recog 2.3.7 → 2.3.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -2
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +18 -16
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +36 -1
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +200 -26
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +276 -16
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +1419 -72
  43. data/xml/http_cookies.xml +77 -10
  44. data/xml/http_servers.xml +898 -47
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +23 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +32 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +43 -23
  58. data/xml/sip_banners.xml +9 -14
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +233 -13
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +776 -52
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +259 -80
  77. data/xml/telnet_banners.xml +376 -23
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +37 -13
  80. data/xml/x509_subjects.xml +525 -55
  81. metadata +29 -6
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.cookie" protocol="http" database_type="service">
3
3
  <!--
4
4
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
5
5
  servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
9
  <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
9
10
  <param pos="1" name="cookie"/>
@@ -12,6 +13,7 @@
12
13
  <param pos="0" name="service.product" value="ColdFusion"/>
13
14
  <param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
14
15
  </fingerprint>
16
+
15
17
  <fingerprint pattern="^ANsession\d+=(\S+);.*">
16
18
  <description>Array Networks Secure Access Gateway / SSL VPN</description>
17
19
  <example>ANsession0002262072457555=IPMI; path=/;secure</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="service.family" value="Secure Access Gateway"/>
21
23
  <param pos="0" name="hw.device" value="VPN"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
24
27
  <description>Apache</description>
25
28
  <param pos="1" name="cookie"/>
@@ -29,6 +32,7 @@
29
32
  <param pos="0" name="service.product" value="HTTPD"/>
30
33
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="^(JServSessionIdroot)=.*">
33
37
  <description>Apache JServ</description>
34
38
  <param pos="1" name="cookie"/>
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="service.family" value="JServ"/>
37
41
  <param pos="0" name="service.product" value="JServ"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
40
45
  <description>ATG Dynamo</description>
41
46
  <param pos="1" name="cookie"/>
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="service.family" value="Dynamo"/>
44
49
  <param pos="0" name="service.product" value="Dynamo"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
47
53
  <description>BEA WebLogic (with timestamp)</description>
48
54
  <param pos="1" name="cookie"/>
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="service.product" value="WebLogic"/>
53
59
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^(WebLogicSession)=.*">
56
63
  <description>BEA WebLogic (no timestamp)</description>
57
64
  <param pos="1" name="cookie"/>
@@ -60,6 +67,7 @@
60
67
  <param pos="0" name="service.product" value="WebLogic"/>
61
68
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
62
69
  </fingerprint>
70
+
63
71
  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
64
72
  <description>BlueCoat Proxy</description>
65
73
  <param pos="1" name="cookie"/>
@@ -67,20 +75,22 @@
67
75
  <param pos="0" name="service.family" value="Proxy"/>
68
76
  <param pos="0" name="service.product" value="Proxy"/>
69
77
  </fingerprint>
78
+
70
79
  <fingerprint pattern="^(CAKEPHP)=.*">
71
80
  <description>CakePHP - http://www.cakephp.org/</description>
72
81
  <param pos="1" name="cookie"/>
73
82
  <param pos="0" name="service.family" value="PHP"/>
74
83
  <param pos="0" name="service.product" value="CakePHP"/>
75
84
  </fingerprint>
85
+
76
86
  <!--
77
87
  For the following two Cisco Content Service Switch fingerprints:
78
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
79
89
  unfortunately, there's no separator so it's hard to tell what the
80
90
  actual break is between the pieces of data.
81
-
82
91
  http://www.cisco.com/warp/public/117/AP_cookies.html
83
92
  -->
93
+
84
94
  <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
85
95
  <description>Cisco 11000 Series Content Service Switch (CSS)</description>
86
96
  <param pos="1" name="cookie"/>
@@ -90,6 +100,7 @@
90
100
  <param pos="0" name="service.family" value="Content Service Switch"/>
91
101
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^(ARPT)=.*">
94
105
  <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
95
106
  <param pos="1" name="cookie"/>
@@ -97,6 +108,7 @@
97
108
  <param pos="0" name="service.family" value="Content Service Switch"/>
98
109
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
99
110
  </fingerprint>
111
+
100
112
  <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
101
113
  <description>Cisco ASA VPN</description>
102
114
  <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
@@ -109,13 +121,15 @@
109
121
  <param pos="0" name="service.product" value="HTTP"/>
110
122
  <param pos="0" name="os.vendor" value="Cisco"/>
111
123
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
112
- <param pos="0" name="os.product" value="VPN"/>
124
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
125
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
113
126
  <param pos="0" name="hw.vendor" value="Cisco"/>
114
127
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
115
128
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
116
129
  <param pos="0" name="hw.device" value="Firewall"/>
117
130
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
118
131
  </fingerprint>
132
+
119
133
  <fingerprint pattern="^(st8id)=.*">
120
134
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
121
135
  <param pos="1" name="cookie"/>
@@ -123,22 +137,31 @@
123
137
  <param pos="0" name="service.family" value="Application Protection System"/>
124
138
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
125
139
  </fingerprint>
126
- <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS)=.*">
140
+
141
+ <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=.*">
127
142
  <description>Citrix NetScaler</description>
128
143
  <example>NSC_AAAC=xyz;</example>
144
+ <example>NSC_TEMP=xyz;</example>
129
145
  <param pos="0" name="os.vendor" value="Citrix"/>
130
146
  <param pos="0" name="os.family" value="NetScaler"/>
131
147
  <param pos="0" name="os.device" value="Network Management Device"/>
132
148
  <param pos="0" name="os.product" value="NetScaler"/>
149
+ <param pos="0" name="service.vendor" value="Citrix"/>
150
+ <param pos="0" name="service.family" value="NetScaler"/>
151
+ <param pos="0" name="service.device" value="Network Management Device"/>
152
+ <param pos="0" name="service.product" value="NetScaler"/>
153
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
133
154
  </fingerprint>
155
+
134
156
  <fingerprint pattern="^DSSignInURL=/">
135
157
  <description>Pulse Secure VPN</description>
136
158
  <example>DSSignInURL=/; path=/; secure</example>
137
159
  <param pos="0" name="os.vendor" value="Pulse Secure"/>
138
- <param pos="0" name="os.family" value="SSL VPN"/>
139
- <param pos="0" name="os.device" value="SSL VPN"/>
140
- <param pos="0" name="os.product" value="SSL VPN"/>
160
+ <param pos="0" name="os.family" value="SSL-VPN"/>
161
+ <param pos="0" name="os.device" value="SSL-VPN"/>
162
+ <param pos="0" name="os.product" value="SSL-VPN"/>
141
163
  </fingerprint>
164
+
142
165
  <fingerprint pattern="^(EktGUID|ecm)=.*">
143
166
  <description>Ektron CMS400.net</description>
144
167
  <param pos="1" name="cookie"/>
@@ -146,8 +169,10 @@
146
169
  <param pos="0" name="service.family" value="CMS400.NET"/>
147
170
  <param pos="0" name="service.product" value="CMS400.NET"/>
148
171
  </fingerprint>
149
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
172
+
173
+ <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
150
174
  <description>F5 BIG-IP LTM - Server variant</description>
175
+ <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
151
176
  <param pos="1" name="cookie"/>
152
177
  <param pos="2" name="loadbalancer.poolname"/>
153
178
  <param pos="0" name="service.vendor" value="F5"/>
@@ -155,6 +180,7 @@
155
180
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
156
181
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
157
182
  </fingerprint>
183
+
158
184
  <fingerprint pattern="^(BigIPCookie)=.*">
159
185
  <description>F5 BIG-IP LTM</description>
160
186
  <param pos="1" name="cookie"/>
@@ -163,6 +189,7 @@
163
189
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
164
190
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
165
191
  </fingerprint>
192
+
166
193
  <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
167
194
  <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
168
195
  <param pos="1" name="cookie"/>
@@ -170,6 +197,7 @@
170
197
  <param pos="0" name="service.family" value="HAProxy"/>
171
198
  <param pos="0" name="service.product" value="HAProxy"/>
172
199
  </fingerprint>
200
+
173
201
  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
174
202
  <description>IBM Tivoli Access Manager for e-business WebSEAL
175
203
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
@@ -181,6 +209,7 @@
181
209
  <param pos="0" name="service.family" value="Tivoli"/>
182
210
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
183
211
  </fingerprint>
212
+
184
213
  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
185
214
  <description>IBM Tivoli Access Manager for e-business WebSeal
186
215
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
@@ -190,6 +219,7 @@
190
219
  <param pos="0" name="service.family" value="Tivoli"/>
191
220
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
192
221
  </fingerprint>
222
+
193
223
  <fingerprint pattern="^(IBMCBR)=.*">
194
224
  <description>IBM WebSphere Load Balancer</description>
195
225
  <param pos="1" name="cookie"/>
@@ -197,12 +227,14 @@
197
227
  <param pos="0" name="service.family" value="WebSphere"/>
198
228
  <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
199
229
  </fingerprint>
230
+
200
231
  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
201
232
  <description>Joom!Fish http://www.joomfish.net/</description>
202
233
  <param pos="1" name="cookie"/>
203
234
  <param pos="0" name="service.family" value="Joom!Fish"/>
204
235
  <param pos="0" name="service.product" value="Joom!Fish"/>
205
236
  </fingerprint>
237
+
206
238
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
207
239
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
208
240
  <param pos="1" name="cookie"/>
@@ -211,6 +243,7 @@
211
243
  <param pos="0" name="service.product" value="Commerce Server"/>
212
244
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
213
245
  </fingerprint>
246
+
214
247
  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
215
248
  <description>Microsoft IIS (ASP.NET)
216
249
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
@@ -226,6 +259,7 @@
226
259
  <param pos="0" name="service.component.product" value="ASP.NET"/>
227
260
  <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
228
261
  </fingerprint>
262
+
229
263
  <fingerprint pattern="^(AlteonP)=.*">
230
264
  <description>Nortel Alteon Web Switch</description>
231
265
  <param pos="1" name="cookie"/>
@@ -233,6 +267,7 @@
233
267
  <param pos="0" name="service.family" value="Alteon"/>
234
268
  <param pos="0" name="service.product" value="Alteon Web Switch"/>
235
269
  </fingerprint>
270
+
236
271
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
237
272
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
238
273
  <param pos="1" name="cookie"/>
@@ -240,6 +275,7 @@
240
275
  <param pos="0" name="service.family" value="Content Server"/>
241
276
  <param pos="0" name="service.product" value="Content Server"/>
242
277
  </fingerprint>
278
+
243
279
  <fingerprint pattern="^(parkinglot)=.*">
244
280
  <description>Oversee Webserver</description>
245
281
  <param pos="1" name="cookie"/>
@@ -247,6 +283,7 @@
247
283
  <param pos="0" name="service.family" value="Webserver"/>
248
284
  <param pos="0" name="service.product" value="Webserver"/>
249
285
  </fingerprint>
286
+
250
287
  <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
251
288
  <description>PHP - http://www.php.net/ref.session</description>
252
289
  <param pos="1" name="cookie"/>
@@ -255,6 +292,7 @@
255
292
  <param pos="0" name="service.product" value="PHP"/>
256
293
  <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
257
294
  </fingerprint>
295
+
258
296
  <fingerprint pattern="^(RMID)=.*">
259
297
  <description>RealMedia OpenAdStream</description>
260
298
  <param pos="1" name="cookie"/>
@@ -262,6 +300,7 @@
262
300
  <param pos="0" name="service.family" value="OpenAdStream"/>
263
301
  <param pos="0" name="service.product" value="OpenAdStream"/>
264
302
  </fingerprint>
303
+
265
304
  <fingerprint pattern="^(RoxenUserID)=.*">
266
305
  <description>Roxen WebServer</description>
267
306
  <param pos="1" name="cookie"/>
@@ -269,6 +308,7 @@
269
308
  <param pos="0" name="service.family" value="WebServer"/>
270
309
  <param pos="0" name="service.product" value="WebServer"/>
271
310
  </fingerprint>
311
+
272
312
  <fingerprint pattern="^(_sn)=.*">
273
313
  <description>Siebel CRM</description>
274
314
  <param pos="1" name="cookie"/>
@@ -276,6 +316,7 @@
276
316
  <param pos="0" name="service.family" value="CRM"/>
277
317
  <param pos="0" name="service.product" value="CRM"/>
278
318
  </fingerprint>
319
+
279
320
  <!-- This fingerprint is not specific enough. Multiple products are sold under
280
321
  the brand iPlanet/Sun ONE/Sun Java.
281
322
  <fingerprint pattern="^(iPlanetUserId)=.*">
@@ -285,7 +326,9 @@
285
326
  <param pos="0" name="service.family" value="???"/>
286
327
  <param pos="0" name="service.product" value="???"/>
287
328
  </fingerprint>
329
+
288
330
  -->
331
+
289
332
  <fingerprint pattern="^(NSES40Session)=.*">
290
333
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
291
334
  <param pos="1" name="cookie"/>
@@ -295,6 +338,7 @@
295
338
  <param pos="0" name="service.version" value="4.0"/>
296
339
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
297
340
  </fingerprint>
341
+
298
342
  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
299
343
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
300
344
  <param pos="1" name="cookie"/>
@@ -303,6 +347,7 @@
303
347
  <param pos="0" name="service.product" value="Java System Application Server"/>
304
348
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
305
349
  </fingerprint>
350
+
306
351
  <fingerprint pattern="^(fe_typo_user)=.*">
307
352
  <description>TYPO3 CMS - http://typo3.com/</description>
308
353
  <param pos="1" name="cookie"/>
@@ -310,6 +355,7 @@
310
355
  <param pos="0" name="service.family" value="CMS"/>
311
356
  <param pos="0" name="service.product" value="CMS"/>
312
357
  </fingerprint>
358
+
313
359
  <fingerprint pattern="^(SaneID)=.*">
314
360
  <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
315
361
  <param pos="1" name="cookie"/>
@@ -317,6 +363,7 @@
317
363
  <param pos="0" name="service.family" value="NetTracker"/>
318
364
  <param pos="0" name="service.product" value="NetTracker"/>
319
365
  </fingerprint>
366
+
320
367
  <fingerprint pattern="^(__utm[a-z])=.*">
321
368
  <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
322
369
  <param pos="1" name="cookie"/>
@@ -324,6 +371,7 @@
324
371
  <param pos="0" name="service.family" value="Urchin"/>
325
372
  <param pos="0" name="service.product" value="Urchin Tracking Module"/>
326
373
  </fingerprint>
374
+
327
375
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
328
376
  <description>Vignette</description>
329
377
  <param pos="1" name="cookie"/>
@@ -331,6 +379,7 @@
331
379
  <param pos="0" name="service.family" value="Vignette"/>
332
380
  <param pos="0" name="service.product" value="Vignette"/>
333
381
  </fingerprint>
382
+
334
383
  <fingerprint pattern="^(wgSession)=.*">
335
384
  <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
336
385
  <param pos="1" name="cookie"/>
@@ -338,6 +387,7 @@
338
387
  <param pos="0" name="service.family" value="WebGUI"/>
339
388
  <param pos="0" name="service.product" value="WebGUI"/>
340
389
  </fingerprint>
390
+
341
391
  <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
342
392
  <description>WebTrends</description>
343
393
  <param pos="1" name="cookie"/>
@@ -345,20 +395,24 @@
345
395
  <param pos="0" name="service.family" value="WebTrends"/>
346
396
  <param pos="0" name="service.product" value="WebTrends"/>
347
397
  </fingerprint>
398
+
348
399
  <fingerprint pattern="^(_ZopeId)=.*">
349
400
  <description>Zope</description>
350
401
  <param pos="1" name="cookie"/>
351
402
  <param pos="0" name="service.family" value="Zope"/>
352
403
  <param pos="0" name="service.product" value="Zope"/>
353
404
  </fingerprint>
405
+
354
406
  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
355
407
  <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
356
408
  <param pos="1" name="cookie"/>
357
409
  <param pos="2" name="service.version"/>
358
410
  <param pos="0" name="service.vendor" value="Oracle"/>
359
411
  <param pos="0" name="service.family" value="OracleAS"/>
360
- <param pos="0" name="service.product" value="OracleAS Portal"/>
412
+ <param pos="0" name="service.product" value="Application Server Portal"/>
413
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
361
414
  </fingerprint>
415
+
362
416
  <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
363
417
  <description>HP System Management Homepage (SMH)</description>
364
418
  <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
@@ -367,6 +421,7 @@
367
421
  <param pos="0" name="service.family" value="SMH"/>
368
422
  <param pos="0" name="service.product" value="SMH"/>
369
423
  </fingerprint>
424
+
370
425
  <fingerprint pattern="^MoodleSession=">
371
426
  <description>Moodle</description>
372
427
  <example>MoodleSession=uohhsgcain708q5l4gqcmmb5s2; path=/</example>
@@ -375,6 +430,14 @@
375
430
  <param pos="0" name="service.component.product" value="Moodle"/>
376
431
  <param pos="0" name="service.component.cpe23" value="cpe:/a:moodle:moodle:-"/>
377
432
  </fingerprint>
433
+
434
+ <fingerprint pattern="_arachni_webui_session=">
435
+ <description>Arachni Security Scanner</description>
436
+ <example>_arachni_webui_session=el2MMEVVcld3Q2dBc3UvSmtQYmlPckpxSE2CMmlwd1Nja2lvUk5tRG5XYTlnRHJuVVVTblVNMTBOdGhrUU02dzC0K1I0Mnk3d1I3SUlCcngwQkliV3Y5VDBnVVZkOWJsS0VGSlYwM1RGMlVzVDNKcXlrdFNQZ0lIM1VBN3RDZFIrZTBrdjZmdSt0YnV2djh1RFE0S1czUmZQcGxNNW9UWVQydXFCZmNHZDRmTlg4cWludE5SUDRYU2JwdWw4Qmk3dEpDV3ZBejRkbU9ueFJKNG1HenplUEJjem9LU09IM0Z6ZHM4YU00aVpKUHJRVzR3SG8rRzBjWG9jclpqZGd2dmp2TnVGbjkvb0lmanZvM3lPZGhXb3c9PS0tR0dXVWppWnorMG1NNjlXTkYvaEswUT09--44b846e66f558667d7503010a726e2388803136f; path=/; HttpOnly</example>
437
+ <param pos="0" name="service.vendor" value="Arachni"/>
438
+ <param pos="0" name="service.product" value="Arachni"/>
439
+ </fingerprint>
440
+
378
441
  <!--
379
442
  Ignore various cookies that are very generic cookies for session IDs
380
443
  that are not necessarily indicative of any particular
@@ -382,12 +445,14 @@
382
445
  a similar cookie name, you must ensure that it is located prior to
383
446
  these and this is enforced by rspec.
