recog 2.3.7 → 2.3.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (81) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -2
  3. data/.ruby-gemset +1 -0
  4. data/.ruby-version +1 -0
  5. data/.travis.yml +2 -4
  6. data/CONTRIBUTING.md +136 -37
  7. data/Gemfile +2 -5
  8. data/README.md +18 -16
  9. data/bin/recog_cleanup +16 -0
  10. data/bin/recog_standardize +142 -0
  11. data/cpe-remap.yaml +36 -1
  12. data/features/match.feature +4 -0
  13. data/features/support/aruba.rb +3 -0
  14. data/features/verify.feature +5 -0
  15. data/identifiers/README.md +56 -0
  16. data/identifiers/hw_device.txt +77 -0
  17. data/identifiers/hw_family.txt +96 -0
  18. data/identifiers/hw_product.txt +328 -0
  19. data/identifiers/os_architecture.txt +20 -0
  20. data/identifiers/os_device.txt +94 -0
  21. data/identifiers/os_family.txt +325 -0
  22. data/identifiers/os_product.txt +420 -0
  23. data/identifiers/service_family.txt +272 -0
  24. data/identifiers/service_product.txt +557 -0
  25. data/identifiers/software_class.txt +26 -0
  26. data/identifiers/software_family.txt +91 -0
  27. data/identifiers/software_product.txt +333 -0
  28. data/identifiers/vendor.txt +891 -0
  29. data/lib/recog/version.rb +1 -1
  30. data/requirements.txt +1 -1
  31. data/spec/lib/fingerprint_self_test_spec.rb +1 -1
  32. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
  33. data/update_cpes.py +4 -1
  34. data/xml/apache_modules.xml +292 -5
  35. data/xml/apache_os.xml +50 -2
  36. data/xml/architecture.xml +19 -7
  37. data/xml/dns_versionbind.xml +200 -26
  38. data/xml/favicons.xml +1701 -0
  39. data/xml/ftp_banners.xml +276 -16
  40. data/xml/h323_callresp.xml +112 -12
  41. data/xml/hp_pjl_id.xml +47 -5
  42. data/xml/html_title.xml +1419 -72
  43. data/xml/http_cookies.xml +77 -10
  44. data/xml/http_servers.xml +898 -47
  45. data/xml/http_wwwauth.xml +154 -27
  46. data/xml/imap_banners.xml +23 -13
  47. data/xml/ldap_searchresult.xml +81 -9
  48. data/xml/mdns_device-info_txt.xml +194 -17
  49. data/xml/mdns_workstation_txt.xml +4 -2
  50. data/xml/mysql_banners.xml +554 -45
  51. data/xml/mysql_error.xml +113 -6
  52. data/xml/nntp_banners.xml +10 -2
  53. data/xml/ntp_banners.xml +95 -11
  54. data/xml/operating_system.xml +90 -3
  55. data/xml/pop_banners.xml +32 -31
  56. data/xml/rsh_resp.xml +11 -2
  57. data/xml/rtsp_servers.xml +43 -23
  58. data/xml/sip_banners.xml +9 -14
  59. data/xml/sip_user_agents.xml +69 -3
  60. data/xml/smb_native_lm.xml +10 -2
  61. data/xml/smb_native_os.xml +80 -2
  62. data/xml/smtp_banners.xml +233 -13
  63. data/xml/smtp_debug.xml +6 -4
  64. data/xml/smtp_ehlo.xml +7 -5
  65. data/xml/smtp_expn.xml +13 -4
  66. data/xml/smtp_help.xml +23 -4
  67. data/xml/smtp_mailfrom.xml +5 -2
  68. data/xml/smtp_noop.xml +6 -5
  69. data/xml/smtp_quit.xml +5 -4
  70. data/xml/smtp_rcptto.xml +5 -2
  71. data/xml/smtp_rset.xml +4 -4
  72. data/xml/smtp_turn.xml +4 -4
  73. data/xml/smtp_vrfy.xml +14 -4
  74. data/xml/snmp_sysdescr.xml +776 -52
  75. data/xml/snmp_sysobjid.xml +47 -2
  76. data/xml/ssh_banners.xml +259 -80
  77. data/xml/telnet_banners.xml +376 -23
  78. data/xml/x11_banners.xml +27 -4
  79. data/xml/x509_issuers.xml +37 -13
  80. data/xml/x509_subjects.xml +525 -55
  81. metadata +29 -6
@@ -1,18 +1,18 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.server" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP Server header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
6
 
7
7
  <!-- Cisco/Tandberg Products -->
8
-
8
+
9
9
  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
10
10
  <description>Cisco IOS SIP Gateway w/ Vague Version</description>
11
11
  <example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
12
12
  <param pos="0" name="service.vendor" value="Cisco"/>
13
13
  <param pos="0" name="service.family" value="IOS"/>
14
14
  <param pos="0" name="service.product" value="IOS"/>
15
- <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:{os.version}"/>
15
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:-"/>
16
16
