recog 2.3.7 → 2.3.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -2
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +18 -16
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +36 -1
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +200 -26
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +276 -16
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +1419 -72
  43. data/xml/http_cookies.xml +77 -10
  44. data/xml/http_servers.xml +898 -47
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +23 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +32 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +43 -23
  58. data/xml/sip_banners.xml +9 -14
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +233 -13
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +776 -52
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +259 -80
  77. data/xml/telnet_banners.xml +376 -23
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +37 -13
  80. data/xml/x509_subjects.xml +525 -55
  81. metadata +29 -6
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
3
3
  <!--
4
4
  POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
9
  <description>OSX Cyrus POP</description>
9
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
19
20
  <param pos="1" name="host.domain"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
22
24
  <description>CMU Cyrus POP</description>
23
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
@@ -28,6 +30,7 @@
28
30
  <param pos="2" name="service.version"/>
29
31
  <param pos="1" name="host.domain"/>
30
32
  </fingerprint>
33
+
31
34
  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
32
35
  <description>IBM Lotus Notes/Domino</description>
33
36
  <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
@@ -36,6 +39,7 @@
36
39
  <param pos="0" name="service.product" value="Lotus Domino"/>
37
40
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
38
41
  </fingerprint>
42
+
39
43
  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
40
44
  <description>IBM Lotus Notes/Domino - Release variant</description>
41
45
  <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
@@ -45,6 +49,7 @@
45
49
  <param pos="1" name="service.version"/>
46
50
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
47
51
  </fingerprint>
52
+
48
53
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
49
54
  <description>Qpopper with Sphera mods</description>
50
55
  <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
@@ -54,6 +59,7 @@
54
59
  <param pos="1" name="service.version"/>
55
60
  <param pos="2" name="host.domain"/>
56
61
  </fingerprint>
62
+
57
63
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
58
64
  <description>Qpopper with MySQL auth module</description>
59
65
  <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
@@ -66,6 +72,7 @@
66
72
  <param pos="2" name="service.component.version"/>
67
73
  <param pos="3" name="host.domain"/>
68
74
  </fingerprint>
75
+
69
76
  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
70
77
  <description>Qpopper missing version info</description>
71
78
  <example>Qpopper (version 4.0.16) at foo.example.com</example>
@@ -77,6 +84,7 @@
77
84
  <param pos="1" name="service.version"/>
78
85
  <param pos="2" name="host.domain"/>
79
86
  </fingerprint>
87
+
80
88
  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
81
89
  <description>Qpopper with missing version info</description>
82
90
  <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
@@ -86,6 +94,7 @@
86
94
  <param pos="1" name="qpopper.version"/>
87
95
  <param pos="2" name="host.domain"/>
88
96
  </fingerprint>
97
+
89
98
  <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
90
99
  <description>Microsoft Exchange Server 2003</description>
91
100
  <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
@@ -100,6 +109,7 @@
100
109
  <param pos="0" name="os.product" value="Windows"/>
101
110
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
102
111
  </fingerprint>
112
+
103
113
  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
104
114
  <description>Microsoft Exchange Server 2000</description>
105
115
  <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
@@ -114,6 +124,7 @@
114
124
  <param pos="0" name="os.product" value="Windows"/>
115
125
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
116
126
  </fingerprint>
127
+
117
128
  <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
118
129
  <description>Microsoft Exchange Server</description>
119
130
  <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
@@ -127,6 +138,7 @@
127
138
  <param pos="0" name="os.product" value="Windows"/>
128
139
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
129
140
  </fingerprint>
141
+
130
142
  <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
131
143
  <description>Microsoft POP3 Services on Windows 2003</description>
132
144
  <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
@@ -139,6 +151,7 @@
139
151
  <param pos="0" name="os.product" value="Windows Server 2003"/>
140
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
141
153
  </fingerprint>
154
+
142
155
  <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
143
156
  <description>Microsoft Exchange Server 2007</description>
144
157
  <example>Microsoft Exchange Server 2007 POP3 service ready</example>
@@ -151,6 +164,7 @@
151
164
  <param pos="0" name="os.product" value="Windows"/>
152
165
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
153
166
  </fingerprint>
167
+
154
168
  <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
155
169