384
447
  -->
448
+
385
449
  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
386
450
  <description>Ignore simple JSESSIONID and related cookies</description>
387
451
  <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
388
452
  <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
389
453
  <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
390
454
  </fingerprint>
455
+
391
456
  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
392
457
  <description>Ignore simple SESSIONID and related cookies</description>
393
458
  <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
@@ -395,8 +460,10 @@
395
460
  <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
396
461
  <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
397
462
  </fingerprint>
463
+
398
464
  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
399
465
  <description>Ignore simple SID and related cookies</description>
400
466
  <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
401
467
  </fingerprint>
402
- </fingerprints>
468
+
469
+ </fingerprints>
@@ -1,6 +1,7 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
3
3
  <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
4
+
4
5
  <fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
5
6
  <description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
6
7
  <example service.version="220.68">AirTunes/220.68</example>
@@ -9,6 +10,7 @@
9
10
  <param pos="1" name="service.version"/>
10
11
  <param pos="0" name="hw.device" value="Media Server"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="(?i)^cpsrvd(?:/([\d\.]+))?$">
13
15
  <description>cPanel Service Daemon</description>
14
16
  <example service.version="11.44.3.0">cpsrvd/11.44.3.0</example>
@@ -17,6 +19,7 @@
17
19
  <param pos="0" name="service.product" value="cPanel Service Daemon"/>
18
20
  <param pos="1" name="service.version"/>
19
21
  </fingerprint>
22
+
20
23
  <fingerprint pattern="(?i)^cwpsrv$">
21
24
  <description>CentOS Web Panel</description>
22
25
  <example>cwpsrv</example>
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Linux"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^Stronghold/(\d\.\d) Apache/([012][\d.]*)\s*(.*)$">
31
35
  <description>Red Hat Stronghold Enterprise Apache</description>
32
36
  <example service.version="1.3.19" service.cpe23="cpe:/a:apache:http_server:1.3.19" service.component.cpe23="cpe:/a:redhat:stronghold:3.0">Stronghold/3.0 Apache/1.3.19 RedHat/3014c</example>
@@ -47,6 +51,7 @@
47
51
  <param pos="0" name="os.family" value="Linux"/>
48
52
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
49
53
  </fingerprint>
54
+
50
55
  <fingerprint pattern="(?i)^Apache/\d$">
51
56
  <description>Apache returning only its major version number</description>
52
57
  <example>Apache/1</example>
@@ -56,6 +61,17 @@
56
61
  <param pos="0" name="service.family" value="Apache"/>
57
62
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
58
63
  </fingerprint>
64
+
65
+ <fingerprint pattern="^Apache ([\d.]+)$">
66
+ <description>Apache returning just version number</description>
67
+ <example service.version="1.3.29">Apache 1.3.29</example>
68
+ <param pos="0" name="service.vendor" value="Apache"/>
69
+ <param pos="0" name="service.product" value="HTTPD"/>
70
+ <param pos="0" name="service.family" value="Apache"/>
71
+ <param pos="1" name="service.version"/>
72
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
73
+ </fingerprint>
74
+
59
75
  <fingerprint pattern="(?i)^Apache$">
60
76
  <description>Apache returning no version information</description>
61
77
  <example>Apache</example>
@@ -65,6 +81,7 @@
65
81
  <param pos="0" name="service.family" value="Apache"/>
66
82
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
67
83
  </fingerprint>
84
+
68
85
  <fingerprint pattern="(?i)^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$">
69
86
  <description>Apache</description>
70
87
  <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
@@ -90,6 +107,7 @@
90
107
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
91
108
  <param pos="2" name="apache.info"/>
92
109
  </fingerprint>
110
+
93
111
  <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
94
112
  <description>Apache CouchDB</description>
95
113
  <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
@@ -98,11 +116,13 @@
98
116
  <param pos="1" name="service.version"/>
99
117
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:couchdb:{service.version}"/>
100
118
  </fingerprint>
119
+
101
120
  <fingerprint pattern="^support@arraynetworks.net$">
102
121
  <description>Array Networks device</description>
103
122
  <example>support@arraynetworks.net</example>
104
123
  <param pos="0" name="service.vendor" value="Array Networks"/>
105
124
  </fingerprint>
125
+
106
126
  <fingerprint pattern="^Check Point SVN foundation$">
107
127
  <description>Check Point Firewall NG</description>
108
128
  <example>Check Point SVN foundation</example>
@@ -120,6 +140,25 @@
120
140
  <param pos="0" name="hw.family" value="Firewall-1"/>
121
141
  <param pos="0" name="hw.product" value="Firewall-1"/>
122
142
  </fingerprint>
143
+
144
+ <fingerprint pattern="^CPWS$">
145
+ <description>Check Point Firewall NG - short version</description>
146
+ <example>CPWS</example>
147
+ <param pos="0" name="service.vendor" value="Check Point"/>
148
+ <param pos="0" name="service.product" value="Firewall-1"/>
149
+ <param pos="0" name="service.family" value="Firewall-1"/>
150
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
151
+ <param pos="0" name="os.vendor" value="Check Point"/>
152
+ <param pos="0" name="os.device" value="Firewall"/>
153
+ <param pos="0" name="os.family" value="Firewall-1"/>
154
+ <param pos="0" name="os.product" value="GAiA OS"/>
155
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
156
+ <param pos="0" name="hw.vendor" value="Check Point"/>
157
+ <param pos="0" name="hw.device" value="Firewall"/>
158
+ <param pos="0" name="hw.family" value="Firewall-1"/>
159
+ <param pos="0" name="hw.product" value="Firewall-1"/>
160
+ </fingerprint>
161
+
123
162
  <fingerprint pattern="^Microsoft-IIS/([1234]\.0)$">
124
163
  <description>Microsoft IIS 1.0 - 4.0 runs on Windows NT 4.0</description>
125
164
  <example>Microsoft-IIS/4.0</example>
@@ -134,6 +173,7 @@
134
173
  <param pos="0" name="os.version" value="4.0"/>
135
174
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:4.0"/>
136
175
  </fingerprint>
176
+
137
177
  <fingerprint pattern="^Microsoft-IIS/5.0$">
138
178
  <description>Microsoft IIS 5.0 runs on Windows 2000</description>
139
179
  <example>Microsoft-IIS/5.0</example>
@@ -147,6 +187,7 @@
147
187
  <param pos="0" name="os.product" value="Windows 2000"/>
148
188
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
149
189
  </fingerprint>
190
+
150
191
  <fingerprint pattern="^Microsoft-IIS/5.1$">
151
192
  <description>Microsoft IIS 5.1 runs on Windows XP</description>
152
193
  <example>Microsoft-IIS/5.1</example>
@@ -160,6 +201,7 @@
160
201
  <param pos="0" name="os.product" value="Windows XP"/>
161
202
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
162
203
  </fingerprint>
204
+
163
205
  <fingerprint pattern="^Microsoft-IIS/6.0$">
164
206
  <description>Microsoft IIS 6.0 runs on Windows Server 2003 (and Windows XP x64)</description>
165
207
  <example>Microsoft-IIS/6.0</example>
@@ -173,6 +215,7 @@
173
215
  <param pos="0" name="os.product" value="Windows Server 2003"/>
174
216
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
175
217
  </fingerprint>
218
+
176
219
  <fingerprint pattern="^Microsoft-IIS/7.0$">
177
220
  <description>Microsoft IIS 7.0 runs on Windows Server 2008 (and Windows Vista)</description>
178
221
  <example>Microsoft-IIS/7.0</example>
@@ -186,6 +229,7 @@
186
229
  <param pos="0" name="os.product" value="Windows Server 2008"/>
187
230
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
188
231
  </fingerprint>
232
+
189
233
  <fingerprint pattern="^Microsoft-IIS/7.5$">
190
234
  <description>Microsoft IIS 7.5 runs on Windows Server 2008 R2 (and Windows 7)</description>
191
235
  <example>Microsoft-IIS/7.5</example>
@@ -199,6 +243,7 @@
199
243
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
200
244
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
201
245
  </fingerprint>
246
+
202
247
  <fingerprint pattern="^Microsoft-IIS/8.0$">
203
248
  <description>Microsoft IIS 8.0 runs on Windows Server 2012 (and Windows 8)</description>
204
249
  <example>Microsoft-IIS/8.0</example>
@@ -212,6 +257,7 @@
212
257
  <param pos="0" name="os.product" value="Windows Server 2012"/>
213
258
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
214
259
  </fingerprint>
260
+
215
261
  <fingerprint pattern="^Microsoft-IIS/8.5$">
216
262
  <description>Microsoft IIS 8.5 runs on Windows Server 2012 R2 (and Windows 8.1)</description>
217
263
  <example>Microsoft-IIS/8.5</example>
@@ -225,6 +271,7 @@
225
271
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
226
272
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
227
273
  </fingerprint>
274
+
228
275
  <fingerprint pattern="^Microsoft-IIS/10.0$">
229
276
  <description>Microsoft IIS 10.0 runs on Windows Server 2016 and 2019</description>
230
277
  <example>Microsoft-IIS/10.0</example>
@@ -235,8 +282,8 @@
235
282
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:10.0"/>
236
283
  <param pos="0" name="os.vendor" value="Microsoft"/>
237
284
  <param pos="0" name="os.family" value="Windows"/>
238
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
239
285
  </fingerprint>
286
+
240
287
  <fingerprint pattern="^Microsoft-IIS/([\d\.]+)$">
241
288
  <description>Microsoft IIS new, unknown Windows version</description>
242
289
  <example>Microsoft-IIS/9.0</example>
@@ -246,6 +293,7 @@
246
293
  <param pos="1" name="service.version"/>
247
294
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
248
295
  </fingerprint>
296
+
249
297
  <fingerprint pattern="^Microsoft-IIS$">
250
298
  <description>Microsoft IIS, no version information</description>
251
299
  <example>Microsoft-IIS</example>
@@ -256,6 +304,7 @@
256
304
  <param pos="0" name="os.vendor" value="Microsoft"/>
257
305
  <param pos="0" name="os.family" value="Windows"/>
258
306
  </fingerprint>
307
+
259
308
  <fingerprint pattern="^MS .NET Remoting, MS .NET CLR (\d+\.\d+\.\d+\.\d+)$">
260
309
  <description>Microsoft .NET Remoting and Common Language Runtime (CLR)</description>
261
310
  <example>MS .NET Remoting, MS .NET CLR 2.0.50727.42</example>
@@ -271,6 +320,7 @@
271
320
  <param pos="0" name="os.product" value="Windows"/>
272
321
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
273
322
  </fingerprint>
323
+
274
324
  <fingerprint pattern="^Microsoft-WinCE/(\d\.\d+)$">
275
325
  <description>Windows CE embedded devices, including HP iPAQ, Palm Treo, Motorola phones, and many more</description>
276
326
  <example os.version="4.10">Microsoft-WinCE/4.10</example>
@@ -287,6 +337,7 @@
287
337
  <param pos="1" name="os.version"/>
288
338
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:{os.version}"/>
289
339
  </fingerprint>
340
+
290
341
  <fingerprint pattern="^Microsoft-PWS/(\d\.\d+)$">
291
342
  <description>Microsoft Personal Web Server runs on Windows 9x, ME, etc.</description>
292
343
  <example>Microsoft-PWS/4.0</example>
@@ -300,6 +351,7 @@
300
351
  <param pos="0" name="os.product" value="Windows"/>
301
352
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
302
353
  </fingerprint>
354
+
303
355
  <fingerprint pattern="^Microsoft-PWS-95/(\d\.\d+)$">
304
356
  <description>Microsoft Personal Web Server for Windows 95</description>
305
357
  <example>Microsoft-PWS-95/4.0</example>
@@ -313,6 +365,7 @@
313
365
  <param pos="0" name="os.product" value="Windows 95"/>
314
366
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_95:-"/>
315
367
  </fingerprint>
368
+
316
369
  <fingerprint pattern="(?i)^mt-daapd(?:/(.+))?$">
317
370
  <description>Firefly Media Server</description>
318
371
  <example service.version="0.2.4.1">mt-daapd/0.2.4.1</example>
@@ -321,6 +374,7 @@
321
374
  <param pos="0" name="service.product" value="Media Server"/>
322
375
  <param pos="1" name="service.version"/>
323
376
  </fingerprint>
377
+
324
378
  <fingerprint pattern="^Apache[ -]Coyote/(\d\.\d)$">
325
379
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Coyote variant</description>
326
380
  <example>Apache-Coyote/1.1</example>
@@ -334,6 +388,7 @@
334
388
  <param pos="0" name="service.component.family" value="Coyote"/>
335
389
  <param pos="1" name="service.component.version"/>
336
390
  </fingerprint>
391
+
337
392
  <fingerprint pattern="^Apache Tomcat$">
338
393
  <description>HTTP connector for Apache Tomcat with no version</description>
339
394
  <example>Apache Tomcat</example>
@@ -342,6 +397,7 @@
342
397
  <param pos="0" name="service.family" value="Tomcat"/>
343
398
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
344
399
  </fingerprint>
400
+
345
401
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
346
402
  <description>JBoss with embedded Tomcat</description>
347
403
  <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -355,6 +411,7 @@
355
411
  <param pos="2" name="service.component.version"/>
356
412
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
357
413
  </fingerprint>
414
+
358
415
  <fingerprint pattern="^Servlet [\d\.]+; Tomcat-(\S+)/JBoss-(\S+) \(build: .*\)$">
359
416
  <description>JBoss with embedded Tomcat - Tomcat build variant</description>
360
417
  <example service.version="4.0.1sp1" service.component.version="5.0.28">Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)</example>
@@ -368,6 +425,7 @@
368
425
  <param pos="1" name="service.component.version"/>
369
426
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
370
427
  </fingerprint>
428
+
371
429
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-([\S]+)(?: \(build.*)?/JBossWeb-(\S+)$">
372
430
  <description>JBoss with JBossweb</description>
373
431
  <example service.version="4.2.3.GA" service.component.version="2.0">Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0</example>
@@ -376,10 +434,12 @@
376
434
  <param pos="0" name="service.product" value="JBoss EAP"/>
377
435
  <param pos="1" name="service.version"/>
378
436
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
379
- <param pos="0" name="service.component.vendor" value="RedHat"/>
437
+ <param pos="0" name="service.component.vendor" value="Red Hat"/>
380
438
  <param pos="0" name="service.component.product" value="JBossWeb"/>
381
439
  <param pos="2" name="service.component.version"/>
440
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:redhat:jboss_web_framework_kit:{service.component.version}"/>
382
441
  </fingerprint>
442
+
383
443
  <fingerprint pattern="^Servlet\/[\d\.]+; JBossAS-(.*)$">
384
444
  <description>JBoss AS</description>
385
445
  <example service.version="6">Servlet/3.0; JBossAS-6</example>
@@ -388,6 +448,7 @@
388
448
  <param pos="1" name="service.version"/>
389
449
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_wildfly_application_server:{service.version}"/>
390
450
  </fingerprint>
451
+
391
452
  <fingerprint pattern="^JBoss-EAP\/(\d+)$">
392
453
  <description>JBoss EAP</description>
393
454
  <example service.version="7">JBoss-EAP/7</example>
@@ -397,6 +458,7 @@
397
458
  <param pos="1" name="service.version"/>
398
459
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
399
460
  </fingerprint>
461
+
400
462
  <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
401
463
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Apache variant</description>
402
464
  <example service.version="4.0.6">Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
@@ -411,6 +473,7 @@
411
473
  <param pos="0" name="service.component.family" value="Apache Tomcat HTTP Connector"/>
412
474
  <param pos="0" name="service.component.product" value="Apache Tomcat HTTP Connector"/>
413
475
  </fingerprint>
476
+
414
477
  <fingerprint pattern="^Tomcat Web Server/(\d\.[\dA-Z.]+)(?: Final)?(?:\s\(([^\)]+)\))?$">
415
478
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server</description>
416
479
  <example>Tomcat Web Server/3.2.2 (JSP 1.1; Servlet 2.2; Java 1.3.1; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)</example>
@@ -424,15 +487,18 @@
424
487
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
425
488
  <param pos="2" name="tomcat.info"/>
426
489
  </fingerprint>
427
- <fingerprint pattern="^Tomcat/(\S+)$">
428
- <description>Apache tomcat with minimal version information</description>
429
- <example>Tomcat/2.1</example>
490
+
491
+ <fingerprint pattern="^(?:Apache )?Tomcat/([\d.]+)$">
492
+ <description>Apache Tomcat with version information</description>
493
+ <example service.version="2.1">Tomcat/2.1</example>
494
+ <example service.version="9.0.5">Apache Tomcat/9.0.5</example>
430
495
  <param pos="0" name="service.vendor" value="Apache"/>
431
496
  <param pos="0" name="service.product" value="Tomcat"/>
432
497
  <param pos="0" name="service.family" value="Tomcat"/>
433
498
  <param pos="1" name="service.version"/>
434
499
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
435
500
  </fingerprint>
501
+
436
502
  <fingerprint pattern="^PDR-M800/1.0$">
437
503
  <description>Merit LILIN PDR M800</description>
438
504
  <example>PDR-M800/1.0</example>
@@ -440,6 +506,7 @@
440
506
  <param pos="0" name="hw.product" value="PDR M800"/>
441
507
  <param pos="0" name="hw.device" value="DVR"/>
442
508
  </fingerprint>
509
+
443
510
  <fingerprint pattern="^PHP/(\S+)$">
444
511
  <description>PHP</description>
445
512
  <example service.component.version="4.4.2-1build1">PHP/4.4.2-1build1</example>
@@ -447,13 +514,16 @@
447
514
  <param pos="0" name="service.component.product" value="PHP"/>
448
515
  <param pos="1" name="service.component.version"/>
449
516
  </fingerprint>
517
+
450
518
  <!-- TODO: Capture ZendServer version in fingerprint -->
519
+
451
520
  <fingerprint pattern="^PHP/(\S+)\s+ZendServer/\S+$">
452
521
  <description>PHP with ZendServer</description>
453
522
  <example service.component.version="5.3.14">PHP/5.3.14 ZendServer/5.0</example>
454
523
  <param pos="0" name="service.component.product" value="PHP"/>
455
524
  <param pos="1" name="service.component.version"/>
456
525
  </fingerprint>
526
+
457
527
  <fingerprint pattern="^Oracle Application Server Containers for J2EE 10g \(([\d.]+)\)$">
458
528
  <description>Oracle Application Server Containers for J2EE 10g</description>
459
529
  <example>Oracle Application Server Containers for J2EE 10g (9.0.4.0.0)</example>
@@ -462,6 +532,7 @@
462
532
  <param pos="0" name="service.family" value="Oracle"/>
463
533
  <param pos="1" name="service.version"/>
464
534
  </fingerprint>
535
+
465
536
  <fingerprint pattern="^Oracle Containers for J2EE$">
466
537
  <description>Oracle Application Server Containers for J2EE</description>
467
538
  <example>Oracle Containers for J2EE</example>
@@ -469,6 +540,7 @@
469
540
  <param pos="0" name="service.product" value="Oracle Application Server Containers"/>
470
541
  <param pos="0" name="service.family" value="Oracle"/>
471
542
  </fingerprint>
543
+
472
544
  <fingerprint pattern="^Oracle Application Server/10g \(([\d.]+)\) Apache/([12][\d.]+)\s*(.*)$">
473
545
  <description>Oracle Application Server 10g with Apache info (powered by Apache)</description>
474
546
  <example>Oracle Application Server/10g (10.1.2) Apache/1.3.34 (Unix) mod_perl/1.29 mod_jk/1.2.14 OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=119642322340,0)</example>
@@ -481,7 +553,9 @@
481
553
  <param pos="0" name="apache.variant" value="Oracle"/>
482
554
  <param pos="1" name="apache.variant.version"/>
483
555
  </fingerprint>
556
+
484
557
  <!-- TODO: this needs to be improved -->
558
+
485
559
  <fingerprint pattern="^Oracle-Application-Server-\d+[ig](?:[ /]([\d.]+) (?:\(.*\)|Oracle-HTTP-Server\s*(.*)))?$">
486
560
  <description>Oracle Application Server 10g (powered by Apache)</description>
487
561
  <example>Oracle-Application-Server-11g</example>
@@ -498,6 +572,7 @@
498
572
  <param pos="0" name="apache.variant" value="Oracle"/>
499
573
  <param pos="1" name="apache.variant.version"/>
500
574
  </fingerprint>
575
+
501
576
  <fingerprint pattern="^Oracle9iAS/([\d.]+) Oracle HTTP Server\s*(.*)$">
502
577
  <description>Oracle 9i Application Server</description>
503
578
  <example>Oracle9iAS/9.0.2.3.0 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.3.0 (N)</example>
@@ -510,6 +585,7 @@
510
585
  <param pos="0" name="apache.variant" value="Oracle"/>
511
586
  <param pos="1" name="apache.variant.version"/>
512
587
  </fingerprint>
588
+
513
589
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache/([12][\d.]*)\s*(.*)$">
514
590
  <description>Oracle HTTP Server (powered by Apache) - version string variant</description>
515
591
  <example>Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a</example>
@@ -523,6 +599,7 @@
523
599
  <param pos="2" name="apache.info"/>
524
600
  <param pos="0" name="apache.variant" value="Oracle"/>
525
601
  </fingerprint>
602
+
526
603
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache$">
527
604
  <description>Oracle HTTP Server (powered by Apache)</description>
528
605
  <example>Oracle HTTP Server Powered by Apache</example>
@@ -532,6 +609,25 @@
532
609
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
533
610
  <param pos="0" name="apache.variant" value="Oracle"/>
534
611
  </fingerprint>
612
+
613
+ <fingerprint pattern="^Oracle-Web-Cache-11g/([\d.]+) \(N;ecid=[^)]+\)$">
614
+ <description>Oracle Web Cache</description>
615
+ <example service.version="11.1.1.9.0">Oracle-Web-Cache-11g/11.1.1.9.0 (N;ecid=93620137613024,0:1)</example>
616
+ <param pos="0" name="service.vendor" value="Oracle"/>
617
+ <param pos="0" name="service.product" value="Web Cache"/>
618
+ <param pos="1" name="service.version"/>
619
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:web_cache:{service.version}"/>
620
+ </fingerprint>
621
+
622
+ <fingerprint pattern="^OracleAS-Web-Cache-10g/([\d.]+).*">
623
+ <description>Oracle Application Server Web Cache</description>
624
+ <example service.version="10.1.2.3.0">OracleAS-Web-Cache-10g/10.1.2.3.0</example>
625
+ <param pos="0" name="service.vendor" value="Oracle"/>
626
+ <param pos="0" name="service.product" value="Application Server Web Cache"/>
627
+ <param pos="1" name="service.version"/>
628
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_web_cache:{service.version}"/>
629
+ </fingerprint>
630
+
535
631
  <fingerprint pattern="^HP Apache-based Web Server/([012][\d.]*)\s*\(Unix\)\s*(.*)$">
536
632
  <description>Apache running on HP-UX</description>
537
633
  <example>HP Apache-based Web Server/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c</example>
@@ -548,6 +644,7 @@
548
644
  <param pos="0" name="os.product" value="HP-UX"/>
549
645
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
550
646
  </fingerprint>
647
+
551
648
  <fingerprint pattern="^CompaqHTTPServer/([0-9.]*)(?: HP System Management Homepage(?:/.*)?)?$">
552
649
  <description>HP/Compaq HTTP Server</description>
553
650
  <example>CompaqHTTPServer/9.9 HP System Management Homepage/2.1.5.146</example>
@@ -560,6 +657,7 @@
560
657
  <param pos="0" name="service.family" value="Compaq HTTP Server"/>
561
658
  <param pos="1" name="service.version"/>
562
659
  </fingerprint>
660
+
563
661
  <fingerprint pattern="^HPSMH$">
564
662
  <description>HP System Management Homepage (SMH)</description>
565
663
  <example>HPSMH</example>
@@ -567,6 +665,7 @@
567
665
  <param pos="0" name="service.family" value="SMH"/>
568
666
  <param pos="0" name="service.product" value="SMH"/>
569
667
  </fingerprint>
668
+
570
669
  <fingerprint pattern="(?i)^eHTTP[/ ]v?(\d+\.\d+)">
571
670
  <description>HTTP Server present on seemingly only HP ProCurve network devices</description>
