recog 2.3.7 → 2.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -2
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +18 -16
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +36 -1
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +200 -26
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +276 -16
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +1419 -72
  43. data/xml/http_cookies.xml +77 -10
  44. data/xml/http_servers.xml +898 -47
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +23 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +32 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +43 -23
  58. data/xml/sip_banners.xml +9 -14
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +233 -13
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +776 -52
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +259 -80
  77. data/xml/telnet_banners.xml +376 -23
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +37 -13
  80. data/xml/x509_subjects.xml +525 -55
  81. metadata +29 -6
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
3
3
  <!--
4
4
  POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
9
  <description>OSX Cyrus POP</description>
9
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
19
20
  <param pos="1" name="host.domain"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
22
24
  <description>CMU Cyrus POP</description>
23
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
@@ -28,6 +30,7 @@
28
30
  <param pos="2" name="service.version"/>
29
31
  <param pos="1" name="host.domain"/>
30
32
  </fingerprint>
33
+
31
34
  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
32
35
  <description>IBM Lotus Notes/Domino</description>
33
36
  <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
@@ -36,6 +39,7 @@
36
39
  <param pos="0" name="service.product" value="Lotus Domino"/>
37
40
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
38
41
  </fingerprint>
42
+
39
43
  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
40
44
  <description>IBM Lotus Notes/Domino - Release variant</description>
41
45
  <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
@@ -45,6 +49,7 @@
45
49
  <param pos="1" name="service.version"/>
46
50
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
47
51
  </fingerprint>
52
+
48
53
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
49
54
  <description>Qpopper with Sphera mods</description>
50
55
  <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
@@ -54,6 +59,7 @@
54
59
  <param pos="1" name="service.version"/>
55
60
  <param pos="2" name="host.domain"/>
56
61
  </fingerprint>
62
+
57
63
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
58
64
  <description>Qpopper with MySQL auth module</description>
59
65
  <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
@@ -66,6 +72,7 @@
66
72
  <param pos="2" name="service.component.version"/>
67
73
  <param pos="3" name="host.domain"/>
68
74
  </fingerprint>
75
+
69
76
  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
70
77
  <description>Qpopper missing version info</description>
71
78
  <example>Qpopper (version 4.0.16) at foo.example.com</example>
@@ -77,6 +84,7 @@
77
84
  <param pos="1" name="service.version"/>
78
85
  <param pos="2" name="host.domain"/>
79
86
  </fingerprint>
87
+
80
88
  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
81
89
  <description>Qpopper with missing version info</description>
82
90
  <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
@@ -86,6 +94,7 @@
86
94
  <param pos="1" name="qpopper.version"/>
87
95
  <param pos="2" name="host.domain"/>
88
96
  </fingerprint>
97
+
89
98
  <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
90
99
  <description>Microsoft Exchange Server 2003</description>
91
100
  <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
@@ -100,6 +109,7 @@
100
109
  <param pos="0" name="os.product" value="Windows"/>
101
110
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
102
111
  </fingerprint>
112
+
103
113
  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
104
114
  <description>Microsoft Exchange Server 2000</description>
105
115
  <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
@@ -114,6 +124,7 @@
114
124
  <param pos="0" name="os.product" value="Windows"/>
115
125
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
116
126
  </fingerprint>
127
+
117
128
  <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
118
129
  <description>Microsoft Exchange Server</description>
119
130
  <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
@@ -127,6 +138,7 @@
127
138
  <param pos="0" name="os.product" value="Windows"/>
128
139
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
129
140
  </fingerprint>
141
+
130
142
  <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
131
143
  <description>Microsoft POP3 Services on Windows 2003</description>
132
144
  <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
@@ -139,6 +151,7 @@
139
151
  <param pos="0" name="os.product" value="Windows Server 2003"/>
140
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
141
153
  </fingerprint>
154
+
142
155
  <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
143
156
  <description>Microsoft Exchange Server 2007</description>
144
157
  <example>Microsoft Exchange Server 2007 POP3 service ready</example>
@@ -151,6 +164,7 @@
151
164
  <param pos="0" name="os.product" value="Windows"/>
152
165
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
153
166
  </fingerprint>
167
+
154
168
  <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
155
169
  <description>Microsoft Exchange Server, generic</description>
156
170
  <example>The Microsoft Exchange POP3 service is ready.</example>
@@ -163,12 +177,16 @@
163
177
  <param pos="0" name="os.product" value="Windows"/>
164
178
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
165
179
  </fingerprint>
180
+
166
181
  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
167
182
  <description>Dovecot Secure POP Server</description>
183
+ <param pos="0" name="service.vendor" value="Dovecot"/>
168
184
  <param pos="0" name="service.family" value="Dovecot"/>
169
185
  <param pos="0" name="service.product" value="Dovecot"/>
186