  <param pos="0" name="os.vendor" value="Cisco"/>
17
17
  <param pos="0" name="os.family" value="IOS"/>
18
18
  <param pos="0" name="os.product" value="IOS"/>
@@ -30,11 +30,11 @@
30
30
  <example os.version="15.2.3.T">Cisco-SIPGateway/IOS-15.2.3.T</example>
31
31
  <example os.version="15.4.3.S5">Cisco-SIPGateway/IOS-15.4.3.S5</example>
32
32
  <example os.version="15.6.3.M0a">Cisco-SIPGateway/IOS-15.6.3.M0a</example>
33
- <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>
33
+ <example os.version="16.3.6">Cisco-SIPGateway/IOS-16.3.6</example>
34
34
  <param pos="0" name="service.vendor" value="Cisco"/>
35
35
  <param pos="0" name="service.family" value="IOS"/>
36
36
  <param pos="0" name="service.product" value="IOS"/>
37
- <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:{os.version}"/>
37
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:-"/>
38
38
  <param pos="0" name="os.vendor" value="Cisco"/>
39
39
  <param pos="0" name="os.family" value="IOS"/>
40
40
  <param pos="0" name="os.product" value="IOS"/>
@@ -130,7 +130,6 @@
130
130
  <param pos="0" name="os.product" value="Linux"/>
131
131
  <param pos="1" name="tandberg.model"/>
132
132
  <param pos="2" name="os.version"/>
133
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:telepresence:{os.version}"/>
134
133
  <param pos="0" name="hw.vendor" value="Cisco"/>
135
134
  <param pos="0" name="hw.family" value="TelePresence"/>
136
135
  <param pos="0" name="hw.device" value="Video Conferencing"/>
@@ -144,13 +143,12 @@
144
143
  <example os.version="X8.2.1" hw.product="TANDBERG/4130">TANDBERG/4130 (X8.2.1)</example>
145
144
  <example os.version="XC2.2.1-b2bua-1.0" hw.product="TANDBERG/4353" tandberg.model="4353">TANDBERG/4353 (XC2.2.1-b2bua-1.0)</example>
146
145
  <example os.version="TC5.1.4.295090" hw.product="TANDBERG/516" tandberg.model="516">TANDBERG/516 (TC5.1.4.295090)</example>
147
- <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>
146
+ <example os.version="TCNC5.1.4.295090" hw.product="TANDBERG/517" tandberg.model="517">TANDBERG/517 (TCNC5.1.4.295090)</example>
148
147
  <param pos="0" name="os.vendor" value="Tandberg"/>
149
148
  <param pos="0" name="os.family" value="Linux"/>
150
149
  <param pos="0" name="os.product" value="Linux"/>
151
150
  <param pos="2" name="tandberg.model"/>
152
151
  <param pos="3" name="os.version"/>
153
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:telepresence:{os.version}"/>
154
152
  <param pos="0" name="hw.vendor" value="Cisco"/>
155
153
  <param pos="0" name="hw.family" value="TelePresence"/>
156
154
  <param pos="0" name="hw.device" value="Video Conferencing"/>
@@ -256,10 +254,10 @@
256
254
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
257
255
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
258
256
  <example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
259
- <param pos="0" name="os.vendor" value="Audiocodes"/>
257
+ <param pos="0" name="os.vendor" value="AudioCodes"/>
260
258
  <param pos="0" name="os.family" value="SIP Gateway"/>
261
259
  <param pos="2" name="os.version"/>
262
- <param pos="0" name="hw.vendor" value="Audiocodes"/>
260
+ <param pos="0" name="hw.vendor" value="AudioCodes"/>
263
261
  <param pos="0" name="hw.family" value="SIP Gateway"/>
264
262
  <param pos="0" name="hw.device" value="SIP Gateway"/>
265
263
  <param pos="1" name="hw.product"/>
@@ -296,7 +294,6 @@
296
294
  <param pos="0" name="service.family" value="PBX"/>
297
295
  <param pos="0" name="service.product" value="PBX"/>
298
296
  <param pos="1" name="service.version"/>
299
- <param pos="0" name="service.cpe23" value="cpe:/a:asterisk:asterisk:{service.version}"/>
300
297
  </fingerprint>
301
298
 
302
299
  <fingerprint pattern="^Asterisk PBX$">
@@ -305,7 +302,6 @@
305
302
  <param pos="0" name="service.vendor" value="Asterisk"/>
306
303
  <param pos="0" name="service.family" value="PBX"/>
307
304
  <param pos="0" name="service.product" value="PBX"/>
308
- <param pos="0" name="service.cpe23" value="cpe:/a:asterisk:asterisk:-"/>
309
305
  </fingerprint>
310
306
 
311
307
