
2125
2549
  <fingerprint pattern="^Ews/((?:\d+\.)*\d+)$">
2126
2550
  <description>IBM Network Printer Manager.</description>
2127
2551
  <example>Ews/0.1</example>
@@ -2131,16 +2555,23 @@
2131
2555
  <param pos="0" name="service.family" value="Network Printer Manager"/>
2132
2556
  <param pos="1" name="service.version"/>
2133
2557
  </fingerprint>
2558
+
2134
2559
  <!-- NOTE: '$ProjectRevision: {some version string} $' has been seen in a
2135
2560
  variety of products including printers, PDUs, etc.
2136
2561
  -->
2137
- <fingerprint pattern="^\$ProjectRevision: 4.0.2.38 \$$">
2138
- <description>This banner is seen on some HP LaserJet printers.</description>
2562
+
2563
+ <fingerprint pattern="^\$ProjectRevision:[\s\w:]* ([\d\.]+) \$$">
2564
+ <description>This banner is used to see if devices have Treck TCP/IP</description>
2139
2565
  <example>$ProjectRevision: 4.0.2.38 $</example>
2140
- <param pos="0" name="os.vendor" value="HP"/>
2141
- <param pos="0" name="os.device" value="Printer"/>
2142
- <param pos="0" name="os.family" value="LaserJet"/>
2566
+ <example>$ProjectRevision: 4.2 $</example>
2567
+ <example>$ProjectRevision: 6.0.1.5 $</example>
2568
+ <example>$ProjectRevision: Last Checkpoint: 4.2.2.13 $</example>
2569
+ <param pos="0" name="service.vendor" value="Treck"/>
2570
+ <param pos="0" name="service.product" value="TCP/IP"/>
2571
+ <param pos="1" name="service.version"/>
2572
+ <param pos="0" name="service.cpe23" value="cpe:/a:treck:tcp\/ip:{service.version}"/>
2143
2573
  </fingerprint>
2574
+
2144
2575
  <fingerprint pattern="^WEBrick/([\d\.]+) .*$">
2145
2576
  <description>WEBrick default setup</description>
2146
2577
  <example>WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
@@ -2148,12 +2579,14 @@
2148
2579
  <param pos="0" name="service.product" value="WEBrick"/>
2149
2580
  <param pos="1" name="service.version"/>
2150
2581
  </fingerprint>
2582
+
2151
2583
  <fingerprint pattern="^Aspen/(\S+)">
2152
2584
  <description>Aspen web server</description>
2153
2585
  <example service.version="0.8">Aspen/0.8</example>
2154
2586
  <param pos="0" name="service.product" value="Aspen"/>
2155
2587
  <param pos="1" name="service.version"/>
2156
2588
  </fingerprint>
2589
+
2157
2590
  <fingerprint pattern="^Boa/([\d\.]+\S*)">
2158
2591
  <description>Boa web server</description>
2159
2592
  <example service.version="0.94.14rc21">Boa/0.94.14rc21</example>
@@ -2164,7 +2597,9 @@
2164
2597
  <param pos="0" name="service.product" value="Boa"/>
2165
2598
  <param pos="1" name="service.version"/>
2166
2599
  </fingerprint>
2600
+
2167
2601
  <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
2602
+
2168
2603
  <fingerprint pattern="^Cross Web Server$">
2169
2604
  <description>Web server found on DVR and webcam servers sourced from HiSilicon</description>
2170
2605
  <example>Cross Web Server</example>
@@ -2174,7 +2609,9 @@
2174
2609
  <param pos="0" name="os.device" value="DVR"/>
2175
2610
  <param pos="0" name="hw.device" value="DVR"/>
2176
2611
  </fingerprint>
2612
+
2177
2613
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
2614
+
2178
2615
  <fingerprint pattern="^(?:Hikvision|DNVRS|DVRDVS)-Webs$">
2179
2616
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
2180
2617
  <example>Hikvision-Webs</example>
@@ -2184,8 +2621,10 @@
2184
2621
  <param pos="0" name="service.product" value="Hikvision Web Server"/>
2185
2622
  <param pos="0" name="os.vendor" value="Hikvision"/>
2186
2623
  <param pos="0" name="os.device" value="DVR"/>
2624
+ <param pos="0" name="hw.vendor" value="Hikvision"/>
2187
2625
  <param pos="0" name="hw.device" value="DVR"/>
2188
2626
  </fingerprint>
2627
+
2189
2628
  <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
2190
2629
  <description>Web server found on ARRIS cable modems</description>
2191
2630
  <example>NET-DK/1.0</example>
@@ -2198,12 +2637,14 @@
2198
2637
  <param pos="0" name="hw.vendor" value="ARRIS"/>
2199
2638
  <param pos="0" name="hw.device" value="Cable Modem"/>
2200
2639
  </fingerprint>
2640
+
2201
2641
  <fingerprint pattern="^2wire Gateway$">
2202
2642
  <description>Web server found on some Arris/2wire devices</description>
2203
2643
  <example>2wire Gateway</example>
2204
2644
  <param pos="0" name="service.vendor" value="ARRIS"/>
2205
2645
  <param pos="0" name="service.product" value="2wire"/>
2206
2646
  </fingerprint>
2647
+
2207
2648
  <!-- junit says,
2208
2649
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
2209
2650
  Figure out if we have a way to support matching empty strings later.
@@ -2211,20 +2652,26 @@
2211
2652
  <example></example>
2212
2653
  <description>A blank banner; assert nothing.</description>
2213
2654
  </fingerprint>
2655
+
2214
2656
  -->
2657
+
2215
2658
  <fingerprint pattern="^(?:(?:\d+.){3}\d+):\d{1,4}$">
2216
2659
  <description>A banner consisting of an IP address and port -- assert nothing.</description>
2217
2660
  <example>192.168.0.4:9999</example>
2218
2661
  </fingerprint>
2662
+
2219
2663
  <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
2220
2664
  <description>Obfuscated web server -- assert nothing.</description>
2221
2665
  <example>Web-Server/3.0</example>
2222
2666
  </fingerprint>
2667
+
2223
2668
  <fingerprint pattern="^httpd$">
2224
2669
  <description>httpd - generic -- assert nothing.</description>
2225
2670
  <example>httpd</example>
2226
2671
  </fingerprint>
2672
+
2227
2673
  <!-- Service provider equipment (CDNs, etc) -->
2674
+
2228
2675
  <fingerprint pattern="^AkamaiGHost$">
2229
2676
  <description>Akamai Global Host</description>
2230
2677
  <example>AkamaiGHost</example>
@@ -2233,6 +2680,7 @@
2233
2680
  <param pos="0" name="os.vendor" value="Akamai"/>
2234
2681
  <param pos="0" name="os.device" value="Web proxy"/>
2235
2682
  </fingerprint>
2683
+
2236
2684
  <fingerprint pattern="^gws$">
2237
2685
  <description>Google Web Services</description>
2238
2686
  <example>gws</example>
@@ -2240,6 +2688,7 @@
2240
2688
  <param pos="0" name="service.product" value="Google Web Services"/>
2241
2689
  <param pos="0" name="service.family" value="Google Web Server"/>
2242
2690
  </fingerprint>
2691
+
2243
2692
  <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
2244
2693
  <description>Google Front End for apps running on Google services.</description>
2245
2694
  <example>GFE/1.3</example>
@@ -2249,6 +2698,7 @@
2249
2698
  <param pos="0" name="service.family" value="Google Web Server"/>
2250
2699
  <param pos="1" name="service.version"/>
2251
2700
  </fingerprint>
2701
+
2252
2702
  <fingerprint pattern="^CloudFront$">
2253
2703
  <description>Amazon CloudFront web load balancer endpoint</description>
2254
2704
  <example>CloudFront</example>
@@ -2256,30 +2706,35 @@
2256
2706
  <param pos="0" name="service.product" value="CloudFront Load Balancer"/>
2257
2707
  <param pos="0" name="service.family" value="CloudFront"/>
2258
2708
  </fingerprint>
2709
+
2259
2710
  <fingerprint pattern="^Amazon-Cloud-Drive$">