572
671
  <example service.version="1.1">EHTTP/1.1</example>
@@ -579,6 +678,7 @@
579
678
  <param pos="0" name="os.family" value="ProCurve"/>
580
679
  <param pos="0" name="os.certainty" value="0.75"/>
581
680
  </fingerprint>
681
+
582
682
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
583
683
  <description>HP Openview Coda (Communications Daemon)</description>
584
684
  <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
@@ -593,6 +693,7 @@
593
693
  <param pos="0" name="service.component.product" value="CODA"/>
594
694
  <param pos="1" name="service.component.version"/>
595
695
  </fingerprint>
696
+
596
697
  <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
597
698
  <description>OpenView Reverse Channel Proxy (RCP)</description>
598
699
  <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
@@ -605,6 +706,7 @@
605
706
  <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
606
707
  <param pos="1" name="service.component.version"/>
607
708
  </fingerprint>
709
+
608
710
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
609
711
  <description>HP Openview LLBServer (Local Location Broker)</description>
610
712
  <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
@@ -618,6 +720,7 @@
618
720
  <param pos="0" name="service.component.product" value="LLBServer"/>
619
721
  <param pos="1" name="service.component.version"/>
620
722
  </fingerprint>
723
+
621
724
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
622
725
  <description>OpenView Communication Broker (ovbbccb)</description>
623
726
  <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
@@ -631,6 +734,7 @@
631
734
  <param pos="0" name="service.component.product" value="Communication Broker"/>
632
735
  <param pos="1" name="service.component.version"/>
633
736
  </fingerprint>
737
+
634
738
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
635
739
  <description>OpenView Communication Broker (ovbbccb) with no version</description>
636
740
  <example>BBC 11.13.007; ovbbccb unknown version</example>
@@ -642,6 +746,7 @@
642
746
  <param pos="0" name="service.component.family" value="OpenView"/>
643
747
  <param pos="0" name="service.component.product" value="Communication Broker"/>
644
748
  </fingerprint>
749
+
645
750
  <fingerprint pattern="^UOS$">
646
751
  <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
647
752
  <example>UOS</example>
@@ -655,6 +760,7 @@
655
760
  <param pos="0" name="hw.family" value="TippingPoint"/>
656
761
  <param pos="0" name="hw.device" value="IPS"/>
657
762
  </fingerprint>
763
+
658
764
  <fingerprint pattern="^uc-httpd[ \/]([\d.]+)$">
659
765
  <description>Xiongmai Tech uc-httpd</description>
660
766
  <example service.version="1.0.0">uc-httpd 1.0.0</example>
@@ -663,6 +769,7 @@
663
769
  <param pos="0" name="service.product" value="uc-httpd"/>
664
770
  <param pos="1" name="service.version"/>
665
771
  </fingerprint>
772
+
666
773
  <fingerprint pattern="^micro_httpd$">
667
774
  <description>ACME micro_httpd</description>
668
775
  <example>micro_httpd</example>
@@ -670,6 +777,7 @@
670
777
  <param pos="0" name="service.product" value="micro_httpd"/>
671
778
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:micro_httpd:-"/>
672
779
  </fingerprint>
780
+
673
781
  <fingerprint pattern="^mini_httpd$">
674
782
  <description>ACME mini_httpd</description>
675
783
  <example>mini_httpd</example>
@@ -677,6 +785,7 @@
677
785
  <param pos="0" name="service.product" value="mini_httpd"/>
678
786
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
679
787
  </fingerprint>
788
+
680
789
  <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
681
790
  <description>LiteSpeed</description>
682
791
  <example>LiteSpeed</example>
@@ -684,7 +793,9 @@
684
793
  <param pos="0" name="service.vendor" value="LiteSpeed Technologies"/>
685
794
  <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
686
795
  <param pos="1" name="service.version"/>
796
+ <param pos="0" name="service.cpe23" value="cpe:/a:litespeedtech:litespeed_web_server:{service.version}"/>
687
797
  </fingerprint>
798
+
688
799
  <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
689
800
  <description>Idea Web Server</description>
690
801
  <example service.version="0.83.74">IdeaWebServer/0.83.74</example>
@@ -693,6 +804,7 @@
693
804
  <param pos="0" name="service.product" value="Idea Web Server"/>
694
805
  <param pos="1" name="service.version"/>
695
806
  </fingerprint>
807
+
696
808
  <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
697
809
  <description>OpenResty OpenResty</description>
698
810
  <example>openresty</example>
@@ -700,22 +812,47 @@
700
812
  <param pos="0" name="service.vendor" value="OpenResty"/>
701
813
  <param pos="0" name="service.product" value="OpenResty"/>
702
814
  <param pos="1" name="service.version"/>
815
+ <param pos="0" name="service.cpe23" value="cpe:/a:openresty:openresty:{service.version}"/>
703
816
  </fingerprint>
817
+
704
818
  <fingerprint pattern="^gunicorn\/([\d.]+)+$">
705
819
  <description>Gunicorn Gunicorn</description>
706
820
  <example service.version="19.7.1">gunicorn/19.7.1</example>
707
821
  <param pos="0" name="service.vendor" value="Gunicorn"/>
708
822
  <param pos="0" name="service.product" value="Gunicorn"/>
709
823
  <param pos="1" name="service.version"/>
824
+ <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:{service.version}"/>
710
825
  </fingerprint>
826
+
711
827
  <fingerprint pattern="^Serv-U\/([\d.]+)$">
712
828
  <description>Serv-U HTTP interface</description>
713
829
  <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
714
830
  <param pos="0" name="service.vendor" value="SolarWinds"/>
715
831
  <param pos="0" name="service.family" value="Serv-U"/>
716
- <param pos="0" name="service.product" value="FTP Server"/>
832
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
833
+ <param pos="1" name="service.version"/>
834
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
835
+ </fingerprint>
836
+
837
+ <fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
838
+ <description>Wing FTP HTTP interface - with version</description>
839
+ <example service.version="3.6.0">Wing FTP Server/3.6.0(customer name here)</example>
840
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
841
+ <param pos="0" name="service.family" value="Wing FTP"/>
842
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
717
843
  <param pos="1" name="service.version"/>
844
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:{service.version}"/>
845
+ </fingerprint>
846
+
847
+ <fingerprint pattern="^Wing FTP Server\([^)]*\)$">
848
+ <description>Wing FTP HTTP interface - no version</description>
849
+ <example>Wing FTP Server(customer name here)</example>
850
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
851
+ <param pos="0" name="service.family" value="Wing FTP"/>
852
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
853
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:-"/>
718
854
  </fingerprint>
855
+
719
856
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
720
857
  <description>Sonos Bridge/ZoneBridge</description>
721
858
  <example hw.model="BR100" hw.version="47.2-59120">Linux UPnP/1.0 Sonos/47.2-59120 (BR100)</example>
@@ -726,6 +863,7 @@
726
863
  <param pos="2" name="hw.model"/>
727
864
  <param pos="0" name="os.product" value="Linux"/>
728
865
  </fingerprint>
866
+
729
867
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
730
868
  <description>Sonos Subwoofer Speaker</description>
731
869
  <example>Linux UPnP/1.0 Sonos/31.3-22220 (ANVIL)</example>
@@ -735,6 +873,7 @@
735
873
  <param pos="1" name="hw.version"/>
736
874
  <param pos="0" name="os.product" value="Linux"/>
737
875
  </fingerprint>
876
+
738
877
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ZP(S?\d+)\)$">
739
878
  <description>Sonos PLAY/ZonePlayer wireless speaker</description>
740
879
  <example hw.model="S1" hw.version="39.2-47040c">Linux UPnP/1.0 Sonos/39.2-47040c (ZPS1)</example>
@@ -747,6 +886,7 @@
747
886
  <param pos="2" name="hw.model"/>
748
887
  <param pos="0" name="os.product" value="Linux"/>
749
888
  </fingerprint>
889
+
750
890
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(WD(\d+)\)$">
751
891
  <description>Sonos Wireless Dock</description>
752
892
  <example hw.model="100" hw.version="36.4-41270">Linux UPnP/1.0 Sonos/36.4-41270 (WD100)</example>
@@ -757,6 +897,7 @@
757
897
  <param pos="2" name="hw.model"/>
758
898
  <param pos="0" name="os.product" value="Linux"/>
759
899
  </fingerprint>
900
+
760
901
  <fingerprint pattern="^Varnish(?:[- ]Cache)?$">
761
902
  <description>Varnish Cache</description>
762
903
  <example>Varnish</example>
@@ -766,6 +907,7 @@
766
907
  <param pos="0" name="service.product" value="Varnish"/>
767
908
  <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
768
909
  </fingerprint>
910
+
769
911
  <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
770
912
  <description>Tengine</description>
771
913
  <example>Tengine</example>
@@ -775,6 +917,7 @@
775
917
  <param pos="0" name="service.product" value="Tengine"/>
776
918
  <param pos="1" name="service.version"/>
777
919
  </fingerprint>
920
+
778
921
  <fingerprint pattern="^Mikrotik HttpProxy$">
779
922
  <description>MikroTik RouterOS - Proxy service</description>
780
923
  <example>Mikrotik HttpProxy</example>
@@ -787,6 +930,7 @@
787
930
  <param pos="0" name="hw.vendor" value="MikroTik"/>
788
931
  <param pos="0" name="hw.device" value="Router"/>
789
932
  </fingerprint>
933
+
790
934
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
791
935
  <description>RealMedia Helix Server - Windows</description>
792
936
  <example>Helix Server Version 9.0.4.960 (win32) (RealServer compatible)</example>
@@ -799,6 +943,7 @@
799
943
  <param pos="0" name="service.family" value="Helix Server"/>
800
944
  <param pos="1" name="service.version"/>
801
945
  </fingerprint>
946
+
802
947
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(linux-\S+\) \(RealServer compatible\)$">
803
948
  <description>RealMedia Helix Server - Linux</description>
804
949
  <example>Helix Server Version 9.0.4.960 (linux-2.2-libc6-i586-server) (RealServer compatible)</example>
@@ -809,6 +954,7 @@
809
954
  <param pos="0" name="service.family" value="Helix Server"/>
810
955
  <param pos="1" name="service.version"/>
811
956
  </fingerprint>
957
+
812
958
  <fingerprint pattern="^ReeCam IP Camera$">
813
959
  <description>Shenzhen ReeCam cameras</description>
814
960
  <example>ReeCam IP Camera</example>
@@ -816,12 +962,14 @@
816
962
  <param pos="0" name="hw.product" value="ReeCam"/>
817
963
  <param pos="0" name="hw.device" value="Web cam"/>
818
964
  </fingerprint>
965
+
819
966
  <fingerprint pattern="^Netwave IP Camera$">
820
967
  <description>Netwave cameras</description>
821
968
  <example>Netwave IP Camera</example>
822
969
  <param pos="0" name="hw.vendor" value="Netwave"/>
823
970
  <param pos="0" name="hw.device" value="Web cam"/>
824
971
  </fingerprint>
972
+
825
973
  <fingerprint pattern="^Cougar/([0-9.]*)$">
826
974
  <description>Windows Media Services (older versions)</description>
827
975
  <example>Cougar/9.01.01.3841</example>
@@ -834,6 +982,7 @@
834
982
  <param pos="0" name="service.family" value="Windows Media Services"/>
835
983
  <param pos="1" name="service.version"/>
836
984
  </fingerprint>
985
+
837
986
  <fingerprint pattern="^WMServer/([0-9.]*)$">
838
987
  <description>Windows Media Services (newer versions)</description>
839
988
  <example>WMServer/9.1.1.3841</example>
@@ -846,6 +995,7 @@
846
995
  <param pos="0" name="service.family" value="Windows Media Services"/>
847
996
  <param pos="1" name="service.version"/>
848
997
  </fingerprint>
998
+
849
999
  <fingerprint pattern="^Microsoft-HTTPAPI/(?:[0-9\.]*)$">
850
1000
  <description>Generic Microsoft HTTP service</description>
851
1001
  <example>Microsoft-HTTPAPI/2.0</example>
@@ -854,6 +1004,7 @@
854
1004
  <param pos="0" name="os.product" value="Windows"/>
855
1005
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
856
1006
  </fingerprint>
1007
+
857
1008
  <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
858
1009
  <description>Generic IP Cameras</description>
859
1010
  <example>camera</example>
@@ -861,6 +1012,7 @@
861
1012
  <example>Mini Dome IP Camera</example>
862
1013
  <param pos="0" name="hw.device" value="Web cam"/>
863
1014
  </fingerprint>
1015
+
864
1016
  <fingerprint pattern="^ASP.NET$">
865
1017
  <description>Something written in ASP.NET</description>
866
1018
  <example>ASP.NET</example>
@@ -870,6 +1022,7 @@
870
1022
  <param pos="0" name="os.certainty" value="0.6"/>
871
1023
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
872
1024
  </fingerprint>
1025
+
873
1026
  <fingerprint pattern="^[Xx]itami$">
874
1027
  <description>Xitami web server</description>
875
1028
  <example>Xitami</example>
@@ -877,6 +1030,7 @@
877
1030
  <param pos="0" name="service.product" value="HTTP"/>
878
1031
  <param pos="0" name="service.family" value="Webserver"/>
879
1032
  </fingerprint>
1033
+
880
1034
  <fingerprint pattern="^VCS-VIDOS-NVR$">
881
1035
  <description>Bosch VCS VIDOS-NVR network video recorder</description>
882
1036
  <example>VCS-VIDOS-NVR</example>
@@ -886,12 +1040,14 @@
886
1040
  <param pos="0" name="hw.vendor" value="Bosch"/>
887
1041
  <param pos="0" name="hw.device" value="DVR"/>
888
1042
  </fingerprint>
1043
+
889
1044
  <fingerprint pattern="^FUHO-DVR$">
890
1045
  <description>FUHO Surveillance/DVR</description>
891
1046
  <example>FUHO-DVR</example>
892
1047
  <param pos="0" name="hw.vendor" value="FUHO"/>
893
1048
  <param pos="0" name="hw.device" value="DVR"/>
894
1049
  </fingerprint>
1050
+
895
1051
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
896
1052
  <description>HeiTel Digital Video Recorder</description>
897
1053
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -901,6 +1057,7 @@
901
1057
  <param pos="0" name="hw.vendor" value="HeiTel"/>
902
1058
  <param pos="0" name="hw.device" value="DVR"/>
903
1059
  </fingerprint>
1060
+
904
1061
  <fingerprint pattern="^MiniServ/([0-9.]*)$">
905
1062
  <description>mini_httpd</description>
906
1063
  <example>MiniServ/0.01</example>
@@ -908,6 +1065,7 @@
908
1065
  <param pos="0" name="service.family" value="WebServer"/>
909
1066
  <param pos="1" name="service.version"/>
910
1067
  </fingerprint>
1068
+
911
1069
  <fingerprint pattern="^IBM HTTP Server/(V\d+R\d+M\d+)$">
912
1070
  <description>IBM HTTP server running on AS/400</description>
913
1071
  <example>IBM HTTP Server/V5R3M0</example>
@@ -920,7 +1078,9 @@
920
1078
  <param pos="0" name="os.family" value="OS/400"/>
921
1079
  <param pos="0" name="os.product" value="OS/400"/>
922
1080
  <param pos="1" name="os.version"/>
1081
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
923
1082
  </fingerprint>
1083
+
924
1084
  <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
925
1085
  <description>IBM HTTP Server</description>
926
1086
  <example>IBM_HTTP_SERVER/1.3.19.2 Apache/1.3.20 (Win32)</example>
@@ -942,6 +1102,7 @@
942
1102
  <param pos="0" name="apache.variant" value="IBM"/>
943
1103
  <param pos="1" name="apache.variant.version"/>
944
1104
  </fingerprint>
1105
+
945
1106
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$">
946
1107
  <description>IBM HTTP Server with hardly useful version info</description>
947
1108
  <example>IBM-HTTP-Server/1.0</example>
@@ -953,6 +1114,7 @@
953
1114
  <param pos="0" name="apache.variant" value="IBM"/>
954
1115
  <param pos="1" name="apache.variant.version"/>
955
1116
  </fingerprint>
1117
+
956
1118
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
957
1119
  <description>IBM HTTP Server with no version info</description>
958
1120
  <example>IBM_HTTP_SERVER</example>
@@ -963,9 +1125,11 @@
963
1125
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
964
1126
  <param pos="0" name="apache.variant" value="IBM"/>
965
1127
  </fingerprint>
1128
+
966
1129
  <!--
967
1130
  Netscape/Sun's Application Server
968
1131
  -->
1132
+
969
1133
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server( \d\.[\d_]+)?$">
970
1134
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
971
1135
  <example>Sun-Java-System/Application-Server</example>
@@ -975,6 +1139,7 @@
975
1139
  <param pos="1" name="service.version"/>
976
1140
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:{service.version}"/>
977
1141
  </fingerprint>
1142
+
978
1143
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server Platform Edition (\d\.[\d_]+)?$">
979
1144
  <description>Sun Java System Application Server Platform Edition(formerly iPlanet Application Server, Sun ONE Application Server)</description>
980
1145
  <example>Sun Java System Application Server Platform Edition 9.0</example>
@@ -984,22 +1149,46 @@
984
1149
  <param pos="0" name="service.product" value="Java System Application Server Platform Edition"/>
985
1150
  <param pos="1" name="service.version"/>
986
1151
  </fingerprint>
1152
+
987
1153
  <fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
988
1154
  <description>Glassfish with version information</description>
989
- <example>Sun GlassFish Enterprise Server v2.1</example>
990
- <param pos="0" name="service.vendor" value="Sun"/>
991
- <param pos="0" name="service.product" value="GlassFish"/>
1155
+ <example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
1156
+ <param pos="0" name="service.vendor" value="Oracle"/>
1157
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1158
+ <param pos="1" name="service.version"/>
1159
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
1160
+ </fingerprint>
1161
+
1162
+ <fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
1163
+ <description>Glassfish Open Source Edition with version information</description>
1164
+ <example service.version="4.1.2">GlassFish Server Open Source Edition 4.1.2</example>
1165
+ <example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
1166
+ <param pos="0" name="service.vendor" value="Oracle"/>
1167
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1168
+ <param pos="1" name="service.version"/>
1169
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
1170
+ </fingerprint>
1171
+
1172
+ <fingerprint pattern="^Oracle GlassFish Server ([\d.]+)$">
1173
+ <description>Oracle GlassFish Server</description>
1174
+ <example service.version="3.1.2.14">Oracle GlassFish Server 3.1.2.14</example>
1175
+ <param pos="0" name="service.vendor" value="Oracle"/>
1176
+ <param pos="0" name="service.product" value="GlassFish Server"/>
992
1177
  <param pos="1" name="service.version"/>
1178
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
993
1179
  </fingerprint>
1180
+
994
1181
  <fingerprint pattern="^GlassFish$">
995
1182
  <description>Glassfish without version information</description>
996
1183
  <example>GlassFish</example>
997
1184
  <param pos="0" name="service.vendor" value="Sun"/>
998
- <param pos="0" name="service.product" value="GlassFish"/>
1185
+ <param pos="0" name="service.product" value="GlassFish Server"/>
999
1186
  </fingerprint>
1187
+
1000
1188
  <!--
1001
1189
  Netscape/Sun's Web Server
1002
1190
  -->
1191
+
1003
1192
  <fingerprint pattern="^Netscape-Enterprise/(\d+\.[\w\s.]+)$">
1004
1193
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
1005
1194
  <example>Netscape-Enterprise/3.5.1</example>
@@ -1011,6 +1200,7 @@
1011
1200
  <param pos="1" name="service.version"/>
1012
1201
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:{service.version}"/>
1013
1202
  </fingerprint>
1203
+
1014
1204
  <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
1015
1205
  <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web Server and Sun ONE Web Server)</description>
1016
1206
  <example>Sun-Java-System-Web-Server/7.0</example>
@@ -1020,19 +1210,20 @@
1020
1210
  <param pos="0" name="service.product" value="Java System Web Server"/>
1021
1211
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:-"/>
1022
1212
  </fingerprint>
1213
+
1023
1214
  <!--
1024
1215
  Netscape/Sun's Web Proxy Server
1025
1216
  -->
1217
+
1026
1218
  <!--
1027
1219
  Header seen on admin port 8081 (not regular proxy port 8080) of Sun Java
1028
1220
  System Web Proxy Server 3.6 Service Pack 4 running on Windows:
1029
-
1030
1221
  Server: Netscape-Administrator/3.54
1031
-
1032
1222
  However this header might be used by Web Server too, so it might be
1033
1223
  impossible to differentiate Web Server from Web Proxy Server. Also note how
1034
1224
  there seems to be no relation between 3.54 and "3.6 Service Pack 4".
1035
1225
  -->
1226
+
1036
1227
  <fingerprint pattern="^iPlanet-Web-Proxy-Server/(.*)$">
1037
1228
  <description>iPlanet WebProxy Server (subsequently Sun ONE WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1038
1229
  <example>iPlanet-Web-Proxy-Server/3.6</example>
@@ -1043,6 +1234,7 @@
1043
1234
  <param pos="1" name="service.version"/>
1044
1235
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1045
1236
  </fingerprint>
1237
+
1046
1238
  <fingerprint pattern="^Sun-ONE-Web-Proxy-Server/(.*)$">
1047
1239
  <description>Sun ONE WebProxy Server (formerly iPlanet WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1048
1240
  <example service.version="3.6-SP4">Sun-ONE-Web-Proxy-Server/3.6-SP4</example>
@@ -1052,6 +1244,7 @@
1052
1244
  <param pos="1" name="service.version"/>
1053
1245
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1054
1246
  </fingerprint>
1247
+
1055
1248
  <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(\d\.[\d.]+)$">
1056
1249
  <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server, Sun ONE WebProxy Server)</description>
1057
1250
  <example>Sun-Java-System-Web-Proxy-Server/4.0.2</example>
@@ -1062,6 +1255,7 @@
1062
1255
  <param pos="1" name="service.version"/>
1063
1256
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1064
1257
  </fingerprint>
1258
+
1065
1259
  <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
1066
1260
  <description>Sun Integrated Lights Out Manager (ILOM) usually bundled with Sun Fire servers</description>
1067
1261
  <example>Sun-ILOM-Web-Server/1.0</example>
@@ -1071,6 +1265,7 @@
1071
1265
  <param pos="0" name="hw.vendor" value="Sun"/>
1072
1266
  <param pos="0" name="hw.family" value="Sun Fire"/>
1073
1267
  </fingerprint>
1268
+
1074
1269
  <fingerprint pattern="^HP-iLO-Server/(?:[\S]+)">
1075
1270
  <description>HP Integrated Lights Out Manager (iLO). Version in the Server header (found on in iLO4) is the firmware version and is not currently used.</description>
1076
1271
  <example>HP-iLO-Server/1.30</example>
@@ -1085,12 +1280,14 @@
1085
1280
  <param pos="0" name="os.family" value="iLO"/>
1086
1281
  <param pos="0" name="os.device" value="Lights Out Management"/>
1087
1282
  </fingerprint>
1283
+
1088
1284
  <!--
1089
1285
  TODO:
1090
-
1091
1286
  Sun_WebServer/2.1
1092
1287
  -->
1288
+
1093
1289
  <!-- Mort Bay Jetty 1.0 to 6.x -->
1290
+
1094
1291
  <fingerprint pattern="^Jetty\/([1-6]\.[\w.]+)(?: \(([^)]*))?">
1095
1292
  <description>Mort Bay Jetty with info</description>
1096
1293
  <example service.version="4.0.1" jetty.info="SunOS 5.8 sparc">Jetty/4.0.1 (SunOS 5.8 sparc)</example>
@@ -1105,6 +1302,7 @@
1105
1302
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1106
1303
  <param pos="2" name="jetty.info"/>
1107
1304
  </fingerprint>
1305
+
1108
1306
  <fingerprint pattern="^Jetty\(([1-6]\S+)\)$">
1109
1307
  <description>Mort Bay Jetty</description>
1110
1308
  <example service.version="1.4.5">Jetty(1.4.5)</example>
@@ -1115,10 +1313,12 @@
1115
1313
  <param pos="1" name="service.version"/>
1116
1314
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1117
1315
  </fingerprint>
1316
+
1118
1317
  <!--
1119
1318
  Jetty moved to Eclipse.org at version 7, CVEs after this version are
1120
1319
  associated with Eclipse CPEs.