  <fingerprint pattern="^FPBX-(\S+)$">
@@ -316,7 +312,6 @@
316
312
  <param pos="0" name="service.family" value="PBX"/>
317
313
  <param pos="0" name="service.product" value="PBX"/>
318
314
  <param pos="1" name="service.version"/>
319
- <param pos="0" name="service.cpe23" value="cpe:/a:freepbx:freepbx:{service.version}"/>
320
315
  </fingerprint>
321
316
 
322
317
  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
@@ -327,10 +322,10 @@
327
322
  <param pos="0" name="service.product" value="SIP Server"/>
328
323
  <param pos="1" name="service.version"/>
329
324
  <param pos="2" name="kamailio.platform"/>
330
- <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
331
325
  </fingerprint>
332
326
 
333
327
  <!-- This match covers multiple product families and should be split up further -->
328
+
334
329
  <fingerprint pattern="^Algo-([^/]+)/(.*)$">
335
330
  <description>Algo SIP Device</description>
336
331
  <example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
@@ -1,9 +1,11 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
+
6
7
  <!-- Axis devices -->
8
+
7
9
  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
8
10
  <description>Axis Network Video Door stations, which have voice</description>
9
11
  <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
@@ -11,7 +13,10 @@
11
13
  <param pos="0" name="hw.device" value="Web cam"/>
12
14
  <param pos="0" name="hw.family" value="Network Video Door Station"/>
13
15
  <param pos="1" name="hw.product"/>
16
+ <param pos="0" name="os.vendor" value="AXIS"/>
17
+ <param pos="0" name="os.family" value="Linux"/>
14
18
  </fingerprint>
19
+
15
20
  <fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
16
21
  <description>Axis Network audio devices</description>
17
22
  <example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
@@ -20,8 +25,12 @@
20
25
  <param pos="0" name="hw.vendor" value="Axis"/>
21
26
  <param pos="0" name="hw.family" value="Network Audio"/>
22
27
  <param pos="1" name="hw.product"/>
28
+ <param pos="0" name="os.vendor" value="AXIS"/>
29
+ <param pos="0" name="os.family" value="Linux"/>
23
30
  </fingerprint>
31
+
24
32
  <!-- Cisco Devices -->
33
+
25
34
  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
26
35
  <description>Cisco SIPGateway</description>
27
36
  <example>Cisco-SIPGateway/IOS-12.x</example>
@@ -30,13 +39,16 @@
30
39
  <param pos="1" name="os.version"/>
31
40
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
32
41
  </fingerprint>
42
+
33
43
  <!-- AVM.DE Devices -->
44
+
34
45
  <fingerprint pattern="^FRITZ!OS$">
35
46
  <description>AVM FritzOS Device</description>
36
47
  <example>FRITZ!OS</example>
37
48
  <param pos="0" name="os.vendor" value="AVM"/>
38
49
  <param pos="0" name="os.product" value="FRITZ!BOX"/>
39
50
  </fingerprint>
51
+
40
52
  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
41
53
  <description>AVM FritzBox</description>
42
54
  <example>AVM FRITZ!Box Fon 06.03.13</example>
@@ -56,6 +68,7 @@
56
68
  <param pos="1" name="os.product"/>
57
69
  <param pos="2" name="os.version"/>
58
70
  </fingerprint>
71
+
59
72
  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
60
73
  <description>AVM FritzFon</description>
61
74
  <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
@@ -65,6 +78,7 @@
65
78
  <param pos="1" name="os.product"/>
66
79
  <param pos="2" name="os.version"/>
67
80
  </fingerprint>
81
+
68
82
  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
69
83
  <description>AVM Multibox</description>
70
84
  <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
@@ -73,12 +87,15 @@
73
87
  <param pos="1" name="os.product"/>
74
88
  <param pos="2" name="os.version"/>
75
89
  </fingerprint>
90
+
76
91
  <!-- Huawei devices -->
92
+
77
93
  <fingerprint pattern="(?i)^Huawei$">
78
94
  <description>Huawei generic</description>
79
95
  <example>Huawei</example>
80
96
  <param pos="0" name="hw.vendor" value="Huawei"/>
81
97
  </fingerprint>
98
+
82
99
  <fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
83
100
  <description>Huawei Home Gateway</description>