2260
2711
  <description>Amazon Cloud Drive / Drive</description>
2261
2712
  <example>Amazon-Cloud-Drive</example>
2262
2713
  <param pos="0" name="service.vendor" value="Amazon"/>
2263
2714
  <param pos="0" name="service.product" value="Drive"/>
2264
2715
  </fingerprint>
2716
+
2265
2717
  <fingerprint pattern="^AmazonS3$">
2266
2718
  <description>Amazon S3 (Simple Cloud Storage Service)</description>
2267
2719
  <example>AmazonS3</example>
2268
2720
  <param pos="0" name="service.vendor" value="Amazon"/>
2269
2721
  <param pos="0" name="service.product" value="S3"/>
2270
2722
  </fingerprint>
2723
+
2271
2724
  <fingerprint pattern="^Amazon SimpleDB$">
2272
2725
  <description>Amazon SimpleDB / Simple Database Service</description>
2273
2726
  <example>Amazon SimpleDB</example>
2274
2727
  <param pos="0" name="service.vendor" value="Amazon"/>
2275
2728
  <param pos="0" name="service.product" value="SimpleDB"/>
2276
2729
  </fingerprint>
2730
+
2277
2731
  <fingerprint pattern="^AmazonSnowball$">
2278
2732
  <description>Amazon Snowball</description>
2279
2733
  <example>AmazonSnowball</example>
2280
2734
  <param pos="0" name="service.vendor" value="Amazon"/>
2281
2735
  <param pos="0" name="service.product" value="Snowball"/>
2282
2736
  </fingerprint>
2737
+
2283
2738
  <fingerprint pattern="^awselb/([\d.rc]+)$">
2284
2739
  <description>Amazon Elastic Load Balancing</description>
2285
2740
  <example service.version="2.0">awselb/2.0</example>
@@ -2287,6 +2742,7 @@
2287
2742
  <param pos="0" name="service.family" value="Elastic Load Balancing"/>
2288
2743
  <param pos="1" name="service.version"/>
2289
2744
  </fingerprint>
2745
+
2290
2746
  <fingerprint pattern="^cloudflare(?:-nginx)?$">
2291
2747
  <description>CloudFlare web load balancer endpoint</description>
2292
2748
  <example>cloudflare-nginx</example>
@@ -2295,13 +2751,16 @@
2295
2751
  <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
2296
2752
  <param pos="0" name="service.family" value="CloudFlare"/>
2297
2753
  </fingerprint>
2754
+
2298
2755
  <fingerprint pattern="^gSOAP/([\d\.]+)$">
2299
2756
  <description>gSOAP</description>
2300
2757
  <example service.version="2.7">gSOAP/2.7</example>
2301
2758
  <param pos="0" name="service.product" value="gSOAP"/>
2302
2759
  <param pos="1" name="service.version"/>
2303
2760
  </fingerprint>
2761
+
2304
2762
  <!-- Apple QuickTime streaming server -->
2763
+
2305
2764
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Panther">
2306
2765
  <description>QTSS on OS X 10.3</description>
2307
2766
  <example service.version="5.0">QTSS/5.0 (Build/452; Platform/MacOSX; Release/Panther; )</example>
@@ -2314,6 +2773,7 @@
2314
2773
  <param pos="0" name="service.product" value="QTSS"/>
2315
2774
  <param pos="1" name="service.version"/>
2316
2775
  </fingerprint>
2776
+
2317
2777
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Mac OS X">
2318
2778
  <description>QTSS OS X</description>
2319
2779
  <example service.version="6.1.0">QTSS/6.1.0 (Build/532; Platform/MacOSX; Release/Mac OS X Server; )</example>
@@ -2324,13 +2784,25 @@
2324
2784
  <param pos="0" name="service.product" value="QTSS"/>
2325
2785
  <param pos="1" name="service.version"/>
2326
2786
  </fingerprint>
2787
+
2327
2788
  <fingerprint pattern="^SEPM$">
2328
2789
  <description>Symantec Endpoint Protection Manager</description>
2329
2790
  <example>SEPM</example>
2330
2791
  <param pos="0" name="service.vendor" value="Symantec"/>
2331
- <param pos="0" name="service.product" value="Symantec Endpoint Protection Manager"/>
2332
- <param pos="0" name="service.family" value="Symantec Endpoint Protection Manager"/>
2792
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2793
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2794
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2333
2795
  </fingerprint>
2796
+
2797
+ <fingerprint pattern="^Symantec Endpoint Protection Manager$">
2798
+ <description>Symantec Endpoint Protection Manager - long variant</description>
2799
+ <example>Symantec Endpoint Protection Manager</example>
2800
+ <param pos="0" name="service.vendor" value="Symantec"/>
2801
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2802
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2803
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2804
+ </fingerprint>
2805
+
2334
2806
  <fingerprint pattern="^Intel\(R\) Active Management Technology\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2335
2807
  <description>Intel(R) Active Management Technology (AMT) with a version</description>
2336
2808
  <example service.version="7.1.86">Intel(R) Active Management Technology 7.1.86</example>
@@ -2339,6 +2811,7 @@
2339
2811
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2340
2812
  <param pos="1" name="service.version"/>
2341
2813
  </fingerprint>
2814
+
2342
2815
  <fingerprint pattern="^(?:AMT|Intel\(R\) Active Management Technology)$">
2343
2816
  <description>Intel(R) Active Management Technology (AMT) without a version</description>
2344
2817
  <example>AMT</example>
@@ -2347,6 +2820,7 @@
2347
2820
  <param pos="0" name="service.product" value="Intel(R) Active Management Technology"/>
2348
2821
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2349
2822
  </fingerprint>
2823
+
2350
2824
  <fingerprint pattern="^Intel\(R\) Standard Manageability\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2351
2825
  <description>Intel(R) Standard Manageability</description>
2352
2826
  <example service.version="5.0.50">Intel(R) Standard Manageability 5.0.50</example>
@@ -2356,6 +2830,7 @@
2356
2830
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2357
2831
  <param pos="1" name="service.version"/>
2358
2832
  </fingerprint>
2833
+
2359
2834
  <fingerprint pattern="^Sunny WebBox$">
2360
2835
  <description>Sunny WebBox</description>
2361
2836
  <example>Sunny WebBox</example>
@@ -2370,6 +2845,7 @@
2370
2845
  <param pos="0" name="os.product" value="Windows CE"/>
2371
2846
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
2372
2847
  </fingerprint>
2848
+
2373
2849
  <fingerprint pattern="^EnergyICT RTU \d+-\w+-\d+$">
2374
2850
  <description>EnergyICT RTU</description>
2375
2851
  <example>EnergyICT RTU 101-F25CE1-1524</example>
@@ -2377,6 +2853,7 @@
2377
2853
  <param pos="0" name="hw.product" value="RTU"/>
2378
2854
  <param pos="0" name="hw.device" value="Power device"/>
2379
2855
  </fingerprint>
2856
+
2380
2857
  <fingerprint pattern="^AV-TECH AV787 Video Web Server$">
2381
2858
  <description>AV-TECH AVC787 Video Web Server</description>
2382
2859
  <example>AV-TECH AV787 Video Web Server</example>
@@ -2387,11 +2864,13 @@
2387
2864
  <param pos="0" name="hw.product" value="AVC787"/>
2388
2865
  <param pos="0" name="hw.device" value="DVR"/>
2389
2866
  </fingerprint>
2867
+
2390
2868
  <fingerprint pattern="^Splunkd$">
2391
2869
  <description>Splunk HTTP server used in the web interface, forwarders, indexers and more</description>
