recog 2.3.7 → 2.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -2
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +18 -16
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +36 -1
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +200 -26
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +276 -16
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +1419 -72
  43. data/xml/http_cookies.xml +77 -10
  44. data/xml/http_servers.xml +898 -47
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +23 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +32 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +43 -23
  58. data/xml/sip_banners.xml +9 -14
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +233 -13
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +776 -52
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +259 -80
  77. data/xml/telnet_banners.xml +376 -23
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +37 -13
  80. data/xml/x509_subjects.xml +525 -55
  81. metadata +29 -6
data/xml/sip_banners.xml CHANGED
@@ -1,18 +1,18 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.server" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP Server header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
6
 
7
7
  <!-- Cisco/Tandberg Products -->
8
-
8
+
9
9
  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
10
10
  <description>Cisco IOS SIP Gateway w/ Vague Version</description>
11
11
  <example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
12
12
  <param pos="0" name="service.vendor" value="Cisco"/>
13
13
  <param pos="0" name="service.family" value="IOS"/>
14
14
  <param pos="0" name="service.product" value="IOS"/>
15
- <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:{os.version}"/>
15
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:-"/>
16
16
  <param pos="0" name="os.vendor" value="Cisco"/>
17
17
  <param pos="0" name="os.family" value="IOS"/>
18
18
  <param pos="0" name="os.product" value="IOS"/>
@@ -30,11 +30,11 @@
30
30
  <example os.version="15.2.3.T">Cisco-SIPGateway/IOS-15.2.3.T</example>
31
31
  <example os.version="15.4.3.S5">Cisco-SIPGateway/IOS-15.4.3.S5</example>
32
32
  <example os.version="15.6.3.M0a">Cisco-SIPGateway/IOS-15.6.3.M0a</example>
33
- <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>
33
+ <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>
34
34
  <param pos="0" name="service.vendor" value="Cisco"/>
35
35
  <param pos="0" name="service.family" value="IOS"/>
36
36
  <param pos="0" name="service.product" value="IOS"/>
37
- <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:{os.version}"/>
37
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:-"/>
38
38
  <param pos="0" name="os.vendor" value="Cisco"/>
39
39
  <param pos="0" name="os.family" value="IOS"/>
40
40
  <param pos="0" name="os.product" value="IOS"/>
@@ -130,7 +130,6 @@
130
130
  <param pos="0" name="os.product" value="Linux"/>
131
131
  <param pos="1" name="tandberg.model"/>
132
132
  <param pos="2" name="os.version"/>
133
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:telepresence:{os.version}"/>
134
133
  <param pos="0" name="hw.vendor" value="Cisco"/>
135
134
  <param pos="0" name="hw.family" value="TelePresence"/>
136
135
  <param pos="0" name="hw.device" value="Video Conferencing"/>
@@ -144,13 +143,12 @@
144
143
  <example os.version="X8.2.1" hw.product="TANDBERG/4130">TANDBERG/4130 (X8.2.1)</example>
145
144
  <example os.version="XC2.2.1-b2bua-1.0" hw.product="TANDBERG/4353" tandberg.model="4353">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
146
145
  <example os.version="TC5.1.4.295090" hw.product="TANDBERG/516" tandberg.model="516">TANDBERG/516 (TC5.1.4.295090)</example>
147
- <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>
146
+ <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>
148
147
  <param pos="0" name="os.vendor" value="Tandberg"/>
149
148
  <param pos="0" name="os.family" value="Linux"/>
150
149
  <param pos="0" name="os.product" value="Linux"/>
151
150
  <param pos="2" name="tandberg.model"/>
152
151
  <param pos="3" name="os.version"/>
153
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:telepresence:{os.version}"/>
154
152
  <param pos="0" name="hw.vendor" value="Cisco"/>
155
153
  <param pos="0" name="hw.family" value="TelePresence"/>
156
154
  <param pos="0" name="hw.device" value="Video Conferencing"/>
@@ -256,10 +254,10 @@
256
254
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
257
255
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
258
256
  <example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
259
- <param pos="0" name="os.vendor" value="Audiocodes"/>
257
+ <param pos="0" name="os.vendor" value="AudioCodes"/>
260
258
  <param pos="0" name="os.family" value="SIP Gateway"/>
261
259
  <param pos="2" name="os.version"/>
262
- <param pos="0" name="hw.vendor" value="Audiocodes"/>
260
+ <param pos="0" name="hw.vendor" value="AudioCodes"/>
263
261
  <param pos="0" name="hw.family" value="SIP Gateway"/>
264
262
  <param pos="0" name="hw.device" value="SIP Gateway"/>
265
263
  <param pos="1" name="hw.product"/>
@@ -296,7 +294,6 @@
296
294