84
101
  <example>Huawei-HomeGateway/V100R001</example>
@@ -86,6 +103,7 @@
86
103
  <param pos="0" name="hw.device" value="Broadband router"/>
87
104
  <param pos="0" name="hw.product" value="Home Gateway"/>
88
105
  </fingerprint>
106
+
89
107
  <fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
90
108
  <description>Huawei EchoLife Home Gateway</description>
91
109
  <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
@@ -94,6 +112,7 @@
94
112
  <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
95
113
  <param pos="1" name="hw.model"/>
96
114
  </fingerprint>
115
+
97
116
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
98
117
  <description>Huawei Softswitch</description>
99
118
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
@@ -102,6 +121,7 @@
102
121
  <param pos="0" name="hw.product" value="Softswitch"/>
103
122
  <param pos="1" name="hw.model"/>
104
123
  </fingerprint>
124
+
105
125
  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
106
126
  <description>Mitel SIP Phones</description>
107
127
  <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
@@ -111,6 +131,7 @@
111
131
  <param pos="2" name="hw.version"/>
112
132
  <param pos="3" name="host.mac"/>
113
133
  </fingerprint>
134
+
114
135
  <fingerprint pattern="^Mitel Border GW/(\S+)$">
115
136
  <description>Mitel SIP Gateway</description>
116
137
  <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
@@ -119,13 +140,14 @@
119
140
  <param pos="0" name="hw.product" value="Border GW"/>
120
141
  <param pos="1" name="hw.version"/>
121
142
  </fingerprint>
143
+
122
144
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
123
145
  <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
124
146
  <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
125
147
  <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
126
148
  <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
127
149
  <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
128
- <example hw.version="4.0.8.1608" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
150
+ <example hw.version="4.0.8.1608" hw.model="7000" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
129
151
  <param pos="0" name="hw.vendor" value="Polycom"/>
130
152
  <param pos="0" name="hw.device" value="VoIP"/>
131
153
  <param pos="1" name="hw.family"/>
@@ -134,6 +156,7 @@
134
156
  <param pos="3" name="hw.version"/>
135
157
  <param pos="4" name="host.mac"/>
136
158
  </fingerprint>
159
+
137
160
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
138
161
  <description>Polycom RealPresence Trio Phones</description>
139
162
  <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
@@ -147,6 +170,7 @@
147
170
  <param pos="2" name="hw.version"/>
148
171
  <param pos="3" name="host.mac"/>
149
172
  </fingerprint>
173
+
150
174
  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
151
175
  <description>Polycom HDX Video Conferencing</description>
152
176
  <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
@@ -160,6 +184,7 @@
160
184
  <param pos="1" name="hw.model"/>
161
185
  <param pos="2" name="hw.version"/>
162
186
  </fingerprint>
187
+
163
188
  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
164
189
  <description>Polycom RealPresence Group Video Conferencing</description>
165
190
  <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
@@ -170,6 +195,7 @@
170
195
  <param pos="1" name="hw.model"/>
171
196
  <param pos="2" name="hw.version"/>
172
197
  </fingerprint>
198
+
173
199
  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
174
200
  <description>Nero SIPPS IP Phone</description>
175
201
  <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
@@ -179,4 +205,44 @@
179
205
  <param pos="0" name="service.product" value="SIPPS IP Phone"/>
180
206
  <param pos="1" name="service.version"/>
181
207
  </fingerprint>
182
- </fingerprints>
208
+
209
+ <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
210
+ <description>ShoreTel VoIP Switch</description>
211
+ <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
212