2392
2870
  <example>Splunkd</example>
2393
2871
  <param pos="0" name="service.vendor" value="Splunk"/>
2394
2872
  </fingerprint>
2873
+
2395
2874
  <fingerprint pattern="^tivo-httpd-\S+$">
2396
2875
  <description>Tivo DVR</description>
2397
2876
  <example>tivo-httpd-1:20.7.4.RC35-D18-6:D18</example>
@@ -2399,6 +2878,7 @@
2399
2878
  <param pos="0" name="hw.family" value="DVR"/>
2400
2879
  <param pos="0" name="hw.device" value="DVR"/>
2401
2880
  </fingerprint>
2881
+
2402
2882
  <fingerprint pattern="^OpenTV/([\d\.]+)$">
2403
2883
  <description>OpenTV</description>
2404
2884
  <example os.version="5.40">OpenTV/5.40</example>
@@ -2408,7 +2888,28 @@
2408
2888
  <param pos="1" name="os.version"/>
2409
2889
  <param pos="0" name="hw.device" value="DVR"/>
2410
2890
  </fingerprint>
2891
+
2892
+ <fingerprint pattern="^kong/([\d.]+)$">
2893
+ <description>Kong Gateway</description>
2894
+ <example service.version="1.2.1">kong/1.2.1</example>
2895
+ <param pos="0" name="service.vendor" value="Kong"/>
2896
+ <param pos="0" name="service.family" value="Gateway"/>
2897
+ <param pos="0" name="service.product" value="Gateway"/>
2898
+ <param pos="1" name="service.version"/>
2899
+ </fingerprint>
2900
+
2901
+ <fingerprint pattern="^kong/([\d.-]+)-enterprise-edition$">
2902
+ <description>Kong Gateway - Enterprise Edition</description>
2903
+ <example service.version="0.30">kong/0.30-enterprise-edition</example>
2904
+ <example service.version="0.35-1">kong/0.35-1-enterprise-edition</example>
2905
+ <param pos="0" name="service.vendor" value="Kong"/>
2906
+ <param pos="0" name="service.family" value="Gateway"/>
2907
+ <param pos="0" name="service.product" value="Gateway"/>
2908
+ <param pos="1" name="service.version"/>
2909
+ </fingerprint>
2910
+
2411
2911
  <!-- Tridium previously had a product with the 'Niagra' spelling -->
2912
+
2412
2913
  <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
2413
2914
  <description>Tridium Niagara AX Framework</description>
2414
2915
  <example service.version="3.8.111">Niagara Web Server/3.8.111</example>
@@ -2417,6 +2918,7 @@
2417
2918
  <param pos="0" name="service.product" value="Niagara AX"/>
2418
2919
  <param pos="1" name="service.version"/>
2419
2920
  </fingerprint>
2921
+
2420
2922
  <fingerprint pattern="^Microsoft WinCE Fidelix v([\d.]+)$">
2421
2923
  <description>Fidelix Industrial Control Web Server</description>
2422
2924
  <example service.version="11.50.29">Microsoft WinCE Fidelix v11.50.29</example>
@@ -2431,12 +2933,14 @@
2431
2933
  <param pos="0" name="hw.vendor" value="Fidelix"/>
2432
2934
  <param pos="0" name="hw.device" value="Industrial Control"/>
2433
2935
  </fingerprint>
2936
+
2434
2937
  <fingerprint pattern="^chainpoint-node$">
2435
2938
  <description>Chainpoint Node</description>
2436
2939
  <example>chainpoint-node</example>
2437
2940
  <param pos="0" name="service.vendor" value="Chainpoint"/>
2438
2941
  <param pos="0" name="service.product" value="Node"/>
2439
2942
  </fingerprint>
2943
+
2440
2944
  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
2441
2945
  <description>AVM FRITZ! devices of various types</description>
2442
2946
  <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
@@ -2446,6 +2950,7 @@
2446
2950
  <param pos="3" name="os.version"/>
2447
2951
  <param pos="1" name="host.name"/>
2448
2952
  </fingerprint>
2953
+
2449
2954
  <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
2450
2955
  <description>Linux MiniUPnPd UPnP Server</description>
2451
2956
  <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
@@ -2458,6 +2963,7 @@
2458
2963
  <param pos="1" name="os.version"/>
2459
2964
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2460
2965
  </fingerprint>
2966
+
2461
2967
  <fingerprint pattern="^Tomato UPnP/\S+ MiniUPnPd/(\S+)$">
2462
2968
  <description>Tomato UPnP Server</description>
2463
2969
  <example>Tomato UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2466,6 +2972,7 @@
2466
2972
  <param pos="0" name="service.product" value="MiniUPnP"/>
2467
2973
  <param pos="1" name="service.version"/>
2468
2974
  </fingerprint>
2975
+
2469
2976
  <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/(\S+)$">
2470
2977
  <description>Asus WAP UPnP Server</description>
2471
2978
  <example>RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2475,6 +2982,7 @@
2475
2982
  <param pos="1" name="os.product"/>
2476
2983
  <param pos="0" name="os.device" value="WAP"/>
2477
2984
  </fingerprint>
2985
+
2478
2986
  <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2479
2987
  <description>DrayTek Vigor router UPnP Server</description>
2480
2988
  <example hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
@@ -2485,12 +2993,14 @@
2485
2993
  <param pos="1" name="hw.model"/>
2486
2994
  <param pos="0" name="hw.device" value="Router"/>
2487
2995
  </fingerprint>
2996
+
2488
2997
  <fingerprint pattern="(?i)Linux UPnP/\d\.\d Huawei-ATP-IGD$">
2489
2998
  <description>Huawei Echolife / Home Gateway (and possibly other) devices with UPnP</description>
2490
2999
  <example>Linux UPnP/1.0 Huawei-ATP-IGD</example>
2491
3000
  <param pos="0" name="hw.vendor" value="Huawei"/>
2492
3001
  <param pos="0" name="hw.device" value="Broadband router"/>
2493
3002
  </fingerprint>
3003
+
2494
3004
  <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/(\S+)$">
2495
3005
  <description>OpenWRT Kamikaze WAP UPnP Server</description>
2496
3006
  <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
@@ -2503,6 +3013,7 @@
2503
3013
  <param pos="0" name="os.product" value="Kamikaze"/>
2504
3014
  <param pos="0" name="os.device" value="WAP"/>
2505
3015
  </fingerprint>
3016
+
2506
3017
  <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/(\S+)$">
2507
3018
  <description>Netgear DG834G or WNDR3300 WAP UPnP Server</description>
2508
3019
  <example>Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
@@ -2511,6 +3022,7 @@
2511
3022
  <param pos="0" name="os.vendor" value="Netgear"/>
2512
3023
  <param pos="0" name="os.device" value="WAP"/>
2513
3024
  </fingerprint>
3025
+
2514
3026
  <fingerprint pattern="^[^/]+/(\S+) DLNADOC/\S+ UPnP/\S+ MiniDLNA/(\S+)$">
2515
3027
  <description>DLNADOC UPnP Server</description>
2516
3028
  <example>Debian/4.0r8 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0</example>
@@ -2523,6 +3035,7 @@
2523
3035
  <param pos="1" name="os.version"/>
2524
3036
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2525
3037
  </fingerprint>
3038
+
2526
3039
  <fingerprint pattern="(?i)^Debian\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2527
3040
  <description>miniupnpd on a Debian variant</description>
2528
3041
  <example os.version="wheezy/sid" service.version="1.8">Debian/wheezy/sid UPnP/1.1 MiniUPnPd/1.8</example>
@@ -2535,6 +3048,7 @@
2535
3048
  <param pos="1" name="os.version"/>
2536
3049
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
2537
3050
  </fingerprint>
3051
+
2538
3052