1121
1320
  -->
1321
+
1122
1322
  <fingerprint pattern="^Jetty\((\S+)\)$">
1123
1323
  <description>Eclipse Jetty</description>
1124
1324
  <example service.version="7.6.9.v20130131">Jetty(7.6.9.v20130131)</example>
@@ -1130,6 +1330,7 @@
1130
1330
  <param pos="1" name="service.version"/>
1131
1331
  <param pos="0" name="service.cpe23" value="cpe:/a:eclipse:jetty:{service.version}"/>
1132
1332
  </fingerprint>
1333
+
1133
1334
  <fingerprint pattern="^(?i)squid/(\d+\.[\w.\-\+]+)$">
1134
1335
  <description>Squid Web Proxy with a version</description>
1135
1336
  <example service.version="2.3.STABLE1">Squid/2.3.STABLE1</example>
@@ -1141,6 +1342,7 @@
1141
1342
  <param pos="1" name="service.version"/>
1142
1343
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:{service.version}"/>
1143
1344
  </fingerprint>
1345
+
1144
1346
  <fingerprint pattern="^(?i)squid$">
1145
1347
  <description>Squid Web Proxy without a version</description>
1146
1348
  <example>Squid</example>
@@ -1150,14 +1352,18 @@
1150
1352
  <param pos="0" name="service.family" value="Squid"/>
1151
1353
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:-"/>
1152
1354
  </fingerprint>
1355
+
1153
1356
  <fingerprint pattern="^thttpd/(\d\.[\w.]+)-MX\s*.*$">
1154
1357
  <description>thttpd with SSL support</description>
1155
1358
  <example>thttpd/2.19-MX Jan 24 2006</example>
1359
+ <param pos="0" name="service.vendor" value="ACME"/>
1156
1360
  <param pos="0" name="service.product" value="thttpd"/>
1157
1361
  <param pos="0" name="service.family" value="thttpd"/>
1158
1362
  <param pos="1" name="service.version"/>
1363
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:thttpd:{service.version}"/>
1159
1364
  <param pos="0" name="thttpd.mx-patch" value="enabled"/>
1160
1365
  </fingerprint>
1366
+
1161
1367
  <fingerprint pattern="^thttpd(?:/(\d\.[\w.]+)\s*.*)?$">
1162
1368
  <description>thttpd</description>
1163
1369
  <example>thttpd</example>
@@ -1169,15 +1375,20 @@
1169
1375
  <param pos="0" name="service.family" value="thttpd"/>
1170
1376
  <param pos="1" name="service.version"/>
1171
1377
  </fingerprint>
1172
- <fingerprint pattern="^lighttpd(?:/(\d[\d.]+))?.*$">
1378
+
1379
+ <fingerprint pattern="(?i)^lighttpd(?:/(\d[\d.]+))?.*$">
1173
1380
  <description>Lighttpd</description>
1174
1381
  <example>lighttpd</example>
1382
+ <example>Lighttpd</example>
1175
1383
  <example service.version="1.4.16">lighttpd/1.4.16</example>
1176
1384
  <example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
1385
+ <param pos="0" name="service.vendor" value="lighttpd"/>
1177
1386
  <param pos="0" name="service.product" value="lighttpd"/>
1178
1387
  <param pos="0" name="service.family" value="lighttpd"/>
1179
1388
  <param pos="1" name="service.version"/>
1389
+ <param pos="0" name="service.cpe23" value="cpe:/a:lighttpd:lighttpd:{service.version}"/>
1180
1390
  </fingerprint>
1391
+
1181
1392
  <fingerprint pattern="^nginx$">
1182
1393
  <description>nginx without version info</description>
1183
1394
  <example>nginx</example>
@@ -1186,6 +1397,7 @@
1186
1397
  <param pos="0" name="service.vendor" value="nginx"/>
1187
1398
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
1188
1399
  </fingerprint>
1400
+
1189
1401
  <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
1190
1402
  <description>nginx with version info and/or mods</description>
1191
1403
  <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
@@ -1198,6 +1410,7 @@
1198
1410
  <param pos="1" name="service.version"/>
1199
1411
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
1200
1412
  </fingerprint>
1413
+
1201
1414
  <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
1202
1415
  <description>IBM Lotus Notes/Domino with no useful version info</description>
1203
1416
  <example>Lotus</example>
@@ -1209,6 +1422,7 @@
1209
1422
  <param pos="0" name="service.family" value="Lotus Domino"/>
1210
1423
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
1211
1424
  </fingerprint>
1425
+
1212
1426
  <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
1213
1427
  <description>IBM Lotus Notes/Domino with version info</description>
1214
1428
  <example>Lotus-Domino/5.0.8</example>
@@ -1219,6 +1433,7 @@
1219
1433
  <param pos="1" name="service.version"/>
1220
1434
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
1221
1435
  </fingerprint>
1436
+
1222
1437
  <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
1223
1438
  <description>BEA WebLogic</description>
1224
1439
  <example service.version="8.1 SP3">WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
@@ -1230,6 +1445,7 @@
1230
1445
  <param pos="1" name="service.version"/>
1231
1446
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:{service.version}"/>
1232
1447
  </fingerprint>
1448
+
1233
1449
  <fingerprint pattern="^WebSphere Application Server/(\d+\.\d+)$">
1234
1450
  <description>IBM WebSphere</description>
1235
1451
  <example service.version="5.0">WebSphere Application Server/5.0</example>
@@ -1238,7 +1454,9 @@
1238
1454
  <param pos="0" name="service.product" value="WebSphere"/>
1239
1455
  <param pos="0" name="service.family" value="WebSphere"/>
1240
1456
  <param pos="1" name="service.version"/>
1457
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:websphere:{service.version}"/>
1241
1458
  </fingerprint>
1459
+
1242
1460
  <fingerprint pattern="^Resin/(\S+)$">
1243
1461
  <description>Caucho Resin</description>
1244
1462
  <example>Resin/2.1.13</example>
@@ -1250,6 +1468,7 @@
1250
1468
  <param pos="1" name="service.version"/>
1251
1469
  <param pos="0" name="service.cpe23" value="cpe:/a:caucho:resin:{service.version}"/>
1252
1470
  </fingerprint>
1471
+
1253
1472
  <fingerprint pattern="^Ipswitch-IMail/(\d\.\d+)$">
1254
1473
  <description>Ipswitch IMail Server</description>
1255
1474
  <example>Ipswitch-IMail/5.08</example>
@@ -1265,6 +1484,7 @@
1265
1484
  <param pos="0" name="os.product" value="Windows"/>
1266
1485
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1267
1486
  </fingerprint>
1487
+
1268
1488
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1269
1489
  <description>Aprelium Technologies Abyss Web Server X1 (free personal edition) on Windows</description>
1270
1490
  <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
@@ -1278,6 +1498,7 @@
1278
1498
  <param pos="0" name="os.product" value="Windows"/>
1279
1499
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1280
1500
  </fingerprint>
1501
+
1281
1502
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X2-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1282
1503
  <description>Aprelium Technologies Abyss Web Server X2 (licensed professional edition) on Windows</description>
1283
1504
  <param pos="0" name="service.vendor" value="Aprelium Technologies"/>
@@ -1289,6 +1510,7 @@
1289
1510
  <param pos="0" name="os.product" value="Windows"/>
1290
1511
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1291
1512
  </fingerprint>
1513
+
1292
1514
  <fingerprint pattern="^Microsoft (Commerce Server\s*(?:2002|2007)?, (?:Enterprise|Standard|Evaluation|Developer) Edition)$">
1293
1515
  <description>Microsoft Commerce Server</description>
1294
1516
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -1299,6 +1521,7 @@
1299
1521
  <param pos="0" name="os.product" value="Windows"/>
1300
1522
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1301
1523
  </fingerprint>
1524
+
1302
1525
  <fingerprint pattern="^NetWare-Enterprise-Web-Server/(\d+\.\d+)$">
1303
1526
  <description>NetWare Enterprise Web Server (runs on NetWare 5.1)</description>
1304
1527
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1313,6 +1536,7 @@
1313
1536
  <param pos="1" name="os.version"/>
1314
1537
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:{os.version}"/>
1315
1538
  </fingerprint>
1539
+
1316
1540
  <fingerprint pattern="^NetWare HTTP Stack$">
1317
1541
  <description>NetWare HTTP stack (runs on 6.0 and 6.5)</description>
1318
1542
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1323,6 +1547,7 @@
1323
1547
  <param pos="0" name="os.product" value="NetWare"/>
1324
1548
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
1325
1549
  </fingerprint>
1550
+
1326
1551
  <fingerprint pattern="^Novell-HTTP-Server/3.1R1$">
1327
1552
  <description>NetWare HTTP Server (runs on NetWare 4.11)</description>
1328
1553
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1336,6 +1561,7 @@
1336
1561
  <param pos="0" name="os.version" value="4.11"/>
1337
1562
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.11"/>
1338
1563
  </fingerprint>
1564
+
1339
1565
  <fingerprint pattern="^Novell-HTTP-Server/2.51R1$">
1340
1566
  <description>NetWare HTTP Server (runs on NetWare 4.1)</description>
1341
1567
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1349,6 +1575,7 @@
1349
1575
  <param pos="0" name="os.version" value="4.1"/>
1350
1576
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.1"/>
1351
1577
  </fingerprint>
1578
+
1352
1579
  <fingerprint pattern="^Netscape-FastTrack/(\d+\.[\w\s.]+)$">
1353
1580
  <description>Netscape FastTrack Server</description>
1354
1581
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1357,6 +1584,7 @@
1357
1584
  <param pos="1" name="service.version"/>
1358
1585
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:fasttrack_server:{service.version}"/>
1359
1586
  </fingerprint>
1587
+
1360
1588
  <fingerprint pattern="^Netscape-Commerce/(\d+\.[\w\s.]+)$">
1361
1589
  <description>Netscape Commerce Server</description>
1362
1590
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1365,19 +1593,125 @@
1365
1593
  <param pos="1" name="service.version"/>
1366
1594
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:commerce_server:{service.version}"/>
1367
1595
  </fingerprint>
1596
+
1368
1597
  <!--
1369
1598
  TODO
1370
-
1371
1599
  "Powered by PowerBSD - Apache"
1372
1600
  "SSE(Apache)"
1373
1601
  -->
1602
+
1374
1603
  <fingerprint pattern="^SAP J2EE Engine/(\d+\.\d+)$">
1375
- <description>SAP NetWeaver Web AS (Application Server)</description>
1604
+ <description>SAP NetWeaver Application Server Java - short version</description>
1605
+ <example service.version="7.01">SAP J2EE Engine/7.01</example>
1606
+ <param pos="0" name="service.vendor" value="SAP"/>
1607
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1608
+ <param pos="0" name="service.family" value="NetWeaver"/>
1609
+ <param pos="1" name="service.version"/>
1610
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1611
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1612
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1613
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1614
+ </fingerprint>
1615
+
1616
+ <fingerprint pattern="^SAP J2EE Engine$">
1617
+ <description>SAP NetWeaver Application Server Java - without version</description>
1618
+ <example>SAP J2EE Engine</example>
1619
+ <param pos="0" name="service.vendor" value="SAP"/>
1620
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1621
+ <param pos="0" name="service.family" value="NetWeaver"/>
1622
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:-"/>
1623
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1624
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1625
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1626
+ </fingerprint>
1627
+
1628
+ <fingerprint pattern="^SAP NetWeaver Application Server$">
1629
+ <description>SAP NetWeaver Application Server without version</description>
1630
+ <example>SAP NetWeaver Application Server</example>
1631
+ <param pos="0" name="service.vendor" value="SAP"/>
1632
+ <param pos="0" name="service.product" value="NetWeaver Application Server"/>
1633
+ <param pos="0" name="service.family" value="NetWeaver"/>
1634
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1635
+ </fingerprint>
1636
+
1637
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / AS Java ([\d.]+)$">
1638
+ <description>SAP NetWeaver Application Server Java</description>
1639
+ <example service.version="7.30" service.component.version="7.22">SAP NetWeaver Application Server 7.22 / AS Java 7.30</example>
1640
+ <param pos="0" name="service.vendor" value="SAP"/>
1641
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1642
+ <param pos="0" name="service.family" value="NetWeaver"/>
1643
+ <param pos="2" name="service.version"/>
1644
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1645
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1646
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1647
+ <param pos="1" name="service.component.version"/>
1648
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1649
+ </fingerprint>
1650
+
1651
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / ICM ([\d.]+)$">
1652
+ <description>SAP NetWeaver Application Server - Internet Communication Manager</description>
1653
+ <example service.version="7.21" service.component.version="7.21">SAP NetWeaver Application Server 7.21 / ICM 7.21</example>
1654
+ <param pos="0" name="service.vendor" value="SAP"/>
1655
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1656
+ <param pos="0" name="service.family" value="NetWeaver"/>
1657
+ <param pos="2" name="service.version"/>
1658
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1659
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1660
+ <param pos="1" name="service.component.version"/>
1661
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1662
+ </fingerprint>
1663
+
1664
+ <fingerprint pattern="^SAP NetWeaver Application Server \(ICM\)$">
1665
+ <description>SAP NetWeaver Application Server - Internet Communication Manager without version</description>
1666
+ <example>SAP NetWeaver Application Server (ICM)</example>
1667
+ <param pos="0" name="service.vendor" value="SAP"/>
1668
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1669
+ <param pos="0" name="service.family" value="NetWeaver"/>
1670
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1671
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1672
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1673
+ </fingerprint>
1674
+
1675
+ <fingerprint pattern="^SAP NetWeaver Application Server / ABAP ([\d.]+)$">
1676
+ <description>SAP NetWeaver Application Server - Advanced Business Application Programming</description>
1677
+ <example service.version="731">SAP NetWeaver Application Server / ABAP 731</example>
1376
1678
  <param pos="0" name="service.vendor" value="SAP"/>
1377
- <param pos="0" name="service.product" value="NetWeaver Web AS"/>
1679
+ <param pos="0" name="service.product" value="NetWeaver AS ABAP"/>
1378
1680
  <param pos="0" name="service.family" value="NetWeaver"/>
1379
1681
  <param pos="1" name="service.version"/>
1682
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_as_abap:{service.version}"/>
1683
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1684
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1685
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1686
+ </fingerprint>
1687
+
1688
+ <fingerprint pattern="^SAP Internet Graphics Server$">
1689
+ <description>SAP Internet Graphics Server</description>
1690
+ <example>SAP Internet Graphics Server</example>
1691
+ <param pos="0" name="service.vendor" value="SAP"/>
1692
+ <param pos="0" name="service.product" value="Internet Graphics Server"/>
1693
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1694
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1695
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1696
+ </fingerprint>
1697
+
1698
+ <fingerprint pattern="^SAP Message Server, release ([\d.]+) \(LNK\)$">
1699
+ <description>SAP Message Server</description>
1700
+ <example service.version="753">SAP Message Server, release 753 (LNK)</example>
1701
+ <param pos="0" name="service.vendor" value="SAP"/>
1702
+ <param pos="0" name="service.product" value="SAP Message Server"/>
1703
+ <param pos="1" name="service.version"/>
1380
1704
  </fingerprint>
1705
+
1706
+ <fingerprint pattern="^SQLAnywhere/([\d.]+)$">
1707
+ <description>SAP SQLAnywhere</description>
1708
+ <example service.version="16.0.0.2207">SQLAnywhere/16.0.0.2207</example>
1709
+ <param pos="0" name="service.vendor" value="SAP"/>
1710
+ <param pos="0" name="service.product" value="SQL Anywhere"/>
1711
+ <param pos="1" name="service.version"/>
1712
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:sql_anywhere:{service.version}"/>
1713
+ </fingerprint>
1714
+
1381
1715
  <fingerprint pattern="^OpenVPN-AS$">
1382
1716
  <description>OpenVPN Access Server</description>
1383
1717
  <example>OpenVPN-AS</example>
@@ -1385,27 +1719,30 @@
1385
1719
  <param pos="0" name="service.product" value="Access Server"/>
1386
1720
  <param pos="0" name="hw.device" value="VPN"/>
1387
1721
  </fingerprint>
1722
+
1388
1723
  <fingerprint pattern="^SonicWALL (SSL-?VPN(?: (?:\d+))?) Web Server\.?$">
1389
1724
  <description>SonicWALL SSL-VPN device</description>
1390
1725
  <example>SonicWALL SSLVPN Web Server</example>
1391
1726
  <example>SonicWALL SSL-VPN Web Server</example>
1392
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1727
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1393
1728
  <param pos="0" name="service.product" value="SSL-VPN"/>
1394
1729
  <param pos="0" name="service.family" value="SSL-VPN"/>
1395
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1730
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1396
1731
  <param pos="0" name="os.device" value="VPN"/>
1397
1732
  <param pos="0" name="os.family" value="SSL-VPN"/>
1398
1733
  <param pos="1" name="os.product"/>
1399
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1734
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1400
1735
  <param pos="0" name="hw.device" value="VPN"/>
1401
1736
  </fingerprint>
1737
+
1402
1738
  <fingerprint pattern="^SonicWALL$">
1403
1739
  <description>SonicWALL device</description>
1404
1740
  <example>SonicWALL</example>
1405
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1741
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1406
1742
  <param pos="0" name="service.product" value="HTTP"/>
1407
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1743
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1408
1744
  </fingerprint>
1745
+
1409
1746
  <fingerprint pattern="^NetCache appliance \(NetApp/+(\d+\.\d+[\w.]+)\)$">
1410
1747
  <description>NetCache appliance (product line formerly owned by Network Appliances, now owned by Blue Coat Systems).</description>
1411
1748
  <example service.version="5.3.1R3">NetCache appliance (NetApp/5.3.1R3)</example>
@@ -1423,6 +1760,7 @@
1423
1760
  <param pos="0" name="os.family" value="NetCache"/>
1424
1761
  <param pos="0" name="os.product" value="NetCache"/>
1425
1762
  </fingerprint>
1763
+
1426
1764
  <fingerprint pattern="^NetApp/+(.*)$">
1427
1765
  <description>NetApp file servers</description>
1428
1766
  <example>NetApp/7.3.4P1</example>
@@ -1436,6 +1774,7 @@
1436
1774
  <param pos="1" name="os.version"/>
1437
1775
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
1438
1776
  </fingerprint>
1777
+
1439
1778
  <fingerprint pattern="^BlueCoat-Security-Appliance$">
1440
1779
  <description>Blue Coat security appliance</description>
1441
1780
  <example>BlueCoat-Security-Appliance</example>
@@ -1444,6 +1783,7 @@
1444
1783
  <param pos="0" name="os.family" value="Blue Coat"/>
1445
1784
  <param pos="0" name="os.product" value="Appliance"/>
1446
1785
  </fingerprint>
1786
+
1447
1787
  <fingerprint pattern="^(?:BigIP|BIG-IP)$">
1448
1788
  <description>F5 BIG-IP</description>
1449
1789
  <param pos="0" name="service.vendor" value="F5"/>
@@ -1453,6 +1793,15 @@
1453
1793
  <param pos="0" name="os.family" value="Linux"/>
1454
1794
  <param pos="0" name="os.product" value="Linux"/>
1455
1795
  </fingerprint>
1796
+
1797
+ <fingerprint pattern="^TargetWeb/[\d\.]+ \(TargetOS\)$">
1798
+ <description>Mercurity Security TargetOS</description>
1799
+ <example>TargetWeb/2011.0 (TargetOS)</example>
1800
+ <param pos="0" name="hw.vendor" value="Mercury Security"/>
1801
+ <param pos="0" name="hw.device" value="Access Control"/>
1802
+ <param pos="0" name="hw.product" value="EP-series"/>
1803
+ </fingerprint>
1804
+
1456
1805
  <fingerprint pattern="^Foundry Networks(?:/(\d+\.\d+))?$">
1457
1806
  <description>Foundry Networks device (though not sure which)</description>
1458
1807
  <param pos="0" name="service.vendor" value="Foundry"/>
