recog 2.3.7 → 2.3.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +9 -2
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +2 -4
- data/CONTRIBUTING.md +136 -37
- data/Gemfile +2 -5
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +142 -0
- data/cpe-remap.yaml +36 -1
- data/features/match.feature +4 -0
- data/features/support/aruba.rb +3 -0
- data/features/verify.feature +5 -0
- data/identifiers/README.md +56 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +20 -0
- data/identifiers/os_device.txt +94 -0
- data/identifiers/os_family.txt +325 -0
- data/identifiers/os_product.txt +420 -0
- data/identifiers/service_family.txt +272 -0
- data/identifiers/service_product.txt +557 -0
- data/identifiers/software_class.txt +26 -0
- data/identifiers/software_family.txt +91 -0
- data/identifiers/software_product.txt +333 -0
- data/identifiers/vendor.txt +891 -0
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -1
- data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
- data/update_cpes.py +4 -1
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +50 -2
- data/xml/architecture.xml +19 -7
- data/xml/dns_versionbind.xml +200 -26
- data/xml/favicons.xml +1701 -0
- data/xml/ftp_banners.xml +276 -16
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1419 -72
- data/xml/http_cookies.xml +77 -10
- data/xml/http_servers.xml +898 -47
- data/xml/http_wwwauth.xml +154 -27
- data/xml/imap_banners.xml +23 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +194 -17
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +554 -45
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +95 -11
- data/xml/operating_system.xml +90 -3
- data/xml/pop_banners.xml +32 -31
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +43 -23
- data/xml/sip_banners.xml +9 -14
- data/xml/sip_user_agents.xml +69 -3
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +80 -2
- data/xml/smtp_banners.xml +233 -13
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +776 -52
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +259 -80
- data/xml/telnet_banners.xml +376 -23
- data/xml/x11_banners.xml +27 -4
- data/xml/x509_issuers.xml +37 -13
- data/xml/x509_subjects.xml +525 -55
- metadata +29 -6
data/xml/imap_banners.xml
CHANGED
@@ -1,6 +1,7 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="imap4.banner" protocol="imap" database_type="service" preference="0.90">
|
3
3
|
<!-- IMAP banners are matched against these patterns to fingerprint IMAP servers. -->
|
4
|
+
|
4
5
|
<fingerprint pattern="^Microsoft Exchange IMAP4rev1 server version (5\.5\.\d{4}\.\d+) \((.*)\) ready$">
|
5
6
|
<description>Microsoft Exchange Server 5.5</description>
|
6
7
|
<example service.version="5.5.2448.8" host.name="foo.bar">Microsoft Exchange IMAP4rev1 server version 5.5.2448.8 (foo.bar) ready</example>
|
@@ -15,6 +16,7 @@
|
|
15
16
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
16
17
|
<param pos="2" name="host.name"/>
|
17
18
|
</fingerprint>
|
19
|
+
|
18
20
|
<fingerprint pattern="^Microsoft Exchange 2000 IMAP4rev1 server version (6\.0\.\d{4}\.\d+) \((.*)\) ready\.$">
|
19
21
|
<description>Microsoft Exchange Server 2000</description>
|
20
22
|
<example service.version="6.0.6249.0" host.name="foo.bar">Microsoft Exchange 2000 IMAP4rev1 server version 6.0.6249.0 (foo.bar) ready.</example>
|
@@ -29,6 +31,7 @@
|
|
29
31
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
30
32
|
<param pos="2" name="host.name"/>
|
31
33
|
</fingerprint>
|
34
|
+
|
32
35
|
<fingerprint pattern="^Microsoft Exchange Server 2003 IMAP4rev1 server version (6\.5\.\d{4}\.\d+) \((.*)\) ready\.$">
|
33
36
|
<description>Microsoft Exchange Server 2003</description>
|
34
37
|
<example service.version="6.5.7638.1" host.name="foo.bar">Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (foo.bar) ready.</example>
|
@@ -43,6 +46,7 @@
|
|
43
46
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
44
47
|
<param pos="2" name="host.name"/>
|
45
48
|
</fingerprint>
|
49
|
+
|
46
50
|
<fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\),.*$">
|
47
51
|
<description>Microsoft Exchange Server 2003, German</description>
|
48
52
|
<example service.version="6.5.7638.1" host.name="foo.bar">Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version 6.5.7638.1 (foo.bar), steht zur Verfgung.</example>
|
@@ -57,6 +61,7 @@
|
|
57
61
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
58
62
|
<param pos="2" name="host.name"/>
|
59
63
|
</fingerprint>
|
64
|
+
|
60
65
|
<fingerprint pattern="^Microsoft Exchange Server 2007 IMAP4 service ready$">
|
61
66
|
<description>Microsoft Exchange Server 2007</description>
|
62
67
|
<example>Microsoft Exchange Server 2007 IMAP4 service ready</example>
|
@@ -69,6 +74,7 @@
|
|
69
74
|
<param pos="0" name="os.product" value="Windows"/>
|
70
75
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
71
76
|
</fingerprint>
|
77
|
+
|
72
78
|
<fingerprint pattern="^The Microsoft Exchange IMAP4 service is ready\.?$">
|
73
79
|
<description>Microsoft Exchange Server</description>
|
74
80
|
<example>The Microsoft Exchange IMAP4 service is ready.</example>
|
@@ -81,6 +87,7 @@
|
|
81
87
|
<param pos="0" name="os.product" value="Windows"/>
|
82
88
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
83
89
|
</fingerprint>
|
90
|
+
|
84
91
|
<fingerprint pattern="^Domino IMAP4 Server Release (\d+\.\d+.*) ready (.+)$">
|
85
92
|
<description>IBM Lotus Notes/Domino</description>
|
86
93
|
<example service.version="9.0.1FP9" host.time="Thu, 4 Apr 2019 20:19:31 +0200">Domino IMAP4 Server Release 9.0.1FP9 ready Thu, 4 Apr 2019 20:19:31 +0200</example>
|
@@ -91,6 +98,7 @@
|
|
91
98
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
|
92
99
|
<param pos="2" name="host.time"/>