  <fingerprint pattern="(?i)^Fedora(?:Core)?\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2539
3053
  <description>miniupnpd on a Fedora variant</description>
2540
3054
  <example os.version="10" service.version="1.4">Fedora/10 UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2548,6 +3062,7 @@
2548
3062
  <param pos="1" name="os.version"/>
2549
3063
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
2550
3064
  </fingerprint>
3065
+
2551
3066
  <fingerprint pattern="(?i)^Ubuntu\/([\d\.]+) UPnP/\S+ MiniUPnPd/(\S+)$">
2552
3067
  <description>miniupnpd on an Ubuntu variant</description>
2553
3068
  <example os.version="10.04" service.version="1.0">Ubuntu/10.04 UPnP/1.0 miniupnpd/1.0</example>
@@ -2561,6 +3076,7 @@
2561
3076
  <param pos="1" name="os.version"/>
2562
3077
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
2563
3078
  </fingerprint>
3079
+
2564
3080
  <fingerprint pattern="(?i)^Ubuntu\/bionic UPnP/\S+ MiniUPnPd/(\S+)$">
2565
3081
  <description>miniupnpd on an Ubuntu bionic/18.04</description>
2566
3082
  <example os.version="18.04" service.version="1.4">Ubuntu/bionic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2571,6 +3087,7 @@
2571
3087
  <param pos="0" name="os.version" value="18.04"/>
2572
3088
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
2573
3089
  </fingerprint>
3090
+
2574
3091
  <fingerprint pattern="(?i)^Ubuntu\/yakkety UPnP/\S+ MiniUPnPd/(\S+)$">
2575
3092
  <description>miniupnpd on an Ubuntu yakkety/16.10</description>
2576
3093
  <example os.version="16.10" service.version="1.4">Ubuntu/yakkety UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2581,6 +3098,7 @@
2581
3098
  <param pos="0" name="os.version" value="16.10"/>
2582
3099
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.10"/>
2583
3100
  </fingerprint>
3101
+
2584
3102
  <fingerprint pattern="(?i)^Ubuntu\/xenial UPnP/\S+ MiniUPnPd/(\S+)$">
2585
3103
  <description>miniupnpd on an Ubuntu xenial/16.04</description>
2586
3104
  <example os.version="16.04" service.version="1.4">Ubuntu/xenial UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2591,6 +3109,7 @@
2591
3109
  <param pos="0" name="os.version" value="16.04"/>
2592
3110
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.04"/>
2593
3111
  </fingerprint>
3112
+
2594
3113
  <fingerprint pattern="(?i)^Ubuntu\/utopic UPnP/\S+ MiniUPnPd/(\S+)$">
2595
3114
  <description>miniupnpd on an Ubuntu utopic/14.10</description>
2596
3115
  <example os.version="14.10" service.version="1.4">Ubuntu/utopic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2601,6 +3120,7 @@
2601
3120
  <param pos="0" name="os.version" value="14.10"/>
2602
3121
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
2603
3122
  </fingerprint>
3123
+
2604
3124
  <fingerprint pattern="(?i)^Ubuntu\/trusty UPnP/\S+ MiniUPnPd/(\S+)$">
2605
3125
  <description>miniupnpd on an Ubuntu trusty/14.04</description>
2606
3126
  <example os.version="14.04" service.version="1.4">Ubuntu/trusty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2611,6 +3131,7 @@
2611
3131
  <param pos="0" name="os.version" value="14.04"/>
2612
3132
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.04"/>
2613
3133
  </fingerprint>
3134
+
2614
3135
  <fingerprint pattern="(?i)^Ubuntu\/saucy UPnP/\S+ MiniUPnPd/(\S+)$">
2615
3136
  <description>miniupnpd on an Ubuntu saucy/13.10</description>
2616
3137
  <example os.version="13.10" service.version="1.4">Ubuntu/saucy UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2621,6 +3142,7 @@
2621
3142
  <param pos="0" name="os.version" value="13.10"/>
2622
3143
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.10"/>
2623
3144
  </fingerprint>
3145
+
2624
3146
  <fingerprint pattern="(?i)^Ubuntu\/raring UPnP/\S+ MiniUPnPd/(\S+)$">
2625
3147
  <description>miniupnpd on an Ubuntu raring/13.04</description>
2626
3148
  <example os.version="13.04" service.version="1.4">Ubuntu/raring UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2631,6 +3153,7 @@
2631
3153
  <param pos="0" name="os.version" value="13.04"/>
2632
3154
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
2633
3155
  </fingerprint>
3156
+
2634
3157
  <fingerprint pattern="(?i)^Ubuntu\/quantal UPnP/\S+ MiniUPnPd/(\S+)$">
2635
3158
  <description>miniupnpd on an Ubuntu quantal/12.10</description>
2636
3159
  <example os.version="12.10" service.version="1.4">Ubuntu/quantal UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2641,6 +3164,7 @@
2641
3164
  <param pos="0" name="os.version" value="12.10"/>
2642
3165
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.10"/>
2643
3166
  </fingerprint>
3167
+
2644
3168
  <fingerprint pattern="(?i)^Ubuntu\/precise UPnP/\S+ MiniUPnPd/(\S+)$">
2645
3169
  <description>miniupnpd on an Ubuntu precise/12.04</description>
2646
3170
  <example os.version="12.04" service.version="1.4">Ubuntu/precise UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2651,6 +3175,7 @@
2651
3175
  <param pos="0" name="os.version" value="12.04"/>
2652
3176
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.04"/>
2653
3177
  </fingerprint>
3178
+
2654
3179
  <fingerprint pattern="(?i)^Ubuntu\/oneiric UPnP/\S+ MiniUPnPd/(\S+)$">
2655
3180
  <description>miniupnpd on an Ubuntu oneiric/11.10</description>
2656
3181
  <example os.version="11.10" service.version="1.4">Ubuntu/oneiric UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2661,6 +3186,7 @@
2661
3186
  <param pos="0" name="os.version" value="11.10"/>
2662
3187
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.10"/>
2663
3188
  </fingerprint>
3189
+
2664
3190
  <fingerprint pattern="(?i)^Ubuntu\/natty UPnP/\S+ MiniUPnPd/(\S+)$">
2665
3191
  <description>miniupnpd on an Ubuntu natty/11.04</description>
2666
3192
  <example os.version="11.04" service.version="1.4">Ubuntu/natty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2671,6 +3197,7 @@
2671
3197
  <param pos="0" name="os.version" value="11.04"/>
2672
3198
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.04"/>
2673
3199
  </fingerprint>
3200
+
2674
3201
  <fingerprint pattern="(?i)^Ubuntu\/maverick UPnP/\S+ MiniUPnPd/(\S+)$">
2675
3202
  <description>miniupnpd on an Ubuntu maverick/10.10</description>
2676
3203
  <example os.version="10.10" service.version="1.4">Ubuntu/maverick UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2681,6 +3208,7 @@
2681
3208
  <param pos="0" name="os.version" value="10.10"/>
2682
3209
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.10"/>
2683
3210
  </fingerprint>
3211
+
2684
3212
  <fingerprint pattern="(?i)^Ubuntu\/lucid UPnP/\S+ MiniUPnPd/(\S+)$">
2685
3213
  <description>miniupnpd on an Ubuntu lucid/10.04</description>
2686
3214
  <example os.version="10.04" service.version="1.4">Ubuntu/lucid UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2691,6 +3219,7 @@
2691
3219
  <param pos="0" name="os.version" value="10.04"/>
2692
3220
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
2693
3221
  </fingerprint>
3222
+
2694
3223