+ <example hw.version="22.11.4900.0">ShoreGear/22.11.4900.0 (ShoreTel 15)</example>
213
+ <param pos="0" name="hw.vendor" value="ShoreTel"/>
214
+ <param pos="0" name="hw.device" value="VoIP Switch"/>
215
+ <param pos="1" name="hw.version"/>
216
+ </fingerprint>
217
+
218
+ <fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
219
+ <description>Crestron Mercury</description>
220
+ <example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
221
+ <param pos="0" name="hw.vendor" value="Crestron"/>
222
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
223
+ <param pos="0" name="hw.product" value="Mercury"/>
224
+ <param pos="0" name="os.vendor" value="Crestron"/>
225
+ <param pos="0" name="os.family" value="Linux"/>
226
+ <param pos="0" name="os.device" value="Video Conferencing"/>
227
+ <param pos="1" name="host.mac"/>
228
+ </fingerprint>
229
+
230
+ <fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
231
+ <description>Konftel IP Phone</description>
232
+ <example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
233
+ <param pos="0" name="hw.vendor" value="Konftel"/>
234
+ <param pos="0" name="hw.device" value="VoIP"/>
235
+ <param pos="1" name="hw.version"/>
236
+ <param pos="2" name="host.mac"/>
237
+ </fingerprint>
238
+
239
+ <fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
240
+ <description>Sangoma IP Phone</description>
241
+ <example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
242
+ <param pos="0" name="hw.vendor" value="Sangoma"/>
243
+ <param pos="0" name="hw.device" value="VoIP"/>
244
+ <param pos="2" name="hw.version"/>
245
+ <param pos="1" name="hw.product"/>
246
+ </fingerprint>
247
+
248
+ </fingerprints>
@@ -1,10 +1,12 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
5
5
  negotations
6
6
  -->
7
+
7
8
  <!-- Mac OS X -->
9
+
8
10
  <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
9
11
  <description>Samba on OS X 10.6</description>
10
12
  <example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
@@ -18,6 +20,7 @@
18
20
  <param pos="1" name="service.version"/>
19
21
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^Samba (3\.0\.25b-apple)$">
22
25
  <description>Samba on OS X 10.5</description>
23
26
  <example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
@@ -31,7 +34,9 @@
31
34
  <param pos="1" name="service.version"/>
32
35
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
33
36
  </fingerprint>
37
+
34
38
  <!-- TODO: Detect vendor, distribution, and package versions -->
39
+
35
40
  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
36
41
  <description>Samba</description>
37
42
  <example>Samba 3.0.24</example>
@@ -45,11 +50,13 @@
45
50
  <param pos="1" name="service.version"/>
46
51
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
47
52
  </fingerprint>
53
+
48
54
  <fingerprint pattern="^Netreon LANMAN 1.0$">
49
55
  <description>Netreon SAN software</description>
50
56
  <example>Netreon LANMAN 1.0</example>
51
57
  <param pos="0" name="service.vendor" value="Netreon"/>
52
58
  </fingerprint>
59
+
53
60
  <fingerprint pattern="(?i)^MikrotikSMB$">
54
61
  <description>Mikrotik</description>
55
62
  <example>MikrotikSMB</example>
@@ -59,4 +66,5 @@
59
66
  <param pos="0" name="os.product" value="RouterOS"/>
60
67
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
61
68
  </fingerprint>
62
- </fingerprints>
69
+
70
+ </fingerprints>
@@ -1,8 +1,9 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native OS field of SMB negotations
5
5
  -->
6
+
6
7
  <fingerprint pattern="^(Windows NT \d\.\d+)$">
7
8
  <description>Windows NT</description>
8
9
  <example os.product="Windows NT 4.0">Windows NT 4.0</example>
@@ -10,6 +11,7 @@
10
11
  <param pos="0" name="os.vendor" value="Microsoft"/>
11
12
  <param pos="1" name="os.product"/>
12
13
  </fingerprint>
14
+
13
15
  <fingerprint pattern="^(Windows (?:95|98|ME))$">
14
16
  <description>Windows 95/98/ME</description>
15
17
  <example os.product="Windows 95">Windows 95</example>
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="1" name="os.product"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^Windows 5\.0$">
