recog 2.3.6 → 2.3.7

data/xml/http_cookies.xml

@@ -123,7 +123,7 @@
     <param pos="0" name="service.family" value="Application Protection System"/>
     <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
   </fingerprint>
-  <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS])=.*">
+  <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS)=.*">
     <description>Citrix NetScaler</description>
     <example>NSC_AAAC=xyz;</example>
     <param pos="0" name="os.vendor" value="Citrix"/>
@@ -131,6 +131,14 @@
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler"/>
   </fingerprint>
+  <fingerprint pattern="^DSSignInURL=/">
+    <description>Pulse Secure VPN</description>
+    <example>DSSignInURL=/; path=/; secure</example>
+    <param pos="0" name="os.vendor" value="Pulse Secure"/>
+    <param pos="0" name="os.family" value="SSL VPN"/>
+    <param pos="0" name="os.device" value="SSL VPN"/>
+    <param pos="0" name="os.product" value="SSL VPN"/>
+  </fingerprint>
   <fingerprint pattern="^(EktGUID|ecm)=.*">
     <description>Ektron CMS400.net</description>
     <param pos="1" name="cookie"/>

data/xml/http_servers.xml

@@ -1617,6 +1617,13 @@
     <param pos="0" name="service.family" value="ePolicy Orchestrator"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:epolicy_orchestrator:-"/>
   </fingerprint>
+  <fingerprint pattern="^LANDesk Management Agent/.*$">
+    <description>LANDesk Management Agent</description>
+    <param pos="0" name="service.vendor" value="LANDesk"/>
+    <param pos="0" name="service.product" value="Management Agent"/>
+    <param pos="0" name="service.family" value="Management Agent"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:landesk:management_agent:-"/>
+  </fingerprint>
   <fingerprint pattern="^EWS-NIC\d/(\S+)$">
     <description>Xerox Embedded Web Server (EWS)</description>
     <example service.version="6.31">EWS-NIC3/6.31</example>
@@ -3050,4 +3057,12 @@
     <param pos="0" name="hw.device" value="NAS"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
-</fingerprints>
+  <fingerprint pattern="^NetData Embedded HTTP Server v([a-zA-Z0-9\-\.]+)$">
+    <description>NetData Embedded HTTP Server</description>
+    <example service.version="1.16.1-146-g2f5e36ef">NetData Embedded HTTP Server v1.16.1-146-g2f5e36ef</example>
+    <param pos="0" name="service.vendor" value="NetData"/>
+    <param pos="0" name="service.product" value="NetData"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
+</fingerprints>

data/xml/rtsp_servers.xml

@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
+  <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
+    <description>Flussonic Media Server</description>
+    <example service.version="19.04">Flussonic (http://www.flussonic.com/) 19.04</example>
+    <example service.version="20.01">Flussonic (http://www.flussonic.com/) 20.01</example>
+    <param pos="0" name="service.vendor" value="Flussonic"/>
+    <param pos="0" name="service.product" value="Flussonic Media Server" />
+    <param pos="1" name="service.version" />
+  </fingerprint>
+  <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
+    <description>Hipcam IP camera running the RealServer RTSP server.</description>
+    <example service.version="1.0">Hipcam RealServer/V1.0</example>
+    <param pos="0" name="service.vendor" value="RealNetworks"/>
+    <param pos="0" name="service.product" value="RealServer" />
+    <param pos="1" name="service.version" />
+    <param pos="0" name="hw.vendor" value="Hipcam" />
+    <param pos="0" name="hw.device" value="IP Camera" />
+  </fingerprint>
+  <fingerprint pattern="^Dahua Rtsp Server$">
+    <description>Dahua IP Camera</description>
+    <example>Dahua Rtsp Server</example>
+    <param pos="0" name="service.vendor" value="Dahua"/>
+    <param pos="0" name="hw.vendor" value="Dahua" />
+    <param pos="0" name="hw.device" value="IP Camera" />
+  </fingerprint>
+  <fingerprint pattern="^GStreamer RTSP server$">
+    <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
+    <example>GStreamer RTSP server</example>
+    <param pos="0" name="service.vendor" value="GStreamer"/>
+    <param pos="0" name="service.product" value="GStreamer RTSP Server" />
+  </fingerprint>
+  <fingerprint pattern="^WMServer\/([\d\.]+)$">
+    <description>Windows Media Server</description>
+    <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
+    <example service.version="9.5.6001.22609">WMServer/9.5.6001.22609</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="Windows Media Server" />
+    <param pos="0" name="service.family" value="Windows Media Server"/>
+    <param pos="1" name="service.version" />
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
+    <description>Wowza Media Systems Streaming Video Services</description>
+    <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
+    <example service.version="3.6.4" service.version.version="9641" service.product="Media Server">Wowza Media Server 3.6.4 build9641</example>
+    <param pos="0" name="service.vendor" value="Wowza Media Systems"/>
+    <param pos="1" name="service.product" />
+    <param pos="2" name="service.version" />
+    <param pos="3" name="service.version.version" />
+  </fingerprint>
+  <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
+    <description>Foscam IP Camera</description>
+    <example>HiIpcam/V100R003 VodServer/1.0.0</example>
+    <param pos="0" name="hw.vendor" value="Foscam" />
+    <param pos="0" name="hw.device" value="IP Camera" />
+  </fingerprint>
+  <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
+    <description>Indigo Security IP Camera</description>
+    <example>Indigo-Security/1.0</example>
+    <param pos="0" name="hw.vendor" value="Indigo Security" />
+    <param pos="0" name="hw.device" value="IP Camera" />
+  </fingerprint>
+  <fingerprint pattern="^Cisco MediaSense Media Server$">
+    <description>Cisco MediaSense Media Server (RTSP)</description>
+    <example>Cisco MediaSense Media Server</example>
+    <param pos="0" name="service.vendor" value="Cisco"/>
+    <param pos="0" name="service.product" value="MediaSense Media Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:2.3:a:cisco:mediasense:-"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="MediaSense Server"/>
+  </fingerprint>
+</fingerprints>

