recog 2.3.7 → 2.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -2
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +18 -16
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +36 -1
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +200 -26
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +276 -16
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +1419 -72
  43. data/xml/http_cookies.xml +77 -10
  44. data/xml/http_servers.xml +898 -47
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +23 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +32 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +43 -23
  58. data/xml/sip_banners.xml +9 -14
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +233 -13
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +776 -52
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +259 -80
  77. data/xml/telnet_banners.xml +376 -23
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +37 -13
  80. data/xml/x509_subjects.xml +525 -55
  81. metadata +29 -6
data/xml/ftp_banners.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
3
  <!--
4
4
  FTP greeting messages (part of the banner after the response code) are matched
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
9
  <description>Microsoft FTP Server on Windows NT</description>
9
10
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
20
  <param pos="1" name="host.name"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
24
  <description>Microsoft FTP Server on Windows 2000</description>
23
25
  <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
32
34
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
35
  <param pos="1" name="host.name"/>
34
36
  </fingerprint>
37
+
35
38
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
40
  <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
45
48
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
49
  <param pos="1" name="host.name"/>
47
50
  </fingerprint>
51
+
48
52
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
54
  <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
58
62
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
63
  <param pos="1" name="host.name"/>
60
64
  </fingerprint>
65
+
61
66
  <fingerprint pattern="^Microsoft FTP Service$">
62
67
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
68
  <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
70
75
  <param pos="0" name="os.product" value="Windows"/>
71
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
77
  </fingerprint>
78
+
73
79
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
82
88
  <param pos="1" name="host.name"/>
83
89
  <param pos="2" name="service.version"/>
84
90
  </fingerprint>
91
+
85
92
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
94
101
  <param pos="1" name="host.name"/>
95
102
  <param pos="2" name="service.version"/>
96
103
  </fingerprint>
104
+
97
105
  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
106
  <description>WU-FTPD on various OS</description>
99
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
105
113
  <param pos="1" name="host.name"/>
106
114
  <param pos="2" name="service.version"/>
107
115
  </fingerprint>
116
+
108
117
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
118
  <description>FTPD on Mac OS X Server with a version</description>
110
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.
119
128
  <param pos="2" name="os.version"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
130
  </fingerprint>
131
+
122
132
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
133
  <description>FTPD on Mac OS X Server without a version</description>
124
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
132
142
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
143
  <param pos="1" name="host.name"/>
134
144
  </fingerprint>
145
+
135
146
  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
147
  <description>Simple tnftpd banner with a version</description>
137
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
139
150
  <param pos="2" name="service.version"/>
140
151
  <param pos="1" name="host.name"/>
141
152
  </fingerprint>
153
+
142
154
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
155
  <description>SunOS/Solaris</description>
144
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
149
161
  <param pos="2" name="os.version"/>
150
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
163
  </fingerprint>
164
+
152
165
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
166
  <description>SunOS/Solaris 5.7-5.10</description>
154
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
160
173
  <param pos="2" name="os.version"/>
161
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
165
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
170
184
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
185
  <param pos="1" name="host.name"/>
172
186
  </fingerprint>
187
+
173
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
189
  <description>ProFTPD on Debian Linux</description>
175
190
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
184
199
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
200
  <param pos="2" name="host.name"/>
186
201
  </fingerprint>
202
+
187
203
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
204
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
205
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
197
213
  <param pos="2" name="os.product"/>
198
214
  <param pos="3" name="host.name"/>
199
215
  </fingerprint>
216
+
200
217
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
218
  <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
219
  <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
210
227
  <param pos="0" name="hw.product" value="ReadyNAS"/>
211
228
  <param pos="2" name="host.ip"/>
212
229
  </fingerprint>
230
+
213
231
  <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
232
  <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
233
  <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
222
240
  <param pos="0" name="hw.product" value="ReadyNAS"/>
223
241
  <param pos="1" name="host.name"/>
224
242
  </fingerprint>
243
+
225
244
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
245
  <description>ProFTPD on a wired Linksys device</description>
227
246
  <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
234
253
  <param pos="2" name="os.product"/>
235
254
  <param pos="3" name="host.name"/>
236
255
  </fingerprint>
256
+
237
257
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
258
  <description>ProFTPD with version info but no obvious OS info</description>
239
259
  <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
247
267
  <param pos="2" name="proftpd.server.name"/>
248
268
  <param pos="3" name="host.name"/>
249
269
  </fingerprint>
270
+
250
271
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
272
  <description>ProFTPD with only version info</description>
252
273
  <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
256
277
  <param pos="1" name="service.version"/>
257
278
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
279
  </fingerprint>
280
+
259
281
  <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
282
  <description>ProFTPD with no version info</description>
261
283
  <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
265
287
  <param pos="0" name="service.product" value="ProFTPD"/>
266
288
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
289
  </fingerprint>
290
+
268
291
  <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
292
  <description>ProFTPD with no version info, parenthetical form</description>
270
293
  <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
277
300
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
301
  <param pos="1" name="host.ip"/>
279
302
  </fingerprint>
303
+
280
304
  <fingerprint pattern="^ProFTPD Server$">
281
305
  <description>ProFTPD with no version info, short form</description>
282
306
  <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
285
309
  <param pos="0" name="service.product" value="ProFTPD"/>
286
310
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
311
  </fingerprint>
312
+
288
313
  <fingerprint pattern="^ProFTPD\s*$">
289
314
  <description>ProFTPD with no version info, super short form</description>
290
315
  <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
294
319
  <param pos="0" name="service.product" value="ProFTPD"/>
295
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
321
  </fingerprint>
322
+
297
323
  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
324
  <description>ProFTPD no valid servers configured</description>
299
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
304
330
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
331
  <param pos="1" name="host.name"/>
306
332
  </fingerprint>
333
+
307
334
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
335
  <description>ProFTPD with version info - truncated</description>
309
336
  <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
316
343
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
344
  <param pos="2" name="proftpd.server.name"/>
318
345
  </fingerprint>
346
+
319
347
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
348
  <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
349
  <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -323,17 +351,21 @@ example.com FTP server (Version: Mac OS X Server) ready.