|
93
100
|
</fingerprint>
|
101
|
+
|
94
102
|
<fingerprint pattern="^Domino IMAP4 Server V\.?(\d+\.\d+.*) ready (.+)$">
|
95
103
|
<description>IBM Lotus Notes/Domino - variant 2</description>
|
96
104
|
<param pos="0" name="service.vendor" value="IBM"/>
|
@@ -100,13 +108,17 @@
|
|
100
108
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
|
101
109
|
<param pos="2" name="host.time"/>
|
102
110
|
</fingerprint>
|
111
|
+
|
103
112
|
<fingerprint pattern="^[dD]ovecot (?:DA )?ready\.$">
|
104
113
|
<description>Dovecot Secure IMAP Server</description>
|
105
114
|
<example>Dovecot ready.</example>
|
106
115
|
<example>Dovecot DA ready.</example>
|
116
|
+
<param pos="0" name="service.vendor" value="Dovecot"/>
|
107
117
|
<param pos="0" name="service.family" value="Dovecot"/>
|
108
118
|
<param pos="0" name="service.product" value="Dovecot"/>
|
119
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
|
109
120
|
</fingerprint>
|
121
|
+
|
110
122
|
<fingerprint pattern="^Courier-IMAP ready. Copyright \d+-\d+">
|
111
123
|
<description>Courier MTA IMAP</description>
|
112
124
|
<example>Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information.</example>
|
@@ -114,6 +126,7 @@
|
|
114
126
|
<param pos="0" name="service.family" value="Courier MTA"/>
|
115
127
|
<param pos="0" name="service.product" value="Courier IMAP"/>
|
116
128
|
</fingerprint>
|
129
|
+
|
117
130
|
<fingerprint pattern="^(\S+) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
|
118
131
|
<description>Nortel CallPilot</description>
|
119
132
|
<example>nottest.localdomain CallPilot IMAP4rev1 v42.02.05.22 server ready.</example>
|
@@ -124,6 +137,7 @@
|
|
124
137
|
<param pos="0" name="service.cpe23" value="cpe:/a:nortel:callpilot:{service.version}"/>
|
125
138
|
<param pos="1" name="host.name"/>
|
126
139
|
</fingerprint>
|
140
|
+
|
127
141
|
<fingerprint pattern="^(\S+) Zimbra IMAP4rev1 server ready\.?$">
|
128
142
|
<description>VMware Zimbra IMAP</description>
|
129
143
|
<example host.name="foo.bar">foo.bar Zimbra IMAP4rev1 server ready</example>
|
@@ -132,6 +146,7 @@
|
|
132
146
|
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
|
133
147
|
<param pos="1" name="host.name"/>
|
134
148
|
</fingerprint>
|
149
|
+
|
135
150
|
<fingerprint pattern="^(\S+) Zimbra (\S+) IMAP4rev1 server ready\.?$">
|
136
151
|
<description>VMware Zimbra IMAP with service version</description>
|
137
152
|
<example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 IMAP4rev1 server ready</example>
|
@@ -141,6 +156,7 @@
|
|
141
156
|
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
|
142
157
|
<param pos="1" name="host.name"/>
|
143
158
|
</fingerprint>
|
159
|
+
|
144
160
|
<fingerprint pattern="^(.+) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
|
145
161
|
<description>CMU Cyrus IMAP on Mac OS X</description>
|
146
162
|
<example host.name="example.com" service.version="2.2.12" os.version="10.4.0">example.com Cyrus IMAP4 v2.2.12-OS X 10.4.0 server ready</example>
|
@@ -149,6 +165,7 @@
|
|
149
165
|
<param pos="0" name="service.family" value="Cyrus MTA"/>
|
150
166
|
<param pos="0" name="service.product" value="Cyrus IMAP"/>
|
151
167
|
<param pos="2" name="service.version"/>
|
168
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cmu:cyrus_imap_server:{service.version}"/>
|
152
169
|
<param pos="0" name="os.vendor" value="Apple"/>
|
153
170
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
154
171
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
@@ -156,6 +173,7 @@
|
|
156
173
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
157
174
|
<param pos="1" name="host.name"/>
|
158
175
|
</fingerprint>
|
176
|
+
|
159
177
|
<fingerprint pattern="^(.+) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
|
160
178
|
<description>CMU Cyrus IMAP</description>
|
161
179
|
<example host.name="example.com" service.version="2.3.7">example.com Cyrus IMAP4 v2.3.7 server ready</example>
|
@@ -164,36 +182,33 @@
|
|
164
182
|
<param pos="0" name="service.family" value="Cyrus MTA"/>
|
165
183
|
<param pos="0" name="service.product" value="Cyrus IMAP"/>
|
166
184
|
<param pos="2" name="service.version"/>
|
185
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cmu:cyrus_imap_server:{service.version}"/>
|
167
186
|
<param pos="1" name="host.name"/>
|
168
187
|
</fingerprint>
|
169
|
-
<!--
|
170
188
|
|
189
|
+
<!--
|
171
190
|
// Washington University imapd
|
172
191
|
IMAP_FP_PARSERS[0] = new PatternParser(
|
173
192
|
"^IMAP4rev1 v(.*) server ready$");
|
174
193
|
IMAP_FP_PARSERS[0].addConstantParam("product", "wu-imapd");
|
175
194
|
IMAP_FP_PARSERS[0].addParamSpec(1, "version");
|
176
|
-
|
177
195
|
// Washington University imapd (newer versions)
|
178
196
|
IMAP_FP_PARSERS[1] = new PatternParser(
|
179
197
|
"^IMAP4rev1 (.*) at (.*)$");
|
180
198
|
IMAP_FP_PARSERS[1].addConstantParam("product", "wu-imapd");
|
181
199
|
IMAP_FP_PARSERS[1].addParamSpec(1, "version");
|
182
200
|
IMAP_FP_PARSERS[1].addParamSpec(2, "server-time");
|
183
|
-
|
184
201
|
// University of Washington IMAP (imap-uw)
|
185
202
|
* OK <host> IMAP4rev1 2001.315 at Fri, 20 Jul 2007 21:51:34 -0700 (PDT)
|
186
203
|
* OK <host> IMAP4rev1 2001.315rh at Mon, 23 Jul 2007 07:56:09 -0500 (CDT)
|
187
204
|
* OK <host> IMAP4rev1 2004.357-p2k server ready at Mon, 23 Jul 2007 01:56:26 -0400 (EDT)
|
188
205
|
* OK <host> IMAP4rev1 2004.357s at Mon, 23 Jul 2007 15:17:56 +0000 (GMT)
|
189
206
|
* OK <host> IMAP4rev1 2004.357w at Tue, 24 Jul 2007 19:36:11 -0600 (MDT)
|
190
|
-
|
191
207
|
// cPanel Hosting Automation
|
192
208
|
// 10.8.0 (build 89) - BETA Tree - Change the imap version from 2003.339-cpanel to 2003.339p-cpanel to indicate the security patch has been applied.