  <fingerprint pattern="(?i)^Ubuntu\/karmic UPnP/\S+ MiniUPnPd/(\S+)$">
2695
3224
  <description>miniupnpd on an Ubuntu karmic/9.10</description>
2696
3225
  <example os.version="9.10" service.version="1.4">Ubuntu/karmic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2701,6 +3230,7 @@
2701
3230
  <param pos="0" name="os.version" value="9.10"/>
2702
3231
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.10"/>
2703
3232
  </fingerprint>
3233
+
2704
3234
  <fingerprint pattern="(?i)^Ubuntu\/jaunty UPnP/\S+ MiniUPnPd/(\S+)$">
2705
3235
  <description>miniupnpd on an Ubuntu jaunty/9.04</description>
2706
3236
  <example os.version="9.04" service.version="1.4">Ubuntu/jaunty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2711,6 +3241,7 @@
2711
3241
  <param pos="0" name="os.version" value="9.04"/>
2712
3242
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.04"/>
2713
3243
  </fingerprint>
3244
+
2714
3245
  <fingerprint pattern="(?i)^Ubuntu\/hardy UPnP/\S+ MiniUPnPd/(\S+)$">
2715
3246
  <description>miniupnpd on an Ubuntu hardy/8.04</description>
2716
3247
  <example os.version="8.04" service.version="1.4">Ubuntu/hardy UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2721,6 +3252,7 @@
2721
3252
  <param pos="0" name="os.version" value="8.04"/>
2722
3253
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:8.04"/>
2723
3254
  </fingerprint>
3255
+
2724
3256
  <fingerprint pattern="(?i)^Linux Mips (\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2725
3257
  <description>Linux MIPS UPnP Server</description>
2726
3258
  <example>Linux Mips 2.4.20 UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2731,16 +3263,18 @@
2731
3263
  <param pos="1" name="os.version"/>
2732
3264
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2733
3265
  </fingerprint>
3266
+
2734
3267
  <fingerprint pattern="(?i)^SmoothWall Express/(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2735
3268
  <description>Smoothwall Express UPnP Server</description>
2736
3269
  <example os.version="3.0" service.version="1.0">SmoothWall Express/3.0 UPnP/1.0 miniupnpd/1.0</example>
2737
- <param pos="0" name="os.vendor" value="Smoothwall"/>
2738
- <param pos="0" name="os.product" value="Smoothwall"/>
3270
+ <param pos="0" name="os.vendor" value="SmoothWall"/>
3271
+ <param pos="0" name="os.product" value="SmoothWall"/>
2739
3272
  <param pos="1" name="os.version"/>
2740
3273
  <param pos="0" name="os.cpe23" value="cpe:/o:smoothwall:smoothwall:{os.version}"/>
2741
3274
  <param pos="0" name="service.product" value="MiniUPnP"/>
2742
3275
  <param pos="2" name="service.version"/>
2743
3276
  </fingerprint>
3277
+
2744
3278
  <fingerprint pattern="^(\S+) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
2745
3279
  <description>TVersity Media Server UPnP Server with Service Pack</description>
2746
3280
  <example>5.2.3790 2/Service Pack 1, UPnP/1.0, TVersity Media Server</example>
@@ -2749,6 +3283,7 @@
2749
3283
  <param pos="0" name="service.product" value="Media Server"/>
2750
3284
  <param pos="1" name="service.version"/>
2751
3285
  </fingerprint>
3286
+
2752
3287
  <fingerprint pattern="^(\S+) 2/, UPnP/\S+, TVersity Media Server$">
2753
3288
  <description>TVersity Media Server UPnP Server</description>
2754
3289
  <example>6.2.8400 2/, UPnP/1.0, TVersity Media Server</example>
@@ -2759,6 +3294,7 @@
2759
3294
  <param pos="0" name="service.product" value="Media Server"/>
2760
3295
  <param pos="1" name="service.version"/>
2761
3296
  </fingerprint>
3297
+
2762
3298
  <fingerprint pattern="^LINUX/([\d\.]+) UPnP/[\d\.]+ BRCM400/([\d\.]+)$">
2763
3299
  <description>Belkin/Linksys BRCM400 Wireless Router UPnP Server</description>
2764
3300
  <example>LINUX/2.4 UPnP/1.0 BRCM400/1.0</example>
@@ -2770,6 +3306,7 @@
2770
3306
  <param pos="1" name="os.version"/>
2771
3307
  <param pos="0" name="os.device" value="Router"/>
2772
3308
  </fingerprint>
3309
+
2773
3310
  <fingerprint pattern="^Linux-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2774
3311
  <description>PlayStation3 Media Server UPnP Server - linux</description>
2775
3312
  <example>Linux-amd64-2.6.18-238.9.1.el5, UPnP/1.0, PMS/1.52.1</example>
@@ -2782,6 +3319,7 @@
2782
3319
  <param pos="1" name="os.version"/>
2783
3320
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2784
3321
  </fingerprint>
3322
+
2785
3323
  <fingerprint pattern="^Windows_XP-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2786
3324
  <description>PlayStation3 Media Server UPnP Server - Windows XP</description>
2787
3325
  <example>Windows_XP-amd64-5.2, UPnP/1.0, PMS/1.54.0</example>
@@ -2794,6 +3332,7 @@
2794
3332
  <param pos="1" name="os.version"/>
2795
3333
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
2796
3334
  </fingerprint>
3335
+
2797
3336
  <fingerprint pattern="^Windows_7-x86-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2798
3337
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86</description>
2799
3338
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
@@ -2823,6 +3362,7 @@
2823
3362
  <param pos="1" name="os.version"/>
2824
3363
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2825
3364
  </fingerprint>
3365
+
2826
3366
  <fingerprint pattern="^Windows_7-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2827
3367
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86_64</description>
2828
3368
  <param pos="0" name="service.vendor" value="Sony"/>
@@ -2833,6 +3373,7 @@
2833
3373
  <param pos="1" name="os.version"/>
2834
3374
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2835
3375
  </fingerprint>
3376
+
2836
3377
  <fingerprint pattern="^Microsoft-Windows/6.2 UPnP/(?:\S+) UPnP-Device-Host/(?:\S+)$">
2837
3378
  <description>Windows 8 or Windows Server 2012 with unknown UPnP components</description>
2838
3379
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -2840,6 +3381,7 @@
2840
3381
  <param pos="0" name="os.certainty" value="0.65"/>
2841
3382
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_8:-"/>
2842
3383
  </fingerprint>
3384
+
2843
3385
  <fingerprint pattern="^Mac_OS_X-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2844
3386
  <description>PlayStation3 Media Server UPnP Server - macOS x86_64</description>
2845
3387
  <example>Mac_OS_X-x86_64-10.5.8, UPnP/1.0, PMS/1.20</example>
@@ -2851,6 +3393,7 @@
2851
3393
  <param pos="1" name="os.version"/>
2852
3394
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2853
3395
  </fingerprint>
3396
+
2854
3397
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/ReadyNAS$">
2855
3398
  <description>Free UPnP Entertainment Service UPnP Server - Linux on ReadyNAS</description>
2856
3399
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2863,6 +3406,7 @@
2863
3406
  <param pos="0" name="hw.family" value="ReadyNAS"/>
2864
3407
  <param pos="0" name="hw.product" value="ReadyNAS"/>
2865
3408
  </fingerprint>
3409
+
2866
3410
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2867
3411