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
170
187
  <param pos="1" name="host.name"/>
171
188
  </fingerprint>
189
+
172
190
  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
173
191
  <description>VMware Zimbra POP</description>
174
192
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
@@ -177,6 +195,7 @@
177
195
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
178
196
  <param pos="1" name="host.name"/>
179
197
  </fingerprint>
198
+
180
199
  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
181
200
  <description>VMware Zimbra POP with version</description>
182
201
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
@@ -186,12 +205,14 @@
186
205
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
187
206
  <param pos="1" name="host.name"/>
188
207
  </fingerprint>
208
+
189
209
  <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
190
210
  <description>Generic masked POP3 server</description>
191
211
  <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
192
212
  <example>&lt;84427.1298535083@foo.example.com&gt;</example>
193
213
  <param pos="1" name="host.name"/>
194
214
  </fingerprint>
215
+
195
216
  <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
196
217
  <description>Apple Open Directory</description>
197
218
  <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
@@ -205,6 +226,7 @@
205
226
  <param pos="0" name="os.certainty" value="0.5"/>
206
227
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
207
228
  </fingerprint>
229
+
208
230
  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
209
231
  <description>TCP/IP Services for OpenVMS POP server</description>
210
232
  <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
@@ -218,6 +240,7 @@
218
240
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
219
241
  <param pos="2" name="host.name"/>
220
242
  </fingerprint>
243
+
221
244
  <fingerprint pattern="^Hello there\.$">
222
245
  <description>Courier MTA POP</description>
223
246
  <example>Hello there.</example>
@@ -225,6 +248,7 @@
225
248
  <param pos="0" name="service.family" value="Courier MTA"/>
226
249
  <param pos="0" name="service.product" value="Courier POP"/>
227
250
  </fingerprint>
251
+
228
252
  <fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
229
253
  <description>CMailServer</description>
230
254
  <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
@@ -234,6 +258,7 @@
234
258
  <param pos="0" name="os.vendor" value="Microsoft"/>
235
259
  <param pos="1" name="service.version"/>
236
260
  </fingerprint>
261
+
237
262
  <fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
238
263
  <description>POP3 Bigfoot server</description>
239
264
  <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
@@ -242,6 +267,7 @@
242
267
  <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
243
268
  <param pos="1" name="service.version"/>
244
269
  </fingerprint>
270
+
245
271
  <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
246
272
  <description>CCProxy POP3 server</description>
247
273
  <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
@@ -252,6 +278,7 @@
252
278
  <param pos="0" name="service.product" value="CCProxy"/>
253
279
  <param pos="1" name="service.version"/>
254
280
  </fingerprint>
281
+
255
282
  <fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
256
283
  <description>WinWebmail POP3</description>
257
284
  <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
@@ -263,6 +290,7 @@
263
290
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
264
291
  <param pos="1" name="service.version"/>
265
292
  </fingerprint>
293
+
266
294
  <fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
267
295
  <description>BlackJumboDog</description>
268
296
  <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
@@ -274,6 +302,7 @@
274
302
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
275
303
  <param pos="1" name="service.version"/>
276
304
  </fingerprint>
305
+
277
306
  <!--
278
307
  ; Mandrake 8.1 - uses UW IMAP
279
308
  ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -283,66 +312,38 @@
283
312
  // +OK POP3 [158.122.12.70] v2003.83mdk server ready
284
313
  // +OK POP3 [161.58.53.189] 2006b.94 server ready
285
314
  // +OK POP3 [192.168.0.250] v2000.70rh server ready
286
-
287
315
  ; Lotus Domino - NOTE: POP versions do not map to Domino version
288
316
  // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
289
317
  ( call ?j_popPatterns add
290
318
  "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
291
319
  ( call ?j_popNames add "Lotus-Domino" )
292
-
293
320
  // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
294
-
295
321
  // Ipswitch IMail
296
322
  // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
297
-
298
323
  // +OK X1 POP3 Mail Server
299
-
300
324
  // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
301
-
302
325
  // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
303
-
304
326
  // +OK IdeaPop3Server v0.50 ready.
305
-
306
327
  // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
307
-
308
328
  // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
309
-
310
329
  // +OK xxx CMailServer 5.2 POP3 Service Ready
311
-
312
330
  // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
313
-
314
331
  // +OK Gordano Messaging Suite POP3 server ready
315
332
  // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
316
-
317
333
  // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
318
-
319
-
320
334
  // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
321
-
322
335
  // +OK Welcome to MailEnable POP3 Server
323
-
324
336
  // +OK GroupWise POP3 server ready
325
-
326
337
  // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
327
-
328
338
  // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
329
-
330
339
  // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
331
-
332
340
  // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
333
-
334
341
  // +OK Solid POP3 server ready
335
-
336
342
  // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
337
-
338
343
  // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
339
-
340
344
  // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
341
-
342
345
  // +OK DPOP Version number supressed.