data/xml/sip_banners.xml

@@ -3,26 +3,48 @@
   <!--
   SIP Server header values are matched against these patterns to fingerprint SIP devices.
   -->
-  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\d+)\.x$">
-    <description>Cisco IOS with SIPGateway with only major version</description>
+
+  <!-- Cisco/Tandberg Products -->
+  
+  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
+    <description>Cisco IOS SIP Gateway w/ Vague Version</description>
     <example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
+    <param pos="0" name="service.vendor" value="Cisco"/>
+    <param pos="0" name="service.family" value="IOS"/>
+    <param pos="0" name="service.product" value="IOS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:{os.version}"/>
     <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.family" value="IOS"/>
     <param pos="0" name="os.product" value="IOS"/>
+    <param pos="0" name="os.certainty" value="0.8"/>
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="Router"/>
   </fingerprint>
-  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.a-zA-Z]+)$">
-    <description>Cisco IOS with SIPGateway</description>
+
+  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)$">
+    <description>Cisco IOS SIP Gateway w/ Full Version</description>
+    <example os.version="15.2.4.M3">Cisco-SIPGateway/IOS-15.2.4.M3</example>
     <example os.version="15.2.2.T1">Cisco-SIPGateway/IOS-15.2.2.T1</example>
     <example os.version="15.2.3.T">Cisco-SIPGateway/IOS-15.2.3.T</example>
     <example os.version="15.4.3.S5">Cisco-SIPGateway/IOS-15.4.3.S5</example>
     <example os.version="15.6.3.M0a">Cisco-SIPGateway/IOS-15.6.3.M0a</example>
-    <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>
+    <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>    
+    <param pos="0" name="service.vendor" value="Cisco"/>
+    <param pos="0" name="service.family" value="IOS"/>
+    <param pos="0" name="service.product" value="IOS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:{os.version}"/>
     <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.family" value="IOS"/>
     <param pos="0" name="os.product" value="IOS"/>
+    <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.device" value="Router"/>
   </fingerprint>
+
   <fingerprint pattern="^Cisco-CP-?(\d+G?)(?:-\S+)?/([\d\.]+)">
     <description>Cisco CP VoIP Phone</description>
     <example hw.model="7960G" hw.version="8.0">Cisco-CP7960G/8.0</example>
@@ -37,6 +59,7 @@
     <param pos="1" name="hw.model"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
     <description>Cisco/Linksys SPA VoIP Phone</description>
     <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
@@ -54,6 +77,7 @@
     <param pos="1" name="hw.model"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="(?:Cisco|Linksys)(?: |/)(PAP2T?)(?:-|/)(\S+)$">
     <description>Cisco/Linksys VoIP / Internet Phone adapter</description>
     <example hw.version="3.1.22(LS)" hw.model="PAP2">PhoneSystems.net aabbccddeeff Linksys/PAP2-3.1.22(LS)</example>
@@ -69,6 +93,7 @@
     <param pos="1" name="hw.model"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Cisco/(SRP\d+)-([\d\.]+)">
     <description>Cisco Services Ready Platforms (SRP) Router</description>
     <example hw.model="SRP541" hw.version="1.2.6">Cisco/SRP541-1.2.6(003)</example>
@@ -81,6 +106,7 @@
     <param pos="1" name="hw.model"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="(?:Cisco|Linksys)/(WRP\d+)-(\S+)$">
     <description>Cisco/Linksys WRP Wireless Router</description>
     <example hw.version="2.00.26" hw.model="WRP400">aabbccddeeff_FinalStage_Linksys/WRP400-2.00.26</example>
@@ -94,6 +120,45 @@
     <param pos="1" name="hw.model"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
+  <fingerprint pattern="^TANDBERG/(\d+) \((.*)\) Cisco-(\S+)$">
+    <description>Cisco/Tandberg TelePresence w/Cisco Model Name</description>
+    <example os.version="TC7.3.7.01c84fd" tandberg.model="528" hw.product="EX60">TANDBERG/528 (TC7.3.7.01c84fd) Cisco-EX60</example>
+    <example os.version="ce9.6.0.76c1685b70e" tandberg.model="529" hw.product="RoomKitMini">TANDBERG/529 (ce9.6.0.76c1685b70e) Cisco-RoomKitMini</example>
+    <param pos="0" name="os.vendor" value="Tandberg"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="1" name="tandberg.model"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:telepresence:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.family" value="TelePresence"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="3" name="hw.product"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(TANDBERG/(\d+)) \((\S+).*\)$">
+    <description>Cisco/Tandberg TelePresence</description>
+    <example os.version="TC7.0.2.aecf2d9" tandberg.model="519" hw.product="TANDBERG/519">TANDBERG/519 (TC7.0.2.aecf2d9)</example>