  <description>Free UPnP Entertainment Service UPnP Server - Linux</description>
2868
3412
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2871,6 +3415,7 @@
2871
3415
  <param pos="1" name="os.version"/>
2872
3416
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2873
3417
  </fingerprint>
3418
+
2874
3419
  <fingerprint pattern="^FreeBSD/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2875
3420
  <description>Free UPnP Entertainment Service UPnP Server - FreeBSD</description>
2876
3421
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2879,6 +3424,7 @@
2879
3424
  <param pos="1" name="os.version"/>
2880
3425
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
2881
3426
  </fingerprint>
3427
+
2882
3428
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipUPnP/([\d\.]+)$">
2883
3429
  <description>D-Link WAP Dynamic DNS UPnP Server</description>
2884
3430
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2889,6 +3435,7 @@
2889
3435
  <param pos="1" name="os.version"/>
2890
3436
  <param pos="0" name="os.device" value="WAP"/>
2891
3437
  </fingerprint>
3438
+
2892
3439
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipGENADevice/([\d\.]+)$">
2893
3440
  <description>D-Link DGL-4300 Gaming Router UPnP Server</description>
2894
3441
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2899,11 +3446,25 @@
2899
3446
  <param pos="1" name="os.version"/>
2900
3447
  <param pos="0" name="os.device" value="Router"/>
2901
3448
  </fingerprint>
3449
+
3450
+ <fingerprint pattern="Linux, STUNNEL/1.0, (DIR-8\d+\w*) Ver (\S+)$">
3451
+ <description>D-Link DIR-8XX Router</description>
3452
+ <example hw.product="DIR-850L">Linux, STUNNEL/1.0, DIR-850L Ver 1.09</example>
3453
+ <example os.version="2.00W">Linux, STUNNEL/1.0, DIR-820LW Ver 2.00W</example>
3454
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3455
+ <param pos="1" name="hw.product"/>
3456
+ <param pos="0" name="hw.device" value="Router"/>
3457
+ <param pos="0" name="os.vendor" value="D-Link"/>
3458
+ <param pos="2" name="os.version"/>
3459
+ <param pos="0" name="os.device" value="Router"/>
3460
+ </fingerprint>
3461
+
2902
3462
  <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
2903
3463
  <description>D-Link generic</description>
2904
3464
  <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
2905
3465
  <param pos="0" name="hw.vendor" value="D-Link"/>
2906
3466
  </fingerprint>
3467
+
2907
3468
  <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
2908
3469
  <description>TP-Link WAP UPnP Server</description>
2909
3470
  <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -2915,14 +3476,72 @@
2915
3476
  <example>ipos/7.0 UPnP/1.0 TL-WR741N/1.0/2.0</example>
2916
3477
  <example>ipos/7.0 UPnP/1.0 TL-WR740N/1.0/2.0</example>
2917
3478
  <example>ipos/7.0 UPnP/1.0 TL-WR941N/2.0</example>
2918
- <param pos="0" name="service.vendor" value="TP-Link"/>
3479
+ <param pos="0" name="service.vendor" value="TP-LINK"/>
2919
3480
  <param pos="2" name="service.product"/>
2920
3481
  <param pos="3" name="service.version"/>
2921
- <param pos="0" name="os.vendor" value="TP-Link"/>
3482
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
2922
3483
  <param pos="0" name="os.product" value="ipOS"/>
2923
3484
  <param pos="1" name="os.version"/>
2924
3485
  <param pos="0" name="os.device" value="WAP"/>
2925
3486
  </fingerprint>
3487
+
3488
+ <fingerprint pattern="^Linux/(\S+\_eureka_1), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3489
+ <description>Siqura Video Encoder</description>
3490
+ <example>Linux/2.6.37_eureka_1, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3491
+ <param pos="0" name="hw.vendor" value="Siqura"/>
3492
+ <param pos="0" name="hw.device" value="Video Encoder"/>
3493
+ <param pos="0" name="os.vendor" value="Siqura"/>
3494
+ <param pos="0" name="os.family" value="Linux"/>
3495
+ <param pos="0" name="os.product" value="Linux"/>
3496
+ <param pos="1" name="os.version"/>
3497
+ <param pos="0" name="service.product" value="libupnp"/>
3498
+ <param pos="2" name="service.version"/>
3499
+ </fingerprint>
3500
+
3501
+ <fingerprint pattern="^Linux/(\S+\-Mozart-8G), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3502
+ <description>Steinsvik Orbit IP Camera (Truen TCAM Rebrand)</description>
3503
+ <example>Linux/2.6.28.9-Mozart-8G, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3504
+ <param pos="0" name="hw.vendor" value="Steinsvik"/>
3505
+ <param pos="0" name="hw.device" value="Web cam"/>
3506
+ <param pos="0" name="hw.product" value="Orbit IP Camera"/>
3507
+ <param pos="0" name="os.vendor" value="Steinsvik"/>
3508
+ <param pos="0" name="os.family" value="Linux"/>
3509
+ <param pos="0" name="os.product" value="Linux"/>
3510
+ <param pos="1" name="os.version"/>
3511
+ <param pos="0" name="service.product" value="libupnp"/>
3512
+ <param pos="2" name="service.version"/>
3513
+ </fingerprint>
3514
+
3515
+ <fingerprint pattern="^Linux/(\S+\-ami), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3516
+ <description>AMI MegaRAC LOM UPnP</description>
3517
+ <example>Linux/3.14.17-ami, UPnP/1.0, Portable SDK for UPnP devices/1.6.20</example>
3518
+ <param pos="0" name="hw.device" value="Lights Out Management"/>
3519
+ <param pos="0" name="hw.vendor" value="AMI"/>
3520
+ <param pos="0" name="hw.family" value="MegaRAC"/>
3521
+ <param pos="0" name="hw.product" value="MegaRAC"/>
3522
+ <param pos="0" name="os.device" value="Lights Out Management"/>
3523
+ <param pos="0" name="os.vendor" value="AMI"/>
3524
+ <param pos="0" name="os.family" value="Linux"/>
3525
+ <param pos="0" name="os.product" value="Linux"/>
3526
+ <param pos="1" name="os.version"/>
3527
+ <param pos="0" name="service.product" value="libupnp"/>
3528
+ <param pos="2" name="service.version"/>
3529
+ </fingerprint>
3530
+
3531
+ <fingerprint pattern="^Linux/(\S+\-axis[^,]+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3532
+ <description>Axis Network Camera</description>
3533
+ <example>Linux/4.9.94-axis5, UPnP/1.0, Portable SDK for UPnP devices/1.6.22</example>
3534
+ <param pos="0" name="hw.vendor" value="AXIS"/>
3535
+ <param pos="0" name="hw.device" value="Web cam"/>
3536
+ <param pos="0" name="os.vendor" value="AXIS"/>
3537
+ <param pos="0" name="os.device" value="Web cam"/>
3538
+ <param pos="0" name="os.family" value="Linux"/>
3539
+ <param pos="0" name="os.product" value="Linux"/>
3540
+ <param pos="1" name="os.version"/>
3541
+ <param pos="0" name="service.product" value="libupnp"/>
3542
+ <param pos="2" name="service.version"/>
3543
+ </fingerprint>
3544
+
2926
3545
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2927
3546
  <description>Portable SDK for UPnP Server - Linux</description>
2928
3547
  <example>Linux/2.4.20-46.7asp, UPnP/1.0, Portable SDK for UPnP devices/1.6.17</example>
@@ -2949,6 +3568,7 @@
2949
3568
  <param pos="1" name="os.version"/>
2950
3569
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2951
3570
  </fingerprint>
3571
+
2952
3572