343
-
344
346
  // +OK XPOP3 0.0.1 server ready
345
-
346
347
  -ERR (Proxy) connect error:socket error:No route to host
347
348
  -ERR No permission
348
349
  -ERR sorry, POP server too busy right now. Try again later.
@@ -494,6 +495,6 @@
494
495
  // apparently this is a P3Scan Proxy bug
495
496
  // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
496
497
  Oops, that would loop!
497
-
498
498
  -->
499
- </fingerprints>
499
+
500
+ </fingerprints>
@@ -1,14 +1,16 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="rsh" database_type="service">
3
3
  <!--
4
4
  Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
5
5
  -->
6
+
6
7
  <fingerprint pattern="^.Permission denied: Error 0$">
7
8
  <description>Digital Unix rlogind</description>
8
9
  <example>xPermission denied: Error 0</example>
9
10
  <param pos="0" name="os.vendor" value="HP"/>
10
11
  <param pos="0" name="os.family" value="Digital Unix"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
13
15
  <description>Windows rlogind</description>
14
16
  <example>xWinsock RSHD/NT: Protocol negotiation error.
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="0" name="os.family" value="Windows"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
22
25
  <description>Solaris rlogind</description>
23
26
  <example>xpermission denied.
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Solaris"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
31
35
  <description>AIX rlogind</description>
32
36
  <example>xrlogind: Accxs refusx.
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="os.product" value="AIX"/>
37
41
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
40
45
  <description>A/UX rlogind</description>
41
46
  <example>xrlogind: Host name for your address (127.0.0.1) unknown.
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="os.vendor" value="Apple"/>
44
49
  <param pos="0" name="os.family" value="A/UX"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
47
53
  <description>HP-UX rexecd</description>
48
54
  <example>xrexecd: Login incorrect.
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="os.product" value="HP-UX"/>
53
59
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
56
63
  <description>AIX rexecd</description>
57
64
  <example>xrexecd: 0-1 The login is not correct.
@@ -61,6 +68,7 @@
61
68
  <param pos="0" name="os.product" value="AIX"/>
62
69
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
63
70
  </fingerprint>
71
+
64
72
  <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
65
73
  <description>HP-UX rshd</description>
66
74
  <example>xremshd: getservbyname
@@ -73,4 +81,5 @@
73
81
  <param pos="0" name="os.product" value="HP-UX"/>
74
82
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ </fingerprints>
@@ -1,76 +1,96 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
3
3
  <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
4
4
  <description>Flussonic Media Server</description>
5
5
  <example service.version="19.04">Flussonic (http://www.flussonic.com/) 19.04</example>
6
6
  <example service.version="20.01">Flussonic (http://www.flussonic.com/) 20.01</example>
7
7
  <param pos="0" name="service.vendor" value="Flussonic"/>
8
- <param pos="0" name="service.product" value="Flussonic Media Server" />
9
- <param pos="1" name="service.version" />
8
+ <param pos="0" name="service.product" value="Flussonic Media Server"/>
9
+ <param pos="1" name="service.version"/>
10
10
  </fingerprint>
11
+
11
12
  <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
12
13
  <description>Hipcam IP camera running the RealServer RTSP server.</description>
13
14
  <example service.version="1.0">Hipcam RealServer/V1.0</example>
14
15
  <param pos="0" name="service.vendor" value="RealNetworks"/>
15
- <param pos="0" name="service.product" value="RealServer" />
16
- <param pos="1" name="service.version" />
17
- <param pos="0" name="hw.vendor" value="Hipcam" />
18
- <param pos="0" name="hw.device" value="IP Camera" />
16
+ <param pos="0" name="service.product" value="RealServer"/>
17
+ <param pos="1" name="service.version"/>
18
+ <param pos="0" name="hw.vendor" value="Hipcam"/>
19
+ <param pos="0" name="hw.device" value="IP Camera"/>
19
20
  </fingerprint>
21
+
20
22
  <fingerprint pattern="^Dahua Rtsp Server$">
21
23
  <description>Dahua IP Camera</description>
22
24
  <example>Dahua Rtsp Server</example>
23
25
  <param pos="0" name="service.vendor" value="Dahua"/>
24