  <param pos="0" name="service.family" value="PBX"/>
297
295
  <param pos="0" name="service.product" value="PBX"/>
298
296
  <param pos="1" name="service.version"/>
299
- <param pos="0" name="service.cpe23" value="cpe:/a:asterisk:asterisk:{service.version}"/>
300
297
  </fingerprint>
301
298
 
302
299
  <fingerprint pattern="^Asterisk PBX$">
@@ -305,7 +302,6 @@
305
302
  <param pos="0" name="service.vendor" value="Asterisk"/>
306
303
  <param pos="0" name="service.family" value="PBX"/>
307
304
  <param pos="0" name="service.product" value="PBX"/>
308
- <param pos="0" name="service.cpe23" value="cpe:/a:asterisk:asterisk:-"/>
309
305
  </fingerprint>
310
306
 
311
307
  <fingerprint pattern="^FPBX-(\S+)$">
@@ -316,7 +312,6 @@
316
312
  <param pos="0" name="service.family" value="PBX"/>
317
313
  <param pos="0" name="service.product" value="PBX"/>
318
314
  <param pos="1" name="service.version"/>
319
- <param pos="0" name="service.cpe23" value="cpe:/a:freepbx:freepbx:{service.version}"/>
320
315
  </fingerprint>
321
316
 
322
317
  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
@@ -327,10 +322,10 @@
327
322
  <param pos="0" name="service.product" value="SIP Server"/>
328
323
  <param pos="1" name="service.version"/>
329
324
  <param pos="2" name="kamailio.platform"/>
330
- <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
331
325
  </fingerprint>
332
326
 
333
327
  <!-- This match covers multiple product families and should be split up further -->
328
+
334
329
  <fingerprint pattern="^Algo-([^/]+)/(.*)$">
335
330
  <description>Algo SIP Device</description>
336
331
  <example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
data/xml/sip_user_agents.xml CHANGED
@@ -1,9 +1,11 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
+
6
7
  <!-- Axis devices -->
8
+
7
9
  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
8
10
  <description>Axis Network Video Door stations, which have voice</description>
9
11
  <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
@@ -11,7 +13,10 @@
11
13
  <param pos="0" name="hw.device" value="Web cam"/>
12
14
  <param pos="0" name="hw.family" value="Network Video Door Station"/>
13
15
  <param pos="1" name="hw.product"/>
16
+ <param pos="0" name="os.vendor" value="AXIS"/>
17
+ <param pos="0" name="os.family" value="Linux"/>
14
18
  </fingerprint>
19
+
15
20
  <fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
16
21
  <description>Axis Network audio devices</description>
17
22
  <example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
@@ -20,8 +25,12 @@
20
25
  <param pos="0" name="hw.vendor" value="Axis"/>
21
26
  <param pos="0" name="hw.family" value="Network Audio"/>
22
27
  <param pos="1" name="hw.product"/>
28
+ <param pos="0" name="os.vendor" value="AXIS"/>
29
+ <param pos="0" name="os.family" value="Linux"/>
23
30
  </fingerprint>
31
+
24
32
  <!-- Cisco Devices -->
33
+
25
34
  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
26
35
  <description>Cisco SIPGateway</description>
27
36
  <example>Cisco-SIPGateway/IOS-12.x</example>
@@ -30,13 +39,16 @@
30
39
  <param pos="1" name="os.version"/>
31
40
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
32
41
  </fingerprint>
42
+
33
43
  <!-- AVM.DE Devices -->
44
+
34
45
  <fingerprint pattern="^FRITZ!OS$">
35
46
  <description>AVM FritzOS Device</description>
36
47
  <example>FRITZ!OS</example>
37
48
  <param pos="0" name="os.vendor" value="AVM"/>
38
49
  <param pos="0" name="os.product" value="FRITZ!BOX"/>
39
50
  </fingerprint>
51
+
40
52
  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
41
53
  <description>AVM FritzBox</description>
42
54
  <example>AVM FRITZ!Box Fon 06.03.13</example>
@@ -56,6 +68,7 @@
56
68
  <param pos="1" name="os.product"/>
57
69
  <param pos="2" name="os.version"/>
58
70
  </fingerprint>
71
+
59
72
  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
60
73
  <description>AVM FritzFon</description>
61
74
  <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
@@ -65,6 +78,7 @@
65
78
  <param pos="1" name="os.product"/>
66
79
  <param pos="2" name="os.version"/>
67
80
  </fingerprint>
81
+
68
82
  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
69
83
  <description>AVM Multibox</description>
70
84
  <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
@@ -73,12 +87,15 @@
73
87
  <param pos="1" name="os.product"/>
74
88
  <param pos="2" name="os.version"/>
75
89
  </fingerprint>
90
+
76
91
  <!-- Huawei devices -->
92
+
77
93
  <fingerprint pattern="(?i)^Huawei$">
78
94
  <description>Huawei generic</description>
79
95
  <example>Huawei</example>
80
96
  <param pos="0" name="hw.vendor" value="Huawei"/>
81
97
  </fingerprint>
98
+
82
99
  <fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
83
100
  <description>Huawei Home Gateway</description>
84
101
  <example>Huawei-HomeGateway/V100R001</example>
@@ -86,6 +103,7 @@
86
103
  <param pos="0" name="hw.device" value="Broadband router"/>
87
104
  <param pos="0" name="hw.product" value="Home Gateway"/>
88
105
  </fingerprint>
106
+
89
107
  <fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
90
108
  <description>Huawei EchoLife Home Gateway</description>
91
109
  <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