  <fingerprint pattern="^Linux/(\S+) UPnP/[\d\.]+ DLNADOC/[\d\.]+ Portable SDK for UPnP devices/(\S+)$">
2953
3573
  <description>DLNADOC Portable SDK for UPnP Server - Linux DNLADOC variant</description>
2954
3574
  <example>Linux/3.0.8 UPnP/1.0 DLNADOC/1.50 Portable SDK for UPnP devices/1.6.6</example>
@@ -2960,6 +3580,7 @@
2960
3580
  <param pos="1" name="os.version"/>
2961
3581
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2962
3582
  </fingerprint>
3583
+
2963
3584
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
2964
3585
  <description>Intel SDK for UPnP Server with verbose banner</description>
2965
3586
  <example>Linux/2.6.10_dev-malta-mips2_fp_le, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
@@ -2971,12 +3592,14 @@
2971
3592
  <param pos="1" name="os.version"/>
2972
3593
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2973
3594
  </fingerprint>
3595
+
2974
3596
  <fingerprint pattern="^Linux, UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
2975
3597
  <description>Intel SDK for UPnP Server</description>
2976
3598
  <example>Linux, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
2977
3599
  <param pos="0" name="service.product" value="libupnp"/>
2978
3600
  <param pos="1" name="service.version"/>
2979
3601
  </fingerprint>
3602
+
2980
3603
  <fingerprint pattern="^Darwin/(\S+), UPnP/\S+, Portable SDK for UPnP devices/(\S+)$">
2981
3604
  <description>Portable SDK for UPnP Server - macOS</description>
2982
3605
  <example service.version="1.6.6" os.version="10.2.0">Darwin/10.2.0, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
@@ -2987,6 +3610,7 @@
2987
3610
  <param pos="1" name="os.version"/>
2988
3611
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2989
3612
  </fingerprint>
3613
+
2990
3614
  <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
2991
3615
  <description>Loxone Miniserver Smart Home</description>
2992
3616
  <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
@@ -2995,6 +3619,7 @@
2995
3619
  <param pos="0" name="hw.device" value="Building Automation"/>
2996
3620
  <param pos="1" name="host.name"/>
2997
3621
  </fingerprint>
3622
+
2998
3623
  <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
2999
3624
  <description>MikroTik RouterOS</description>
3000
3625
  <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
@@ -3005,6 +3630,7 @@
3005
3630
  <param pos="1" name="os.version"/>
3006
3631
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
3007
3632
  </fingerprint>
3633
+
3008
3634
  <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
3009
3635
  <description>Roku with a version</description>
3010
3636
  <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
@@ -3013,6 +3639,16 @@
3013
3639
  <param pos="0" name="hw.device" value="Media Server"/>
3014
3640
  <param pos="1" name="hw.version"/>
3015
3641
  </fingerprint>
3642
+
3643
+ <fingerprint pattern="^Roku/(\S+) UPnP/\S+ Roku/\S+$">
3644
+ <description>Roku with double versions</description>
3645
+ <example hw.version="9.2.0">Roku/9.2.0 UPnP/1.0 Roku/9.2.0</example>
3646
+ <param pos="0" name="hw.vendor" value="Roku"/>
3647
+ <param pos="0" name="hw.product" value="Roku"/>
3648
+ <param pos="0" name="hw.device" value="Media Server"/>
3649
+ <param pos="1" name="hw.version"/>
3650
+ </fingerprint>
3651
+
3016
3652
  <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
3017
3653
  <description>Roku without a version</description>
3018
3654
  <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
@@ -3020,6 +3656,7 @@
3020
3656
  <param pos="0" name="hw.product" value="Roku"/>
3021
3657
  <param pos="0" name="hw.device" value="Media Server"/>
3022
3658
  </fingerprint>
3659
+
3023
3660
  <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
3024
3661
  <description>Xbox Media Center UPnP Server</description>
3025
3662
  <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -3030,6 +3667,7 @@
3030
3667
  <param pos="0" name="service.product" value="XBMC"/>
3031
3668
  <param pos="1" name="service.version"/>
3032
3669
  </fingerprint>
3670
+
3033
3671
  <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
3034
3672
  <description>Synology DiskStation NAS with IP</description>
3035
3673
  <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
@@ -3042,6 +3680,7 @@
3042
3680
  <param pos="0" name="os.vendor" value="Synology"/>
3043
3681
  <param pos="1" name="host.ip"/>
3044
3682
  </fingerprint>
3683
+
3045
3684
  <fingerprint pattern="Synology/DSM/(\S+)$">
3046
3685
  <description>Synology DiskStation NAS with hostname</description>
3047
3686
  <example host.name="stuff">Synology/DSM/stuff</example>
@@ -3050,4 +3689,185 @@
3050
3689
  <param pos="0" name="hw.device" value="NAS"/>
3051
3690
  <param pos="1" name="host.name"/>
3052
3691
  </fingerprint>
3053
- </fingerprints>
3692
+
3693
+ <fingerprint pattern="^NetData Embedded HTTP Server v([a-zA-Z0-9\-\.]+)$">
3694
+ <description>NetData Embedded HTTP Server</description>
3695
+ <example service.version="1.16.1-146-g2f5e36ef">NetData Embedded HTTP Server v1.16.1-146-g2f5e36ef</example>
3696
+ <param pos="0" name="service.vendor" value="NetData"/>
3697
+ <param pos="0" name="service.product" value="NetData"/>
3698
+ <param pos="1" name="service.version"/>
3699
+ <param pos="0" name="service.cpe23" value="cpe:/a:netdata:netdata:{service.version}"/>
3700
+ </fingerprint>
3701
+
3702
+ <fingerprint pattern="^Solstice 2\.0+$">
3703
+ <description>SolsticePod</description>
3704
+ <example>Solstice 2.0</example>
3705
+ <param pos="0" name="hw.vendor" value="Mersive"/>
3706
+ <param pos="0" name="hw.device" value="Wireless Presenter"/>
3707
+ <param pos="0" name="hw.product" value="SolsticePod"/>
3708
+ </fingerprint>
3709
+
3710
+ <fingerprint pattern="^MLC ([^\/]+)/([\d\.]+)$">
3711
+ <description>Extron MediaLink Controller HTTP Server</description>
3712
+ <example extron.model="104 IP PLUS" hw.version="1.03">MLC 104 IP PLUS/1.03</example>
3713
+ <param pos="0" name="hw.vendor" value="Extron"/>
3714
+ <param pos="0" name="hw.device" value="Display Controller"/>
3715
+ <param pos="0" name="hw.product" value="{extron.model} MediaLink Controller"/>
3716
+ <param pos="0" name="os.vendor" value="Extron"/>
3717
+ <param pos="0" name="os.family" value="Linux"/>
3718
+ <param pos="1" name="extron.model"/>
3719
+ <param pos="2" name="hw.version"/>
3720
+ </fingerprint>
3721
+
3722
+ <fingerprint pattern="^Jetty \(Bluecat Networks\)$">
3723
+ <description>BlueCat Appliance</description>
3724
+ <example>Jetty (Bluecat Networks)</example>
3725
+ <param pos="0" name="hw.vendor" value="BlueCat"/>
3726
+ <param pos="0" name="hw.device" value="Network Appliance"/>
3727
+ </fingerprint>
3728
+
3729
+ <fingerprint pattern="^Crestron Webserver$">
3730
+ <description>Crestron Video Conferencing</description>
3731
+ <example>Crestron Webserver</example>
3732
+ <param pos="0" name="hw.vendor" value="Crestron"/>
3733
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
3734