@@ -1460,6 +1809,7 @@
1460
1809
  <param pos="1" name="service.version"/>
1461
1810
  <param pos="0" name="os.vendor" value="Foundry"/>
1462
1811
  </fingerprint>
1812
+
1463
1813
  <fingerprint pattern="^HP-Chai(?:Server|SOE)/(\d+\.\d+)$">
1464
1814
  <description>HP Printer running the Chai embedded web server</description>
1465
1815
  <example>HP-ChaiServer/2.2</example>
@@ -1477,6 +1827,7 @@
1477
1827
  <param pos="0" name="hw.product" value="JetDirect"/>
1478
1828
  <param pos="0" name="hw.device" value="Printer"/>
1479
1829
  </fingerprint>
1830
+
1480
1831
  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
1481
1832
  <description>HP Printer</description>
1482
1833
  <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
@@ -1494,6 +1845,7 @@
1494
1845
  <param pos="0" name="hw.product" value="JetDirect"/>
1495
1846
  <param pos="0" name="hw.device" value="Printer"/>
1496
1847
  </fingerprint>
1848
+
1497
1849
  <fingerprint pattern="^HTTP/1\.0$">
1498
1850
  <description>Old HP printers identify themselves as "HTTP/1.0"</description>
1499
1851
  <param pos="0" name="service.vendor" value="HP"/>
@@ -1508,6 +1860,7 @@
1508
1860
  <param pos="0" name="hw.product" value="JetDirect"/>
1509
1861
  <param pos="0" name="hw.device" value="Printer"/>
1510
1862
  </fingerprint>
1863
+
1511
1864
  <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
1512
1865
  <description>Embedded HTTP server used by many vendors and device
1513
1866
  types, including APC, 3Com, Andover Controls, Cisco VoIP, D-Link,
@@ -1522,6 +1875,7 @@
1522
1875
  <param pos="0" name="service.product" value="RomPager"/>
1523
1876
  <param pos="1" name="service.version"/>
1524
1877
  </fingerprint>
1878
+
1525
1879
  <fingerprint pattern="^YAMAHA-RT$">
1526
1880
  <description>Yamaha RT series routers</description>
1527
1881
  <param pos="0" name="service.vendor" value="Yamaha"/>
@@ -1534,6 +1888,7 @@
1534
1888
  <param pos="0" name="hw.vendor" value="Yamaha"/>
1535
1889
  <param pos="0" name="hw.device" value="Router"/>
1536
1890
  </fingerprint>
1891
+
1537
1892
  <fingerprint pattern="^(?:Canon Http|CANON HTTP) Server (?:Ver)?(?:\d+\.\d+)$">
1538
1893
  <description>Canon Multifunction Printer/Copiers</description>
1539
1894
  <param pos="0" name="service.vendor" value="Canon"/>
@@ -1542,6 +1897,7 @@
1542
1897
  <param pos="0" name="hw.vendor" value="Canon"/>
1543
1898
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1544
1899
  </fingerprint>
1900
+
1545
1901
  <fingerprint pattern=".*Linksys.*">
1546
1902
  <description>Linksys Wireless Access Point</description>
1547
1903
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -1549,6 +1905,7 @@
1549
1905
  <param pos="0" name="hw.vendor" value="Linksys"/>
1550
1906
  <param pos="0" name="hw.device" value="WAP"/>
1551
1907
  </fingerprint>
1908
+
1552
1909
  <fingerprint pattern="^cisco-IOS$">
1553
1910
  <description>Cisco IOS</description>
1554
1911
  <example>cisco-IOS</example>
@@ -1563,6 +1920,7 @@
1563
1920
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1564
1921
  <param pos="0" name="hw.vendor" value="Cisco"/>
1565
1922
  </fingerprint>
1923
+
1566
1924
  <fingerprint pattern="^cisco-IOS/([^\s]+) HTTP-server/.*$">
1567
1925
  <description>Cisco IOS with version information</description>
1568
1926
  <example>cisco-IOS/12.1 HTTP-server/1.0(1)</example>
@@ -1577,6 +1935,7 @@
1577
1935
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
1578
1936
  <param pos="0" name="hw.vendor" value="Cisco"/>
1579
1937
  </fingerprint>
1938
+
1580
1939
  <fingerprint pattern="^Cisco AWARE (.*)$">
1581
1940
  <description>Cisco ASA</description>
1582
1941
  <example>Cisco AWARE 2.0</example>
@@ -1585,13 +1944,15 @@
1585
1944
  <param pos="0" name="service.product" value="HTTP"/>
1586
1945
  <param pos="0" name="os.vendor" value="Cisco"/>
1587
1946
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
1588
- <param pos="0" name="os.product" value="VPN"/>
1947
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
1948
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
1589
1949
  <param pos="0" name="hw.vendor" value="Cisco"/>
1590
1950
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
1591
1951
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
1592
1952
  <param pos="0" name="hw.device" value="Firewall"/>
1593
1953
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
1594
1954
  </fingerprint>
1955
+
1595
1956
  <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1596
1957
  <description>Cradlepoint HTTP service</description>
1597
1958
  <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
@@ -1599,6 +1960,7 @@
1599
1960
  <param pos="0" name="service.vendor" value="Cradlepoint"/>
1600
1961
  <param pos="0" name="service.product" value="HTTP"/>
1601
1962
  </fingerprint>
1963
+
1602
1964
  <fingerprint pattern="^DesktopAuthority/(.*)$">
1603
1965
  <description>ScriptLogic DesktopAuthority</description>
1604
1966
  <param pos="1" name="service.version"/>
@@ -1610,6 +1972,7 @@
1610
1972
  <param pos="0" name="os.product" value="Windows"/>
1611
1973
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1612
1974
  </fingerprint>
1975
+
1613
1976
  <fingerprint pattern="^Agent-ListenServer-HttpSvr/.*$">
1614
1977
  <description>McAfee ePolicy Orchestrator</description>
1615
1978
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1617,13 +1980,14 @@
1617
1980
  <param pos="0" name="service.family" value="ePolicy Orchestrator"/>
1618
1981
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:epolicy_orchestrator:-"/>
1619
1982
  </fingerprint>
1983
+
1620
1984
  <fingerprint pattern="^LANDesk Management Agent/.*$">
1621
1985
  <description>LANDesk Management Agent</description>
1622
1986
  <param pos="0" name="service.vendor" value="LANDesk"/>
1623
1987
  <param pos="0" name="service.product" value="Management Agent"/>
1624
1988
  <param pos="0" name="service.family" value="Management Agent"/>
1625
- <param pos="0" name="service.cpe23" value="cpe:/a:landesk:management_agent:-"/>
1626
1989
  </fingerprint>
1990
+
1627
1991
  <fingerprint pattern="^EWS-NIC\d/(\S+)$">
1628
1992
  <description>Xerox Embedded Web Server (EWS)</description>
1629
1993
  <example service.version="6.31">EWS-NIC3/6.31</example>
@@ -1638,6 +2002,7 @@
1638
2002
  <param pos="0" name="hw.vendor" value="Xerox"/>
1639
2003
  <param pos="0" name="hw.device" value="Printer"/>
1640
2004
  </fingerprint>
2005
+
1641
2006
  <fingerprint pattern="^Adaptec ASM (\S+)$">
1642
2007
  <description>Adaptec - Adaptec Storage Manager (runs on Windows Only)</description>
1643
2008
  <param pos="0" name="service.vendor" value="Adaptec"/>
@@ -1649,6 +2014,7 @@
1649
2014
  <param pos="0" name="os.product" value="Windows"/>
1650
2015
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1651
2016
  </fingerprint>
2017
+
1652
2018
  <fingerprint pattern="^JRun Web Server$">
1653
2019
  <description>Macromedia (formerly Allaire) JRun</description>
1654
2020
  <param pos="0" name="service.vendor" value="Macromedia"/>
@@ -1656,6 +2022,7 @@
1656
2022
  <param pos="0" name="service.product" value="JRun"/>
1657
2023
  <param pos="0" name="service.cpe23" value="cpe:/a:macromedia:jrun:-"/>
1658
2024
  </fingerprint>
2025
+
1659
2026
  <fingerprint pattern="^(?:Raptor )?Simple, Secure Web Server ([\d.]+)$">
1660
2027
  <description>Symantec Raptor Firewall</description>
1661
2028
  <example>Simple, Secure Web Server 1.1</example>
@@ -1666,6 +2033,7 @@
1666
2033
  <param pos="0" name="os.product" value="Raptor"/>
1667
2034
  <param pos="1" name="os.version"/>
1668
2035
  </fingerprint>
2036
+
1669
2037
  <fingerprint pattern="^IPG(\d+)$">
1670
2038
  <description>Systech Internet Payment Gateway</description>
1671
2039
  <example hw.model="8000">IPG8000</example>
@@ -1674,6 +2042,7 @@
1674
2042
  <param pos="0" name="hw.product" value="Internet Payment Gateway"/>
1675
2043
  <param pos="1" name="hw.model"/>
1676
2044
  </fingerprint>
2045
+
1677
2046
  <fingerprint pattern="^NS_(\d\.\d)$">
1678
2047
  <description>Citrix NetScaler</description>
1679
2048
  <example>NS_6.1</example>
@@ -1681,8 +2050,14 @@
1681
2050
  <param pos="0" name="os.family" value="NetScaler"/>
1682
2051
  <param pos="0" name="os.device" value="Network Management Device"/>
1683
2052
  <param pos="0" name="os.product" value="NetScaler"/>
1684
- <param pos="1" name="os.version"/>
2053
+ <param pos="0" name="service.vendor" value="Citrix"/>
2054
+ <param pos="0" name="service.family" value="NetScaler"/>
2055
+ <param pos="0" name="service.device" value="Network Management Device"/>
2056
+ <param pos="0" name="service.product" value="NetScaler"/>
2057
+ <param pos="1" name="service.version"/>
2058
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:{service.version}"/>
1685
2059
  </fingerprint>
2060
+
1686
2061
  <fingerprint pattern="^Rumpus$">
1687
2062
  <description>Rumpus FTP Server, Web File Manager interface</description>
1688
2063
  <example>Rumpus</example>
@@ -1691,6 +2066,7 @@
1691
2066
  <param pos="0" name="os.product" value="Mac OS X"/>
1692
2067
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1693
2068
  </fingerprint>
2069
+
1694
2070
  <fingerprint pattern="^servermgrd$">
1695
2071
  <description>Mac OS X Server administrative daemon</description>
1696
2072
  <example>servermgrd</example>
@@ -1699,6 +2075,7 @@
1699
2075
  <param pos="0" name="os.product" value="Mac OS X"/>
1700
2076
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1701
2077
  </fingerprint>
2078
+
1702
2079
  <fingerprint pattern="^(RMC Webserver|RAC_ONE_HTTP) (\d\.\d)$">
1703
2080
  <description>Dell Remote Access Controller</description>
1704
2081
  <param pos="0" name="os.vendor" value="Dell"/>
@@ -1709,6 +2086,7 @@
1709
2086
  <param pos="1" name="service.product"/>
1710
2087
  <param pos="2" name="service.version"/>
1711
2088
  </fingerprint>
2089
+
1712
2090
  <fingerprint pattern="^Xerox_MicroServer/Xerox11$">
1713
2091
  <description>Xerox Document Centre</description>
1714
2092
  <param pos="0" name="os.vendor" value="Xerox"/>
@@ -1720,6 +2098,7 @@
1720
2098
  <param pos="0" name="hw.product" value="Document Centre"/>
1721
2099
  <param pos="0" name="hw.device" value="Printer"/>
1722
2100
  </fingerprint>
2101
+
1723
2102
  <fingerprint pattern="^TSM_HTTP/\d\.\d$">
1724
2103
  <description>IBM Tivoli Storage Manager</description>
1725
2104
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -1727,11 +2106,13 @@
1727
2106
  <param pos="0" name="service.product" value="Tivoli Storage Manager"/>
1728
2107
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:tivoli_storage_manager:-"/>
1729
2108
  </fingerprint>
2109
+
1730
2110
  <fingerprint pattern="^D-Link MiniAVServer$">
1731
2111
  <description>D-Link embedded web server for web cams</description>
1732
2112
  <param pos="0" name="os.vendor" value="D-Link"/>
1733
2113
  <param pos="0" name="os.device" value="Web cam"/>
1734
2114
  </fingerprint>
2115
+
1735
2116
  <fingerprint pattern="^ListManagerWeb/(\S+) .*$">
1736
2117
  <description>Lyris ListManager</description>
1737
2118
  <example>ListManagerWeb/8.8a (based on Tcl-Webserver/3.4.2)</example>
@@ -1739,16 +2120,18 @@
1739
2120
  <param pos="0" name="service.product" value="ListManager"/>
1740
2121
  <param pos="1" name="service.version"/>
1741
2122
  </fingerprint>
2123
+
1742
2124
  <fingerprint pattern="^kHTTPd (\S+)" certainty="0.50">
1743
2125
  <description>TUX web server, an in-kernel Linux HTTP Accelerator</description>
1744
2126
  <example>kHTTPd 0.1.6</example>
1745
- <param pos="0" name="service.product" value="TUX web server"/>
2127
+ <param pos="0" name="service.product" value="TUX Web Server"/>
1746
2128
  <param pos="1" name="service.version"/>
1747
2129
  <param pos="0" name="os.vendor" value="Linux"/>
1748
2130
  <param pos="0" name="os.family" value="Linux"/>
1749
2131
  <param pos="0" name="os.product" value="Linux"/>
1750
2132
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
1751
2133
  </fingerprint>
2134
+
1752
2135
  <fingerprint pattern="^RealVNC/(?:\S+)$">
1753
2136
  <description>RealVNC built-in webserver</description>
1754
2137
  <example>RealVNC/4.0</example>
@@ -1756,6 +2139,17 @@
1756
2139
  <param pos="0" name="service.product" value="RealVNC"/>
1757
2140
  <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
1758
2141
  </fingerprint>
2142
+
2143
+ <fingerprint pattern="^SecureTransport (\d+[\d\.]+) \(build: (\d+)\)$">
2144
+ <description>AxWay SecureTransport</description>
2145
+ <example>SecureTransport 5.3.6 (build: 412)</example>
2146
+ <param pos="0" name="service.vendor" value="Axway"/>
2147
+ <param pos="0" name="service.product" value="SecureTransport"/>
2148
+ <param pos="1" name="service.version"/>
2149
+ <param pos="0" name="service.cpe23" value="cpe:/a:axway:securetransport:{service.version}"/>
2150
+ <param pos="2" name="securetransport.build"/>
2151
+ </fingerprint>
2152
+
1759
2153
  <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
1760
2154
  <description>EmWeb variants</description>
1761
2155
  <example>Agranat-EmWeb/R4_01</example>
@@ -1779,6 +2173,7 @@
1779
2173
  <param pos="0" name="service.product" value="EmWeb"/>
1780
2174
  <param pos="2" name="service.version"/>
1781
2175
  </fingerprint>
2176
+
1782
2177
  <fingerprint pattern="^NSC/\S+ \(JVM\)$">
1783
2178
  <description>Rapid7 NSC</description>
1784
2179
  <example>NSC/0.6.4 (JVM)</example>
@@ -1786,6 +2181,7 @@
1786
2181
  <param pos="0" name="service.product" value="Nexpose"/>
1787
2182
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1788
2183
  </fingerprint>
2184
+
1789
2185
  <fingerprint pattern="^Security Console$">
1790
2186
  <description>Rapid7 Nexpose Security Console</description>
1791
2187
  <example>Security Console</example>
@@ -1793,6 +2189,7 @@
1793
2189
  <param pos="0" name="service.product" value="Nexpose"/>
1794
2190
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1795
2191
  </fingerprint>
2192
+
1796
2193
  <fingerprint pattern="^Polycom SoundPoint IP Telephone HTTPd$">
1797
2194
  <description>Polycom Soundpoint IP Telephone</description>
1798
2195
  <example>Polycom SoundPoint IP Telephone HTTPd</example>
@@ -1802,23 +2199,21 @@
1802
2199
  <param pos="0" name="hw.family" value="SoundPoint"/>
1803
2200
  <param pos="0" name="hw.device" value="VoIP"/>
1804
2201
  </fingerprint>
2202
+
1805
2203
  <!-- 4D WebSTAR was aquired by Kerio but it seems that both
1806
2204
  Kerio and 4D have branched the product. The 4D banners
1807
2205
  use the new version scheme (just 2004 it would appear):
1808
-
1809
2206
  4D_WebStar_D/2004
1810
-
1811
2207
  whereas Kerio banners are:
1812
-
1813
2208
  4D_WebSTAR_S/5.3.2 (MacOS X)
1814
2209
  4D_WebStar_D/7.8
1815
2210
  4D_WebSTAR_S/5.4.1 (MacOS X)
1816
-
1817
2211
  WebSTAR/4.4 ID/72547
1818
2212
  WebSTAR/4.5(SSL) ID/82535
1819
2213
  WebSTAR NetCloak
1820
2214
  WebSTAR/4.5(SSL) ID/85282
1821
2215
  -->
2216
+
1822
2217
  <!--
1823
2218
  <fingerprint pattern="^4D_WebSTAR_S/2004$">
1824
2219
  <description>4D 4th Dimension 2004</description>
@@ -1829,6 +2224,7 @@
1829
2224
  <param pos="0" name="os.family" value="Windows"/>
1830
2225
  <param pos="0" name="os.product" value="Windows"/>
1831
2226
  </fingerprint>
2227
+
1832
2228
  <fingerprint pattern="^4D_WebSTAR_S/5.3.2 \(MacOS X\)$">
1833
2229
  <description>Kerio WebSTAR</description>
1834
2230
  <param pos="0" name="service.vendor" value="Kerio"/>
@@ -1839,7 +2235,9 @@
1839
2235
  <param pos="0" name="os.family" value="Windows"/>
1840
2236
  <param pos="0" name="os.product" value="Windows"/>
1841
2237
  </fingerprint>
2238
+
1842
2239
  -->
2240
+
1843
2241
  <fingerprint pattern="^SentinelProtectionServer/((?:\d+\.)*\d+)$">
1844
2242
  <description>Sentinel Protection Server - Embedded httpd in SafeNet's memory key dongles</description>
1845
2243
  <example service.version="7.1">SentinelProtectionServer/7.1</example>
@@ -1851,6 +2249,7 @@
1851
2249
  <param pos="0" name="service.family" value="Sentinel"/>
1852
2250
  <param pos="1" name="service.version"/>
1853
2251
  </fingerprint>
2252
+
1854
2253
  <fingerprint pattern="^SentinelKeysServer/((?:\d+\.)*\d+)$">
1855
2254
  <description>Sentinel Key Server - Embedded httpd in SafeNet's memory key dongles</description>
1856
2255
  <example service.version="1.3.1">SentinelKeysServer/1.3.1</example>
@@ -1861,6 +2260,7 @@
1861
2260
  <param pos="0" name="service.family" value="Sentinel"/>
1862
2261
  <param pos="1" name="service.version"/>
1863
2262
  </fingerprint>
2263
+
1864
2264
  <fingerprint pattern="^CherryPy/((?:\d+\.)*\d+)$">
1865
2265
  <description>Web server component of CherryPy web application framework.</description>
1866
2266
  <example>CherryPy/3.1.2</example>
@@ -1871,6 +2271,7 @@
1871
2271
  <param pos="1" name="service.version"/>
1872
2272
  <param pos="0" name="service.cpe23" value="cpe:/a:cherrypy:cherrypy:{service.version}"/>
1873
2273
  </fingerprint>
2274
+
1874
2275
  <fingerprint pattern="(?i)^TornadoServer/((?:\d+\.)*\d+)$">
1875
2276
  <description>Tornado Python web framework and asynchronous networking library.</description>
1876
2277
  <example>TornadoServer/4.0.2</example>
@@ -1880,6 +2281,7 @@
1880
2281
  <param pos="1" name="service.version"/>
1881
2282
  <param pos="0" name="service.cpe23" value="cpe:/a:tornadoweb:tornado:{service.version}"/>
1882
2283
  </fingerprint>
2284
+
1883
2285
  <fingerprint pattern="(?i)^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
1884
2286
  <description>SimpleHTTPRequestHandler Python class is a simple HTTP request handler.</description>
1885
2287
  <example>SimpleHTTP/0.6 Python/2.7.6</example>
@@ -1890,6 +2292,7 @@
1890
2292
  <param pos="1" name="service.version"/>
1891
2293
  <param pos="2" name="python.version"/>
1892
2294
  </fingerprint>
2295
+
1893
2296
  <fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
1894
2297
  <description>Apache variant for web access to HP printers.</description>
1895
2298
  <example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
@@ -1902,6 +2305,7 @@
1902
2305
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
1903
2306
  <param pos="2" name="apache.info"/>
1904
2307
  </fingerprint>
2308
+
1905
2309
  <fingerprint pattern="^HP Web Jetadmin ([\d\.]+)(?: \([^\)]+\))?$">
1906
2310
  <description>HP printers, perhaps Apache, but we can't say for sure</description>
1907
2311
  <example service.version="10.3.85669">HP Web Jetadmin 10.3.85669</example>
@@ -1911,6 +2315,19 @@
1911
2315
  <param pos="1" name="service.version"/>
1912
2316
  <param pos="0" name="service.cpe23" value="cpe:/a:hp:web_jetadmin:{service.version}"/>
1913
2317
  </fingerprint>
2318
+
2319
+ <fingerprint pattern="^KM-MFP-http/V([\d\.]+)$">
2320
+ <description>Kyocera Printers</description>
2321
+ <example service.version="0.0.1">KM-MFP-http/V0.0.1</example>
2322
+ <param pos="0" name="os.vendor" value="Kyocera"/>
2323
+ <param pos="0" name="os.device" value="Multifunction Device"/>
2324
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
2325
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
2326
+ <param pos="0" name="service.vendor" value="Kyocera"/>
2327
+ <param pos="0" name="service.product" value="KM-MFP-HTTP"/>
2328
+ <param pos="1" name="service.version"/>
2329
+ </fingerprint>
2330
+
1914
2331
  <fingerprint pattern="^Citrix Web PN Server$">
1915
2332
  <description>Citrix Web PN (Program Neighborhood) Server is an HTTP server used by Citrix products</description>
1916
2333
  <example>Citrix Web PN Server</example>
@@ -1918,6 +2335,7 @@
1918
2335
  <param pos="0" name="service.product" value="Web PN Server"/>
1919
2336
  <param pos="0" name="service.family" value="Web PN Server"/>
1920
2337
  </fingerprint>
2338
+
1921
2339
  <fingerprint pattern="^Lotus Expeditor Web Container/((?:\d+\.)*\d+)$">
1922
2340
  <description>Expeditor is a framework used by IBM in many products in the Lotus brand, such as Sametime and Notes.</description>
1923
2341
  <example>Lotus Expeditor Web Container/6.1</example>
@@ -1927,27 +2345,34 @@
1927
2345
  <param pos="0" name="service.family" value="Lotus Expeditor"/>
1928
2346
  <param pos="1" name="service.version"/>
1929
2347
  </fingerprint>
2348
+
1930
2349
  <!-- GoAhead software was acquired by Oracle in 2011. They later handed this
1931
2350
  off to (E)Mbedthis. Version 3.0 released in October 2012 appears to be
1932
2351
  the first version to fully be Mbedthis software.