@@ -94,6 +112,7 @@
94
112
  <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
95
113
  <param pos="1" name="hw.model"/>
96
114
  </fingerprint>
115
+
97
116
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
98
117
  <description>Huawei Softswitch</description>
99
118
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
@@ -102,6 +121,7 @@
102
121
  <param pos="0" name="hw.product" value="Softswitch"/>
103
122
  <param pos="1" name="hw.model"/>
104
123
  </fingerprint>
124
+
105
125
  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
106
126
  <description>Mitel SIP Phones</description>
107
127
  <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
@@ -111,6 +131,7 @@
111
131
  <param pos="2" name="hw.version"/>
112
132
  <param pos="3" name="host.mac"/>
113
133
  </fingerprint>
134
+
114
135
  <fingerprint pattern="^Mitel Border GW/(\S+)$">
115
136
  <description>Mitel SIP Gateway</description>
116
137
  <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
@@ -119,13 +140,14 @@
119
140
  <param pos="0" name="hw.product" value="Border GW"/>
120
141
  <param pos="1" name="hw.version"/>
121
142
  </fingerprint>
143
+
122
144
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
123
145
  <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
124
146
  <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
125
147
  <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
126
148
  <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
127
149
  <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
128
- <example hw.version="4.0.8.1608" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
150
+ <example hw.version="4.0.8.1608" hw.model="7000" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
129
151
  <param pos="0" name="hw.vendor" value="Polycom"/>
130
152
  <param pos="0" name="hw.device" value="VoIP"/>
131
153
  <param pos="1" name="hw.family"/>
@@ -134,6 +156,7 @@
134
156
  <param pos="3" name="hw.version"/>
135
157
  <param pos="4" name="host.mac"/>
136
158
  </fingerprint>
159
+
137
160
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
138
161
  <description>Polycom RealPresence Trio Phones</description>
139
162
  <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
@@ -147,6 +170,7 @@
147
170
  <param pos="2" name="hw.version"/>
148
171
  <param pos="3" name="host.mac"/>
149
172
  </fingerprint>
173
+
150
174
  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
151
175
  <description>Polycom HDX Video Conferencing</description>
152
176
  <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
@@ -160,6 +184,7 @@
160
184
  <param pos="1" name="hw.model"/>
161
185
  <param pos="2" name="hw.version"/>
162
186
  </fingerprint>
187
+
163
188
  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
164
189
  <description>Polycom RealPresence Group Video Conferencing</description>
165
190
  <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
@@ -170,6 +195,7 @@
170
195
  <param pos="1" name="hw.model"/>
171
196
  <param pos="2" name="hw.version"/>
172
197
  </fingerprint>
198
+
173
199
  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
174
200
  <description>Nero SIPPS IP Phone</description>
175
201
  <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
@@ -179,4 +205,44 @@
179
205
  <param pos="0" name="service.product" value="SIPPS IP Phone"/>
180
206
  <param pos="1" name="service.version"/>
181
207
  </fingerprint>
182
- </fingerprints>
208
+
209
+ <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
210
+ <description>ShoreTel VoIP Switch</description>
211
+ <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
212
+ <example hw.version="22.11.4900.0">ShoreGear/22.11.4900.0 (ShoreTel 15)</example>
213
+ <param pos="0" name="hw.vendor" value="ShoreTel"/>
214
+ <param pos="0" name="hw.device" value="VoIP Switch"/>
215
+ <param pos="1" name="hw.version"/>
216
+ </fingerprint>
217
+
218
+ <fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
219
+ <description>Crestron Mercury</description>
220
+ <example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
221
+ <param pos="0" name="hw.vendor" value="Crestron"/>
222
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
223
+ <param pos="0" name="hw.product" value="Mercury"/>
224
+ <param pos="0" name="os.vendor" value="Crestron"/>
225
+ <param pos="0" name="os.family" value="Linux"/>
226
+ <param pos="0" name="os.device" value="Video Conferencing"/>
227
+ <param pos="1" name="host.mac"/>
228
+ </fingerprint>
229
+
230
+ <fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
231
+ <description>Konftel IP Phone</description>
232
+ <example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
233
+ <param pos="0" name="hw.vendor" value="Konftel"/>
234
+ <param pos="0" name="hw.device" value="VoIP"/>
235
+ <param pos="1" name="hw.version"/>
236
+ <param pos="2" name="host.mac"/>
237
+ </fingerprint>
238
+
239
+ <fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
240
+ <description>Sangoma IP Phone</description>
241
+ <example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
242
+ <param pos="0" name="hw.vendor" value="Sangoma"/>
243
+ <param pos="0" name="hw.device" value="VoIP"/>