  <description>Microsoft Exchange Server, generic</description>
156
170
  <example>The Microsoft Exchange POP3 service is ready.</example>
@@ -163,12 +177,16 @@
163
177
  <param pos="0" name="os.product" value="Windows"/>
164
178
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
165
179
  </fingerprint>
180
+
166
181
  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
167
182
  <description>Dovecot Secure POP Server</description>
183
+ <param pos="0" name="service.vendor" value="Dovecot"/>
168
184
  <param pos="0" name="service.family" value="Dovecot"/>
169
185
  <param pos="0" name="service.product" value="Dovecot"/>
186
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
170
187
  <param pos="1" name="host.name"/>
171
188
  </fingerprint>
189
+
172
190
  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
173
191
  <description>VMware Zimbra POP</description>
174
192
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
@@ -177,6 +195,7 @@
177
195
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
178
196
  <param pos="1" name="host.name"/>
179
197
  </fingerprint>
198
+
180
199
  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
181
200
  <description>VMware Zimbra POP with version</description>
182
201
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
@@ -186,12 +205,14 @@
186
205
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
187
206
  <param pos="1" name="host.name"/>
188
207
  </fingerprint>
208
+
189
209
  <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
190
210
  <description>Generic masked POP3 server</description>
191
211
  <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
192
212
  <example>&lt;84427.1298535083@foo.example.com&gt;</example>
193
213
  <param pos="1" name="host.name"/>
194
214
  </fingerprint>
215
+
195
216
  <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
196
217
  <description>Apple Open Directory</description>
197
218
  <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
@@ -205,6 +226,7 @@
205
226
  <param pos="0" name="os.certainty" value="0.5"/>
206
227
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
207
228
  </fingerprint>
229
+
208
230
  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
209
231
  <description>TCP/IP Services for OpenVMS POP server</description>
210
232
  <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
@@ -218,6 +240,7 @@
218
240
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
219
241
  <param pos="2" name="host.name"/>
220
242
  </fingerprint>
243
+
221
244
  <fingerprint pattern="^Hello there\.$">
222
245
  <description>Courier MTA POP</description>
223
246
  <example>Hello there.</example>
@@ -225,6 +248,7 @@
225
248
  <param pos="0" name="service.family" value="Courier MTA"/>
226
249
  <param pos="0" name="service.product" value="Courier POP"/>
227
250
  </fingerprint>
251
+
228
252
  <fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
229
253
  <description>CMailServer</description>
230
254
  <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
@@ -234,6 +258,7 @@
234
258
  <param pos="0" name="os.vendor" value="Microsoft"/>
235
259
  <param pos="1" name="service.version"/>
236
260
  </fingerprint>
261
+
237
262
  <fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
238
263
  <description>POP3 Bigfoot server</description>
239
264
  <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
@@ -242,6 +267,7 @@
242
267
  <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
243
268
  <param pos="1" name="service.version"/>
244
269
  </fingerprint>
270
+
245
271
  <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
246
272
  <description>CCProxy POP3 server</description>
247
273
  <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
@@ -252,6 +278,7 @@
252
278
  <param pos="0" name="service.product" value="CCProxy"/>
253
279
  <param pos="1" name="service.version"/>
254
280
  </fingerprint>
281
+
255
282
  <fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
256
283
  <description>WinWebmail POP3</description>
257
284
  <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
@@ -263,6 +290,7 @@
263
290
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
264
291
  <param pos="1" name="service.version"/>
265
292
  </fingerprint>
293
+
266
294
  <fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
267
295
  <description>BlackJumboDog</description>
268
296
  <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
@@ -274,6 +302,7 @@
274
302
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
275
303
  <param pos="1" name="service.version"/>
276
304
  </fingerprint>
305
+
277
306
  <!--
278
307
  ; Mandrake 8.1 - uses UW IMAP
279
308
  ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -283,66 +312,38 @@
283
312
  // +OK POP3 [158.122.12.70] v2003.83mdk server ready
284
313
  // +OK POP3 [161.58.53.189] 2006b.94 server ready
285
314
  // +OK POP3 [192.168.0.250] v2000.70rh server ready
286
-
287
315
  ; Lotus Domino - NOTE: POP versions do not map to Domino version
288
316
  // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
289
317
  ( call ?j_popPatterns add
290
318
  "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
291
319
  ( call ?j_popNames add "Lotus-Domino" )
292
-
293
320
  // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
294
-
295
321
  // Ipswitch IMail
296
322
  // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
297
-
298
323
  // +OK X1 POP3 Mail Server
299
-
300
324
  // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
301
-
302
325
  // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
303
-
304
326
  // +OK IdeaPop3Server v0.50 ready.