323
351
  <param pos="0" name="service.vendor" value="ProFTPD Project"/>
324
352
  <param pos="0" name="service.product" value="ProFTPD"/>
325
353
  <param pos="1" name="service.version"/>
354
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
326
355
  <param pos="2" name="host.name"/>
327
356
  </fingerprint>
357
+
328
358
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
329
359
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
330
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
331
361
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
332
362
  more stuff</example>
363
+ <param pos="0" name="service.fvendor" value="PureFTPd"/>
333
364
  <param pos="0" name="service.family" value="Pure-FTPd"/>
334
365
  <param pos="0" name="service.product" value="Pure-FTPd"/>
335
366
  <param pos="1" name="service.version"/>
336
367
  </fingerprint>
368
+
337
369
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
338
370
  <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
339
371
  <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -343,39 +375,77 @@ more stuff
343
375
  <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
344
376
  more text</example>
345
377
  <param pos="1" name="pureftpd.config"/>
378
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
346
379
  <param pos="0" name="service.family" value="Pure-FTPd"/>
347
380
  <param pos="0" name="service.product" value="Pure-FTPd"/>
381
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
348
382
  </fingerprint>
383
+
349
384
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
350
385
  <description>Basic Pure-FTPd banner, no version</description>
351
386
  <example>Welcome to Pure-FTPd</example>
352
387
  <example>Pure-FTPd.</example>
388
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
353
389
  <param pos="0" name="service.family" value="Pure-FTPd"/>
354
390
  <param pos="0" name="service.product" value="Pure-FTPd"/>
391
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
355
392
  </fingerprint>
393
+
356
394
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
357
395
  <description>Older Pure-FTPd versions</description>
358
396
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
359
397
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
360
398
  more text</example>
399
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
361
400
  <param pos="0" name="service.family" value="Pure-FTPd"/>
362
401
  <param pos="0" name="service.product" value="Pure-FTPd"/>
363
402
  <param pos="1" name="service.version"/>
403
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
404
+ </fingerprint>
405
+
406
+ <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
407
+
408
+ <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
409
+ <description>SolarWinds Serv-U with version </description>
410
+ <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
411
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
412
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
413
+ <param pos="0" name="service.family" value="Serv-U"/>
414
+ <param pos="1" name="service.version"/>
415
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
364
416
  </fingerprint>
365
- <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
366
- <description>Serv-U (only runs on Windows)</description>
417
+
418
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
419
+ <description>Serv-U Serv-U with version on Windows</description>
367
420
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
368
421
  <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
369
- <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
370
- <param pos="0" name="service.vendor" value="Rhino Software"/>
422
+ <param pos="0" name="service.vendor" value="Serv-U"/>
371
423
  <param pos="0" name="service.product" value="Serv-U"/>
372
424
  <param pos="0" name="service.family" value="Serv-U"/>
373
425
  <param pos="1" name="service.version"/>
426
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
374
427
  <param pos="0" name="os.vendor" value="Microsoft"/>
375
428
  <param pos="0" name="os.family" value="Windows"/>
376
429
  <param pos="0" name="os.product" value="Windows"/>
377
430
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
378
431
  </fingerprint>
432
+
433
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
434
+ <description>Serv-U Serv-U with version </description>
435
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
436
+ <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
437
+ <param pos="0" name="service.vendor" value="Serv-U"/>
438
+ <param pos="0" name="service.product" value="Serv-U"/>
439
+ <param pos="0" name="service.family" value="Serv-U"/>
440
+ <param pos="1" name="service.version"/>
441
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
442
+ </fingerprint>
443
+
444
+ <fingerprint pattern="^Welcom to Serv-U FTP Server$">
445
+ <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
446
+ <example>Welcom to Serv-U FTP Server</example>
447
+ </fingerprint>
448
+
379
449
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
380
450
  <description>zftpserver (only runs on Windows)</description>
381
451
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -387,46 +457,64 @@ more text
387
457
  <param pos="0" name="os.product" value="Windows"/>
388
458
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
389
459
  </fingerprint>
460
+
390
461
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
391
462
  <description>vsFTPd (Very Secure FTP Daemon)</description>
392
463
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
393
464
  <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
465
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
394
466
  <param pos="0" name="service.family" value="vsFTPd"/>
395
467
  <param pos="0" name="service.product" value="vsFTPd"/>
396
468
  <param pos="1" name="service.version"/>
469
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
397
470
  <param pos="2" name="host.name"/>
398
471
  </fingerprint>
472
+
399
473
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
400
474
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
401
475
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
476
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
402
477
  <param pos="0" name="service.family" value="vsFTPd"/>
403
478
  <param pos="0" name="service.product" value="vsFTPd"/>
404
479
  <param pos="1" name="service.version"/>
480
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
405
481
  </fingerprint>
482
+
406
483
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
407
484
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
408
485
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
486
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
409
487
  <param pos="0" name="service.family" value="vsFTPd"/>
410
488
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
411
489
  <param pos="1" name="service.version"/>
412
490
  </fingerprint>
491
+
413
492
  <fingerprint pattern="^OOPS: .*vsftp.*$">
414
493
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
415
494
  <example>OOPS: vsftpd: root is not mounted.</example>