|
193
209
|
// The patch has still be applied to 1.8.0 build 60+, we just show this now to avoid confusion.
|
194
210
|
* OK <host> IMAP4rev1 2003.339-cpanel at Sun, 22 Jul 2007 07:35:36 -0500 (CDT)
|
195
211
|
* OK <host> IMAP4rev1 2003.339p-cpanel at Sun, 22 Jul 2007 13:09:04 -0500 (CDT)
|
196
|
-
|
197
212
|
// PMDF IMAP
|
198
213
|
// * OK <system> PMDF IMAP4rev1 V6.1 (Message store V6.1)
|
199
214
|
// * OK xxx PMDF IMAP4rev1 V6.0-24 (Message store V6.0-24)
|
@@ -203,31 +218,26 @@
|
|
203
218
|
IMAP_FP_PARSERS[5].addConstantParam("product", "PMDF");
|
204
219
|
IMAP_FP_PARSERS[5].addParamSpec(1, "hostname");
|
205
220
|
IMAP_FP_PARSERS[5].addParamSpec(2, "version");
|
206
|
-
|
207
221
|
// PMDF IMAP (for VMS v7.1-2!)
|
208
222
|
IMAP_FP_PARSERS[6] = new PatternParser(
|
209
223
|
"^IMAP4 Server PMDF(.*) at (.*)$");
|
210
224
|
IMAP_FP_PARSERS[6].addConstantParam("product", "PMDF");
|
211
225
|
IMAP_FP_PARSERS[6].addParamSpec(1, "version");
|
212
226
|
IMAP_FP_PARSERS[6].addParamSpec(2, "server-time");
|
213
|
-
|
214
227
|
// Eudora Internet Mail Server
|
215
228
|
IMAP_FP_PARSERS[7] = new PatternParser(
|
216
229
|
"^Eudora Internet Mail Server (.*) .*$");
|
217
230
|
IMAP_FP_PARSERS[7].addConstantParam("product", "eudoraims");
|
218
231
|
IMAP_FP_PARSERS[7].addParamSpec(1, "version");
|
219
|
-
|
220
232
|
// Eudora Qualcomm WorldMail
|
221
233
|
// * OK WorldMail IMAP4 Server 6.1.19.0 ready
|
222
234
|
IMAP_FP_PARSERS[8] = new PatternParser(
|
223
235
|
"^WorldMail IMAP4 Server ([^\\s]+) ready$");
|
224
236
|
IMAP_FP_PARSERS[8].addConstantParam("product", "worldmail");
|
225
237
|
IMAP_FP_PARSERS[8].addParamSpec(1, "version");
|
226
|
-
|
227
238
|
// GNU Mailutils. Note that there is no version information
|
228
239
|
IMAP_FP_PARSERS[9] = new PatternParser("^IMAP4rev1$");
|
229
240
|
IMAP_FP_PARSERS[9].addConstantParam("product", "GNU Mailutils");
|
230
|
-
|
231
241
|
* OK <host> IMAP4rev1 MDaemon 8.1.4 ready
|
232
242
|
* OK <host> /bin/sh IMAP server ready
|
233
243
|
* OK IMAP/POP ready.
|
@@ -240,6 +250,6 @@
|
|
240
250
|
* OK Merak 8.0.3 IMAP4rev1 Mon, 23 Jul 2007 18:22:49 +0100
|
241
251
|
* OK <host> Sendmail Advanced Message Server IMAP4rev1 (1.3.2/390)
|
242
252
|
* OK Welcome IMAP Server
|
243
|
-
|
244
253
|
-->
|
245
|
-
|
254
|
+
|
255
|
+
</fingerprints>
|
data/xml/ldap_searchresult.xml
CHANGED
@@ -1,15 +1,17 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="ldap.search_result" protocol="ldap" database_type="service" preference=".80">
|
3
3
|
<!--
|
4
4
|
Notes: Ruby will fail to build the RegExp if it contains \x84 which is a standard
|
5
5
|
byte in ASN.1 Sequence length fields.
|
6
6
|
-->
|
7
|
+
|
7
8
|
<!--
|
8
9
|
Samba - position prior to Windows entries due to regex. When testing new
|
9
10
|
Samba fingerprints make sure you disable the matches for the version of
|
10
11
|
Windows that Samba is eumlating or else the Windows fallback fingerprint for
|
11
12
|
the given OS version may match.