305
-
306
327
  // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
307
-
308
328
  // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
309
-
310
329
  // +OK xxx CMailServer 5.2 POP3 Service Ready
311
-
312
330
  // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
313
-
314
331
  // +OK Gordano Messaging Suite POP3 server ready
315
332
  // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
316
-
317
333
  // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
318
-
319
-
320
334
  // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
321
-
322
335
  // +OK Welcome to MailEnable POP3 Server
323
-
324
336
  // +OK GroupWise POP3 server ready
325
-
326
337
  // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
327
-
328
338
  // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
329
-
330
339
  // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
331
-
332
340
  // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
333
-
334
341
  // +OK Solid POP3 server ready
335
-
336
342
  // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
337
-
338
343
  // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
339
-
340
344
  // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
341
-
342
345
  // +OK DPOP Version number supressed.
343
-
344
346
  // +OK XPOP3 0.0.1 server ready
345
-
346
347
  -ERR (Proxy) connect error:socket error:No route to host
347
348
  -ERR No permission
348
349
  -ERR sorry, POP server too busy right now. Try again later.
@@ -494,6 +495,6 @@
494
495
  // apparently this is a P3Scan Proxy bug
495
496
  // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
496
497
  Oops, that would loop!
497
-
498
498
  -->
499
- </fingerprints>
499
+
500
+ </fingerprints>
@@ -1,14 +1,16 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="rsh" database_type="service">
3
3
  <!--
4
4
  Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
5
5
  -->
6
+
6
7
  <fingerprint pattern="^.Permission denied: Error 0$">
7
8
  <description>Digital Unix rlogind</description>
8
9
  <example>xPermission denied: Error 0</example>
9
10
  <param pos="0" name="os.vendor" value="HP"/>
10
11
  <param pos="0" name="os.family" value="Digital Unix"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
13
15
  <description>Windows rlogind</description>
14
16
  <example>xWinsock RSHD/NT: Protocol negotiation error.
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="0" name="os.family" value="Windows"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
22
25
  <description>Solaris rlogind</description>
23
26
  <example>xpermission denied.
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Solaris"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
31
35
  <description>AIX rlogind</description>
32
36
  <example>xrlogind: Accxs refusx.
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="os.product" value="AIX"/>
37
41
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
40
45
  <description>A/UX rlogind</description>
41
46
  <example>xrlogind: Host name for your address (127.0.0.1) unknown.
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="os.vendor" value="Apple"/>
44
49
  <param pos="0" name="os.family" value="A/UX"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
47
53
  <description>HP-UX rexecd</description>
48
54
  <example>xrexecd: Login incorrect.
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="os.product" value="HP-UX"/>
53
59
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
56
63
  <description>AIX rexecd</description>
57
64
  <example>xrexecd: 0-1 The login is not correct.
@@ -61,6 +68,7 @@
61
68
  <param pos="0" name="os.product" value="AIX"/>
62
69
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
63
70
  </fingerprint>
71
+
64
72
  <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
65
73
  <description>HP-UX rshd</description>
66
74
  <example>xremshd: getservbyname
@@ -73,4 +81,5 @@
73
81
  <param pos="0" name="os.product" value="HP-UX"/>
74
82
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ </fingerprints>
@@ -1,76 +1,96 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
3
3
  <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
4
4
  <description>Flussonic Media Server</description>
5
5
  <example service.version="19.04">Flussonic (http://www.flussonic.com/) 19.04</example>
6
6
  <example service.version="20.01">Flussonic (http://www.flussonic.com/) 20.01</example>
7
7
  <param pos="0" name="service.vendor" value="Flussonic"/>
8
- <param pos="0" name="service.product" value="Flussonic Media Server" />
9
- <param pos="1" name="service.version" />
8
+ <param pos="0" name="service.product" value="Flussonic Media Server"/>
9
+ <param pos="1" name="service.version"/>
10
10
  </fingerprint>
11
+
11
12
  <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
12
13
  <description>Hipcam IP camera running the RealServer RTSP server.</description>
13
14
  <example service.version="1.0">Hipcam RealServer/V1.0</example>
14
15
  <param pos="0" name="service.vendor" value="RealNetworks"/>
15
- <param pos="0" name="service.product" value="RealServer" />