244
+ <param pos="2" name="hw.version"/>
245
+ <param pos="1" name="hw.product"/>
246
+ </fingerprint>
247
+
248
+ </fingerprints>
data/xml/smb_native_lm.xml CHANGED
@@ -1,10 +1,12 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
5
5
  negotations
6
6
  -->
7
+
7
8
  <!-- Mac OS X -->
9
+
8
10
  <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
9
11
  <description>Samba on OS X 10.6</description>
10
12
  <example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
@@ -18,6 +20,7 @@
18
20
  <param pos="1" name="service.version"/>
19
21
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^Samba (3\.0\.25b-apple)$">
22
25
  <description>Samba on OS X 10.5</description>
23
26
  <example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
@@ -31,7 +34,9 @@
31
34
  <param pos="1" name="service.version"/>
32
35
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
33
36
  </fingerprint>
37
+
34
38
  <!-- TODO: Detect vendor, distribution, and package versions -->
39
+
35
40
  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
36
41
  <description>Samba</description>
37
42
  <example>Samba 3.0.24</example>
@@ -45,11 +50,13 @@
45
50
  <param pos="1" name="service.version"/>
46
51
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
47
52
  </fingerprint>
53
+
48
54
  <fingerprint pattern="^Netreon LANMAN 1.0$">
49
55
  <description>Netreon SAN software</description>
50
56
  <example>Netreon LANMAN 1.0</example>
51
57
  <param pos="0" name="service.vendor" value="Netreon"/>
52
58
  </fingerprint>
59
+
53
60
  <fingerprint pattern="(?i)^MikrotikSMB$">
54
61
  <description>Mikrotik</description>
55
62
  <example>MikrotikSMB</example>
@@ -59,4 +66,5 @@
59
66
  <param pos="0" name="os.product" value="RouterOS"/>
60
67
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
61
68
  </fingerprint>
62
- </fingerprints>
69
+
70
+ </fingerprints>
data/xml/smb_native_os.xml CHANGED
@@ -1,8 +1,9 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native OS field of SMB negotations
5
5
  -->
6
+
6
7
  <fingerprint pattern="^(Windows NT \d\.\d+)$">
7
8
  <description>Windows NT</description>
8
9
  <example os.product="Windows NT 4.0">Windows NT 4.0</example>
@@ -10,6 +11,7 @@
10
11
  <param pos="0" name="os.vendor" value="Microsoft"/>
11
12
  <param pos="1" name="os.product"/>
12
13
  </fingerprint>
14
+
13
15
  <fingerprint pattern="^(Windows (?:95|98|ME))$">
14
16
  <description>Windows 95/98/ME</description>
15
17
  <example os.product="Windows 95">Windows 95</example>
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="1" name="os.product"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^Windows 5\.0$">
22
25
  <description>Windows 2000</description>
23
26
  <example>Windows 5.0</example>
@@ -26,6 +29,7 @@
26
29
  <param pos="0" name="os.product" value="Windows 2000"/>
27
30
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
28
31
  </fingerprint>
32
+
29
33
  <fingerprint pattern="^Windows 5\.1$">
30
34
  <description>Windows XP</description>
31
35
  <example>Windows 5.1</example>
@@ -34,6 +38,7 @@
34
38
  <param pos="0" name="os.product" value="Windows XP"/>
35
39
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
36
40
  </fingerprint>
41
+
37
42
  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
38
43
  <description>Windows XP with Service Pack</description>
39
44
  <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -44,6 +49,7 @@
44
49
  <param pos="2" name="os.version"/>
45
50
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
46
51
  </fingerprint>
52
+
47
53
  <fingerprint pattern="^Windows XP (\d+)$">
48
54
  <description>Windows XP with build number</description>
49
55
  <example os.build="2600">Windows XP 2600</example>
@@ -53,6 +59,7 @@
53
59
  <param pos="1" name="os.build"/>
54
60
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
55
61
  </fingerprint>
62
+
56
63
  <fingerprint pattern="^Windows XP (Home|Professional)(?: Edition)?$">
57
64
  <description>Windows XP without a version</description>
58
65
  <example os.edition="Home">Windows XP Home Edition</example>
@@ -63,6 +70,7 @@
63
70
  <param pos="1" name="os.edition"/>
64
71
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
65
72
  </fingerprint>
73
+
66
74
  <fingerprint pattern="^Windows \.NET">
67
75
  <description>Windows Server 2003 Beta</description>
68
76
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -71,6 +79,7 @@
71
79
  <param pos="0" name="os.version" value="Beta"/>
72
80
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:Beta"/>
73
81
  </fingerprint>
82
+
74
83
  <fingerprint pattern="^Windows Server 2003 R2 (\d+)$">
75
84
  <description>Windows Server 2003 R2</description>
76
85
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -79,6 +88,7 @@
79
88
  <param pos="1" name="os.build"/>
80
89
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
81
90
  </fingerprint>
91
+
82
92
  <fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
83
93
  <description>Windows Server 2003 R2 (SP)</description>
84
94
  <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2</example>
@@ -90,6 +100,7 @@
90
100
  <param pos="2" name="os.version"/>
91
101