416
495
  <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
496
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
417
497
  <param pos="0" name="service.family" value="vsFTPd"/>
418
498
  <param pos="0" name="service.product" value="vsFTPd"/>
499
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
419
500
  </fingerprint>
501
+
420
502
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
421
503
  <description>FileZilla FTP Server</description>
422
504
  <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
423
505
  <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
424
506
  <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
425
507
  <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
508
+ <param pos="0" name="service.vendor" value="Filezilla-Project"/>
426
509
  <param pos="0" name="service.family" value="FileZilla FTP Server"/>
427
510
  <param pos="0" name="service.product" value="FileZilla FTP Server"/>
428
511
  <param pos="1" name="service.version"/>
512
+ <param pos="0" name="os.vendor" value="Microsoft"/>
513
+ <param pos="0" name="os.family" value="Windows"/>
514
+ <param pos="0" name="os.product" value="Windows"/>
515
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
429
516
  </fingerprint>
517
+
430
518
  <fingerprint pattern="^\s*APC FTP server ready\.$">
431
519
  <description>APC device</description>
432
520
  <example>APC FTP server ready.</example>
@@ -437,6 +525,7 @@ more text
437
525
  <param pos="0" name="hw.vendor" value="APC"/>
438
526
  <param pos="0" name="hw.device" value="Power device"/>
439
527
  </fingerprint>
528
+
440
529
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
441
530
  <description>APC power/cooling device</description>
442
531
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -453,6 +542,7 @@ more text
453
542
  <param pos="0" name="hw.vendor" value="APC"/>
454
543
  <param pos="0" name="hw.device" value="Power device"/>
455
544
  </fingerprint>
545
+
456
546
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
457
547
  <description>EMC Celerra</description>
458
548
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -470,6 +560,7 @@ more text
470
560
  <param pos="0" name="hw.device" value="Storage"/>
471
561
  <param pos="0" name="hw.product" value="Celerra"/>
472
562
  </fingerprint>
563
+
473
564
  <fingerprint pattern="^JD FTP Server Ready.*$">
474
565
  <description>HP JetDirect printer</description>
475
566
  <example>JD FTP Server Ready</example>
@@ -486,6 +577,7 @@ more text
486
577
  <param pos="0" name="hw.family" value="JetDirect"/>
487
578
  <param pos="0" name="hw.product" value="JetDirect"/>
488
579
  </fingerprint>
580
+
489
581
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
490
582
  <description>Check Point FireWall-1</description>
491
583
  <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -503,6 +595,7 @@ more text
503
595
  <param pos="0" name="hw.family" value="Firewall-1"/>
504
596
  <param pos="1" name="host.name"/>
505
597
  </fingerprint>
598
+
506
599
  <fingerprint pattern="^Blue Coat FTP Service$">
507
600
  <description>Blue Coat security appliances</description>
508
601
  <example>Blue Coat FTP Service</example>
@@ -511,11 +604,13 @@ more text
511
604
  <param pos="0" name="os.vendor" value="Blue Coat"/>
512
605
  <param pos="0" name="os.device" value="Web proxy"/>
513
606
  </fingerprint>
607
+
514
608
  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
515
609
  <description>Nepenthes honeypot</description>
516
610
  <param pos="0" name="service.family" value="Nepenthes"/>
517
611
  <param pos="0" name="service.product" value="Nepenthes"/>
518
612
  </fingerprint>
613
+
519
614
  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
520
615
  <description>IBM z/OS FTP Service</description>
521
616
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -526,8 +621,10 @@ more text
526
621
  <param pos="0" name="os.family" value="z/OS"/>
527
622
  <param pos="0" name="os.device" value="Mainframe"/>
528
623
  <param pos="1" name="os.version"/>
624
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
529
625
  <param pos="2" name="host.name"/>
530
626
  </fingerprint>
627
+
531
628
  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
532
629
  <description>IBM 4690 FTP Service</description>
533
630
  <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -538,6 +635,7 @@ more text
538
635
  <param pos="0" name="os.family" value="4690"/>
539
636
  <param pos="0" name="os.device" value="Point of sale"/>
540
637
  </fingerprint>
638
+
541
639
  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
542
640
  <description>NcFTPd Server
543
641
  http://www.ncftp.com/ncftpd/</description>
@@ -546,6 +644,7 @@ more text
546
644
  <param pos="0" name="service.product" value="NcFTPd Server"/>
547
645
  <param pos="1" name="host.name"/>
548
646
  </fingerprint>
647
+
549
648
  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
550
649
  <description>D-Link DCS-2100 wireless internet camera</description>
551
650
  <example>hostname DCS-2100 FTP server ready.</example>
@@ -554,6 +653,7 @@ more text
554
653
  <param pos="0" name="os.device" value="Web cam"/>
555
654
  <param pos="1" name="host.name"/>
556
655
  </fingerprint>
656
+
557
657
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
558
658
  <description>Raptor firewall</description>
559
659
  <example>Secure Gateway FTP server ready.</example>
@@ -562,6 +662,7 @@ more text
562
662
  <param pos="0" name="os.product" value="Raptor"/>
563
663
  <param pos="0" name="os.device" value="Firewall"/>
564
664
  </fingerprint>
665
+
565
666
  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
566
667
  <description>Sun StorEdge disk array</description>
567
668
  <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -570,6 +671,7 @@ more text
570
671
  <param pos="1" name="os.product"/>
571
672
  <param pos="0" name="os.device" value="Storage"/>
572
673
  </fingerprint>
674
+
573
675
  <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
574
676
  <description>Axis Network Camera</description>
575
677
  <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -582,28 +684,47 @@ more text
582
684
  <param pos="0" name="hw.device" value="Web cam"/>
583
685
  <param pos="1" name="hw.product"/>
584
686
  <param pos="2" name="hw.version"/>
687
+ <param pos="0" name="os.vendor" value="AXIS"/>
688
+ <param pos="0" name="os.family" value="Linux"/>
689
+ <param pos="0" name="os.device" value="Web cam"/>
585
690
  </fingerprint>
586
- <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
587
- <description>Axis Audio/Video encoders/servers</description>
691
+
692
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
693
+ <description>Axis Video encoders/servers</description>
588
694
  <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
589
695
  <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
590
696
  <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
591
697
  <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
592
698
  <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
593
699
  <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