+    <example os.version="X12.5.2" tandberg.model="4137" hw.product="TANDBERG/4137">TANDBERG/4137 (X12.5.2 (TEST SW))</example>
+    <example os.version="X8.2.1" hw.product="TANDBERG/4130">TANDBERG/4130 (X8.2.1)</example>
+    <example os.version="XC2.2.1-b2bua-1.0" hw.product="TANDBERG/4353" tandberg.model="4353">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
+    <example os.version="TC5.1.4.295090" hw.product="TANDBERG/516" tandberg.model="516">TANDBERG/516 (TC5.1.4.295090)</example>
+    <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>    
+    <param pos="0" name="os.vendor" value="Tandberg"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="2" name="tandberg.model"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:telepresence:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.family" value="TelePresence"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+
+  <!-- Various -->
+
   <fingerprint pattern="EnGenius_Router$">
     <description>EnGenius DuraFon IP Phone</description>
     <example>EnGenius_Router</example>
@@ -101,6 +166,7 @@
     <param pos="0" name="hw.product" value="DuraFon"/>
     <param pos="0" name="hw.device" value="VoIP"/>
   </fingerprint>
+
   <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
     <description>Huawei Softswitch</description>
     <example hw.model="SoftX3000">Huawei SoftX3000 V300R006</example>
@@ -109,11 +175,13 @@
     <param pos="0" name="hw.product" value="Softswitch"/>
     <param pos="1" name="hw.model"/>
   </fingerprint>
+
   <fingerprint pattern="(?i)^SIP/1.0 \(Huawei\)$">
     <description>Huawei generic</description>
     <example>SIP/1.0 (Huawei)</example>
     <param pos="0" name="hw.vendor" value="Huawei"/>
   </fingerprint>
+
   <fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
     <description>Media5 Corporation SIP Stack</description>
     <example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
@@ -124,17 +192,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="hw.device" value="VoIP"/>
   </fingerprint>
-  <fingerprint pattern="^TANDBERG/\d+ \(([a-zA-Z]+\d+(?:\.\d+)+).*\)">
-    <description>Cisco TelePresence</description>
-    <example os.version="X8.2.1">TANDBERG/4130 (X8.2.1)</example>
-    <example os.version="XC2.2.1">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
-    <example os.version="TC5.1.4.295090">TANDBERG/516 (TC5.1.4.295090)</example>
-    <example os.version="TCNC5.1.4.295090">TANDBERG/517 (TCNC5.1.4.295090)</example>
-    <example os.version="S5.30">TANDBERG/80 (S5.30)</example>
-    <param pos="0" name="os.vendor" value="Cisco"/>
-    <param pos="0" name="os.product" value="TelePresence"/>
-    <param pos="1" name="os.version"/>
-  </fingerprint>
+
   <fingerprint pattern="^Tilgin Vood ([^_\s]+)">
     <description>Tilgin Vood</description>
     <example hw.model="HG238x">Tilgin Vood HG238x_ESx000-02_07_03_26</example>
@@ -144,6 +202,7 @@
     <param pos="0" name="hw.product" value="Vood"/>
     <param pos="1" name="hw.model"/>
   </fingerprint>
+
   <fingerprint pattern="^(F\d{3})/VT?(\d(?:[\d\.A-Z]+))$">
     <description>ZTE GPON Router</description>
     <example hw.product="F620" hw.version="3.30.20P5T4S">F620/V3.30.20P5T4S</example>
@@ -154,6 +213,7 @@
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
     <description>ZTE ZXDSL router</description>
     <example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
@@ -163,6 +223,7 @@
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
     <description>ZTE ZXHN router</description>
     <example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
@@ -176,4 +237,123 @@
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
-</fingerprints>
+
+  <fingerprint pattern="^Aastra ([^/]+)/([a-zA-Z0-9\.\-]+)$">
+    <description>Aastra IP Phone</description>
+    <example hw.product="6865i" os.version="4.2.0.2023">Aastra 6865i/4.2.0.2023</example>
+    <param pos="0" name="os.vendor" value="Aastra"/>
+    <param pos="0" name="os.family" value="VoIP"/>
+    <param pos="0" name="os.product" value="VoIP"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Aastra"/>
+    <param pos="0" name="hw.family" value="VoIP"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
+    <description>Audiocodes-Sip-Gateway</description>
+    <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
+    <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
+    <example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
+    <param pos="0" name="os.vendor" value="Audiocodes"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Audiocodes"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Wildix GW-(\S+)$">
+    <description>Wildix SIP Gateway</description>
+    <example os.version="5.0.3.42145">Wildix GW-5.0.3.42145</example>