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^Windows Server 2003 (\d+)$">
94
105
  <description>Windows Server 2003 with a build</description>
95
106
  <example os.build="3790">Windows Server 2003 3790</example>
@@ -99,6 +110,7 @@
99
110
  <param pos="1" name="os.build"/>
100
111
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
101
112
  </fingerprint>
113
+
102
114
  <fingerprint pattern="^Windows Server 2003$">
103
115
  <description>Windows Server 2003 without a build</description>
104
116
  <example>Windows Server 2003</example>
@@ -107,6 +119,7 @@
107
119
  <param pos="0" name="os.product" value="Windows Server 2003"/>
108
120
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
109
121
  </fingerprint>
122
+
110
123
  <fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
111
124
  <description>Windows Server 2003 (SP)</description>
112
125
  <example os.build="3790" os.version="Service Pack 1">Windows Server 2003 3790 Service Pack 1, v.3309</example>
@@ -118,7 +131,9 @@
118
131
  <param pos="2" name="os.version"/>
119
132
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
120
133
  </fingerprint>
134
+
121
135
  <!-- Note that 2008 SP1 is technically "2008 Gold" according to Microsoft -->
136
+
122
137
  <fingerprint pattern="^Windows Server 2008$">
123
138
  <description>Windows Server 2008 without a build</description>
124
139
  <example>Windows Server 2008</example>
@@ -127,6 +142,7 @@
127
142
  <param pos="0" name="os.product" value="Windows Server 2008"/>
128
143
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
129
144
  </fingerprint>
145
+
130
146
  <fingerprint pattern="^Windows Server \(R\) 2008 (\w+|\w+ \w+|\w+ \w+ \w+)(?: (?:with|without) Hyper-V|) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
131
147
  <description>Windows Server 2008</description>
132
148
  <example os.edition="Enterprise" os.version="Service Pack 1">Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1</example>
@@ -139,6 +155,7 @@
139
155
  <param pos="3" name="os.version"/>
140
156
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
141
157
  </fingerprint>
158
+
142
159
  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+) (Service Pack \d+)$">
143
160
  <description>Windows Web Server 2008 (SP)</description>
144
161
  <example os.edition="Web" os.version="Service Pack 2">Windows (R) Web Server 2008 6002 Service Pack 2</example>
@@ -150,6 +167,7 @@
150
167
  <param pos="2" name="os.version"/>
151
168
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
152
169
  </fingerprint>
170
+
153
171
  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+)$">
154
172
  <description>Windows Web Server 2008</description>
155
173
  <example>Windows (R) Web Server 2008 6002</example>
@@ -160,7 +178,9 @@
160
178
  <param pos="1" name="os.build"/>
161
179
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
162
180
  </fingerprint>
181
+
163
182
  <!-- TODO: Need an example string -->
183
+
164
184
  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
165
185
  <description>Windows Server 2008 Storage (SP)</description>
166
186
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -171,7 +191,9 @@
171
191
  <param pos="2" name="os.version"/>
172
192
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
173
193
  </fingerprint>
194
+
174
195
  <!-- TODO: Need an example string -->
196
+
175
197
  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
176
198
  <description>Windows Web Server 2008 Storage</description>
177
199
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -181,6 +203,7 @@
181
203
  <param pos="1" name="os.build"/>
182
204
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
183
205
  </fingerprint>
206
+
184
207
  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
185
208
  <description>Windows Server 2008 HPC</description>
186
209
  <example>Windows Server 2008 HPC Edition 7601 Service Pack 1</example>
@@ -192,7 +215,9 @@
192
215
  <param pos="2" name="os.version"/>
193
216
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
194
217
  </fingerprint>
218
+
195
219
  <!-- TODO: Need an example string -->
220
+
196
221
  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
197
222
  <description>Windows Web Server 2008 HPC</description>
198
223
  <example>Windows Server 2008 HPC Edition 7600</example>
@@ -203,7 +228,9 @@
203
228
  <param pos="1" name="os.build"/>
204
229
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
205
230
  </fingerprint>
231
+
206
232
  <!-- 2008 R2 -->
233
+
207
234
  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
208
235
  <description>Windows Server 2008 R2</description>
209
236
  <example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
@@ -216,6 +243,7 @@
216
243
  <param pos="3" name="os.version"/>
217
244
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
218
245
  </fingerprint>
246
+
219
247
  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
220
248
  <description>Windows Server 2008 R2 without Service Pack</description>
221
249
  <example os.edition="Enterprise">Windows Server 2008 R2 Enterprise 7600</example>
@@ -228,6 +256,7 @@
228
256
  <param pos="2" name="os.build"/>
229
257
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