700
+ <param pos="0" name="hw.vendor" value="Axis"/>
701
+ <param pos="1" name="hw.product"/>
702
+ <param pos="2" name="hw.version"/>
703
+ <param pos="0" name="hw.device" value="Video Encoder"/>
704
+ <param pos="0" name="os.vendor" value="AXIS"/>
705
+ <param pos="0" name="os.family" value="Linux"/>
706
+ </fingerprint>
707
+
708
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
709
+ <description>Axis Audio encoders/servers</description>
594
710
  <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
595
711
  <param pos="0" name="hw.vendor" value="Axis"/>
596
712
  <param pos="1" name="hw.product"/>
597
713
  <param pos="2" name="hw.version"/>
714
+ <param pos="0" name="hw.device" value="Audio Encoder"/>
715
+ <param pos="0" name="os.vendor" value="AXIS"/>
716
+ <param pos="0" name="os.family" value="Linux"/>
598
717
  </fingerprint>
718
+
599
719
  <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
600
720
  <description>Axis Door Controllers</description>
601
721
  <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
602
722
  <param pos="0" name="hw.vendor" value="Axis"/>
603
- <param pos="0" name="hw.device" value="Building Automation"/>
723
+ <param pos="0" name="hw.device" value="Access Control"/>
604
724
  <param pos="1" name="hw.product"/>
605
725
  <param pos="2" name="hw.version"/>
606
726
  </fingerprint>
727
+
607
728
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
608
729
  <description>Axis print servers</description>
609
730
  <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -614,6 +735,7 @@ more text
614
735
  <param pos="1" name="hw.product"/>
615
736
  <param pos="2" name="hw.version"/>
616
737
  </fingerprint>
738
+
617
739
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
618
740
  <description>Ricoh Aficio multifunction device</description>
619
741
  <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -629,6 +751,7 @@ more text
629
751
  <param pos="1" name="os.product"/>
630
752
  <param pos="2" name="os.version"/>
631
753
  </fingerprint>
754
+
632
755
  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
633
756
  <description>Ricoh NRG multifunction device</description>
634
757
  <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -647,6 +770,7 @@ more text
647
770
  <param pos="0" name="hw.device" value="Multifunction Device"/>
648
771
  <param pos="1" name="hw.product"/>
649
772
  </fingerprint>
773
+
650
774
  <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
651
775
  <description>Xerox WorkCentre</description>
652
776
  <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -661,6 +785,7 @@ more text
661
785
  <param pos="0" name="hw.device" value="Printer"/>
662
786
  <param pos="1" name="hw.product"/>
663
787
  </fingerprint>
788
+
664
789
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
665
790
  <description>Xerox Phaser Laser Printer</description>
666
791
  <example>Xerox Phaser 6130N</example>
@@ -674,6 +799,7 @@ more text
674
799
  <param pos="0" name="hw.device" value="Printer"/>
675
800
  <param pos="1" name="hw.product"/>
676
801
  </fingerprint>
802
+
677
803
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
678
804
  <description>Xerox Wide Format Series of Printers</description>
679
805
  <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -686,6 +812,7 @@ more text
686
812
  <param pos="0" name="hw.device" value="Printer"/>
687
813
  <param pos="1" name="hw.product"/>
688
814
  </fingerprint>
815
+
689
816
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
690
817
  <description>FUJI XEROX DocuPrint Series of Printers</description>
691
818
  <example>FUJI XEROX DocuPrint 3055</example>
@@ -696,6 +823,7 @@ more text
696
823
  <param pos="0" name="os.device" value="Printer"/>
697
824
  <param pos="1" name="os.product"/>
698
825
  </fingerprint>
826
+
699
827
  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
700
828
  <description>Lexmark printer with MAC address</description>
701
829
  <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -707,6 +835,7 @@ more text
707
835
  <param pos="0" name="hw.device" value="Printer"/>
708
836
  <param pos="2" name="hw.product"/>
709
837
  </fingerprint>
838
+
710
839
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
711
840
  <description>Lexmark printer with OS version</description>
712
841
  <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -717,6 +846,7 @@ more text
717
846
  <param pos="0" name="hw.device" value="Printer"/>
718
847
  <param pos="1" name="hw.product"/>
719
848
  </fingerprint>
849
+
720
850
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
721
851
  <description>Lexmark printer</description>
722
852
  <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -726,6 +856,17 @@ more text
726
856
  <param pos="0" name="hw.device" value="Printer"/>
727
857
  <param pos="1" name="hw.product"/>
728
858
  </fingerprint>
859
+
860
+ <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
861
+ <description>Kyocera Multifunction Device</description>
862
+ <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
863
+ <param pos="0" name="os.vendor" value="Kyocera"/>
864
+ <param pos="0" name="os.device" value="Multifunction Device"/>
865
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
866
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
867
+ <param pos="1" name="hw.product"/>
868
+ </fingerprint>
869
+
729
870
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
730
871
  <description>VxWorks with version information</description>
731
872
  <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -737,6 +878,7 @@ more text
737
878
  <param pos="1" name="os.version"/>
738
879
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
739
880
  </fingerprint>
881
+
740
882
  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
741
883
  <description>VxWorks without version information</description>
742
884
  <example>Tornado-vxWorks FTP server ready</example>
@@ -744,6 +886,7 @@ more text
744
886
  <param pos="0" name="os.product" value="VxWorks"/>
745
887
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
746
888
  </fingerprint>
889
+
747
890
  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
748
891
  <description>VxWorks 6 with version information</description>
749
892
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -751,24 +894,27 @@ more text
751
894
  <param pos="0" name="os.vendor" value="Wind River"/>
752
895
  <param pos="0" name="os.product" value="VxWorks"/>
753
896
  <param pos="1" name="os.version"/>
754
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
897
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
755
898
  </fingerprint>
899
+
756
900
  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
757
901
  <description>VxWorks on Tenor MultiPath with version information</description>
758
- <example os.version="5.4.2"><![CDATA[<38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
902
+ <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
759
903
  <param pos="0" name="os.vendor" value="Wind River"/>
760
904
  <param pos="0" name="os.product" value="VxWorks"/>
761
905
  <param pos="1" name="os.version"/>