|
12
13
|
-->
|
14
|
+
|
13
15
|
<fingerprint pattern="(?m:vendorName1.\x04.Samba.*domainControllerFunctionality1.{1,5}\x04\x014)">
|
14
16
|
<description>Samba Active Directory Controller</description>
|
15
17
|
<example _encoding="base64">
|
@@ -19,6 +21,7 @@
|
|
19
21
|
<param pos="0" name="service.vendor" value="Samba"/>
|
20
22
|
<param pos="0" name="service.product" value="Active Directory Controller"/>
|
21
23
|
</fingerprint>
|
24
|
+
|
22
25
|
<fingerprint pattern="(?m:vendorName1.\x04.Samba.*domainFunctionality1.\x04\x0100.\x04\x13forestFunctionality1\x03\x04\x0100)">
|
23
26
|
<description>Samba Active Directory Controller emulating Windows 2000</description>
|
24
27
|
<example _encoding="base64">
|
@@ -29,19 +32,19 @@
|
|
29
32
|
<param pos="0" name="service.vendor" value="Samba"/>
|
30
33
|
<param pos="0" name="service.product" value="Active Directory Controller"/>
|
31
34
|
</fingerprint>
|
35
|
+
|
32
36
|
<!--
|
33
37
|
Windows Active Directory and Lightweight Directory Server (ADAM)
|
34
|
-
|
35
38
|
domainControllerFunctionality reference:
|
36
39
|
https://msdn.microsoft.com/en-us/library/cc223272.aspx
|
37
|
-
|
38
40
|
supportedCapabilities reference (for Windows 2000)
|
39
41
|
https://msdn.microsoft.com/en-us/library/cc223359.aspx
|
40
|
-
|
41
42
|
1.2.840.113556.1.4.800 = Active Directory Controller
|
42
43
|
1.2.840.113556.1.4.1851 = Lightweight Directory Server / ADAM
|
43
44
|
-->
|
45
|
+
|
44
46
|
<!-- Windows 2016 -->
|
47
|
+
|
45
48
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x017)">
|
46
49
|
<description>Active Directory Controller on Windows Server 2016</description>
|
47
50
|
<example _encoding="base64">
|
@@ -56,6 +59,7 @@
|
|
56
59
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
57
60
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
58
61
|
</fingerprint>
|
62
|
+
|
59
63
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x017)">
|
60
64
|
<description>Microsoft LDS on Windows Server Server 2016</description>
|
61
65
|
<example _encoding="base64">
|
@@ -70,6 +74,7 @@
|
|
70
74
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
71
75
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
72
76
|
</fingerprint>
|
77
|
+
|
73
78
|
<fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x017)">
|
74
79
|
<description>Windows Server Server 2016</description>
|
75
80
|
<example _encoding="base64">
|
@@ -80,7 +85,9 @@
|
|
80
85
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
81
86
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
82
87
|
</fingerprint>
|
88
|
+
|
83
89
|
<!-- Windows 2012 R2 -->
|
90
|
+
|
84
91
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x016)">
|
85
92
|
<description>Active Directory Controller on Windows Server 2012 R2</description>
|
86
93
|
<example _encoding="base64">
|
@@ -95,6 +102,7 @@
|
|
95
102
|
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
96
103
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
97
104
|
</fingerprint>
|
105
|
+
|
98
106
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x016)">
|
99
107
|
<description>Microsoft LDS on Windows Server Server 2012 R2</description>
|
100
108
|
<example _encoding="base64">
|
@@ -109,6 +117,7 @@
|
|
109
117
|
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
110
118
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
111
119
|
</fingerprint>
|
120
|
+
|
112
121
|
<fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x016)">
|
113
122
|
<description>Windows Server Server 2012 R2</description>
|
114
123
|
<example _encoding="base64">
|
@@ -119,7 +128,9 @@
|
|
119
128
|
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
120
129
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
121
130
|
</fingerprint>
|
131
|
+
|
122
132
|
<!-- Windows 2012 -->
|
133
|
+
|
123
134
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x015)">
|
124
135
|
<description>Active Directory Controller on Windows Server 2012</description>
|
125
136
|
<example _encoding="base64">
|
@@ -134,6 +145,7 @@
|
|
134
145
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
135
146
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
136
147
|
</fingerprint>
|
148
|
+
|
137
149
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x015)">
|
138
150
|
<description>Microsoft LDS on Windows Server 2012 R2</description>
|
139
151
|
<example _encoding="base64">
|
@@ -148,6 +160,7 @@
|
|
148
160
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
149
161
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
150
162
|
</fingerprint>
|
163
|
+
|
151
164
|
<fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x015)">
|
152
165
|
<description>Windows Server Server 2012</description>
|
153
166
|
<example _encoding="base64">
|
@@ -158,7 +171,9 @@
|
|
158
171
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
159
172
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
160
173
|
</fingerprint>
|
174
|
+
|
161
175
|
<!-- Windows 2008 R2 -->
|
176
|
+
|
162
177
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x014)">
|
163
178
|
<description>Active Directory Controller on Windows Server 2008 R2</description>
|
164
179
|
<example _encoding="base64">
|
@@ -173,6 +188,7 @@
|
|
173
188
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
174
189
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
175
190
|
</fingerprint>
|
191
|
+
|
176
192
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x014)">
|
177
193
|