16
- <param pos="1" name="service.version" />
17
- <param pos="0" name="hw.vendor" value="Hipcam" />
18
- <param pos="0" name="hw.device" value="IP Camera" />
16
+ <param pos="0" name="service.product" value="RealServer"/>
17
+ <param pos="1" name="service.version"/>
18
+ <param pos="0" name="hw.vendor" value="Hipcam"/>
19
+ <param pos="0" name="hw.device" value="IP Camera"/>
19
20
  </fingerprint>
21
+
20
22
  <fingerprint pattern="^Dahua Rtsp Server$">
21
23
  <description>Dahua IP Camera</description>
22
24
  <example>Dahua Rtsp Server</example>
23
25
  <param pos="0" name="service.vendor" value="Dahua"/>
24
- <param pos="0" name="hw.vendor" value="Dahua" />
25
- <param pos="0" name="hw.device" value="IP Camera" />
26
+ <param pos="0" name="hw.vendor" value="Dahua"/>
27
+ <param pos="0" name="hw.device" value="IP Camera"/>
26
28
  </fingerprint>
29
+
27
30
  <fingerprint pattern="^GStreamer RTSP server$">
28
31
  <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
29
32
  <example>GStreamer RTSP server</example>
30
33
  <param pos="0" name="service.vendor" value="GStreamer"/>
31
- <param pos="0" name="service.product" value="GStreamer RTSP Server" />
34
+ <param pos="0" name="service.product" value="GStreamer RTSP Server"/>
32
35
  </fingerprint>
36
+
33
37
  <fingerprint pattern="^WMServer\/([\d\.]+)$">
34
38
  <description>Windows Media Server</description>
35
39
  <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
36
40
  <example service.version="9.5.6001.22609">WMServer/9.5.6001.22609</example>
37
41
  <param pos="0" name="service.vendor" value="Microsoft"/>
38
- <param pos="0" name="service.product" value="Windows Media Server" />
42
+ <param pos="0" name="service.product" value="Windows Media Server"/>
39
43
  <param pos="0" name="service.family" value="Windows Media Server"/>
40
- <param pos="1" name="service.version" />
44
+ <param pos="1" name="service.version"/>
41
45
  <param pos="0" name="os.vendor" value="Microsoft"/>
42
46
  <param pos="0" name="os.family" value="Windows"/>
43
47
  </fingerprint>
48
+
44
49
  <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
45
50
  <description>Wowza Media Systems Streaming Video Services</description>
46
51
  <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
47
52
  <example service.version="3.6.4" service.version.version="9641" service.product="Media Server">Wowza Media Server 3.6.4 build9641</example>
48
53
  <param pos="0" name="service.vendor" value="Wowza Media Systems"/>
49
- <param pos="1" name="service.product" />
50
- <param pos="2" name="service.version" />
51
- <param pos="3" name="service.version.version" />
54
+ <param pos="1" name="service.product"/>
55
+ <param pos="2" name="service.version"/>
56
+ <param pos="3" name="service.version.version"/>
52
57
  </fingerprint>
58
+
53
59
  <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
54
60
  <description>Foscam IP Camera</description>
55
61
  <example>HiIpcam/V100R003 VodServer/1.0.0</example>
56
- <param pos="0" name="hw.vendor" value="Foscam" />
57
- <param pos="0" name="hw.device" value="IP Camera" />
62
+ <param pos="0" name="hw.vendor" value="Foscam"/>
63
+ <param pos="0" name="hw.device" value="IP Camera"/>
58
64
  </fingerprint>
65
+
59
66
  <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
60
67
  <description>Indigo Security IP Camera</description>
61
68
  <example>Indigo-Security/1.0</example>
62
- <param pos="0" name="hw.vendor" value="Indigo Security" />
63
- <param pos="0" name="hw.device" value="IP Camera" />
69
+ <param pos="0" name="hw.vendor" value="Indigo Security"/>
70
+ <param pos="0" name="hw.device" value="IP Camera"/>
64
71
  </fingerprint>
72
+
65
73
  <fingerprint pattern="^Cisco MediaSense Media Server$">
66
74
  <description>Cisco MediaSense Media Server (RTSP)</description>
67
75
  <example>Cisco MediaSense Media Server</example>
68
76
  <param pos="0" name="service.vendor" value="Cisco"/>
69
- <param pos="0" name="service.product" value="MediaSense Media Server"/>
70
- <param pos="0" name="service.cpe23" value="cpe:2.3:a:cisco:mediasense:-"/>
77
+ <param pos="0" name="service.product" value="MediaSense"/>
78
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:mediasense:-"/>
71
79
  <param pos="0" name="os.vendor" value="Cisco"/>
72
80
  <param pos="0" name="hw.vendor" value="Cisco"/>
73
81
  <param pos="0" name="hw.device" value="SIP Gateway"/>
74
- <param pos="0" name="hw.product" value="MediaSense Server"/>
82
+ <param pos="0" name="hw.product" value="MediaSense"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ <fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
86
+ <description>Avigilon IP Camera</description>
87
+ <example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
88
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
89
+ <param pos="0" name="hw.device" value="IP Camera"/>
90
+ <param pos="0" name="os.vendor" value="Avigilon"/>
91
+ <param pos="0" name="os.family" value="Linux"/>
92
+ <param pos="0" name="os.product" value="Linux"/>
93
+ <param pos="1" name="os.version"/>
94
+ </fingerprint>
95
+
96
+ </fingerprints>