762
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
906
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
763
907
  </fingerprint>
908
+
764
909
  <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
765
910
  <description>VxWorks with Secure NetLinx</description>
766
911
  <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
767
912
  <param pos="0" name="os.vendor" value="Wind River"/>
768
913
  <param pos="0" name="os.product" value="VxWorks"/>
769
914
  <param pos="1" name="os.version"/>
770
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
915
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
771
916
  </fingerprint>
917
+
772
918
  <fingerprint pattern="^ADC iScale$">
773
919
  <description>ADC iScale</description>
774
920
  <example>ADC iScale</example>
@@ -777,6 +923,7 @@ more text
777
923
  <param pos="0" name="os.vendor" value="ADC"/>
778
924
  <param pos="0" name="os.product" value="iScale"/>
779
925
  </fingerprint>
926
+
780
927
  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
781
928
  <description>Taskalfa Series of Printers</description>
782
929
  <example>TASKalfa 300ci FTP server</example>
@@ -790,6 +937,7 @@ more text
790
937
  <param pos="0" name="hw.device" value="Multifunction Device"/>
791
938
  <param pos="1" name="hw.product"/>
792
939
  </fingerprint>
940
+
793
941
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
794
942
  <description>SAVIN Printer FTP Server</description>
795
943
  <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -810,6 +958,7 @@ more text
810
958
  <param pos="0" name="hw.device" value="Printer"/>
811
959
  <param pos="1" name="hw.product"/>
812
960
  </fingerprint>
961
+
813
962
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
814
963
  <description>OCE IM series Printer</description>
815
964
  <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -820,6 +969,7 @@ more text
820
969
  <param pos="1" name="os.product"/>
821
970
  <param pos="2" name="os.version"/>
822
971
  </fingerprint>
972
+
823
973
  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
824
974
  <description>OCE Printer</description>
825
975
  <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -829,6 +979,7 @@ more text
829
979
  <param pos="1" name="os.product"/>
830
980
  <param pos="2" name="os.version"/>
831
981
  </fingerprint>
982
+
832
983
  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
833
984
  <description>MPI Technologies Linkcom Express FTP Server with os version</description>
834
985
  <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -838,6 +989,7 @@ more text
838
989
  <param pos="1" name="hw.product"/>
839
990
  <param pos="2" name="os.version"/>
840
991
  </fingerprint>
992
+
841
993
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
842
994
  <description>MPI Technologies Linkcom Express FTP Server</description>
843
995
  <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -846,6 +998,7 @@ more text
846
998
  <param pos="0" name="hw.device" value="Print server"/>
847
999
  <param pos="1" name="hw.product"/>
848
1000
  </fingerprint>
1001
+
849
1002
  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
850
1003
  <description>IBM Infoprint FTP</description>
851
1004
  <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -858,6 +1011,7 @@ more text
858
1011
  <param pos="1" name="os.product"/>
859
1012
  <param pos="2" name="os.version"/>
860
1013
  </fingerprint>
1014
+
861
1015
  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
862
1016
  <description>Gestetner Printer FTP</description>
863
1017
  <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -870,6 +1024,7 @@ more text
870
1024
  <param pos="1" name="os.product"/>
871
1025
  <param pos="2" name="os.version"/>
872
1026
  </fingerprint>
1027
+
873
1028
  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
874
1029
  <description>Gestetner Printer FTP - short banner</description>
875
1030
  <example>Gestetner MPC2500</example>
@@ -877,6 +1032,7 @@ more text
877
1032
  <param pos="0" name="os.device" value="Multifunction Device"/>
878
1033
  <param pos="1" name="os.product"/>
879
1034
  </fingerprint>
1035
+
880
1036
  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
881
1037
  <description>Lexmark Marknet Printers FTP</description>
882
1038
  <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -886,6 +1042,7 @@ more text
886
1042
  <param pos="1" name="os.product"/>
887
1043
  <param pos="2" name="os.version"/>
888
1044
  </fingerprint>
1045
+
889
1046
  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
890
1047
  <description>Source Technologies ST9600 Series Secure Printer</description>
891
1048
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -898,6 +1055,7 @@ more text
898
1055
  <param pos="2" name="os.product"/>
899
1056
  <param pos="3" name="os.version"/>
900
1057
  </fingerprint>
1058
+
901
1059
  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
902
1060
  <description>Lexmark ProXXX Series of Printers</description>
903
1061
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -910,6 +1068,7 @@ more text
910
1068
  <param pos="0" name="hw.device" value="Printer"/>
911
1069
  <param pos="2" name="hw.product"/>
912
1070
  </fingerprint>
1071
+
913
1072
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
914
1073
  <description>Lexmark Forms Printer</description>
915
1074
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -924,6 +1083,7 @@ more text
924
1083
  <param pos="0" name="hw.device" value="Printer"/>
925
1084
  <param pos="2" name="hw.product"/>
926
1085
  </fingerprint>
1086
+
927
1087
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
928
1088
  <description>Toshiba e-STUDIO Printer with MAC address</description>
929
1089
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -937,6 +1097,7 @@ more text
937
1097
  <param pos="0" name="hw.device" value="Multifunction Device"/>
938
1098
  <param pos="0" name="hw.product" value="e-STUDIO"/>
939
1099
  </fingerprint>
1100
+
940
1101
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
941
1102
  <description>Toshiba e-STUDIO Printer</description>
942
1103
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -948,6 +1109,7 @@ more text
948
1109
  <param pos="0" name="hw.device" value="Multifunction Device"/>
949
1110
  <param pos="0" name="hw.product" value="e-STUDIO"/>
950
1111
  </fingerprint>
1112
+
951
1113
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
952
1114
  <description>Lexmark Optra Printer</description>
953
1115
  <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -962,6 +1124,7 @@ more text
962
1124
  <param pos="0" name="hw.device" value="Printer"/>
963
1125
  <param pos="1" name="hw.product"/>
964
1126
  </fingerprint>
1127
+
965
1128
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
966
1129
  <description>Sharp Printer/Copier/Scanne</description>
967
1130
  <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -983,6 +1146,7 @@ more text
983
1146
  <param pos="0" name="hw.family" value="MX Series"/>
984
1147
  <param pos="1" name="hw.product"/>
985
1148
  </fingerprint>
1149
+
986
1150
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