230
258
  </fingerprint>
259
+
231
260
  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
232
261
  <description>Windows Server 2016 with a build, without service pack</description>
233
262
  <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
@@ -240,6 +269,7 @@
240
269
  <param pos="2" name="os.build"/>
241
270
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
242
271
  </fingerprint>
272
+
243
273
  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
244
274
  <description>Windows Server 2016 Storage</description>
245
275
  <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
@@ -250,6 +280,7 @@
250
280
  <param pos="1" name="os.build"/>
251
281
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
252
282
  </fingerprint>
283
+
253
284
  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
254
285
  <description>Windows Server 2008 R2 Web</description>
255
286
  <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -261,6 +292,7 @@
261
292
  <param pos="2" name="os.version"/>
262
293
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
263
294
  </fingerprint>
295
+
264
296
  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+)$">
265
297
  <description>Windows Web Server 2008 R2 Web</description>
266
298
  <example>Windows Web Server 2008 R2 7600</example>
@@ -271,6 +303,7 @@
271
303
  <param pos="1" name="os.build"/>
272
304
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
273
305
  </fingerprint>
306
+
274
307
  <fingerprint pattern="^Windows Storage Server 2008 R2 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
275
308
  <description>Windows Server 2008 Storage R2 (SP)</description>
276
309
  <example os.version="Service Pack 1" os.build="7601">Windows Storage Server 2008 R2 Essentials 7601 Service Pack 1</example>
@@ -282,6 +315,7 @@
282
315
  <param pos="2" name="os.version"/>
283
316
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
284
317
  </fingerprint>
318
+
285
319
  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
286
320
  <description>Windows Vista (SP)</description>
287
321
  <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -293,6 +327,7 @@
293
327
  <param pos="3" name="os.version"/>
294
328
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:{os.version}"/>
295
329
  </fingerprint>
330
+
296
331
  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
297
332
  <description>Windows Vista</description>
298
333
  <example os.edition="Home Premium">Windows Vista (TM) Home Premium 6000</example>
@@ -303,6 +338,7 @@
303
338
  <param pos="2" name="os.build"/>
304
339
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:-"/>
305
340
  </fingerprint>
341
+
306
342
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
307
343
  <description>Windows 7/8 (SP + Edition)</description>
308
344
  <example os.edition="Enterprise" os.version="Service Pack 1">Windows 7 Enterprise 7601 Service Pack 1</example>
@@ -315,6 +351,7 @@
315
351
  <param pos="3" name="os.build"/>
316
352
  <param pos="4" name="os.version"/>
317
353
  </fingerprint>
354
+
318
355
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+) (Service Pack \d+)$">
319
356
  <description>Windows 7/8 (SP)</description>
320
357
  <example os.version="Service Pack 1">Windows 7 7601 Service Pack 1</example>
@@ -324,6 +361,7 @@
324
361
  <param pos="2" name="os.build"/>
325
362
  <param pos="3" name="os.version"/>
326
363
  </fingerprint>
364
+
327
365
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
328
366
  <description>Windows 7/8 (Edition)</description>
329
367
  <example os.edition="Enterprise">Windows 7 Enterprise 7600</example>
@@ -335,6 +373,7 @@
335
373
  <param pos="2" name="os.edition"/>
336
374
  <param pos="3" name="os.build"/>
337
375
  </fingerprint>
376
+
338
377
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+)$">
339
378
  <description>Windows 7/8</description>
340
379
  <example>Windows 8 9200</example>
@@ -343,8 +382,11 @@
343
382
  <param pos="1" name="os.product"/>
344
383
  <param pos="2" name="os.build"/>
345
384
  </fingerprint>
385
+
346
386
  <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
387
+
347
388
  <!-- TODO: Need an example string -->
389
+
348
390
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
349
391
  <description>Windows Server 2012 R2 (SP)</description>
350
392
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -355,6 +397,7 @@
355
397
  <param pos="3" name="os.version"/>
356
398
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
357
399
  </fingerprint>
400
+
358
401
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
359
402
  <description>Windows Server 2012 R2</description>
360
403
  <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
@@ -365,7 +408,9 @@
365
408
  <param pos="2" name="os.build"/>
366
409
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
367
410
  </fingerprint>
411
+
368
412
  <!-- TODO: Need an example string -->
413
+
369
414
  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
370
415
  <description>Windows Server 2012 (SP)</description>
371
416
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -376,6 +421,7 @@
376
421
  <param pos="3" name="os.version"/>
377