<description>Microsoft LDS on Windows Server Server 2008 R2</description>
|
178
194
|
<example _encoding="base64">
|
@@ -187,10 +203,12 @@
|
|
187
203
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
188
204
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
189
205
|
</fingerprint>
|
206
|
+
|
190
207
|
<!--
|
191
208
|
This generic match for domainControllerFunctionality = 4 will capture
|
192
209
|
current Samba implementations. Disable the fingerprint below when testing Samba
|
193
210
|
-->
|
211
|
+
|
194
212
|
<fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x014)">
|
195
213
|
<description>Windows Server Server 2008 R2</description>
|
196
214
|
<example _encoding="base64">
|
@@ -201,7 +219,9 @@
|
|
201
219
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
202
220
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
203
221
|
</fingerprint>
|
222
|
+
|
204
223
|
<!-- Windows 2008 -->
|
224
|
+
|
205
225
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x013)">
|
206
226
|
<description>Active Directory Controller on Windows Server 2008</description>
|
207
227
|
<example _encoding="base64">
|
@@ -216,6 +236,7 @@
|
|
216
236
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
217
237
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
218
238
|
</fingerprint>
|
239
|
+
|
219
240
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x013)">
|
220
241
|
<description>Microsoft LDS on Windows Server 2008</description>
|
221
242
|
<example _encoding="base64">
|
@@ -230,6 +251,7 @@
|
|
230
251
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
231
252
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
232
253
|
</fingerprint>
|
254
|
+
|
233
255
|
<fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x013)">
|
234
256
|
<description>Windows Server Server 2008</description>
|
235
257
|
<example _encoding="base64">
|
@@ -240,7 +262,9 @@
|
|
240
262
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
241
263
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
242
264
|
</fingerprint>
|
265
|
+
|
243
266
|
<!-- Windows 2003 -->
|
267
|
+
|
244
268
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x012)">
|
245
269
|
<description>Active Directory Controller on Windows Server 2003</description>
|
246
270
|
<example _encoding="base64">
|
@@ -255,6 +279,7 @@
|
|
255
279
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
256
280
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
|
257
281
|
</fingerprint>
|
282
|
+
|
258
283
|
<fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x012)">
|
259
284
|
<description>Microsoft LDS on Windows Server 2003</description>
|
260
285
|
<example _encoding="base64">
|
@@ -269,6 +294,7 @@
|
|
269
294
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
270
295
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
|
271
296
|
</fingerprint>
|
297
|
+
|
272
298
|
<fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x012)">
|
273
299
|
<description>Windows Server Server 2003</description>
|
274
300
|
<example _encoding="base64">
|
@@ -279,7 +305,9 @@
|
|
279
305
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
280
306
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
|
281
307
|
</fingerprint>
|
308
|
+
|
282
309
|
<!-- Win Server 2000 Service Pack 3 only has two matching supportedCapabilities OIDs, match them and look for explicit end-->
|
310
|
+
|
283
311
|
<fingerprint pattern="(?im:supportedCapabilities1.{1,5}\x04\x161.2.840.113556.1.4.800\x04\x171.2.840.113556.1.4.17910.{1,5}\x04.(?:supportedControl|isSynchronized))">
|
284
312
|
<description>Active Directory Controller on Windows Server 2000 SP 3</description>
|
285
313
|
<example _encoding="base64">
|
@@ -299,7 +327,9 @@
|
|
299
327
|
<param pos="0" name="os.version" value="Windows Server 2000 SP3"/>
|
300
328
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:Windows Server 2000 SP3"/>
|
301
329
|
</fingerprint>
|
330
|
+
|
302
331
|
<!-- Win Server 2000 RTM only has a single matching supportedCapabilities OID, match it and look for explicit end-->
|
332
|
+
|
303
333
|
<fingerprint pattern="(?im:supportedCapabilities1.{1,5}\x04\x161.2.840.113556.1.4.8000.{1,5}\x04.isSynchronized1)">
|
304
334
|
<description>Active Directory Controller on Windows Server 2000</description>
|
305
335
|
<example _encoding="base64">
|
@@ -314,7 +344,9 @@
|
|
314
344
|
<param pos="0" name="os.product" value="Windows Server 2000"/>
|
315
345
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
|
316
346
|
</fingerprint>
|
347
|
+
|
317
348
|
<!-- End of Microsoft Windows Section -->
|
349
|
+
|
318
350
|
<fingerprint pattern="(?im:top\x04..penLDAProotDSE)">
|
319
351
|
<description>OpenLDAP</description>
|
320
352
|
<example _encoding="base64">
|
@@ -324,6 +356,7 @@
|
|
324
356
|
<param pos="0" name="service.product" value="OpenLDAP"/>
|
325
357
|
<param pos="0" name="service.cpe23" value="cpe:/a:openldap:openldap:-"/>
|
326
358
|
</fingerprint>
|
359
|
+
|
327
360
|
<fingerprint pattern="(?i:namingcontexts1.\x04.fn=ContactRoot0.[\x02\x04])">
|
328
361
|
<description>Kerio Connect</description>
|
329
362
|
<example service.product="Connect" _encoding="base64">
|
@@ -333,6 +366,7 @@
|
|
333
366
|
<param pos="0" name="service.vendor" value="Kerio"/>
|
334
367
|
<param pos="0" name="service.product" value="Connect"/>
|
335
368
|
</fingerprint>
|
369
|
+
|
336
370
|
<fingerprint pattern="(?im:vmwPlatformServicesControllerVersion1.\x04.(\d\.\d\.\d)0.)">
|
337
371
|