987
1151
  <description>Kyocera Printer with version string</description>
988
1152
  <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -995,6 +1159,7 @@ more text
995
1159
  <param pos="0" name="hw.device" value="Multifunction Device"/>
996
1160
  <param pos="1" name="hw.product"/>
997
1161
  </fingerprint>
1162
+
998
1163
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
999
1164
  <description>Kyocera Printer</description>
1000
1165
  <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1008,6 +1173,7 @@ more text
1008
1173
  <param pos="0" name="hw.family" value="FS"/>
1009
1174
  <param pos="1" name="hw.product"/>
1010
1175
  </fingerprint>
1176
+
1011
1177
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1012
1178
  <description>Extended Systems ExtendNet Print Server</description>
1013
1179
  <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1029,6 +1195,7 @@ more text
1029
1195
  <param pos="0" name="hw.device" value="Print server"/>
1030
1196
  <param pos="1" name="hw.product"/>
1031
1197
  </fingerprint>
1198
+
1032
1199
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1033
1200
  <description>SATO Printer</description>
1034
1201
  <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1039,6 +1206,7 @@ more text
1039
1206
  <param pos="0" name="hw.vendor" value="SATO"/>
1040
1207
  <param pos="0" name="hw.device" value="Printer"/>
1041
1208
  </fingerprint>
1209
+
1042
1210
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1043
1211
  <description>AMTDatasouth Fastmark M5</description>
1044
1212
  <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1056,6 +1224,7 @@ more text
1056
1224
  <param pos="0" name="hw.product" value="Fastmark M5"/>
1057
1225
  <param pos="0" name="hw.device" value="Printer"/>
1058
1226
  </fingerprint>
1227
+
1059
1228
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1060
1229
  <description>EFI FTP Print Server</description>
1061
1230
  <example>EFI FTP Print server ready.</example>
@@ -1065,7 +1234,9 @@ more text
1065
1234
  <param pos="0" name="os.product" value="Fiery Print Server"/>
1066
1235
  <param pos="0" name="os.device" value="Print server"/>
1067
1236
  </fingerprint>
1237
+
1068
1238
  <!-- Conjectured based on known MX FTP fingerprints -->
1239
+
1069
1240
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1070
1241
  <description>Sharp AR Series multifunction device</description>
1071
1242
  <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1079,6 +1250,7 @@ more text
1079
1250
  <param pos="0" name="hw.family" value="AR Series"/>
1080
1251
  <param pos="1" name="hw.product"/>
1081
1252
  </fingerprint>
1253
+
1082
1254
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1083
1255
  <description>Konica Minolta FTP Server - w/o version</description>
1084
1256
  <example>KONICA MINOLTA FTP server ready.</example>
@@ -1091,6 +1263,7 @@ more text
1091
1263
  <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1092
1264
  <param pos="0" name="hw.product" value="Printer"/>
1093
1265
  </fingerprint>
1266
+
1094
1267
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1095
1268
  <description>Konica Minolta FTP Server</description>
1096
1269
  <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1108,6 +1281,7 @@ more text
1108
1281
  <param pos="0" name="service.product" value="KM FTPD"/>
1109
1282
  <param pos="2" name="service.version"/>
1110
1283
  </fingerprint>
1284
+
1111
1285
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1112
1286
  <description>ZebraNet Print Server FTP</description>
1113
1287
  <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1121,12 +1295,26 @@ more text
1121
1295
  <param pos="0" name="hw.device" value="Print server"/>
1122
1296
  <param pos="1" name="hw.product"/>
1123
1297
  </fingerprint>
1298
+
1299
+ <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1300
+ <description>Dell Laser Printer</description>
1301
+ <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
1302
+ <param pos="0" name="os.vendor" value="Dell"/>
1303
+ <param pos="0" name="os.device" value="Printer"/>
1304
+ <param pos="0" name="hw.vendor" value="Dell"/>
1305
+ <param pos="0" name="hw.device" value="Printer"/>
1306
+ <param pos="1" name="host.name"/>
1307
+ <param pos="2" name="host.mac"/>
1308
+ <param pos="3" name="hw.product"/>
1309
+ </fingerprint>
1310
+
1124
1311
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1125
1312
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1126
1313
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1127
1314
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1128
1315
  <param pos="1" name="host.name"/>
1129
1316
  </fingerprint>
1317
+
1130
1318
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1131
1319
  <description>Cisco TelePresence</description>
1132
1320
  <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1142,6 +1330,7 @@ more text
1142
1330
  <param pos="2" name="hw.model"/>
1143
1331
  <param pos="3" name="os.version"/>
1144
1332
  </fingerprint>
1333
+
1145
1334
  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1146
1335
  <description>Digital/Compaq/HP Tru64 Unix</description>
1147
1336
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1152,6 +1341,7 @@ more text
1152
1341
  <param pos="2" name="os.version"/>
1153
1342
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1154
1343
  </fingerprint>
1344
+
1155
1345
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1156
1346
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1157
1347
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1161,6 +1351,7 @@ more text
1161
1351
  <param pos="1" name="host.name"/>
1162
1352
  <param pos="2" name="os.version"/>
1163
1353
  </fingerprint>
1354
+
1164
1355
  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1165
1356
  <description>MikroTik</description>
1166
1357
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1170,6 +1361,7 @@ more text
1170
1361
  <param pos="2" name="os.version"/>
1171
1362
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1172
1363
  </fingerprint>
1364
+
1173
1365
  <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1174
1366
  <description>MikroTik w/o hostname</description>
1175
1367
  <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
@@ -1178,6 +1370,7 @@ more text
1178
1370
  <param pos="1" name="os.version"/>
1179
1371
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1180
1372
  </fingerprint>
1373
+
1181
1374
  <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1182
1375
  <description>FTPD on an Asus Wireless Access Point/Router</description>
1183
1376
  <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1189,6 +1382,7 @@ more text
1189
1382
  <param pos="0" name="hw.device" value="WAP"/>
1190
1383
  <param pos="1" name="hw.product"/>
1191
1384
  </fingerprint>
1385
+
1192
1386
  <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1193
1387
  <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1194
1388
  <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1199,6 +1393,7 @@ more text
1199
1393
  <param pos="0" name="hw.device" value="DSL Modem"/>
1200
1394