422
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
378
423
  </fingerprint>
424
+
379
425
  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
380
426
  <description>Windows Server 2012</description>
381
427
  <example>Windows Server 2012 Standard 9200</example>
@@ -386,6 +432,7 @@
386
432
  <param pos="2" name="os.build"/>
387
433
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
388
434
  </fingerprint>
435
+
389
436
  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
390
437
  <description>Windows MultiPoint Server 2012 (SP)</description>
391
438
  <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -397,6 +444,7 @@
397
444
  <param pos="2" name="os.version"/>
398
445
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
399
446
  </fingerprint>
447
+
400
448
  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
401
449
  <description>Windows MultiPoint Server 2012</description>
402
450
  <example os.build="9200">Windows MultiPoint Server 2012 Premium 9200</example>
@@ -407,7 +455,9 @@
407
455
  <param pos="1" name="os.build"/>
408
456
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
409
457
  </fingerprint>
458
+
410
459
  <!-- Windows 10 Preview -->
460
+
411
461
  <fingerprint pattern="^Windows 10 (\w+|\w+ \w+|\w+ \w+ \w+) Insider Preview (\d+)$">
412
462
  <description>Windows 10 Enterprise Insider Preview</description>
413
463
  <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise Insider Preview 10130</example>
@@ -418,6 +468,7 @@
418
468
  <param pos="2" name="os.build"/>
419
469
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
420
470
  </fingerprint>
471
+
421
472
  <fingerprint pattern="^Windows 10 ((?:\w+|\w+ \w+|\w+ \w+ \w+)(?: LTSB(?: Evaluation)?)?) (\d+)$">
422
473
  <description>Windows 10</description>
423
474
  <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise 10130</example>
@@ -435,6 +486,7 @@
435
486
  <param pos="2" name="os.build"/>
436
487
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
437
488
  </fingerprint>
489
+
438
490
  <fingerprint pattern="^VxWorks">
439
491
  <description>VxWorks</description>
440
492
  <example>VxWorks</example>
@@ -445,6 +497,7 @@
445
497
  <param pos="0" name="service.vendor" value="Wind River"/>
446
498
  <param pos="0" name="service.product" value="VxWorks CIFS"/>
447
499
  </fingerprint>
500
+
448
501
  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
449
502
  <description>OS/400</description>
450
503
  <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
@@ -453,13 +506,16 @@
453
506
  <param pos="1" name="os.version"/>
454
507
  <param pos="2" name="os.version.version"/>
455
508
  <param pos="3" name="os.version.version.version"/>
509
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
456
510
  </fingerprint>
511
+
457
512
  <fingerprint pattern="^Apple Base Station$">
458
513
  <description>SMB exposed via SMB shared USB disks on Apple devices</description>
459
514
  <example>Apple Base Station</example>
460
515
  <param pos="0" name="os.vendor" value="Apple"/>
461
516
  <param pos="0" name="hw.vendor" value="Apple"/>
462
517
  </fingerprint>
518
+
463
519
  <fingerprint pattern="^EMC-SNAS:T([\d\.]+)?$">
464
520
  <description>EMC Celerra</description>
465
521
  <example service.version="7.1.80.7">EMC-SNAS:T7.1.80.7</example>
@@ -474,12 +530,15 @@
474
530
  <param pos="0" name="hw.device" value="Storage"/>
475
531
  <param pos="0" name="hw.product" value="Celerra"/>
476
532
  </fingerprint>
533
+
477
534
  <fingerprint pattern="^Netreon OS 1.0$">
478
535
  <description>Netreon SAN software</description>
479
536
  <example>Netreon OS 1.0</example>
480
537
  <param pos="0" name="service.vendor" value="Netreon"/>
481
538
  </fingerprint>
539
+
482
540
  <!-- VisionFS -->
541
+
483
542
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">
484
543
  <description>AIX</description>
485
544
  <example service.version="9876">axai9876</example>
@@ -490,6 +549,7 @@
490
549
  <param pos="0" name="service.product" value="VisionFS"/>
491
550
  <param pos="1" name="service.version"/>
492
551
  </fingerprint>
552
+
493
553
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dg(\d{4})">
494
554
  <description>DG/UX</description>
495
555
  <example service.version="9876">i3dg9876</example>
@@ -499,6 +559,7 @@
499
559
  <param pos="0" name="service.product" value="VisionFS"/>
500
560
  <param pos="1" name="service.version"/>
501
561
  </fingerprint>
562
+
502
563
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dw(\d{4})">
503
564
  <description>Darwin</description>
504
565
  <example service.version="9876">m8dw9876</example>
@@ -509,6 +570,7 @@
509
570
  <param pos="0" name="service.product" value="VisionFS"/>
510
571
  <param pos="1" name="service.version"/>
511
572
  </fingerprint>
573
+
512
574
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dy(\d{4})">
513
575
  <description>DYNIX</description>
514
576
  <example service.version="9876">m8dy9876</example>
@@ -518,6 +580,7 @@
518
580
  <param pos="0" name="service.product" value="VisionFS"/>
519
581
  <param pos="1" name="service.version"/>
520
582
  </fingerprint>
583
+
521
584
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)fb(\d{4})">