<description>VMware Platform Services Controller</description>
|
338
372
|
<example service.version="6.0.0" _encoding="base64">
|
@@ -342,8 +376,11 @@
|
|
342
376
|
<param pos="0" name="service.product" value="Platform Services Controller"/>
|
343
377
|
<param pos="1" name="service.version"/>
|
344
378
|
</fingerprint>
|
379
|
+
|
345
380
|
<!-- Fedora / 389 Project family -->
|
381
|
+
|
346
382
|
<!-- http://directory.fedoraproject.org/docs/389ds/FAQ/history.html -->
|
383
|
+
|
347
384
|
<fingerprint pattern="(?i:vendorname1.\x04.Fedora Project0.\x04\rvendorversion1.\x04.Fedora-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+))">
|
348
385
|
<description>Fedora Project Fedora Directory Server</description>
|
349
386
|
<example service.version="1.0.4 B2006.312.5450" _encoding="base64">
|
@@ -358,6 +395,7 @@
|
|
358
395
|
<param pos="0" name="service.product" value="Fedora Directory Server"/>
|
359
396
|
<param pos="1" name="service.version"/>
|
360
397
|
</fingerprint>
|
398
|
+
|
361
399
|
<fingerprint pattern="(?i:vendorname1.\x04.389 Project0.\x04\rvendorversion1.\x04.389-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+))">
|
362
400
|
<description>389 Project 389 Directory Server</description>
|
363
401
|
<example service.version="1.2.11.25 B2013.325.19510" _encoding="base64">
|
@@ -368,6 +406,7 @@
|
|
368
406
|
<param pos="0" name="service.product" value="389 Directory Server"/>
|
369
407
|
<param pos="1" name="service.version"/>
|
370
408
|
</fingerprint>
|
409
|
+
|
371
410
|
<fingerprint pattern="(?im:vendorName1.\x04.CentOS0.\x04\rvendorVersion1.\x04.CentOS-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+).\x04\v)">
|
372
411
|
<description>CentOS CentOS Directory Server</description>
|
373
412
|
<example service.version="8.2.8 B2012.041.12270" _encoding="base64">
|
@@ -378,6 +417,7 @@
|
|
378
417
|
<param pos="0" name="service.product" value="CentOS Directory Server"/>
|
379
418
|
<param pos="1" name="service.version"/>
|
380
419
|
</fingerprint>
|
420
|
+
|
381
421
|
<fingerprint pattern="(?im:vendorName1.\x04.Red Hat(?:, Inc.)?0.\x04\rvendorVersion1.\x04.Red Hat-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+).\x04\v)">
|
382
422
|
<description>Red Hat Red Hat Directory Server</description>
|
383
423
|
<example service.version="8.2.0 B2010.210.0590" _encoding="base64">
|
@@ -389,6 +429,7 @@
|
|
389
429
|
<param pos="1" name="service.version"/>
|
390
430
|
<param pos="0" name="service.cpe23" value="cpe:/a:redhat:directory_server:{service.version}"/>
|
391
431
|
</fingerprint>
|
432
|
+
|
392
433
|
<fingerprint pattern="(?i:vendorname1.\x04.Netscape Communications Corp.0.\x04\rvendorversion1.\x04.Netscape-Directory/(\d\.\d[\d.]* B\d+\.\d+\.\d+).\x04\v)">
|
393
434
|
<description>Netscape Directory Server</description>
|
394
435
|
<example service.version="6.11 B2002.281.08530" _encoding="base64">
|
@@ -403,6 +444,7 @@
|
|
403
444
|
<param pos="0" name="service.product" value="Netscape Directory Server"/>
|
404
445
|
<param pos="1" name="service.version"/>
|
405
446
|
</fingerprint>
|
447
|
+
|
406
448
|
<fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0.\x04.dominomajminversion)">
|
407
449
|
<description>IBM (Lotus) Domino LDAP Server - majminversion variant</description>
|
408
450
|
<example service.version="8.5.3" _encoding="base64">
|
@@ -417,6 +459,7 @@
|
|
417
459
|
<param pos="0" name="service.product" value="Domino LDAP Server"/>
|
418
460
|
<param pos="1" name="service.version"/>
|
419
461
|
</fingerprint>
|
462
|
+
|
420
463
|
<fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0\f)">
|
421
464
|
<description>IBM (Lotus) Domino LDAP Server</description>
|
422
465
|
<example service.version="9.0.1FP4 HF523" _encoding="base64">
|
@@ -427,6 +470,7 @@
|
|
427
470
|
<param pos="0" name="service.product" value="Domino LDAP Server"/>
|
428
471
|
<param pos="1" name="service.version"/>
|
429
472
|
</fingerprint>
|
473
|
+
|
430
474
|
<fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Build (V[\w .]*)0.\x04.dominomajminversion)">
|
431
475
|
<description>IBM (Lotus) Domino LDAP Server - build variant</description>
|
432
476
|
<example service.version="V902_12302013" _encoding="base64">
|
@@ -437,7 +481,9 @@
|
|
437
481
|
<param pos="0" name="service.product" value="Domino LDAP Server"/>
|
438
482
|
<param pos="1" name="service.version"/>
|
439
483
|
</fingerprint>
|
484
|
+
|
440
485
|
<!-- Attachmate Group (NetIQ) purchased Novell in 2011, and then merged w/ Micro Focus in 2014 -->
|
486
|
+
|
441
487
|
<fingerprint pattern="(?im:vendorName1\x13\x04\x11NetIQ Corporation0.\x04\rvendorVersion.{4}LDAP Agent for NetIQ eDirectory (\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
|
442
488
|
<description>NetIQ LDAP Agent for eDirectory</description>
|
443
489
|
<example service.version="8.8 SP8 (20808.06)" _encoding="base64">
|
@@ -449,6 +495,7 @@
|
|
449
495
|
<param pos="0" name="service.product" value="LDAP Agent for eDirectory"/>
|
450
496
|
<param pos="1" name="service.version"/>
|
451
497
|
</fingerprint>
|
498
|
+
|
452
499
|
<fingerprint pattern="(?im:vendorName1\x0E\x04\fNovell, Inc.0.\x04\rvendorVersion.{4}LDAP Agent for Novell eDirectory (\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
|
453
500
|
<description>Novell LDAP Agent for eDirectory</description>
|
454
501
|
<example service.version="8.7.3.8 (10554.99)" _encoding="base64">
|
@@ -463,6 +510,7 @@
|
|
463
510
|
<param pos="0" name="service.product" value="LDAP Agent for eDirectory"/>