  <param pos="1" name="hw.product"/>
1201
1395
  </fingerprint>
1396
+
1202
1397
  <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1203
1398
  <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1204
1399
  <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1208,6 +1403,7 @@ more text
1208
1403
  <param pos="0" name="hw.device" value="WAP"/>
1209
1404
  <param pos="1" name="hw.product"/>
1210
1405
  </fingerprint>
1406
+
1211
1407
  <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1212
1408
  <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1213
1409
  <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1221,6 +1417,7 @@ more text
1221
1417
  <param pos="0" name="hw.family" value="FRITZ!Box"/>
1222
1418
  <param pos="1" name="hw.product"/>
1223
1419
  </fingerprint>
1420
+
1224
1421
  <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1225
1422
  <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1226
1423
  <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1228,10 +1425,11 @@ more text
1228
1425
  <param pos="0" name="service.product" value="inetutils ftpd"/>
1229
1426
  <param pos="0" name="service.vendor" value="GNU"/>
1230
1427
  <param pos="1" name="service.version"/>
1231
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1428
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1232
1429
  <param pos="0" name="hw.family" value="WiMax"/>
1233
1430
  <param pos="0" name="hw.device" value="WAP"/>
1234
1431
  </fingerprint>
1432
+
1235
1433
  <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1236
1434
  <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1237
1435
  <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1243,6 +1441,7 @@ more text
1243
1441
  <param pos="1" name="hw.product"/>
1244
1442
  <param pos="2" name="os.version"/>
1245
1443
  </fingerprint>
1444
+
1246
1445
  <fingerprint pattern="^DiskStation FTP server ready\.$">
1247
1446
  <description>FTPD on a Synology DiskStation NAS</description>
1248
1447
  <example>DiskStation FTP server ready.</example>
@@ -1255,6 +1454,7 @@ more text
1255
1454
  <param pos="0" name="hw.family" value="DiskStation"/>
1256
1455
  <param pos="0" name="hw.device" value="NAS"/>
1257
1456
  </fingerprint>
1457
+
1258
1458
  <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1259
1459
  <description>FTPD on a Synology device</description>
1260
1460
  <example>Synology FTP server ready.</example>
@@ -1266,6 +1466,7 @@ more text
1266
1466
  <param pos="0" name="os.product" value="Linux"/>
1267
1467
  <param pos="0" name="hw.vendor" value="Synology"/>
1268
1468
  </fingerprint>
1469
+
1269
1470
  <fingerprint pattern="^.Welcome to MyBookLive.$">
1270
1471
  <description>FTPD on Western Digital My Book Live NAS</description>
1271
1472
  <example>"Welcome to MyBookLive"</example>
@@ -1274,6 +1475,7 @@ more text
1274
1475
  <param pos="0" name="hw.product" value="My Book Live"/>
1275
1476
  <param pos="0" name="hw.device" value="NAS"/>
1276
1477
  </fingerprint>
1478
+
1277
1479
  <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1278
1480
  <description>Multicraft FTPD Server</description>
1279
1481
  <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1283,6 +1485,7 @@ more text
1283
1485
  <param pos="0" name="service.vendor" value="Multicraft"/>
1284
1486
  <param pos="1" name="service.version"/>
1285
1487
  </fingerprint>
1488
+
1286
1489
  <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1287
1490
  <description>Bftpd FTPD Server</description>
1288
1491
  <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1294,6 +1497,7 @@ more text
1294
1497
  <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1295
1498
  <param pos="2" name="host.ip"/>
1296
1499
  </fingerprint>
1500
+
1297
1501
  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1298
1502
  <description>ProFTPD on QNAP Turbo Station NAS</description>
1299
1503
  <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1309,6 +1513,7 @@ more text
1309
1513
  <param pos="0" name="hw.device" value="NAS"/>
1310
1514
  <param pos="2" name="host.ip"/>
1311
1515
  </fingerprint>
1516
+
1312
1517
  <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1313
1518
  <description>Twisted (Python) FTP Server</description>
1314
1519
  <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1318,6 +1523,7 @@ more text
1318
1523
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1319
1524
  <param pos="1" name="service.version"/>
1320
1525
  </fingerprint>
1526
+
1321
1527
  <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1322
1528
  <description>Gene6 FTP Server on Windows</description>
1323
1529
  <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1331,6 +1537,7 @@ more text
1331
1537
  <param pos="0" name="os.product" value="Windows"/>
1332
1538
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1333
1539
  </fingerprint>
1540
+
1334
1541
  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1335
1542
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1336
1543
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1346,6 +1553,7 @@ more text
1346
1553
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1347
1554
  <param pos="1" name="host.name"/>
1348
1555
  </fingerprint>
1556
+
1349
1557
  <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1350
1558
  <description>WS_FTP FTP Server on Windows - V2 variant</description>
1351
1559
  <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1359,24 +1567,27 @@ more text
1359
1567
  <param pos="0" name="os.product" value="Windows"/>
1360
1568
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1361
1569
  </fingerprint>
1570
+
1362
1571
  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1363
1572
  <description>ZyXEL Unified Security Gateway</description>
1364
1573
  <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1365
1574
  <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1366
1575
  <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1367
- <param pos="0" name="service.vendor" value="ZyXEL"/>
1576
+ <param pos="0" name="service.vendor" value="Zyxel"/>
1368
1577
  <param pos="0" name="service.family" value="Unified Security Gateway"/>
1369
1578
  <param pos="0" name="service.product" value="FTPD"/>
1370
1579
  <param pos="2" name="host.ip"/>
1371
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1580
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1372
1581
  <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1373
1582
  <param pos="1" name="hw.product"/>
1374
1583
  </fingerprint>
1584
+
1375
1585
  <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1376
1586
  <description>FTPD on a TP-LINK device (no version/host info)</description>
1377
1587
  <example>Welcome to TP-LINK FTP server</example>
1378
1588
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
1379
1589
  </fingerprint>
1590
+
1380
1591
  <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1381
1592
  <description>FTPD on a TP-LINK device with version, but no host info</description>
1382
1593
  <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
@@ -1384,6 +1595,7 @@ more text
1384
1595
  <param pos="0" name="service.product" value="FTPD"/>