+    <param pos="0" name="os.vendor" value="Wildix"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Wildix"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="SIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Wildix GW$">
+    <description>Wildix SIP Gateway w/o Version</description>
+    <example>Wildix GW</example>
+    <param pos="0" name="os.vendor" value="Wildix"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Wildix"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="SIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Asterisk PBX (\S+)$">
+    <description>Asterisk PBX w/ Version</description>
+    <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
+    <example service.version="16.2.1~dfsg-1">Asterisk PBX 16.2.1~dfsg-1</example>
+    <param pos="0" name="service.vendor" value="Asterisk"/>
+    <param pos="0" name="service.family" value="PBX"/>
+    <param pos="0" name="service.product" value="PBX"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:asterisk:asterisk:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Asterisk PBX$">
+    <description>Asterisk PBX w/o Version</description>
+    <example>Asterisk PBX</example>
+    <param pos="0" name="service.vendor" value="Asterisk"/>
+    <param pos="0" name="service.family" value="PBX"/>
+    <param pos="0" name="service.product" value="PBX"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:asterisk:asterisk:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FPBX-(\S+)$">
+    <description>FreePBX</description>
+    <example service.version="12.0.70(11.20.0)">FPBX-12.0.70(11.20.0)</example>
+    <example service.version="2.11.0(11.20.0)">FPBX-2.11.0(11.20.0)</example>
+    <param pos="0" name="service.vendor" value="FreePBX"/>
+    <param pos="0" name="service.family" value="PBX"/>
+    <param pos="0" name="service.product" value="PBX"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freepbx:freepbx:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
+    <description>Kamailio SIP Server</description>
+    <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
+    <param pos="0" name="service.vendor" value="Kamailio"/>
+    <param pos="0" name="service.family" value="SIP Server"/>
+    <param pos="0" name="service.product" value="SIP Server"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="kamailio.platform"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
+  </fingerprint>
+
+  <!-- This match covers multiple product families and should be split up further -->
+  <fingerprint pattern="^Algo-([^/]+)/(.*)$">
+    <description>Algo SIP Device</description>
+    <example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
+    <param pos="0" name="os.vendor" value="Algo"/>
+    <param pos="0" name="os.family" value="SIP Device"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Algo"/>
+    <param pos="0" name="hw.family" value="SIP Device"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:SIParator|Ingate-Firewall)/(\S+)$">
+    <description>Ingate SIParator Firewall</description>
+    <example os.version="5.0.10">Ingate-Firewall/5.0.10</example>
+    <example os.version="6.0.4">SIParator/6.0.4</example>
+    <param pos="0" name="os.vendor" value="Ingate"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Ingate"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="SIParator Firewall"/>
+  </fingerprint>
+
+</fingerprints>

data/xml/smtp_banners.xml

@@ -393,6 +393,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
     <param pos="2" name="system.time"/>
   </fingerprint>
+  <fingerprint pattern="^ ?([^, ]+) Exim ESMTP Service ready$">
+    <description>Exim - with hostname </description>
+    <example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
+    <param pos="0" name="service.vendor" value="exim"/>
+    <param pos="0" name="service.family" value="exim"/>
+    <param pos="0" name="service.product" value="exim"/>
+    <param pos="1" name="host.name"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
+  </fingerprint>
   <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
     <description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
     <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
@@ -1668,4 +1677,14 @@
     <example>ESMTP READY</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
+  <fingerprint pattern="^([^ ]+) ESMTP OpenSMTPD$">
+    <description>OpenSMPTD</description>
+    <example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
+    <param pos="0" name="service.vendor" value="OpenBSD"/>
+    <param pos="0" name="service.family" value="OpenSMTPD"/>
+    <param pos="0" name="service.product" value="OpenSMTPD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:openbsd:openbsd:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:opensmtpd:-"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
 </fingerprints>