1933
2352
  -->
2353
+
1934
2354
  <fingerprint pattern="^GoAhead-(?:Webs|http)$">
1935
2355
  <description>GoAhead-Webs - no version</description>
1936
2356
  <example>GoAhead-Webs</example>
1937
- <param pos="0" name="service.vendor" value="Oracle"/>
2357
+ <param pos="0" name="service.vendor" value="EmbedThis"/>
1938
2358
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1939
2359
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
2360
+ <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:goahead:-"/>
1940
2361
  </fingerprint>
1941
- <fingerprint pattern="^GoAhead-(?:Webs|http)\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
2362
+
2363
+ <fingerprint pattern="(?i)^GoAhead(?:-Webs|-http)?\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
1942
2364
  <description>GoAhead-Webs - version</description>
1943
2365
  <example service.version="2.5.0">GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.4.2-OPEN</example>
2366
+ <example service.version="2.5.0">Goahead/2.5.0 PeerSec-MatrixSSL/3.2.1-OPEN</example>
1944
2367
  <example>GoAhead-Webs/2.5.0</example>
1945
2368
  <param pos="0" name="service.vendor" value="Oracle"/>
1946
2369
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1947
2370
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1948
2371
  <param pos="1" name="service.version"/>
1949
2372
  </fingerprint>
2373
+
1950
2374
  <!-- MBedthis changed its name/branding to Embedthis-->
2375
+
1951
2376
  <fingerprint pattern="^Mbedthis-App[Ww]eb/([\d.]+)$">
1952
2377
  <description>Mbedthis Appweb</description>
1953
2378
  <example service.version="2.4.0">Mbedthis-Appweb/2.4.0</example>
@@ -1959,6 +2384,7 @@
1959
2384
  <param pos="0" name="service.family" value="Appweb"/>
1960
2385
  <param pos="1" name="service.version"/>
1961
2386
  </fingerprint>
2387
+
1962
2388
  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
1963
2389
  <description>Embedthis AppWeb</description>
1964
2390
  <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
@@ -1970,6 +2396,7 @@
1970
2396
  <param pos="1" name="service.version"/>
1971
2397
  <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
1972
2398
  </fingerprint>
2399
+
1973
2400
  <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
1974
2401
  <description>Web server for Avaya Aura Communication Manager Branch, a SIP-based communications platform.</description>
1975
2402
  <example>Avaya CMBE/2.0.0</example>
@@ -1978,7 +2405,9 @@
1978
2405
  <param pos="0" name="service.product" value="Aura Communication Manager"/>
1979
2406
  <param pos="0" name="service.family" value="Aura"/>
1980
2407
  <param pos="1" name="service.version"/>
2408
+ <param pos="0" name="service.cpe23" value="cpe:/a:avaya:aura_communication_manager:{service.version}"/>
1981
2409
  </fingerprint>
2410
+
1982
2411
  <fingerprint pattern="^Rapid Logic/((?:\d+\.)*\d+)$">
1983
2412
  <description>Embedded web server by Rapid Logic, which was acquired by Wind River.</description>
1984
2413
  <example service.version="1.1">Rapid Logic/1.1</example>
@@ -1987,6 +2416,7 @@
1987
2416
  <param pos="0" name="service.product" value="Rapid Logic"/>
1988
2417
  <param pos="1" name="service.version"/>
1989
2418
  </fingerprint>
2419
+
1990
2420
  <fingerprint pattern="^WindRiver-WebServer/((?:\d+\.)*\d+)$">
1991
2421
  <description>Wind River HTTP server</description>
1992
2422
  <example service.version="4.4">WindRiver-WebServer/4.4</example>
@@ -1994,6 +2424,7 @@
1994
2424
  <param pos="0" name="service.product" value="WebServer"/>
1995
2425
  <param pos="1" name="service.version"/>
1996
2426
  </fingerprint>
2427
+
1997
2428
  <fingerprint pattern="^Sophos Email Appliance$">
1998
2429
  <description>Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
1999
2430
  <example>Sophos Email Appliance</example>
@@ -2002,6 +2433,7 @@
2002
2433
  <param pos="0" name="os.vendor" value="Sophos"/>
2003
2434
  <param pos="0" name="os.product" value="Email Appliance"/>
2004
2435
  </fingerprint>
2436
+
2005
2437
  <fingerprint pattern="^CUPS\/((?:\d\.)+\d+)(?:\s*IPP\/\d+\.\d+)?$">
2006
2438
  <description>Server for the CUPS web interface.</description>
2007
2439
  <example service.version="1.1">CUPS/1.1</example>
@@ -2012,6 +2444,7 @@
2012
2444
  <param pos="1" name="service.version"/>
2013
2445
  <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:{service.version}"/>
2014
2446
  </fingerprint>
2447
+
2015
2448
  <fingerprint pattern="^TwistedWeb/([\d.rc]+)$">
2016
2449
  <description>Twisted Matrix Labs - TwistedWeb</description>
2017
2450
  <example>TwistedWeb/2.5.0</example>
@@ -2022,15 +2455,18 @@
2022
2455
  <param pos="0" name="service.family" value="Twisted Web"/>
2023
2456
  <param pos="1" name="service.version"/>
2024
2457
  </fingerprint>
2458
+
2025
2459
  <fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
2026
2460
  <description>A small HTTP server</description>
2027
2461
  <example>mini_httpd/1.14 23jun2000</example>
2028
2462
  <example>mini_httpd/1 23jun2000</example>
2029
- <param pos="0" name="service.vendor" value="ACME Laboratories"/>
2463
+ <param pos="0" name="service.vendor" value="ACME"/>
2030
2464
  <param pos="0" name="service.product" value="mini_httpd"/>
2031
2465
  <param pos="0" name="service.family" value="mini_httpd"/>
2032
2466
  <param pos="1" name="service.version"/>
2467
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:{service.version}"/>
2033
2468
  </fingerprint>
2469
+
2034
2470
  <fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
2035
2471
  <description>A Ruby-based web server.</description>
2036
2472
  <example>thin 1.2.4 codename Flaming Astroboy</example>
@@ -2039,6 +2475,7 @@
2039
2475
  <param pos="0" name="service.family" value="Thin"/>
2040
2476
  <param pos="1" name="service.version"/>
2041
2477
  </fingerprint>
2478
+
2042
2479
  <fingerprint pattern="^Avocent DSView \d+/((?:\d+\.)*\d+)$">
2043
2480
  <description>Web server interface for controlling data centers.</description>
2044
2481
  <example>Avocent DSView 3/3.7.0.71</example>
@@ -2049,6 +2486,7 @@
2049
2486
  <param pos="1" name="service.version"/>
2050
2487
  <param pos="0" name="service.cpe23" value="cpe:/a:avocent:dsview:{service.version}"/>
2051
2488
  </fingerprint>
2489
+
2052
2490
  <fingerprint pattern="^Mongrel ((?:\d+\.)*\d+)$">
2053
2491
  <description>Ruby-based web server and HTTP library.</description>
2054
2492
  <example>Mongrel 1.1.5</example>
@@ -2057,6 +2495,7 @@
2057
2495
  <param pos="0" name="service.family" value="Mongrel"/>
2058
2496
  <param pos="1" name="service.version"/>
2059
2497
  </fingerprint>
2498
+
2060
2499
  <fingerprint pattern="^Microplex emHTTPD/((?:\d+\.)*\d+)$">
2061
2500
  <description>Embedded web server used by Microplex.</description>
2062
2501
  <example>Microplex emHTTPD/1.0</example>
@@ -2069,6 +2508,7 @@
2069
2508
  <param pos="0" name="os.vendor" value="Microplex"/>
2070
2509
  <param pos="0" name="os.device" value="Print server"/>
2071
2510
  </fingerprint>
2511
+
2072
2512
  <fingerprint pattern="^UPS_Server/((?:\d+\.)*\d+)$">
2073
2513
  <description>An embedded web server used for UPS management; primarily by Eaton, but also by APC.</description>
2074
2514
  <example>UPS_Server/1.0</example>
@@ -2080,6 +2520,7 @@
2080
2520
  <param pos="0" name="os.vendor" value="Eaton"/>
2081
2521
  <param pos="0" name="os.device" value="UPS"/>
2082
2522
  </fingerprint>
2523
+
2083
2524
  <fingerprint pattern="^JC-HTTPD/((?:\d+\.)*\d+)$">
2084
2525
  <description>An embedded web server, used notably by Oki and Kyocera in printers.</description>
2085
2526
  <example>JC-HTTPD/1.11.14</example>
@@ -2088,6 +2529,7 @@
2088
2529
  <param pos="0" name="service.family" value="JC-HTTPD"/>
2089
2530
  <param pos="1" name="service.version"/>
2090
2531
  </fingerprint>
2532
+
2091
2533
  <fingerprint pattern="^JC-SHTTPD/((?:\d+\.)*\d+)$">
2092
2534
  <description>An embedded web server.</description>
2093
2535
  <example>JC-SHTTPD/1.17.20</example>
@@ -2096,15 +2538,18 @@
2096
2538
  <param pos="0" name="service.family" value="JC-SHTTPD"/>
2097
2539
  <param pos="1" name="service.version"/>
2098
2540
  </fingerprint>
2099
- <fingerprint pattern="^Oracle XML DB/Oracle\S+ Enterprise Edition Release ((?:\d+\.)*\d+) - Production$">
2541
+
2542
+ <fingerprint pattern="^Oracle XML DB/Oracle\S+ (?:Enterprise Edition )?Release ((?:\d+\.)*\d+) - Production$">
2100
2543
  <description>Web server providing web services for Oracle's XML DB - with version string</description>
2101
- <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2544
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2102
2545
  <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9 - Production</example>
2546
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Release 9.2.0.1.0 - Production</example>
2103
2547
  <param pos="0" name="service.vendor" value="Oracle"/>
2104
2548
  <param pos="0" name="service.product" value="XML DB"/>
2105
2549
  <param pos="0" name="service.family" value="Oracle"/>
2106
2550
  <param pos="1" name="service.version"/>
2107
2551
  </fingerprint>
2552
+
2108
2553
  <fingerprint pattern="^Oracle XML DB/Oracle Database$">
2109
2554
  <description>Web server providing web services for Oracle's XML DB</description>
2110
2555
  <example>Oracle XML DB/Oracle Database</example>
@@ -2112,6 +2557,7 @@
2112
2557
  <param pos="0" name="service.product" value="XML DB"/>
2113
2558
  <param pos="0" name="service.family" value="Oracle"/>
2114
2559
  </fingerprint>
2560
+
2115
2561
  <fingerprint pattern="^sfcHttpd$">
2116
2562
  <description>Server for HTTP interface to sfcb, a lightweight CIM server</description>
2117
2563
  <example>sfcHttpd</example>
@@ -2119,6 +2565,7 @@
2119
2565
  <param pos="0" name="service.product" value="sfcb"/>
2120
2566
  <param pos="0" name="service.family" value="sfcb"/>
2121
2567
  </fingerprint>
2568
+
2122
2569
  <fingerprint pattern="^PanWeb Server/ -">
2123
2570
  <description>HTTP and HTTPS server found on Palo Alto Networks devices</description>
2124
2571
  <example>PanWeb Server/ -</example>
@@ -2129,6 +2576,7 @@
2129
2576
  <param pos="0" name="os.device" value="Firewall"/>
2130
2577
  <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
2131
2578
  </fingerprint>
2579
+
2132
2580
  <fingerprint pattern="^Ews/((?:\d+\.)*\d+)$">
2133
2581
  <description>IBM Network Printer Manager.</description>
2134
2582
  <example>Ews/0.1</example>
@@ -2138,16 +2586,23 @@
2138
2586
  <param pos="0" name="service.family" value="Network Printer Manager"/>
2139
2587
  <param pos="1" name="service.version"/>
2140
2588
  </fingerprint>
2589
+
2141
2590
  <!-- NOTE: '$ProjectRevision: {some version string} $' has been seen in a
2142
2591
  variety of products including printers, PDUs, etc.
2143
2592
  -->
2144
- <fingerprint pattern="^\$ProjectRevision: 4.0.2.38 \$$">
2145
- <description>This banner is seen on some HP LaserJet printers.</description>
2593
+
2594
+ <fingerprint pattern="^\$ProjectRevision:[\s\w:]* ([\d\.]+) \$$">
2595
+ <description>This banner is used to see if devices have Treck TCP/IP</description>
2146
2596
  <example>$ProjectRevision: 4.0.2.38 $</example>
2147
- <param pos="0" name="os.vendor" value="HP"/>
2148
- <param pos="0" name="os.device" value="Printer"/>
2149
- <param pos="0" name="os.family" value="LaserJet"/>
2597
+ <example>$ProjectRevision: 4.2 $</example>
2598
+ <example>$ProjectRevision: 6.0.1.5 $</example>
2599
+ <example>$ProjectRevision: Last Checkpoint: 4.2.2.13 $</example>
2600
+ <param pos="0" name="service.vendor" value="Treck"/>
2601
+ <param pos="0" name="service.product" value="TCP/IP"/>
2602
+ <param pos="1" name="service.version"/>
2603
+ <param pos="0" name="service.cpe23" value="cpe:/a:treck:tcp\/ip:{service.version}"/>
2150
2604
  </fingerprint>
2605
+
2151
2606
  <fingerprint pattern="^WEBrick/([\d\.]+) .*$">
2152
2607
  <description>WEBrick default setup</description>
2153
2608
  <example>WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
@@ -2155,12 +2610,14 @@
2155
2610
  <param pos="0" name="service.product" value="WEBrick"/>
2156
2611
  <param pos="1" name="service.version"/>
2157
2612
  </fingerprint>
2613
+
2158
2614
  <fingerprint pattern="^Aspen/(\S+)">
2159
2615
  <description>Aspen web server</description>
2160
2616
  <example service.version="0.8">Aspen/0.8</example>
2161
2617
  <param pos="0" name="service.product" value="Aspen"/>
2162
2618
  <param pos="1" name="service.version"/>
2163
2619
  </fingerprint>
2620
+
2164
2621
  <fingerprint pattern="^Boa/([\d\.]+\S*)">
2165
2622
  <description>Boa web server</description>
2166
2623
  <example service.version="0.94.14rc21">Boa/0.94.14rc21</example>
@@ -2168,10 +2625,14 @@
2168
2625
  <example service.version="0.93.15">Boa/0.93.15 (with Intersil Extensions)</example>
2169
2626
  <example service.version="0.92p">Boa/0.92p OS-9 Version</example>
2170
2627
  <example service.version="0.93.15">Boa/0.93.15</example>
2628
+ <param pos="0" name="service.vendor" value="Boa"/>
2171
2629
  <param pos="0" name="service.product" value="Boa"/>
2172
2630
  <param pos="1" name="service.version"/>
2631
+ <param pos="0" name="service.cpe23" value="cpe:/a:boa:boa:{service.version}"/>
2173
2632
  </fingerprint>
2633
+
2174
2634
  <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
2635
+
2175
2636
  <fingerprint pattern="^Cross Web Server$">
2176
2637
  <description>Web server found on DVR and webcam servers sourced from HiSilicon</description>
2177
2638
  <example>Cross Web Server</example>
@@ -2181,7 +2642,9 @@
2181
2642
  <param pos="0" name="os.device" value="DVR"/>
2182
2643
  <param pos="0" name="hw.device" value="DVR"/>
2183
2644
  </fingerprint>
2645
+
2184
2646
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
2647
+
2185
2648
  <fingerprint pattern="^(?:Hikvision|DNVRS|DVRDVS)-Webs$">
2186
2649
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
2187
2650
  <example>Hikvision-Webs</example>
@@ -2191,8 +2654,10 @@
2191
2654
  <param pos="0" name="service.product" value="Hikvision Web Server"/>
2192
2655
  <param pos="0" name="os.vendor" value="Hikvision"/>
2193
2656
  <param pos="0" name="os.device" value="DVR"/>
2657
+ <param pos="0" name="hw.vendor" value="Hikvision"/>
2194
2658
  <param pos="0" name="hw.device" value="DVR"/>
2195
2659
  </fingerprint>
2660
+
2196
2661
  <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
2197
2662
  <description>Web server found on ARRIS cable modems</description>
2198
2663
  <example>NET-DK/1.0</example>
@@ -2205,12 +2670,14 @@
2205
2670
  <param pos="0" name="hw.vendor" value="ARRIS"/>
2206
2671
  <param pos="0" name="hw.device" value="Cable Modem"/>
2207
2672
  </fingerprint>
2673
+
2208
2674
  <fingerprint pattern="^2wire Gateway$">
2209
2675
  <description>Web server found on some Arris/2wire devices</description>
2210
2676
  <example>2wire Gateway</example>
2211
2677
  <param pos="0" name="service.vendor" value="ARRIS"/>
2212
2678
  <param pos="0" name="service.product" value="2wire"/>
2213
2679
  </fingerprint>
2680
+
2214
2681
  <!-- junit says,
2215
2682
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
2216
2683
  Figure out if we have a way to support matching empty strings later.
@@ -2218,20 +2685,26 @@
2218
2685
  <example></example>
2219
2686
  <description>A blank banner; assert nothing.</description>
2220
2687
  </fingerprint>
2688
+
2221
2689
  -->
2690
+
2222
2691
  <fingerprint pattern="^(?:(?:\d+.){3}\d+):\d{1,4}$">
2223
2692
  <description>A banner consisting of an IP address and port -- assert nothing.</description>
2224
2693
  <example>192.168.0.4:9999</example>
2225
2694
  </fingerprint>
2695
+
2226
2696
  <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
2227
2697
  <description>Obfuscated web server -- assert nothing.</description>
2228
2698
  <example>Web-Server/3.0</example>
2229
2699
  </fingerprint>
2700
+
2230
2701
  <fingerprint pattern="^httpd$">
2231
2702
  <description>httpd - generic -- assert nothing.</description>
2232
2703
  <example>httpd</example>
2233
2704
  </fingerprint>
2705
+
2234
2706
  <!-- Service provider equipment (CDNs, etc) -->
2707
+
2235
2708
  <fingerprint pattern="^AkamaiGHost$">
2236
2709
  <description>Akamai Global Host</description>
2237
2710
  <example>AkamaiGHost</example>
@@ -2240,6 +2713,7 @@
2240
2713
  <param pos="0" name="os.vendor" value="Akamai"/>
2241
2714
  <param pos="0" name="os.device" value="Web proxy"/>
2242
2715
  </fingerprint>
2716
+
2243
2717
  <fingerprint pattern="^gws$">
2244
2718
  <description>Google Web Services</description>
2245
2719
  <example>gws</example>
@@ -2247,6 +2721,7 @@
2247
2721
  <param pos="0" name="service.product" value="Google Web Services"/>
2248
2722
  <param pos="0" name="service.family" value="Google Web Server"/>
2249
2723
  </fingerprint>
2724
+
2250
2725
  <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
2251
2726
  <description>Google Front End for apps running on Google services.</description>
2252
2727
  <example>GFE/1.3</example>
@@ -2256,6 +2731,7 @@
2256
2731
  <param pos="0" name="service.family" value="Google Web Server"/>
2257
2732
  <param pos="1" name="service.version"/>
2258
2733
  </fingerprint>
2734
+
2259
2735
  <fingerprint pattern="^CloudFront$">
2260
2736
  <description>Amazon CloudFront web load balancer endpoint</description>
2261
2737
  <example>CloudFront</example>
@@ -2263,30 +2739,35 @@
2263
2739
  <param pos="0" name="service.product" value="CloudFront Load Balancer"/>
2264
2740
  <param pos="0" name="service.family" value="CloudFront"/>
2265
2741
  </fingerprint>
2742
+
2266
2743
  <fingerprint pattern="^Amazon-Cloud-Drive$">
2267
2744
  <description>Amazon Cloud Drive / Drive</description>
2268
2745
  <example>Amazon-Cloud-Drive</example>
2269
2746
  <param pos="0" name="service.vendor" value="Amazon"/>
2270
2747
  <param pos="0" name="service.product" value="Drive"/>
2271
2748
  </fingerprint>
2749
+
2272
2750
  <fingerprint pattern="^AmazonS3$">
2273
2751
  <description>Amazon S3 (Simple Cloud Storage Service)</description>
2274
2752
  <example>AmazonS3</example>
2275
2753
  <param pos="0" name="service.vendor" value="Amazon"/>
2276
2754
  <param pos="0" name="service.product" value="S3"/>
2277
2755
  </fingerprint>
2756
+
2278
2757
  <fingerprint pattern="^Amazon SimpleDB$">
2279
2758
  <description>Amazon SimpleDB / Simple Database Service</description>
2280
2759
  <example>Amazon SimpleDB</example>
2281
2760
  <param pos="0" name="service.vendor" value="Amazon"/>
2282
2761
  <param pos="0" name="service.product" value="SimpleDB"/>
2283
2762
  </fingerprint>
2763
+
2284
2764
  <fingerprint pattern="^AmazonSnowball$">
2285
2765
  <description>Amazon Snowball</description>
2286
2766
  <example>AmazonSnowball</example>
2287
2767
  <param pos="0" name="service.vendor" value="Amazon"/>
2288
2768
  <param pos="0" name="service.product" value="Snowball"/>
2289
2769
  </fingerprint>
2770
+
2290
2771
  <fingerprint pattern="^awselb/([\d.rc]+)$">
2291
2772
  <description>Amazon Elastic Load Balancing</description>
2292
2773
  <example service.version="2.0">awselb/2.0</example>
@@ -2294,6 +2775,7 @@
2294
2775
  <param pos="0" name="service.family" value="Elastic Load Balancing"/>
2295
2776
  <param pos="1" name="service.version"/>
2296
2777
  </fingerprint>
2778
+
2297
2779
  <fingerprint pattern="^cloudflare(?:-nginx)?$">
2298
2780
  <description>CloudFlare web load balancer endpoint</description>
2299
2781
  <example>cloudflare-nginx</example>
@@ -2302,13 +2784,18 @@
2302
2784
  <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
2303
2785
  <param pos="0" name="service.family" value="CloudFlare"/>
2304
2786
  </fingerprint>
2787
+
2305
2788
  <fingerprint pattern="^gSOAP/([\d\.]+)$">
2306
2789
  <description>gSOAP</description>
2307
2790
  <example service.version="2.7">gSOAP/2.7</example>
2791
+ <param pos="0" name="service.vendor" value="Genivia"/>
2308
2792
  <param pos="0" name="service.product" value="gSOAP"/>
2309
2793
  <param pos="1" name="service.version"/>
2794
+ <param pos="0" name="service.cpe23" value="cpe:/a:genivia:gsoap:{service.version}"/>
2310
2795
  </fingerprint>
2796
+
2311
2797
  <!-- Apple QuickTime streaming server -->
2798
+
2312
2799
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Panther">
2313
2800
  <description>QTSS on OS X 10.3</description>
2314
2801
  <example service.version="5.0">QTSS/5.0 (Build/452; Platform/MacOSX; Release/Panther; )</example>
@@ -2321,6 +2808,7 @@
2321
2808
  <param pos="0" name="service.product" value="QTSS"/>
2322
2809
  <param pos="1" name="service.version"/>
2323
2810
  </fingerprint>
2811
+
2324
2812
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Mac OS X">
2325
2813
  <description>QTSS OS X</description>
2326
2814
  <example service.version="6.1.0">QTSS/6.1.0 (Build/532; Platform/MacOSX; Release/Mac OS X Server; )</example>
@@ -2331,13 +2819,25 @@
2331
2819
  <param pos="0" name="service.product" value="QTSS"/>
2332
2820
  <param pos="1" name="service.version"/>
2333
2821
  </fingerprint>
2822
+
2334
2823
  <fingerprint pattern="^SEPM$">
2335
2824
  <description>Symantec Endpoint Protection Manager</description>
2336
2825
  <example>SEPM</example>
2337
2826
  <param pos="0" name="service.vendor" value="Symantec"/>
2338
- <param pos="0" name="service.product" value="Symantec Endpoint Protection Manager"/>
2339
- <param pos="0" name="service.family" value="Symantec Endpoint Protection Manager"/>
2827
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2828
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2829
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2340
2830
  </fingerprint>
2831
+
2832
+ <fingerprint pattern="^Symantec Endpoint Protection Manager$">
2833
+ <description>Symantec Endpoint Protection Manager - long variant</description>
2834
+ <example>Symantec Endpoint Protection Manager</example>
2835
+ <param pos="0" name="service.vendor" value="Symantec"/>
2836
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2837
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2838
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2839
+ </fingerprint>
2840
+
2341
2841
  <fingerprint pattern="^Intel\(R\) Active Management Technology\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2342
2842
  <description>Intel(R) Active Management Technology (AMT) with a version</description>
2343
2843
  <example service.version="7.1.86">Intel(R) Active Management Technology 7.1.86</example>