|
464
511
|
<param pos="1" name="service.version"/>
|
465
512
|
</fingerprint>
|
513
|
+
|
466
514
|
<fingerprint pattern="(?im:vendorName1\x0E\x04\fNovell, Inc.0/\x04\rvendorVersion1\x1E\x04\x1CeDirectory v(\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
|
467
515
|
<description>Novell eDirectory</description>
|
468
516
|
<example service.version="8.6.2 (10350.18)" _encoding="base64">
|
@@ -474,7 +522,9 @@
|
|
474
522
|
<param pos="1" name="service.version"/>
|
475
523
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:edirectory:{service.version}"/>
|
476
524
|
</fingerprint>
|
525
|
+
|
477
526
|
<!-- Various iterations of Sun, now Oracle, Directory Server -->
|
527
|
+
|
478
528
|
<fingerprint pattern="(?i:vendorname1\x18\x04\x16Sun Microsystems, Inc.0.+\x04\rvendorversion1.{1,2}\x04.{1,2}Sun[- ]Java\(tm\)[- ]System[- ]Directory(?: Server)?/(\d\.\d+[\w.]*)0.{1,3}\x04)">
|
479
529
|
<description>Sun Java(TM) System Directory Server</description>
|
480
530
|
<example service.version="5.2_Patch_6" _encoding="base64">
|
@@ -494,10 +544,11 @@
|
|
494
544
|
dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDoEDXZlbmRvclZlcnNpb24xK
|
495
545
|
QQnU3VuLUphdmEodG0pLVN5c3RlbS1EaXJlY3RvcnkvNi4zLjEuMS4xMIGJBA==
|
496
546
|
</example>
|
497
|
-
<param pos="0" name="service.vendor" value="Sun
|
547
|
+
<param pos="0" name="service.vendor" value="Sun"/>
|
498
548
|
<param pos="0" name="service.product" value="Sun Java System Directory Server"/>
|
499
549
|
<param pos="1" name="service.version"/>
|
500
550
|
</fingerprint>
|
551
|
+
|
501
552
|
<fingerprint pattern="(?i:vendorname1\x18\x04\x16Sun Microsystems, Inc.0.\x04\rvendorversion1.\x04.Sun-Directory-Server/([\w.]+)0.{1,3}\x04)">
|
502
553
|
<description>Sun Directory Server</description>
|
503
554
|
<example service.version="7.0" _encoding="base64">
|
@@ -512,10 +563,11 @@
|
|
512
563
|
dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDIEDXZlbmRvclZlcnNpb24xI
|
513
564
|
QQfU3VuLURpcmVjdG9yeS1TZXJ2ZXIvMTEuMS4xLjMuMDAgBA==
|
514
565
|
</example>
|
515
|
-
<param pos="0" name="service.vendor" value="Sun
|
566
|
+
<param pos="0" name="service.vendor" value="Sun"/>
|
516
567
|
<param pos="0" name="service.product" value="Sun Directory Server"/>
|
517
568
|
<param pos="1" name="service.version"/>
|
518
569
|
</fingerprint>
|
570
|
+
|
519
571
|
<fingerprint pattern="(?i:vendorname1\x14\x04\x12Oracle Corporation0.\x04\rvendorversion1.\x04.Sun-Directory-Server/([\w.]+)[0 ].{1,3}\x04)">
|
520
572
|
<description>Oracle Sun Directory Server</description>
|
521
573
|
<example service.version="11.1.1.7.2" _encoding="base64">
|
@@ -530,17 +582,20 @@
|
|
530
582
|
<param pos="0" name="service.product" value="Sun Directory Server"/>
|
531
583
|
<param pos="1" name="service.version"/>
|
532
584
|
</fingerprint>
|
585
|
+
|
533
586
|
<fingerprint pattern="(?im:vendorName1\x17\x04\x15Sun Microsystems, Inc0.\x04\rvendorVersion1.\x04.Directory Proxy Server ([\w.]+)0.\x04)">
|
534
587
|
<description>Sun Directory Proxy Server</description>
|
535
588
|
<example service.version="11.1.1.7.1" _encoding="base64">
|
536
589
|
dmVuZG9yTmFtZTEXBBVTdW4gTWljcm9zeXN0ZW1zLCBJbmMwNAQNdmVuZG9yVmVyc2lvbjEjB
|
537
590
|
CFEaXJlY3RvcnkgUHJveHkgU2VydmVyIDExLjEuMS43LjEwRQQ=
|
538
591
|
</example>
|
539
|
-
<param pos="0" name="service.vendor" value="Sun
|
592
|
+
<param pos="0" name="service.vendor" value="Sun"/>
|
540
593
|
<param pos="0" name="service.product" value="Sun Directory Proxy Server"/>
|
541
594
|
<param pos="1" name="service.version"/>
|
542
595
|
</fingerprint>
|
596
|
+
|
543
597
|
<!-- Very old, rare, same family as above. Roll into those? -->
|
598
|
+
|
544
599
|
<fingerprint pattern="(?i:vendorname1.\x04.Sun Microsystems, Inc.0.\x04\rvendorversion1.\x04.Sun-ONE-Directory/([\w.]+)0.\x04)">
|
545
600
|
<description>Sun ONE Directory Server</description>
|
546
601
|
<example service.version="5.2" _encoding="base64">
|
@@ -551,11 +606,13 @@
|
|
551
606
|
dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDAEDXZlbmRvclZlcnNpb24xH
|
552
607
|
wQdU3VuLU9ORS1EaXJlY3RvcnkvNS4yX1BhdGNoXzEwPgQ=
|
553
608
|
</example>
|
554
|
-
<param pos="0" name="service.vendor" value="Sun
|
609
|
+
<param pos="0" name="service.vendor" value="Sun"/>
|
555
610
|
<param pos="0" name="service.product" value="Sun ONE Directory Server"/>
|
556
611
|
<param pos="1" name="service.version"/>
|
557
612
|
</fingerprint>
|
613
|
+
|
558
614
|
<!-- IBM [Tivoli | Security] Directory Server -->
|
615
|
+
|
559
616
|
<fingerprint pattern="(?im:International Business Machines \(IBM\)0.*\x04\rvendorversion1.\x00\x00\x00.\x04.([\d.]+)0.\x00.*ibm-osregistrycontext1.\x00\x00\x00.\x04.OS400-SYS=)">
|
560
617
|
<description>IBM Security Directory Server on OS/400 (IBM i)</description>
|
561
618
|
<example service.version="5.2" _encoding="base64">
|
@@ -571,6 +628,7 @@
|
|
571
628
|
<param pos="1" name="service.version"/>
|
572
629
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:security_directory_server:{service.version}"/>
|
573
630
|
</fingerprint>
|
631
|
+
|
574
632
|
<fingerprint pattern="(?im:vendorname1.+?\x04%International Business Machines \(IBM\)0.+?\x04\rvendorversion1.+?\x04.([\d.]+)0.[\x00\x02\x04])">
|
575
633
|
<description>IBM Security Directory Server</description>
|
576
634
|
<example service.version="5.1" _encoding="base64">
|
@@ -586,6 +644,7 @@
|
|
586
644
|
<param pos="1" name="service.version"/>
|
587
645