+ <param pos="0" name="os.vendor" value="Crestron"/>
3735
+ <param pos="0" name="os.family" value="Linux"/>
3736
+ <param pos="0" name="os.device" value="Video Conferencing"/>
3737
+ </fingerprint>
3738
+
3739
+ <fingerprint pattern="^OPNsense$">
3740
+ <description>OPNsense Firewall</description>
3741
+ <example>OPNsense</example>
3742
+ <param pos="0" name="hw.vendor" value="OPNsense"/>
3743
+ <param pos="0" name="hw.device" value="Firewall"/>
3744
+ <param pos="0" name="hw.product" value="Firewall"/>
3745
+ <param pos="0" name="os.vendor" value="OPNsense"/>
3746
+ <param pos="0" name="os.product" value="FreeBSD"/>
3747
+ </fingerprint>
3748
+
3749
+ <fingerprint pattern="^ELAN Controller$">
3750
+ <description>ELAN Smart Home Controller</description>
3751
+ <example>ELAN Controller</example>
3752
+ <param pos="0" name="hw.vendor" value="ELAN"/>
3753
+ <param pos="0" name="hw.device" value="Building Automation"/>
3754
+ <param pos="0" name="hw.product" value="Home Controller"/>
3755
+ <param pos="0" name="os.vendor" value="ELAN"/>
3756
+ <param pos="0" name="os.family" value="Linux"/>
3757
+ </fingerprint>
3758
+
3759
+ <fingerprint pattern="^STR_SettingServer$">
3760
+ <description>Sony STR AV Receiver</description>
3761
+ <example>STR_SettingServer</example>
3762
+ <param pos="0" name="hw.vendor" value="Sony"/>
3763
+ <param pos="0" name="hw.device" value="Media Server"/>
3764
+ <param pos="0" name="hw.product" value="AV Receiver"/>
3765
+ </fingerprint>
3766
+
3767
+ <fingerprint pattern="^AV_Receiver/([\d\.]+) \(([^\)]+)\)$">
3768
+ <description>Yamaha AV Receiver</description>
3769
+ <example hw.version="3.1" hw.product="RX-V675">AV_Receiver/3.1 (RX-V675)</example>
3770
+ <param pos="0" name="hw.vendor" value="Yamaha"/>
3771
+ <param pos="0" name="hw.device" value="AV Receiver"/>
3772
+ <param pos="1" name="hw.version"/>
3773
+ <param pos="2" name="hw.product"/>
3774
+ </fingerprint>
3775
+
3776
+ <fingerprint pattern="^MWS 0.01$">
3777
+ <description>ANNKE IP Camera</description>
3778
+ <example>MWS 0.01</example>
3779
+ <param pos="0" name="hw.vendor" value="ANNKE"/>
3780
+ <param pos="0" name="hw.device" value="Web cam"/>
3781
+ <param pos="0" name="hw.product" value="IP Camera"/>
3782
+ </fingerprint>
3783
+
3784
+ <fingerprint pattern="^Icecast (\S+)$">
3785
+ <description>Icecast Streaming Media server</description>
3786
+ <example service.version="2.4.3">Icecast 2.4.3</example>
3787
+ <example service.version="2.4.0-kh13">Icecast 2.4.0-kh13</example>
3788
+ <param pos="0" name="service.vendor" value="Xiph"/>
3789
+ <param pos="0" name="service.product" value="Icecast"/>
3790
+ <param pos="1" name="service.version"/>
3791
+ <param pos="0" name="service.cpe23" value="cpe:/a:xiph:icecast:{service.version}"/>
3792
+ </fingerprint>
3793
+
3794
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) CE$">
3795
+ <description>Couchbase Sync Gateway Community Edition</description>
3796
+ <example service.version="2.5.0">Couchbase Sync Gateway/2.5.0 CE</example>
3797
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3798
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3799
+ <param pos="0" name="service.edition" value="Community Edition"/>
3800
+ <param pos="1" name="service.version"/>
3801
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3802
+ </fingerprint>
3803
+
3804
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) EE$">
3805
+ <description>Couchbase Sync Gateway Enterprise Edition</description>
3806
+ <example service.version="2.7.1">Couchbase Sync Gateway/2.7.1 EE</example>
3807
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3808
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3809
+ <param pos="0" name="service.edition" value="Enterprise Edition"/>
3810
+ <param pos="1" name="service.version"/>
3811
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3812
+ </fingerprint>
3813
+
3814
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+)$">
3815
+ <description>Couchbase Sync Gateway</description>
3816
+ <example service.version="1.3.0">Couchbase Sync Gateway/1.3.0</example>
3817
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3818
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3819
+ <param pos="1" name="service.version"/>
3820
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3821
+ </fingerprint>
3822
+
3823
+ <fingerprint pattern="^Couchbase Server$">
3824
+ <description>Couchbase Server without version</description>
3825
+ <example>Couchbase Server</example>
3826
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3827
+ <param pos="0" name="service.product" value="Couchbase Server"/>
3828
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:couchbase_server:-"/>
3829
+ </fingerprint>
3830
+
3831
+ <fingerprint pattern="^Kestrel$">
3832
+ <description>Kestrel web server implementation in ASP.NET core</description>
3833
+ <example>Kestrel</example>
3834
+ <param pos="0" name="service.vendor" value="Microsoft"/>
3835
+ <param pos="0" name="service.product" value="Kestrel web server"/>
3836
+ </fingerprint>
3837
+
3838
+ <fingerprint pattern="^stgw/([\d.]+)_([\d.]+)$">
3839
+ <description>Tencent Secure Tencent Gateway</description>
3840
+ <example service.version="1.3.12.9" service.component.version="1.13.5">stgw/1.3.12.9_1.13.5</example>
3841
+ <param pos="0" name="service.vendor" value="Tencent"/>
3842
+ <param pos="0" name="service.product" value="Secure Tencent Gateway"/>
3843
+ <param pos="1" name="service.version"/>
3844
+ <param pos="2" name="service.component.version"/>
3845
+ </fingerprint>
3846
+
3847
+ <fingerprint pattern="^axhttpd/([\d.]+)$">
3848
+ <description>axTLS Project axTLS web server</description>
3849
+ <example service.version="1.5.3">axhttpd/1.5.3</example>
3850
+ <param pos="0" name="service.vendor" value="axTLS Project"/>
3851
+ <param pos="0" name="service.product" value="axTLS"/>
3852
+ <param pos="1" name="service.version"/>
3853
+ <param pos="0" name="service.cpe23" value="cpe:/a:axtls_project:axtls:{service.version}"/>
3854
+ </fingerprint>
3855
+
3856
+ <fingerprint pattern="^tinyproxy/([\d.]+)$">
3857
+ <description>TinyProxy Project tinyproxy</description>
3858
+ <example service.version="1.8.2">tinyproxy/1.8.2</example>
3859
+ <param pos="0" name="service.vendor" value="Tinyproxy Project"/>
3860
+ <param pos="0" name="service.product" value="Tinyproxy"/>
3861
+ <param pos="1" name="service.version"/>
3862
+ <param pos="0" name="service.cpe23" value="cpe:/a:tinyproxy_project:tinyproxy:{service.version}"/>
3863
+ </fingerprint>
3864
+
3865
+ <fingerprint pattern="^Xfinity Broadband Router Server$">
3866
+ <description>Comcast Xfinity Broadband Router Server</description>
3867
+ <example>Xfinity Broadband Router Server</example>
3868
+ <param pos="0" name="hw.vendor" value="Comcast"/>
3869
+ <param pos="0" name="hw.product" value="Xfinity Broadband Router"/>
3870
+ <param pos="0" name="hw.device" value="Broadband router"/>
3871
+ </fingerprint>
3872
+
3873
+ </fingerprints>