@@ -2346,6 +2846,7 @@
2346
2846
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2347
2847
  <param pos="1" name="service.version"/>
2348
2848
  </fingerprint>
2849
+
2349
2850
  <fingerprint pattern="^(?:AMT|Intel\(R\) Active Management Technology)$">
2350
2851
  <description>Intel(R) Active Management Technology (AMT) without a version</description>
2351
2852
  <example>AMT</example>
@@ -2354,6 +2855,7 @@
2354
2855
  <param pos="0" name="service.product" value="Intel(R) Active Management Technology"/>
2355
2856
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2356
2857
  </fingerprint>
2858
+
2357
2859
  <fingerprint pattern="^Intel\(R\) Standard Manageability\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2358
2860
  <description>Intel(R) Standard Manageability</description>
2359
2861
  <example service.version="5.0.50">Intel(R) Standard Manageability 5.0.50</example>
@@ -2363,6 +2865,7 @@
2363
2865
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2364
2866
  <param pos="1" name="service.version"/>
2365
2867
  </fingerprint>
2868
+
2366
2869
  <fingerprint pattern="^Sunny WebBox$">
2367
2870
  <description>Sunny WebBox</description>
2368
2871
  <example>Sunny WebBox</example>
@@ -2377,6 +2880,7 @@
2377
2880
  <param pos="0" name="os.product" value="Windows CE"/>
2378
2881
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
2379
2882
  </fingerprint>
2883
+
2380
2884
  <fingerprint pattern="^EnergyICT RTU \d+-\w+-\d+$">
2381
2885
  <description>EnergyICT RTU</description>
2382
2886
  <example>EnergyICT RTU 101-F25CE1-1524</example>
@@ -2384,6 +2888,7 @@
2384
2888
  <param pos="0" name="hw.product" value="RTU"/>
2385
2889
  <param pos="0" name="hw.device" value="Power device"/>
2386
2890
  </fingerprint>
2891
+
2387
2892
  <fingerprint pattern="^AV-TECH AV787 Video Web Server$">
2388
2893
  <description>AV-TECH AVC787 Video Web Server</description>
2389
2894
  <example>AV-TECH AV787 Video Web Server</example>
@@ -2394,11 +2899,13 @@
2394
2899
  <param pos="0" name="hw.product" value="AVC787"/>
2395
2900
  <param pos="0" name="hw.device" value="DVR"/>
2396
2901
  </fingerprint>
2902
+
2397
2903
  <fingerprint pattern="^Splunkd$">
2398
2904
  <description>Splunk HTTP server used in the web interface, forwarders, indexers and more</description>
2399
2905
  <example>Splunkd</example>
2400
2906
  <param pos="0" name="service.vendor" value="Splunk"/>
2401
2907
  </fingerprint>
2908
+
2402
2909
  <fingerprint pattern="^tivo-httpd-\S+$">
2403
2910
  <description>Tivo DVR</description>
2404
2911
  <example>tivo-httpd-1:20.7.4.RC35-D18-6:D18</example>
@@ -2406,6 +2913,7 @@
2406
2913
  <param pos="0" name="hw.family" value="DVR"/>
2407
2914
  <param pos="0" name="hw.device" value="DVR"/>
2408
2915
  </fingerprint>
2916
+
2409
2917
  <fingerprint pattern="^OpenTV/([\d\.]+)$">
2410
2918
  <description>OpenTV</description>
2411
2919
  <example os.version="5.40">OpenTV/5.40</example>
@@ -2415,7 +2923,28 @@
2415
2923
  <param pos="1" name="os.version"/>
2416
2924
  <param pos="0" name="hw.device" value="DVR"/>
2417
2925
  </fingerprint>
2926
+
2927
+ <fingerprint pattern="^kong/([\d.]+)$">
2928
+ <description>Kong Gateway</description>
2929
+ <example service.version="1.2.1">kong/1.2.1</example>
2930
+ <param pos="0" name="service.vendor" value="Kong"/>
2931
+ <param pos="0" name="service.family" value="Gateway"/>
2932
+ <param pos="0" name="service.product" value="Gateway"/>
2933
+ <param pos="1" name="service.version"/>
2934
+ </fingerprint>
2935
+
2936
+ <fingerprint pattern="^kong/([\d.-]+)-enterprise-edition$">
2937
+ <description>Kong Gateway - Enterprise Edition</description>
2938
+ <example service.version="0.30">kong/0.30-enterprise-edition</example>
2939
+ <example service.version="0.35-1">kong/0.35-1-enterprise-edition</example>
2940
+ <param pos="0" name="service.vendor" value="Kong"/>
2941
+ <param pos="0" name="service.family" value="Gateway"/>
2942
+ <param pos="0" name="service.product" value="Gateway"/>
2943
+ <param pos="1" name="service.version"/>
2944
+ </fingerprint>
2945
+
2418
2946
  <!-- Tridium previously had a product with the 'Niagra' spelling -->
2947
+
2419
2948
  <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
2420
2949
  <description>Tridium Niagara AX Framework</description>
2421
2950
  <example service.version="3.8.111">Niagara Web Server/3.8.111</example>
@@ -2424,6 +2953,7 @@
2424
2953
  <param pos="0" name="service.product" value="Niagara AX"/>
2425
2954
  <param pos="1" name="service.version"/>
2426
2955
  </fingerprint>
2956
+
2427
2957
  <fingerprint pattern="^Microsoft WinCE Fidelix v([\d.]+)$">
2428
2958
  <description>Fidelix Industrial Control Web Server</description>
2429
2959
  <example service.version="11.50.29">Microsoft WinCE Fidelix v11.50.29</example>
@@ -2438,12 +2968,14 @@
2438
2968
  <param pos="0" name="hw.vendor" value="Fidelix"/>
2439
2969
  <param pos="0" name="hw.device" value="Industrial Control"/>
2440
2970
  </fingerprint>
2971
+
2441
2972
  <fingerprint pattern="^chainpoint-node$">
2442
2973
  <description>Chainpoint Node</description>
2443
2974
  <example>chainpoint-node</example>
2444
2975
  <param pos="0" name="service.vendor" value="Chainpoint"/>
2445
2976
  <param pos="0" name="service.product" value="Node"/>
2446
2977
  </fingerprint>
2978
+
2447
2979
  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
2448
2980
  <description>AVM FRITZ! devices of various types</description>
2449
2981
  <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
@@ -2453,6 +2985,7 @@
2453
2985
  <param pos="3" name="os.version"/>
2454
2986
  <param pos="1" name="host.name"/>
2455
2987
  </fingerprint>
2988
+
2456
2989
  <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
2457
2990
  <description>Linux MiniUPnPd UPnP Server</description>
2458
2991
  <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
@@ -2465,6 +2998,7 @@
2465
2998
  <param pos="1" name="os.version"/>
2466
2999
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2467
3000
  </fingerprint>
3001
+
2468
3002
  <fingerprint pattern="^Tomato UPnP/\S+ MiniUPnPd/(\S+)$">
2469
3003
  <description>Tomato UPnP Server</description>
2470
3004
  <example>Tomato UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2473,6 +3007,7 @@
2473
3007
  <param pos="0" name="service.product" value="MiniUPnP"/>
2474
3008
  <param pos="1" name="service.version"/>
2475
3009
  </fingerprint>
3010
+
2476
3011
  <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/(\S+)$">
2477
3012
  <description>Asus WAP UPnP Server</description>
2478
3013
  <example>RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2482,6 +3017,7 @@
2482
3017
  <param pos="1" name="os.product"/>
2483
3018
  <param pos="0" name="os.device" value="WAP"/>
2484
3019
  </fingerprint>
3020
+
2485
3021
  <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2486
3022
  <description>DrayTek Vigor router UPnP Server</description>
2487
3023
  <example hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
@@ -2492,12 +3028,14 @@
2492
3028
  <param pos="1" name="hw.model"/>
2493
3029
  <param pos="0" name="hw.device" value="Router"/>
2494
3030
  </fingerprint>
3031
+
2495
3032
  <fingerprint pattern="(?i)Linux UPnP/\d\.\d Huawei-ATP-IGD$">
2496
3033
  <description>Huawei Echolife / Home Gateway (and possibly other) devices with UPnP</description>
2497
3034
  <example>Linux UPnP/1.0 Huawei-ATP-IGD</example>
2498
3035
  <param pos="0" name="hw.vendor" value="Huawei"/>
2499
3036
  <param pos="0" name="hw.device" value="Broadband router"/>
2500
3037
  </fingerprint>
3038
+
2501
3039
  <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/(\S+)$">
2502
3040
  <description>OpenWRT Kamikaze WAP UPnP Server</description>
2503
3041
  <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
@@ -2510,6 +3048,7 @@
2510
3048
  <param pos="0" name="os.product" value="Kamikaze"/>
2511
3049
  <param pos="0" name="os.device" value="WAP"/>
2512
3050
  </fingerprint>
3051
+
2513
3052
  <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/(\S+)$">
2514
3053
  <description>Netgear DG834G or WNDR3300 WAP UPnP Server</description>
2515
3054
  <example>Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
@@ -2518,6 +3057,7 @@
2518
3057
  <param pos="0" name="os.vendor" value="Netgear"/>
2519
3058
  <param pos="0" name="os.device" value="WAP"/>
2520
3059
  </fingerprint>
3060
+
2521
3061
  <fingerprint pattern="^[^/]+/(\S+) DLNADOC/\S+ UPnP/\S+ MiniDLNA/(\S+)$">
2522
3062
  <description>DLNADOC UPnP Server</description>
2523
3063
  <example>Debian/4.0r8 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0</example>
@@ -2530,6 +3070,7 @@
2530
3070
  <param pos="1" name="os.version"/>
2531
3071
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2532
3072
  </fingerprint>
3073
+
2533
3074
  <fingerprint pattern="(?i)^Debian\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2534
3075
  <description>miniupnpd on a Debian variant</description>
2535
3076
  <example os.version="wheezy/sid" service.version="1.8">Debian/wheezy/sid UPnP/1.1 MiniUPnPd/1.8</example>
@@ -2542,6 +3083,7 @@
2542
3083
  <param pos="1" name="os.version"/>
2543
3084
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
2544
3085
  </fingerprint>
3086
+
2545
3087
  <fingerprint pattern="(?i)^Fedora(?:Core)?\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2546
3088
  <description>miniupnpd on a Fedora variant</description>
2547
3089
  <example os.version="10" service.version="1.4">Fedora/10 UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2555,6 +3097,7 @@
2555
3097
  <param pos="1" name="os.version"/>
2556
3098
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
2557
3099
  </fingerprint>
3100
+
2558
3101
  <fingerprint pattern="(?i)^Ubuntu\/([\d\.]+) UPnP/\S+ MiniUPnPd/(\S+)$">
2559
3102
  <description>miniupnpd on an Ubuntu variant</description>
2560
3103
  <example os.version="10.04" service.version="1.0">Ubuntu/10.04 UPnP/1.0 miniupnpd/1.0</example>
@@ -2568,6 +3111,7 @@
2568
3111
  <param pos="1" name="os.version"/>
2569
3112
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
2570
3113
  </fingerprint>
3114
+
2571
3115
  <fingerprint pattern="(?i)^Ubuntu\/bionic UPnP/\S+ MiniUPnPd/(\S+)$">
2572
3116
  <description>miniupnpd on an Ubuntu bionic/18.04</description>
2573
3117
  <example os.version="18.04" service.version="1.4">Ubuntu/bionic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2578,6 +3122,7 @@
2578
3122
  <param pos="0" name="os.version" value="18.04"/>
2579
3123
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
2580
3124
  </fingerprint>
3125
+
2581
3126
  <fingerprint pattern="(?i)^Ubuntu\/yakkety UPnP/\S+ MiniUPnPd/(\S+)$">
2582
3127
  <description>miniupnpd on an Ubuntu yakkety/16.10</description>
2583
3128
  <example os.version="16.10" service.version="1.4">Ubuntu/yakkety UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2588,6 +3133,7 @@
2588
3133
  <param pos="0" name="os.version" value="16.10"/>
2589
3134
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.10"/>
2590
3135
  </fingerprint>
3136
+
2591
3137
  <fingerprint pattern="(?i)^Ubuntu\/xenial UPnP/\S+ MiniUPnPd/(\S+)$">
2592
3138
  <description>miniupnpd on an Ubuntu xenial/16.04</description>
2593
3139
  <example os.version="16.04" service.version="1.4">Ubuntu/xenial UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2598,6 +3144,7 @@
2598
3144
  <param pos="0" name="os.version" value="16.04"/>
2599
3145
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.04"/>
2600
3146
  </fingerprint>
3147
+
2601
3148
  <fingerprint pattern="(?i)^Ubuntu\/utopic UPnP/\S+ MiniUPnPd/(\S+)$">
2602
3149
  <description>miniupnpd on an Ubuntu utopic/14.10</description>
2603
3150
  <example os.version="14.10" service.version="1.4">Ubuntu/utopic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2608,6 +3155,7 @@
2608
3155
  <param pos="0" name="os.version" value="14.10"/>
2609
3156
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
2610
3157
  </fingerprint>
3158
+
2611
3159
  <fingerprint pattern="(?i)^Ubuntu\/trusty UPnP/\S+ MiniUPnPd/(\S+)$">
2612
3160
  <description>miniupnpd on an Ubuntu trusty/14.04</description>
2613
3161
  <example os.version="14.04" service.version="1.4">Ubuntu/trusty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2618,6 +3166,7 @@
2618
3166
  <param pos="0" name="os.version" value="14.04"/>
2619
3167
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.04"/>
2620
3168
  </fingerprint>
3169
+
2621
3170
  <fingerprint pattern="(?i)^Ubuntu\/saucy UPnP/\S+ MiniUPnPd/(\S+)$">
2622
3171
  <description>miniupnpd on an Ubuntu saucy/13.10</description>
2623
3172
  <example os.version="13.10" service.version="1.4">Ubuntu/saucy UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2628,6 +3177,7 @@
2628
3177
  <param pos="0" name="os.version" value="13.10"/>
2629
3178
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.10"/>
2630
3179
  </fingerprint>
3180
+
2631
3181
  <fingerprint pattern="(?i)^Ubuntu\/raring UPnP/\S+ MiniUPnPd/(\S+)$">
2632
3182
  <description>miniupnpd on an Ubuntu raring/13.04</description>
2633
3183
  <example os.version="13.04" service.version="1.4">Ubuntu/raring UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2638,6 +3188,7 @@
2638
3188
  <param pos="0" name="os.version" value="13.04"/>
2639
3189
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
2640
3190
  </fingerprint>
3191
+
2641
3192
  <fingerprint pattern="(?i)^Ubuntu\/quantal UPnP/\S+ MiniUPnPd/(\S+)$">
2642
3193
  <description>miniupnpd on an Ubuntu quantal/12.10</description>
2643
3194
  <example os.version="12.10" service.version="1.4">Ubuntu/quantal UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2648,6 +3199,7 @@
2648
3199
  <param pos="0" name="os.version" value="12.10"/>
2649
3200
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.10"/>
2650
3201
  </fingerprint>
3202
+
2651
3203
  <fingerprint pattern="(?i)^Ubuntu\/precise UPnP/\S+ MiniUPnPd/(\S+)$">
2652
3204
  <description>miniupnpd on an Ubuntu precise/12.04</description>
2653
3205
  <example os.version="12.04" service.version="1.4">Ubuntu/precise UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2658,6 +3210,7 @@
2658
3210
  <param pos="0" name="os.version" value="12.04"/>
2659
3211
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.04"/>
2660
3212
  </fingerprint>
3213
+
2661
3214
  <fingerprint pattern="(?i)^Ubuntu\/oneiric UPnP/\S+ MiniUPnPd/(\S+)$">
2662
3215
  <description>miniupnpd on an Ubuntu oneiric/11.10</description>
2663
3216
  <example os.version="11.10" service.version="1.4">Ubuntu/oneiric UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2668,6 +3221,7 @@
2668
3221
  <param pos="0" name="os.version" value="11.10"/>
2669
3222
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.10"/>
2670
3223
  </fingerprint>
3224
+
2671
3225
  <fingerprint pattern="(?i)^Ubuntu\/natty UPnP/\S+ MiniUPnPd/(\S+)$">
2672
3226
  <description>miniupnpd on an Ubuntu natty/11.04</description>
2673
3227
  <example os.version="11.04" service.version="1.4">Ubuntu/natty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2678,6 +3232,7 @@
2678
3232
  <param pos="0" name="os.version" value="11.04"/>
2679
3233
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.04"/>
2680
3234
  </fingerprint>
3235
+
2681
3236
  <fingerprint pattern="(?i)^Ubuntu\/maverick UPnP/\S+ MiniUPnPd/(\S+)$">
2682
3237
  <description>miniupnpd on an Ubuntu maverick/10.10</description>
2683
3238
  <example os.version="10.10" service.version="1.4">Ubuntu/maverick UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2688,6 +3243,7 @@
2688
3243
  <param pos="0" name="os.version" value="10.10"/>
2689
3244
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.10"/>
2690
3245
  </fingerprint>
3246
+
2691
3247
  <fingerprint pattern="(?i)^Ubuntu\/lucid UPnP/\S+ MiniUPnPd/(\S+)$">
2692
3248
  <description>miniupnpd on an Ubuntu lucid/10.04</description>
2693
3249
  <example os.version="10.04" service.version="1.4">Ubuntu/lucid UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2698,6 +3254,7 @@
2698
3254
  <param pos="0" name="os.version" value="10.04"/>
2699
3255
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
2700
3256
  </fingerprint>
3257
+
2701
3258
  <fingerprint pattern="(?i)^Ubuntu\/karmic UPnP/\S+ MiniUPnPd/(\S+)$">
2702
3259
  <description>miniupnpd on an Ubuntu karmic/9.10</description>
2703
3260
  <example os.version="9.10" service.version="1.4">Ubuntu/karmic UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2708,6 +3265,7 @@
2708
3265
  <param pos="0" name="os.version" value="9.10"/>
2709
3266
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.10"/>
2710
3267
  </fingerprint>
3268
+
2711
3269
  <fingerprint pattern="(?i)^Ubuntu\/jaunty UPnP/\S+ MiniUPnPd/(\S+)$">
2712
3270
  <description>miniupnpd on an Ubuntu jaunty/9.04</description>
2713
3271
  <example os.version="9.04" service.version="1.4">Ubuntu/jaunty UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2718,6 +3276,7 @@
2718
3276
  <param pos="0" name="os.version" value="9.04"/>
2719
3277
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.04"/>
2720
3278
  </fingerprint>
3279
+
2721
3280
  <fingerprint pattern="(?i)^Ubuntu\/hardy UPnP/\S+ MiniUPnPd/(\S+)$">
2722
3281
  <description>miniupnpd on an Ubuntu hardy/8.04</description>
2723
3282
  <example os.version="8.04" service.version="1.4">Ubuntu/hardy UPnP/1.0 MiniUPnPd/1.4</example>
@@ -2728,6 +3287,7 @@
2728
3287
  <param pos="0" name="os.version" value="8.04"/>
2729
3288
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:8.04"/>
2730
3289
  </fingerprint>
3290
+
2731
3291
  <fingerprint pattern="(?i)^Linux Mips (\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2732
3292
  <description>Linux MIPS UPnP Server</description>
2733
3293
  <example>Linux Mips 2.4.20 UPnP/1.0 MiniUPnPd/1.2</example>
@@ -2738,16 +3298,18 @@
2738
3298
  <param pos="1" name="os.version"/>
2739
3299
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2740
3300
  </fingerprint>
3301
+
2741
3302
  <fingerprint pattern="(?i)^SmoothWall Express/(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2742
3303
  <description>Smoothwall Express UPnP Server</description>
2743
3304
  <example os.version="3.0" service.version="1.0">SmoothWall Express/3.0 UPnP/1.0 miniupnpd/1.0</example>
2744
- <param pos="0" name="os.vendor" value="Smoothwall"/>
2745
- <param pos="0" name="os.product" value="Smoothwall"/>
3305
+ <param pos="0" name="os.vendor" value="SmoothWall"/>
3306
+ <param pos="0" name="os.product" value="SmoothWall"/>
2746
3307
  <param pos="1" name="os.version"/>
2747
3308
  <param pos="0" name="os.cpe23" value="cpe:/o:smoothwall:smoothwall:{os.version}"/>
2748
3309
  <param pos="0" name="service.product" value="MiniUPnP"/>
2749
3310
  <param pos="2" name="service.version"/>
2750
3311
  </fingerprint>
3312
+
2751
3313
  <fingerprint pattern="^(\S+) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
2752
3314
  <description>TVersity Media Server UPnP Server with Service Pack</description>
2753
3315
  <example>5.2.3790 2/Service Pack 1, UPnP/1.0, TVersity Media Server</example>
@@ -2756,6 +3318,7 @@
2756
3318
  <param pos="0" name="service.product" value="Media Server"/>
2757
3319
  <param pos="1" name="service.version"/>
2758
3320
  </fingerprint>
3321
+
2759
3322
  <fingerprint pattern="^(\S+) 2/, UPnP/\S+, TVersity Media Server$">
2760
3323
  <description>TVersity Media Server UPnP Server</description>
2761
3324
  <example>6.2.8400 2/, UPnP/1.0, TVersity Media Server</example>
@@ -2766,6 +3329,7 @@
2766
3329
  <param pos="0" name="service.product" value="Media Server"/>
2767
3330
  <param pos="1" name="service.version"/>
2768
3331
  </fingerprint>
3332
+
2769
3333
  <fingerprint pattern="^LINUX/([\d\.]+) UPnP/[\d\.]+ BRCM400/([\d\.]+)$">
2770
3334
  <description>Belkin/Linksys BRCM400 Wireless Router UPnP Server</description>
2771
3335
  <example>LINUX/2.4 UPnP/1.0 BRCM400/1.0</example>
@@ -2777,6 +3341,7 @@
2777
3341
  <param pos="1" name="os.version"/>
2778
3342
  <param pos="0" name="os.device" value="Router"/>
2779
3343
  </fingerprint>
3344
+
2780
3345
  <fingerprint pattern="^Linux-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2781
3346
  <description>PlayStation3 Media Server UPnP Server - linux</description>
2782
3347
  <example>Linux-amd64-2.6.18-238.9.1.el5, UPnP/1.0, PMS/1.52.1</example>
@@ -2789,6 +3354,7 @@
2789
3354
  <param pos="1" name="os.version"/>
2790
3355
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2791
3356
  </fingerprint>
3357
+
2792
3358
  <fingerprint pattern="^Windows_XP-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2793
3359
  <description>PlayStation3 Media Server UPnP Server - Windows XP</description>
2794
3360
  <example>Windows_XP-amd64-5.2, UPnP/1.0, PMS/1.54.0</example>
@@ -2801,6 +3367,7 @@
2801
3367
  <param pos="1" name="os.version"/>
2802
3368
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
2803
3369
  </fingerprint>
3370
+
2804
3371
  <fingerprint pattern="^Windows_7-x86-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2805
3372
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86</description>
2806
3373
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
@@ -2830,6 +3397,7 @@
2830
3397
  <param pos="1" name="os.version"/>
2831
3398
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2832
3399
  </fingerprint>
3400
+
2833
3401
  <fingerprint pattern="^Windows_7-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2834
3402
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86_64</description>
2835
3403
  <param pos="0" name="service.vendor" value="Sony"/>
@@ -2840,6 +3408,7 @@
2840
3408
  <param pos="1" name="os.version"/>
2841
3409
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2842
3410
  </fingerprint>
3411
+
2843
3412
  <fingerprint pattern="^Microsoft-Windows/6.2 UPnP/(?:\S+) UPnP-Device-Host/(?:\S+)$">
2844
3413
  <description>Windows 8 or Windows Server 2012 with unknown UPnP components</description>
2845
3414
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -2847,6 +3416,7 @@
2847
3416
  <param pos="0" name="os.certainty" value="0.65"/>
2848
3417
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_8:-"/>
2849
3418
  </fingerprint>
3419
+
2850
3420
  <fingerprint pattern="^Mac_OS_X-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2851
3421
  <description>PlayStation3 Media Server UPnP Server - macOS x86_64</description>