- <param pos="0" name="hw.vendor" value="Dahua" />
25
- <param pos="0" name="hw.device" value="IP Camera" />
26
+ <param pos="0" name="hw.vendor" value="Dahua"/>
27
+ <param pos="0" name="hw.device" value="IP Camera"/>
26
28
  </fingerprint>
29
+
27
30
  <fingerprint pattern="^GStreamer RTSP server$">
28
31
  <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
29
32
  <example>GStreamer RTSP server</example>
30
33
  <param pos="0" name="service.vendor" value="GStreamer"/>
31
- <param pos="0" name="service.product" value="GStreamer RTSP Server" />
34
+ <param pos="0" name="service.product" value="GStreamer RTSP Server"/>
32
35
  </fingerprint>
36
+
33
37
  <fingerprint pattern="^WMServer\/([\d\.]+)$">
34
38
  <description>Windows Media Server</description>
35
39
  <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
36
40
  <example service.version="9.5.6001.22609">WMServer/9.5.6001.22609</example>
37
41
  <param pos="0" name="service.vendor" value="Microsoft"/>
38
- <param pos="0" name="service.product" value="Windows Media Server" />
42
+ <param pos="0" name="service.product" value="Windows Media Server"/>
39
43
  <param pos="0" name="service.family" value="Windows Media Server"/>
40
- <param pos="1" name="service.version" />
44
+ <param pos="1" name="service.version"/>
41
45
  <param pos="0" name="os.vendor" value="Microsoft"/>
42
46
  <param pos="0" name="os.family" value="Windows"/>
43
47
  </fingerprint>
48
+
44
49
  <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
45
50
  <description>Wowza Media Systems Streaming Video Services</description>
46
51
  <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
47
52
  <example service.version="3.6.4" service.version.version="9641" service.product="Media Server">Wowza Media Server 3.6.4 build9641</example>
48
53
  <param pos="0" name="service.vendor" value="Wowza Media Systems"/>
49
- <param pos="1" name="service.product" />
50
- <param pos="2" name="service.version" />
51
- <param pos="3" name="service.version.version" />
54
+ <param pos="1" name="service.product"/>
55
+ <param pos="2" name="service.version"/>
56
+ <param pos="3" name="service.version.version"/>
52
57
  </fingerprint>
58
+
53
59
  <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
54
60
  <description>Foscam IP Camera</description>
55
61
  <example>HiIpcam/V100R003 VodServer/1.0.0</example>
56
- <param pos="0" name="hw.vendor" value="Foscam" />
57
- <param pos="0" name="hw.device" value="IP Camera" />
62
+ <param pos="0" name="hw.vendor" value="Foscam"/>
63
+ <param pos="0" name="hw.device" value="IP Camera"/>
58
64
  </fingerprint>
65
+
59
66
  <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
60
67
  <description>Indigo Security IP Camera</description>
61
68
  <example>Indigo-Security/1.0</example>
62
- <param pos="0" name="hw.vendor" value="Indigo Security" />
63
- <param pos="0" name="hw.device" value="IP Camera" />
69
+ <param pos="0" name="hw.vendor" value="Indigo Security"/>
70
+ <param pos="0" name="hw.device" value="IP Camera"/>
64
71
  </fingerprint>
72
+
65
73
  <fingerprint pattern="^Cisco MediaSense Media Server$">
66
74
  <description>Cisco MediaSense Media Server (RTSP)</description>
67
75
  <example>Cisco MediaSense Media Server</example>
68
76
  <param pos="0" name="service.vendor" value="Cisco"/>
69
- <param pos="0" name="service.product" value="MediaSense Media Server"/>
70
- <param pos="0" name="service.cpe23" value="cpe:2.3:a:cisco:mediasense:-"/>
77
+ <param pos="0" name="service.product" value="MediaSense"/>
78
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:mediasense:-"/>
71
79
  <param pos="0" name="os.vendor" value="Cisco"/>
72
80
  <param pos="0" name="hw.vendor" value="Cisco"/>
73
81
  <param pos="0" name="hw.device" value="SIP Gateway"/>
74
- <param pos="0" name="hw.product" value="MediaSense Server"/>
82
+ <param pos="0" name="hw.product" value="MediaSense"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ <fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
86
+ <description>Avigilon IP Camera</description>
87
+ <example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
88
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
89
+ <param pos="0" name="hw.device" value="IP Camera"/>
90
+ <param pos="0" name="os.vendor" value="Avigilon"/>
91
+ <param pos="0" name="os.family" value="Linux"/>
92
+ <param pos="0" name="os.product" value="Linux"/>
93
+ <param pos="1" name="os.version"/>
94
+ </fingerprint>
95
+
96
+ </fingerprints>