22
25
  <description>Windows 2000</description>
23
26
  <example>Windows 5.0</example>
@@ -26,6 +29,7 @@
26
29
  <param pos="0" name="os.product" value="Windows 2000"/>
27
30
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
28
31
  </fingerprint>
32
+
29
33
  <fingerprint pattern="^Windows 5\.1$">
30
34
  <description>Windows XP</description>
31
35
  <example>Windows 5.1</example>
@@ -34,6 +38,7 @@
34
38
  <param pos="0" name="os.product" value="Windows XP"/>
35
39
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
36
40
  </fingerprint>
41
+
37
42
  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
38
43
  <description>Windows XP with Service Pack</description>
39
44
  <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -44,6 +49,7 @@
44
49
  <param pos="2" name="os.version"/>
45
50
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
46
51
  </fingerprint>
52
+
47
53
  <fingerprint pattern="^Windows XP (\d+)$">
48
54
  <description>Windows XP with build number</description>
49
55
  <example os.build="2600">Windows XP 2600</example>
@@ -53,6 +59,7 @@
53
59
  <param pos="1" name="os.build"/>
54
60
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
55
61
  </fingerprint>
62
+
56
63
  <fingerprint pattern="^Windows XP (Home|Professional)(?: Edition)?$">
57
64
  <description>Windows XP without a version</description>
58
65
  <example os.edition="Home">Windows XP Home Edition</example>
@@ -63,6 +70,7 @@
63
70
  <param pos="1" name="os.edition"/>
64
71
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
65
72
  </fingerprint>
73
+
66
74
  <fingerprint pattern="^Windows \.NET">
67
75
  <description>Windows Server 2003 Beta</description>
68
76
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -71,6 +79,7 @@
71
79
  <param pos="0" name="os.version" value="Beta"/>
72
80
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:Beta"/>
73
81
  </fingerprint>
82
+
74
83
  <fingerprint pattern="^Windows Server 2003 R2 (\d+)$">
75
84
  <description>Windows Server 2003 R2</description>
76
85
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -79,6 +88,7 @@
79
88
  <param pos="1" name="os.build"/>
80
89
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
81
90
  </fingerprint>
91
+
82
92
  <fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
83
93
  <description>Windows Server 2003 R2 (SP)</description>
84
94
  <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2</example>
@@ -90,6 +100,7 @@
90
100
  <param pos="2" name="os.version"/>
91
101
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^Windows Server 2003 (\d+)$">
94
105
  <description>Windows Server 2003 with a build</description>
95
106
  <example os.build="3790">Windows Server 2003 3790</example>
@@ -99,6 +110,7 @@
99
110
  <param pos="1" name="os.build"/>
100
111
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
101
112
  </fingerprint>
113
+
102
114
  <fingerprint pattern="^Windows Server 2003$">
103
115
  <description>Windows Server 2003 without a build</description>
104
116
  <example>Windows Server 2003</example>
@@ -107,6 +119,7 @@
107
119
  <param pos="0" name="os.product" value="Windows Server 2003"/>
108
120
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
109
121
  </fingerprint>
122
+
110
123
  <fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
111
124
  <description>Windows Server 2003 (SP)</description>
112
125
  <example os.build="3790" os.version="Service Pack 1">Windows Server 2003 3790 Service Pack 1, v.3309</example>
@@ -118,7 +131,9 @@
118
131
  <param pos="2" name="os.version"/>
119
132
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
120
133
  </fingerprint>
134
+
121
135
  <!-- Note that 2008 SP1 is technically "2008 Gold" according to Microsoft -->
136
+
122
137
  <fingerprint pattern="^Windows Server 2008$">
123
138
  <description>Windows Server 2008 without a build</description>
124
139
  <example>Windows Server 2008</example>
@@ -127,6 +142,7 @@
127
142
  <param pos="0" name="os.product" value="Windows Server 2008"/>
128
143