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:security_directory_server:{service.version}"/>
|
588
646
|
</fingerprint>
|
647
|
+
|
589
648
|
<fingerprint pattern="(?im:vendorName1.\x00\x00\x00\v\x04\tMirapoint0.\x00\x00\x00.\x04\rvendorVersion1.\x00\x00\x00.\x04.([\d.]+)0.\x00)">
|
590
649
|
<description>Mirapoint LDAP Server</description>
|
591
650
|
<example service.version="3.2" _encoding="base64">
|
@@ -596,6 +655,7 @@
|
|
596
655
|
<param pos="0" name="service.product" value="LDAP Server"/>
|
597
656
|
<param pos="1" name="service.version"/>
|
598
657
|
</fingerprint>
|
658
|
+
|
599
659
|
<fingerprint pattern="(?im:orcldirectoryversion1.{1,5}\x04.OID ([\d.]+)0.\x00\x00)">
|
600
660
|
<description>Oracle Internet Directory</description>
|
601
661
|
<example service.version="9.0.4.0.0" _encoding="base64">
|
@@ -605,6 +665,7 @@
|
|
605
665
|
<param pos="0" name="service.product" value="Internet Directory Server"/>
|
606
666
|
<param pos="1" name="service.version"/>
|
607
667
|
</fingerprint>
|
668
|
+
|
608
669
|
<fingerprint pattern="(?im:orcldirectoryversion1.{1,5}\x04.OVD ([\d.]+)0.\x04)">
|
609
670
|
<description>Oracle Virtual Directory</description>
|
610
671
|
<example service.version="11.1.1.6.0" _encoding="base64">
|
@@ -614,6 +675,7 @@
|
|
614
675
|
<param pos="0" name="service.product" value="Virtual Directory Server"/>
|
615
676
|
<param pos="1" name="service.version"/>
|
616
677
|
</fingerprint>
|
678
|
+
|
617
679
|
<fingerprint pattern="(?im:metaProductID.*\x04\vmetaVersion1\r\x04.([\d.]+)0.\x04)">
|
618
680
|
<description>estos MetaDirectory</description>
|
619
681
|
<example service.version="3.5.22.4291" _encoding="base64">
|
@@ -626,6 +688,7 @@
|
|
626
688
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
627
689
|
<param pos="0" name="os.family" value="Windows"/>
|
628
690
|
</fingerprint>
|
691
|
+
|
629
692
|
<fingerprint pattern="(?im:dsaVersion1.\x04,DC Directory Server v(\d+\.\d+[\d.]* \([\w. ]+\))0.\x04)">
|
630
693
|
<description>Cisco Data Connection Directory</description>
|
631
694
|
<example service.version="8.1.00 (build 20150305)" _encoding="base64">
|
@@ -636,7 +699,9 @@
|
|
636
699
|
<param pos="0" name="service.product" value="Data Connection Directory"/>
|
637
700
|
<param pos="1" name="service.version"/>
|
638
701
|
</fingerprint>
|
702
|
+
|
639
703
|
<!-- Unbound -->
|
704
|
+
|
640
705
|
<fingerprint pattern="(?im:vendorName1.\x04.UnboundID Corp.0.\x04\rvendorVersion1.\x04.UnboundID Directory Server ([\d.]+)0\f)">
|
641
706
|
<description>UnboundID Directory Server</description>
|
642
707
|
<example service.version="5.1.5.2" _encoding="base64">
|
@@ -647,6 +712,7 @@
|
|
647
712
|
<param pos="0" name="service.product" value="UnboundID Directory Server"/>
|
648
713
|
<param pos="1" name="service.version"/>
|
649
714
|
</fingerprint>
|
715
|
+
|
650
716
|
<fingerprint pattern="(?im:vendorName1.\x04.UnboundID Corp.0.\x04\rvendorVersion1.\x04.UnboundID Directory Proxy Server ([\d.]+)0\f)">
|
651
717
|
<description>UnboundID Directory Proxy Server</description>
|
652
718
|
<example service.version="4.7.0.7" _encoding="base64">
|
@@ -657,6 +723,7 @@
|
|
657
723
|
<param pos="0" name="service.product" value="UnboundID Directory Proxy Server"/>
|
658
724
|
<param pos="1" name="service.version"/>
|
659
725
|
</fingerprint>
|
726
|
+
|
660
727
|
<fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.IPVA-\w+-)" flags="REG_MULTILINE">
|
661
728
|
<description>innovaphone VoIP Gateway Virtual Appliance</description>
|
662
729
|
<example _encoding="base64">
|
@@ -667,6 +734,7 @@
|
|
667
734
|
<param pos="0" name="service.family" value="VoiP Gateway"/>
|
668
735
|
<param pos="0" name="service.product" value="IPVA"/>
|
669
736
|
</fingerprint>
|
737
|
+
|
670
738
|
<fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IP\d+)-\w+-)" flags="REG_MULTILINE">
|
671
739
|
<description>innovaphone VoIP Gateway</description>
|
672
740
|
<example service.product="IP800" _encoding="base64">
|
@@ -677,6 +745,7 @@
|
|
677
745
|
<param pos="0" name="service.family" value="VoiP Gateway"/>
|
678
746
|
<param pos="1" name="service.product"/>
|
679
747
|
</fingerprint>
|
748
|
+
|
680
749
|
<fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IPBS\d*)-\w+-)">
|
681
750
|
<description>Ascom IP-DECT Base Station</description>
|
682
751
|
<example service.product="IPBS2" _encoding="base64">
|
@@ -687,6 +756,7 @@
|
|
687
756
|
<param pos="0" name="service.family" value="IP-DECT Base Station"/>
|
688
757
|
<param pos="1" name="service.product"/>
|
689
758
|
</fingerprint>
|
759
|
+
|
690
760
|
<fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IPBL\d*)-\w+-)">
|
691
761
|
<description>Ascom IP-DECT Gateway</description>
|
692
762
|
<example service.product="IPBL" _encoding="base64">
|
@@ -697,6 +767,7 @@
|
|
697
767
|
<param pos="0" name="service.family" value="IP-DECT Gateway"/>
|
698
768
|
<param pos="1" name="service.product"/>
|
699
769
|
</fingerprint>
|
770
|
+
|
700
771
|
<fingerprint pattern="(?im:o=Scalix0.\x04.subschemasubentry1.\x04.cn=subSchema,o=Scalix0.\x04.*\x04.xserverversion1.\x04.(\d\d\.\d+\.[\w.-]+)0.\x02)">
|
701
772
|
<description>Scalix LDAP Server</description>
|
702
773
|
<example service.version="11.4.6.13676" _encoding="base64">
|
@@ -708,4 +779,5 @@
|
|
708
779
|
<param pos="0" name="service.product" value="LDAP Server"/>
|
709
780
|
<param pos="1" name="service.version"/>
|
710
781
|
</fingerprint>
|
711
|
-
|
782
|
+
|
783
|
+
</fingerprints>
|