1385
1596
  <param pos="1" name="service.version"/>
1386
1597
  </fingerprint>
1598
+
1387
1599
  <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1388
1600
  <description>ucftpd with version</description>
1389
1601
  <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
@@ -1392,18 +1604,21 @@ more text
1392
1604
  <param pos="0" name="service.product" value="ucftpd"/>
1393
1605
  <param pos="1" name="service.version"/>
1394
1606
  </fingerprint>
1607
+
1395
1608
  <fingerprint pattern="^ucftpd FTP server ready\.$">
1396
1609
  <description>ucftpd without version</description>
1397
1610
  <example>ucftpd FTP server ready.</example>
1398
1611
  <param pos="0" name="service.family" value="ucftpd"/>
1399
1612
  <param pos="0" name="service.product" value="ucftpd"/>
1400
1613
  </fingerprint>
1614
+
1401
1615
  <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1402
1616
  <description>TBS FTP Server</description>
1403
1617
  <example>Welcome to TBS FTP Server.</example>
1404
1618
  <param pos="0" name="service.family" value="TBS FTP Server"/>
1405
1619
  <param pos="0" name="service.product" value="TBS FTP Server"/>
1406
1620
  </fingerprint>
1621
+
1407
1622
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1408
1623
  <description>Sofrel Remote Terminal Unit</description>
1409
1624
  <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
@@ -1414,6 +1629,7 @@ more text
1414
1629
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1415
1630
  <param pos="3" name="system.time"/>
1416
1631
  </fingerprint>
1632
+
1417
1633
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1418
1634
  <description>ALCATEL Service Router running TiMOS</description>
1419
1635
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1424,11 +1640,13 @@ more text
1424
1640
  <param pos="0" name="hw.family" value="Service Router"/>
1425
1641
  <param pos="2" name="hw.product"/>
1426
1642
  </fingerprint>
1643
+
1427
1644
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1428
1645
  <description>Generic FTP fingerprint with a hostname</description>
1429
1646
  <example host.name="example.com">example.com FTP server ready.</example>
1430
1647
  <param pos="1" name="host.name"/>
1431
1648
  </fingerprint>
1649
+
1432
1650
  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1433
1651
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1434
1652
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1436,6 +1654,7 @@ more text
1436
1654
  <param pos="1" name="host.name"/>
1437
1655
  <param pos="2" name="service.version"/>
1438
1656
  </fingerprint>
1657
+
1439
1658
  <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1440
1659
  <description>Generic FTP fingerprint without a hostname</description>
1441
1660
  <example>FTP server is ready.</example>
@@ -1445,12 +1664,14 @@ more text
1445
1664
  <example>FTP Server</example>
1446
1665
  <example>FTP service ready.</example>
1447
1666
  </fingerprint>
1667
+
1448
1668
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1449
1669
  <description>The FTP server of the ProRat malware</description>
1450
1670
  <example>Welcom to ProRat Ftp Server</example>
1451
1671
  <param pos="0" name="service.vendor" value="Pro Group"/>
1452
1672
  <param pos="0" name="service.product" value="ProRat"/>
1453
1673
  </fingerprint>
1674
+
1454
1675
  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1455
1676
  <description>Vermillion FTP Daemon</description>
1456
1677
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1464,6 +1685,7 @@ more text
1464
1685
  <param pos="2" name="service.version"/>
1465
1686
  <param pos="1" name="host.name"/>
1466
1687
  </fingerprint>
1688
+
1467
1689
  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1468
1690
  <description>QVT/Net FTP Server</description>
1469
1691
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1477,6 +1699,7 @@ more text
1477
1699
  <param pos="2" name="service.version"/>
1478
1700
  <param pos="1" name="host.name"/>
1479
1701
  </fingerprint>
1702
+
1480
1703
  <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1481
1704
  <description>Amazon Linux AMI</description>
1482
1705
  <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1485,8 +1708,10 @@ more text
1485
1708
  <param pos="0" name="os.product" value="Linux AMI"/>
1486
1709
  <param pos="1" name="os.version"/>
1487
1710
  </fingerprint>
1711
+
1488
1712
  <!-- Below are banners for FTP service providers, not necessarily
1489
1713
  specific FTP servers-->
1714
+
1490
1715
  <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1491
1716
  <description>Idea FTP Server</description>
1492
1717
  <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1497,16 +1722,51 @@ more text
1497
1722
  <param pos="2" name="host.name"/>
1498
1723
  <param pos="3" name="host.ip"/>
1499
1724
  </fingerprint>
1725
+
1500
1726
  <fingerprint pattern="^Amazon Ftp$">
1501
1727
  <description>Amazon FTP endpoint</description>
1502
1728
  <example>Amazon Ftp</example>
1503
1729
  <param pos="0" name="service.vendor" value="Amazon"/>
1504
1730
  <param pos="0" name="service.product" value="FTP Server"/>
1505
1731
  </fingerprint>
1732
+
1506
1733
  <fingerprint pattern="^Dreamhost FTP Server$">
1507
1734
  <description>Dreamhost FTP endpoint</description>
1508
1735
  <example>Dreamhost FTP Server</example>
1509
1736
  <param pos="0" name="service.vendor" value="Dreamhost"/>
1510
1737
  <param pos="0" name="service.product" value="FTP Server"/>
1511
1738
  </fingerprint>
1512
- </fingerprints>
1739
+
1740
+ <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1741
+ <description>IBM iSeries FTP</description>
1742
+ <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
1743
+ <param pos="0" name="os.vendor" value="IBM"/>
1744
+ <param pos="0" name="os.family" value="OS/400"/>
1745
+ <param pos="0" name="os.product" value="OS/400"/>
1746
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1747
+ <param pos="1" name="host.name"/>
1748
+ </fingerprint>
1749
+
1750
+ <fingerprint pattern="^HomeLogic FTP Server">
1751
+ <description>ELAN Smart Home Controller</description>
1752
+ <example>HomeLogic FTP Server Please Give User Name</example>
1753
+ <param pos="0" name="hw.vendor" value="ELAN"/>
1754
+ <param pos="0" name="hw.device" value="Building Automation"/>
1755
+ <param pos="0" name="hw.product" value="Home Controller"/>
1756
+ <param pos="0" name="os.vendor" value="ELAN"/>
1757
+ <param pos="0" name="os.family" value="Linux"/>
1758
+ </fingerprint>
1759
+
1760
+ <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
1761
+ <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
1762
+ <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
1763
+ <param pos="0" name="hw.vendor" value="Honeywell"/>
1764
+ <param pos="1" name="hw.model"/>
1765
+ <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
1766
+ <param pos="0" name="hw.device" value="Printer"/>
1767
+ <param pos="0" name="os.vendor" value="Honeywell"/>
1768
+ <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
1769
+ <param pos="0" name="os.device" value="Printer"/>
1770
+ </fingerprint>
1771
+
1772
+ </fingerprints>