522
585
  <description>FreeBSD</description>
523
586
  <example service.version="9876">m8fb9876</example>
@@ -528,6 +591,7 @@
528
591
  <param pos="0" name="service.product" value="VisionFS"/>
529
592
  <param pos="1" name="service.version"/>
530
593
  </fingerprint>
594
+
531
595
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)hp(\d{4})">
532
596
  <description>HP-UX</description>
533
597
  <example service.version="9876">m8hp9876</example>
@@ -538,6 +602,7 @@
538
602
  <param pos="0" name="service.product" value="VisionFS"/>
539
603
  <param pos="1" name="service.version"/>
540
604
  </fingerprint>
605
+
541
606
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ir(\d{4})">
542
607
  <description>IRIX</description>
543
608
  <example service.version="9876">m8ir9876</example>
@@ -548,6 +613,7 @@
548
613
  <param pos="0" name="service.product" value="VisionFS"/>
549
614
  <param pos="1" name="service.version"/>
550
615
  </fingerprint>
616
+
551
617
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)li(\d{4})">
552
618
  <description>Linux</description>
553
619
  <example service.version="9876">m8li9876</example>
@@ -558,6 +624,7 @@
558
624
  <param pos="0" name="service.product" value="VisionFS"/>
559
625
  <param pos="1" name="service.version"/>
560
626
  </fingerprint>
627
+
561
628
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)mo(\d{4})">
562
629
  <description>SVR</description>
563
630
  <example service.version="9876">m8mo9876</example>
@@ -567,6 +634,7 @@
567
634
  <param pos="0" name="service.product" value="VisionFS"/>
568
635
  <param pos="1" name="service.version"/>
569
636
  </fingerprint>
637
+
570
638
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)o1(\d{4})">
571
639
  <description>OSF/1</description>
572
640
  <example service.version="9876">m8o19876</example>
@@ -576,6 +644,7 @@
576
644
  <param pos="0" name="service.product" value="VisionFS"/>
577
645
  <param pos="1" name="service.version"/>
578
646
  </fingerprint>
647
+
579
648
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ro(\d{4})">
580
649
  <description>RISC OS</description>
581
650
  <example service.version="9876">m8ro9876</example>
@@ -584,6 +653,7 @@
584
653
  <param pos="0" name="service.product" value="VisionFS"/>
585
654
  <param pos="1" name="service.version"/>
586
655
  </fingerprint>
656
+
587
657
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sc(\d{4})">
588
658
  <description>OpenServer</description>
589
659
  <example service.version="9876">m8sc9876</example>
@@ -593,6 +663,7 @@
593
663
  <param pos="0" name="service.product" value="VisionFS"/>
594
664
  <param pos="1" name="service.version"/>
595
665
  </fingerprint>
666
+
596
667
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)so(\d{4})">
597
668
  <description>SunOS</description>
598
669
  <example service.version="9876">m8so9876</example>
@@ -603,6 +674,7 @@
603
674
  <param pos="0" name="service.product" value="VisionFS"/>
604
675
  <param pos="1" name="service.version"/>
605
676
  </fingerprint>
677
+
606
678
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)su(\d{4})">
607
679
  <description>Solaris</description>
608
680
  <example service.version="9876">m8su9876</example>
@@ -613,6 +685,7 @@
613
685
  <param pos="0" name="service.product" value="VisionFS"/>
614
686
  <param pos="1" name="service.version"/>
615
687
  </fingerprint>
688
+
616
689
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sx(\d{4})">
617
690
  <description>SINIX</description>
618
691
  <example service.version="9876">m8sx9876</example>
@@ -622,6 +695,7 @@
622
695
  <param pos="0" name="service.product" value="VisionFS"/>
623
696
  <param pos="1" name="service.version"/>
624
697
  </fingerprint>
698
+
625
699
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ul(\d{4})">
626
700
  <description>Ultrix/1</description>
627
701
  <example service.version="9876">m8ul9876</example>
@@ -631,6 +705,7 @@
631
705
  <param pos="0" name="service.product" value="VisionFS"/>
632
706
  <param pos="1" name="service.version"/>
633
707
  </fingerprint>
708
+
634
709
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)un(\d{4})">
635
710
  <description>UnixWare</description>
636
711
  <example service.version="9876">m8un9876</example>
@@ -640,6 +715,7 @@
640
715
  <param pos="0" name="service.product" value="VisionFS"/>
641
716
  <param pos="1" name="service.version"/>
642
717
  </fingerprint>
718
+
643
719
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)wi(\d{4})">
644
720
  <description>Windows</description>
645
721
  <example service.version="9876">m8wi9876</example>
@@ -650,6 +726,7 @@
650
726
  <param pos="0" name="service.product" value="VisionFS"/>
651
727
  <param pos="1" name="service.version"/>
652
728
  </fingerprint>
729
+
653
730
  <fingerprint pattern="^(?i:unix)$">
654
731
  <description>Generally some Samba variant, which reports Unix</description>
655
732
  <example>Unix</example>
@@ -659,4 +736,5 @@
659
736
  <param pos="0" name="service.vendor" value="Samba"/>
660
737
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
661
738
  </fingerprint>
662
- </fingerprints>
739
+
740
+ </fingerprints>