2852
3422
  <example>Mac_OS_X-x86_64-10.5.8, UPnP/1.0, PMS/1.20</example>
@@ -2858,6 +3428,7 @@
2858
3428
  <param pos="1" name="os.version"/>
2859
3429
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2860
3430
  </fingerprint>
3431
+
2861
3432
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/ReadyNAS$">
2862
3433
  <description>Free UPnP Entertainment Service UPnP Server - Linux on ReadyNAS</description>
2863
3434
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2870,6 +3441,7 @@
2870
3441
  <param pos="0" name="hw.family" value="ReadyNAS"/>
2871
3442
  <param pos="0" name="hw.product" value="ReadyNAS"/>
2872
3443
  </fingerprint>
3444
+
2873
3445
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2874
3446
  <description>Free UPnP Entertainment Service UPnP Server - Linux</description>
2875
3447
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2878,6 +3450,7 @@
2878
3450
  <param pos="1" name="os.version"/>
2879
3451
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2880
3452
  </fingerprint>
3453
+
2881
3454
  <fingerprint pattern="^FreeBSD/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2882
3455
  <description>Free UPnP Entertainment Service UPnP Server - FreeBSD</description>
2883
3456
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2886,6 +3459,7 @@
2886
3459
  <param pos="1" name="os.version"/>
2887
3460
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
2888
3461
  </fingerprint>
3462
+
2889
3463
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipUPnP/([\d\.]+)$">
2890
3464
  <description>D-Link WAP Dynamic DNS UPnP Server</description>
2891
3465
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2896,6 +3470,7 @@
2896
3470
  <param pos="1" name="os.version"/>
2897
3471
  <param pos="0" name="os.device" value="WAP"/>
2898
3472
  </fingerprint>
3473
+
2899
3474
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipGENADevice/([\d\.]+)$">
2900
3475
  <description>D-Link DGL-4300 Gaming Router UPnP Server</description>
2901
3476
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2906,11 +3481,25 @@
2906
3481
  <param pos="1" name="os.version"/>
2907
3482
  <param pos="0" name="os.device" value="Router"/>
2908
3483
  </fingerprint>
3484
+
3485
+ <fingerprint pattern="Linux, STUNNEL/1.0, (DIR-8\d+\w*) Ver (\S+)$">
3486
+ <description>D-Link DIR-8XX Router</description>
3487
+ <example hw.product="DIR-850L">Linux, STUNNEL/1.0, DIR-850L Ver 1.09</example>
3488
+ <example os.version="2.00W">Linux, STUNNEL/1.0, DIR-820LW Ver 2.00W</example>
3489
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3490
+ <param pos="1" name="hw.product"/>
3491
+ <param pos="0" name="hw.device" value="Router"/>
3492
+ <param pos="0" name="os.vendor" value="D-Link"/>
3493
+ <param pos="2" name="os.version"/>
3494
+ <param pos="0" name="os.device" value="Router"/>
3495
+ </fingerprint>
3496
+
2909
3497
  <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
2910
3498
  <description>D-Link generic</description>
2911
3499
  <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
2912
3500
  <param pos="0" name="hw.vendor" value="D-Link"/>
2913
3501
  </fingerprint>
3502
+
2914
3503
  <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
2915
3504
  <description>TP-Link WAP UPnP Server</description>
2916
3505
  <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -2922,14 +3511,72 @@
2922
3511
  <example>ipos/7.0 UPnP/1.0 TL-WR741N/1.0/2.0</example>
2923
3512
  <example>ipos/7.0 UPnP/1.0 TL-WR740N/1.0/2.0</example>
2924
3513
  <example>ipos/7.0 UPnP/1.0 TL-WR941N/2.0</example>
2925
- <param pos="0" name="service.vendor" value="TP-Link"/>
3514
+ <param pos="0" name="service.vendor" value="TP-LINK"/>
2926
3515
  <param pos="2" name="service.product"/>
2927
3516
  <param pos="3" name="service.version"/>
2928
- <param pos="0" name="os.vendor" value="TP-Link"/>
3517
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
2929
3518
  <param pos="0" name="os.product" value="ipOS"/>
2930
3519
  <param pos="1" name="os.version"/>
2931
3520
  <param pos="0" name="os.device" value="WAP"/>
2932
3521
  </fingerprint>
3522
+
3523
+ <fingerprint pattern="^Linux/(\S+\_eureka_1), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3524
+ <description>Siqura Video Encoder</description>
3525
+ <example>Linux/2.6.37_eureka_1, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3526
+ <param pos="0" name="hw.vendor" value="Siqura"/>
3527
+ <param pos="0" name="hw.device" value="Video Encoder"/>
3528
+ <param pos="0" name="os.vendor" value="Siqura"/>
3529
+ <param pos="0" name="os.family" value="Linux"/>
3530
+ <param pos="0" name="os.product" value="Linux"/>
3531
+ <param pos="1" name="os.version"/>
3532
+ <param pos="0" name="service.product" value="libupnp"/>
3533
+ <param pos="2" name="service.version"/>
3534
+ </fingerprint>
3535
+
3536
+ <fingerprint pattern="^Linux/(\S+\-Mozart-8G), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3537
+ <description>Steinsvik Orbit IP Camera (Truen TCAM Rebrand)</description>
3538
+ <example>Linux/2.6.28.9-Mozart-8G, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3539
+ <param pos="0" name="hw.vendor" value="Steinsvik"/>
3540
+ <param pos="0" name="hw.device" value="Web cam"/>
3541
+ <param pos="0" name="hw.product" value="Orbit IP Camera"/>
3542
+ <param pos="0" name="os.vendor" value="Steinsvik"/>
3543
+ <param pos="0" name="os.family" value="Linux"/>
3544
+ <param pos="0" name="os.product" value="Linux"/>
3545
+ <param pos="1" name="os.version"/>
3546
+ <param pos="0" name="service.product" value="libupnp"/>
3547
+ <param pos="2" name="service.version"/>
3548
+ </fingerprint>
3549
+
3550
+ <fingerprint pattern="^Linux/(\S+\-ami), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3551
+ <description>AMI MegaRAC LOM UPnP</description>
3552
+ <example>Linux/3.14.17-ami, UPnP/1.0, Portable SDK for UPnP devices/1.6.20</example>
3553
+ <param pos="0" name="hw.device" value="Lights Out Management"/>
3554
+ <param pos="0" name="hw.vendor" value="AMI"/>
3555
+ <param pos="0" name="hw.family" value="MegaRAC"/>
3556
+ <param pos="0" name="hw.product" value="MegaRAC"/>
3557
+ <param pos="0" name="os.device" value="Lights Out Management"/>
3558
+ <param pos="0" name="os.vendor" value="AMI"/>
3559
+ <param pos="0" name="os.family" value="Linux"/>
3560
+ <param pos="0" name="os.product" value="Linux"/>
3561
+ <param pos="1" name="os.version"/>
3562
+ <param pos="0" name="service.product" value="libupnp"/>
3563
+ <param pos="2" name="service.version"/>
3564
+ </fingerprint>
3565
+
3566
+ <fingerprint pattern="^Linux/(\S+\-axis[^,]+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3567
+ <description>Axis Network Camera</description>
3568
+ <example>Linux/4.9.94-axis5, UPnP/1.0, Portable SDK for UPnP devices/1.6.22</example>
3569
+ <param pos="0" name="hw.vendor" value="AXIS"/>
3570
+ <param pos="0" name="hw.device" value="Web cam"/>
3571
+ <param pos="0" name="os.vendor" value="AXIS"/>
3572
+ <param pos="0" name="os.device" value="Web cam"/>
3573
+ <param pos="0" name="os.family" value="Linux"/>
3574
+ <param pos="0" name="os.product" value="Linux"/>
3575
+ <param pos="1" name="os.version"/>
3576
+ <param pos="0" name="service.product" value="libupnp"/>
3577
+ <param pos="2" name="service.version"/>
3578
+ </fingerprint>
3579
+
2933
3580
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2934
3581
  <description>Portable SDK for UPnP Server - Linux</description>
2935
3582
  <example>Linux/2.4.20-46.7asp, UPnP/1.0, Portable SDK for UPnP devices/1.6.17</example>
@@ -2956,6 +3603,7 @@
2956
3603
  <param pos="1" name="os.version"/>
2957
3604
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2958
3605
  </fingerprint>
3606
+
2959
3607
  <fingerprint pattern="^Linux/(\S+) UPnP/[\d\.]+ DLNADOC/[\d\.]+ Portable SDK for UPnP devices/(\S+)$">
2960
3608
  <description>DLNADOC Portable SDK for UPnP Server - Linux DNLADOC variant</description>
2961
3609
  <example>Linux/3.0.8 UPnP/1.0 DLNADOC/1.50 Portable SDK for UPnP devices/1.6.6</example>
@@ -2967,6 +3615,7 @@
2967
3615
  <param pos="1" name="os.version"/>
2968
3616
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2969
3617
  </fingerprint>
3618
+
2970
3619
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
2971
3620
  <description>Intel SDK for UPnP Server with verbose banner</description>
2972
3621
  <example>Linux/2.6.10_dev-malta-mips2_fp_le, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
@@ -2978,12 +3627,14 @@
2978
3627
  <param pos="1" name="os.version"/>
2979
3628
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2980
3629
  </fingerprint>
3630
+
2981
3631
  <fingerprint pattern="^Linux, UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
2982
3632
  <description>Intel SDK for UPnP Server</description>
2983
3633
  <example>Linux, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
2984
3634
  <param pos="0" name="service.product" value="libupnp"/>
2985
3635
  <param pos="1" name="service.version"/>
2986
3636
  </fingerprint>
3637
+
2987
3638
  <fingerprint pattern="^Darwin/(\S+), UPnP/\S+, Portable SDK for UPnP devices/(\S+)$">
2988
3639
  <description>Portable SDK for UPnP Server - macOS</description>
2989
3640
  <example service.version="1.6.6" os.version="10.2.0">Darwin/10.2.0, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
@@ -2994,6 +3645,7 @@
2994
3645
  <param pos="1" name="os.version"/>
2995
3646
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2996
3647
  </fingerprint>
3648
+
2997
3649
  <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
2998
3650
  <description>Loxone Miniserver Smart Home</description>
2999
3651
  <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
@@ -3002,6 +3654,7 @@
3002
3654
  <param pos="0" name="hw.device" value="Building Automation"/>
3003
3655
  <param pos="1" name="host.name"/>
3004
3656
  </fingerprint>
3657
+
3005
3658
  <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
3006
3659
  <description>MikroTik RouterOS</description>
3007
3660
  <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
@@ -3012,6 +3665,7 @@
3012
3665
  <param pos="1" name="os.version"/>
3013
3666
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
3014
3667
  </fingerprint>
3668
+
3015
3669
  <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
3016
3670
  <description>Roku with a version</description>
3017
3671
  <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
@@ -3020,6 +3674,16 @@
3020
3674
  <param pos="0" name="hw.device" value="Media Server"/>
3021
3675
  <param pos="1" name="hw.version"/>
3022
3676
  </fingerprint>
3677
+
3678
+ <fingerprint pattern="^Roku/(\S+) UPnP/\S+ Roku/\S+$">
3679
+ <description>Roku with double versions</description>
3680
+ <example hw.version="9.2.0">Roku/9.2.0 UPnP/1.0 Roku/9.2.0</example>
3681
+ <param pos="0" name="hw.vendor" value="Roku"/>
3682
+ <param pos="0" name="hw.product" value="Roku"/>
3683
+ <param pos="0" name="hw.device" value="Media Server"/>
3684
+ <param pos="1" name="hw.version"/>
3685
+ </fingerprint>
3686
+
3023
3687
  <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
3024
3688
  <description>Roku without a version</description>
3025
3689
  <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
@@ -3027,6 +3691,7 @@
3027
3691
  <param pos="0" name="hw.product" value="Roku"/>
3028
3692
  <param pos="0" name="hw.device" value="Media Server"/>
3029
3693
  </fingerprint>
3694
+
3030
3695
  <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
3031
3696
  <description>Xbox Media Center UPnP Server</description>
3032
3697
  <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -3037,6 +3702,7 @@
3037
3702
  <param pos="0" name="service.product" value="XBMC"/>
3038
3703
  <param pos="1" name="service.version"/>
3039
3704
  </fingerprint>
3705
+
3040
3706
  <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
3041
3707
  <description>Synology DiskStation NAS with IP</description>
3042
3708
  <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
@@ -3049,6 +3715,7 @@
3049
3715
  <param pos="0" name="os.vendor" value="Synology"/>
3050
3716
  <param pos="1" name="host.ip"/>
3051
3717
  </fingerprint>
3718
+
3052
3719
  <fingerprint pattern="Synology/DSM/(\S+)$">
3053
3720
  <description>Synology DiskStation NAS with hostname</description>
3054
3721
  <example host.name="stuff">Synology/DSM/stuff</example>
@@ -3057,12 +3724,196 @@
3057
3724
  <param pos="0" name="hw.device" value="NAS"/>
3058
3725
  <param pos="1" name="host.name"/>
3059
3726
  </fingerprint>
3727
+
3060
3728
  <fingerprint pattern="^NetData Embedded HTTP Server v([a-zA-Z0-9\-\.]+)$">
3061
3729
  <description>NetData Embedded HTTP Server</description>
3062
3730
  <example service.version="1.16.1-146-g2f5e36ef">NetData Embedded HTTP Server v1.16.1-146-g2f5e36ef</example>
3063
3731
  <param pos="0" name="service.vendor" value="NetData"/>
3064
3732
  <param pos="0" name="service.product" value="NetData"/>
3065
3733
  <param pos="1" name="service.version"/>
3734
+ <param pos="0" name="service.cpe23" value="cpe:/a:netdata:netdata:{service.version}"/>
3735
+ </fingerprint>
3736
+
3737
+ <fingerprint pattern="^Solstice 2\.0+$">
3738
+ <description>SolsticePod</description>
3739
+ <example>Solstice 2.0</example>
3740
+ <param pos="0" name="hw.vendor" value="Mersive"/>
3741
+ <param pos="0" name="hw.device" value="Wireless Presenter"/>
3742
+ <param pos="0" name="hw.product" value="SolsticePod"/>
3743
+ </fingerprint>
3744
+
3745
+ <fingerprint pattern="^MLC ([^\/]+)/([\d\.]+)$">
3746
+ <description>Extron MediaLink Controller HTTP Server</description>
3747
+ <example extron.model="104 IP PLUS" hw.version="1.03">MLC 104 IP PLUS/1.03</example>
3748
+ <param pos="0" name="hw.vendor" value="Extron"/>
3749
+ <param pos="0" name="hw.device" value="Display Controller"/>
3750
+ <param pos="0" name="hw.product" value="{extron.model} MediaLink Controller"/>
3751
+ <param pos="0" name="os.vendor" value="Extron"/>
3752
+ <param pos="0" name="os.family" value="Linux"/>
3753
+ <param pos="1" name="extron.model"/>
3754
+ <param pos="2" name="hw.version"/>
3755
+ </fingerprint>
3756
+
3757
+ <fingerprint pattern="^Jetty \(Bluecat Networks\)$">
3758
+ <description>BlueCat Appliance</description>
3759
+ <example>Jetty (Bluecat Networks)</example>
3760
+ <param pos="0" name="hw.vendor" value="BlueCat"/>
3761
+ <param pos="0" name="hw.device" value="Network Appliance"/>
3762
+ </fingerprint>
3763
+
3764
+ <fingerprint pattern="^Crestron Webserver$">
3765
+ <description>Crestron Video Conferencing</description>
3766
+ <example>Crestron Webserver</example>
3767
+ <param pos="0" name="hw.vendor" value="Crestron"/>
3768
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
3769
+ <param pos="0" name="os.vendor" value="Crestron"/>
3770
+ <param pos="0" name="os.family" value="Linux"/>
3771
+ <param pos="0" name="os.device" value="Video Conferencing"/>
3772
+ </fingerprint>
3773
+
3774
+ <fingerprint pattern="^OPNsense$">
3775
+ <description>OPNsense Firewall</description>
3776
+ <example>OPNsense</example>
3777
+ <param pos="0" name="hw.vendor" value="OPNsense"/>
3778
+ <param pos="0" name="hw.device" value="Firewall"/>
3779
+ <param pos="0" name="hw.product" value="Firewall"/>
3780
+ <param pos="0" name="os.vendor" value="OPNsense"/>
3781
+ <param pos="0" name="os.product" value="FreeBSD"/>
3782
+ </fingerprint>
3783
+
3784
+ <fingerprint pattern="^ELAN Controller$">
3785
+ <description>ELAN Smart Home Controller</description>
3786
+ <example>ELAN Controller</example>
3787
+ <param pos="0" name="hw.vendor" value="ELAN"/>
3788
+ <param pos="0" name="hw.device" value="Building Automation"/>
3789
+ <param pos="0" name="hw.product" value="Home Controller"/>
3790
+ <param pos="0" name="os.vendor" value="ELAN"/>
3791
+ <param pos="0" name="os.family" value="Linux"/>
3792
+ </fingerprint>
3793
+
3794
+ <fingerprint pattern="^STR_SettingServer$">
3795
+ <description>Sony STR AV Receiver</description>
3796
+ <example>STR_SettingServer</example>
3797
+ <param pos="0" name="hw.vendor" value="Sony"/>
3798
+ <param pos="0" name="hw.device" value="Media Server"/>
3799
+ <param pos="0" name="hw.product" value="AV Receiver"/>
3800
+ </fingerprint>
3801
+
3802
+ <fingerprint pattern="^AV_Receiver/([\d\.]+) \(([^\)]+)\)$">
3803
+ <description>Yamaha AV Receiver</description>
3804
+ <example hw.version="3.1" hw.product="RX-V675">AV_Receiver/3.1 (RX-V675)</example>
3805
+ <param pos="0" name="hw.vendor" value="Yamaha"/>
3806
+ <param pos="0" name="hw.device" value="AV Receiver"/>
3807
+ <param pos="1" name="hw.version"/>
3808
+ <param pos="2" name="hw.product"/>
3809
+ </fingerprint>
3810
+
3811
+ <fingerprint pattern="^MWS 0.01$">
3812
+ <description>ANNKE IP Camera</description>
3813
+ <example>MWS 0.01</example>
3814
+ <param pos="0" name="hw.vendor" value="ANNKE"/>
3815
+ <param pos="0" name="hw.device" value="Web cam"/>
3816
+ <param pos="0" name="hw.product" value="IP Camera"/>
3817
+ </fingerprint>
3818
+
3819
+ <fingerprint pattern="^Icecast (\S+)$">
3820
+ <description>Icecast Streaming Media server</description>
3821
+ <example service.version="2.4.3">Icecast 2.4.3</example>
3822
+ <example service.version="2.4.0-kh13">Icecast 2.4.0-kh13</example>
3823
+ <param pos="0" name="service.vendor" value="Xiph"/>
3824
+ <param pos="0" name="service.product" value="Icecast"/>
3825
+ <param pos="1" name="service.version"/>
3826
+ <param pos="0" name="service.cpe23" value="cpe:/a:xiph:icecast:{service.version}"/>
3827
+ </fingerprint>
3828
+
3829
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) CE$">
3830
+ <description>Couchbase Sync Gateway Community Edition</description>
3831
+ <example service.version="2.5.0">Couchbase Sync Gateway/2.5.0 CE</example>
3832
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3833
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3834
+ <param pos="0" name="service.edition" value="Community Edition"/>
3835
+ <param pos="1" name="service.version"/>
3836
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3837
+ </fingerprint>
3838
+
3839
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) EE$">
3840
+ <description>Couchbase Sync Gateway Enterprise Edition</description>
3841
+ <example service.version="2.7.1">Couchbase Sync Gateway/2.7.1 EE</example>
3842
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3843
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3844
+ <param pos="0" name="service.edition" value="Enterprise Edition"/>
3845
+ <param pos="1" name="service.version"/>
3846
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3847
+ </fingerprint>
3848
+
3849
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+)$">
3850
+ <description>Couchbase Sync Gateway</description>
3851
+ <example service.version="1.3.0">Couchbase Sync Gateway/1.3.0</example>
3852
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3853
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3854
+ <param pos="1" name="service.version"/>
3855
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3856
+ </fingerprint>
3857
+
3858
+ <fingerprint pattern="^Couchbase Server$">
3859
+ <description>Couchbase Server without version</description>
3860
+ <example>Couchbase Server</example>
3861
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3862
+ <param pos="0" name="service.product" value="Couchbase Server"/>
3863
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:couchbase_server:-"/>
3864
+ </fingerprint>
3865
+
3866
+ <fingerprint pattern="^Kestrel$">
3867
+ <description>Kestrel web server implementation in ASP.NET core</description>
3868
+ <example>Kestrel</example>
3869
+ <param pos="0" name="service.vendor" value="Microsoft"/>
3870
+ <param pos="0" name="service.product" value="Kestrel web server"/>
3871
+ </fingerprint>
3872
+
3873
+ <fingerprint pattern="^stgw/([\d.]+)_([\d.]+)$">
3874
+ <description>Tencent Secure Tencent Gateway</description>
3875
+ <example service.version="1.3.12.9" service.component.version="1.13.5">stgw/1.3.12.9_1.13.5</example>
3876
+ <param pos="0" name="service.vendor" value="Tencent"/>
3877
+ <param pos="0" name="service.product" value="Secure Tencent Gateway"/>
3878
+ <param pos="1" name="service.version"/>
3879
+ <param pos="2" name="service.component.version"/>
3880
+ </fingerprint>
3881
+
3882
+ <fingerprint pattern="^axhttpd/([\d.]+)$">
3883
+ <description>axTLS Project axTLS web server</description>
3884
+ <example service.version="1.5.3">axhttpd/1.5.3</example>
3885
+ <param pos="0" name="service.vendor" value="axTLS Project"/>
3886
+ <param pos="0" name="service.product" value="axTLS"/>
3887
+ <param pos="1" name="service.version"/>
3888
+ <param pos="0" name="service.cpe23" value="cpe:/a:axtls_project:axtls:{service.version}"/>
3889
+ </fingerprint>
3890
+
3891
+ <fingerprint pattern="^tinyproxy/([\d.]+)$">
3892
+ <description>TinyProxy Project tinyproxy</description>
3893
+ <example service.version="1.8.2">tinyproxy/1.8.2</example>
3894
+ <param pos="0" name="service.vendor" value="Tinyproxy Project"/>
3895
+ <param pos="0" name="service.product" value="Tinyproxy"/>
3896
+ <param pos="1" name="service.version"/>
3897
+ <param pos="0" name="service.cpe23" value="cpe:/a:tinyproxy_project:tinyproxy:{service.version}"/>
3898
+ </fingerprint>
3899
+
3900
+ <fingerprint pattern="^Xfinity Broadband Router Server$">
3901
+ <description>Comcast Xfinity Broadband Router Server</description>
3902
+ <example>Xfinity Broadband Router Server</example>
3903
+ <param pos="0" name="hw.vendor" value="Comcast"/>
3904
+ <param pos="0" name="hw.product" value="Xfinity Broadband Router"/>
3905
+ <param pos="0" name="hw.device" value="Broadband router"/>
3906
+ </fingerprint>
3907
+
3908
+ <fingerprint pattern="^IX Series IX21\d\d \(magellan-sec\) Software, Version ([^, ]+), (?:MAINTENANCE )?RELEASE SOFTWARE$">
3909
+ <description>NEC Univerge Router - enterprise class with VPN, UTM, etc</description>
3910
+ <example>IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
3911
+ <example>IX Series IX2105 (magellan-sec) Software, Version 9.6.12A, MAINTENANCE RELEASE SOFTWARE</example>
3912
+ <param pos="0" name="hw.vendor" value="NEC"/>
3913
+ <param pos="0" name="hw.product" value="Univerge"/>
3914
+ <param pos="1" name="hw.version"/>
3915
+ <param pos="0" name="hw.device" value="Router"/>
3916
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:univerge:{hw.version}"/>
3066
3917
  </fingerprint>
3067
3918
 
3068
3919
  </fingerprints>