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
129
144
  </fingerprint>
145
+
130
146
  <fingerprint pattern="^Windows Server \(R\) 2008 (\w+|\w+ \w+|\w+ \w+ \w+)(?: (?:with|without) Hyper-V|) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
131
147
  <description>Windows Server 2008</description>
132
148
  <example os.edition="Enterprise" os.version="Service Pack 1">Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1</example>
@@ -139,6 +155,7 @@
139
155
  <param pos="3" name="os.version"/>
140
156
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
141
157
  </fingerprint>
158
+
142
159
  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+) (Service Pack \d+)$">
143
160
  <description>Windows Web Server 2008 (SP)</description>
144
161
  <example os.edition="Web" os.version="Service Pack 2">Windows (R) Web Server 2008 6002 Service Pack 2</example>
@@ -150,6 +167,7 @@
150
167
  <param pos="2" name="os.version"/>
151
168
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
152
169
  </fingerprint>
170
+
153
171
  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+)$">
154
172
  <description>Windows Web Server 2008</description>
155
173
  <example>Windows (R) Web Server 2008 6002</example>
@@ -160,7 +178,9 @@
160
178
  <param pos="1" name="os.build"/>
161
179
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
162
180
  </fingerprint>
181
+
163
182
  <!-- TODO: Need an example string -->
183
+
164
184
  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
165
185
  <description>Windows Server 2008 Storage (SP)</description>
166
186
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -171,7 +191,9 @@
171
191
  <param pos="2" name="os.version"/>
172
192
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
173
193
  </fingerprint>
194
+
174
195
  <!-- TODO: Need an example string -->
196
+
175
197
  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
176
198
  <description>Windows Web Server 2008 Storage</description>
177
199
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -181,6 +203,7 @@
181
203
  <param pos="1" name="os.build"/>
182
204
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
183
205
  </fingerprint>
206
+
184
207
  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
185
208
  <description>Windows Server 2008 HPC</description>
186
209
  <example>Windows Server 2008 HPC Edition 7601 Service Pack 1</example>
@@ -192,7 +215,9 @@
192
215
  <param pos="2" name="os.version"/>
193
216
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
194
217
  </fingerprint>
218
+
195
219
  <!-- TODO: Need an example string -->
220
+
196
221
  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
197
222
  <description>Windows Web Server 2008 HPC</description>
198
223
  <example>Windows Server 2008 HPC Edition 7600</example>
@@ -203,7 +228,9 @@
203
228
  <param pos="1" name="os.build"/>
204
229
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
205
230
  </fingerprint>
231
+
206
232
  <!-- 2008 R2 -->
233
+
207
234
  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
208
235
  <description>Windows Server 2008 R2</description>
209
236
  <example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
@@ -216,6 +243,7 @@
216
243
  <param pos="3" name="os.version"/>
217
244
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
218
245
  </fingerprint>
246
+
219
247
  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
220
248
  <description>Windows Server 2008 R2 without Service Pack</description>
221
249
  <example os.edition="Enterprise">Windows Server 2008 R2 Enterprise 7600</example>
@@ -228,6 +256,7 @@
228
256
  <param pos="2" name="os.build"/>
229
257
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
230
258
  </fingerprint>
259
+
231
260
  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
232
261
  <description>Windows Server 2016 with a build, without service pack</description>
233
262
  <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
@@ -240,6 +269,7 @@
240
269
  <param pos="2" name="os.build"/>
241
270
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
242
271
  </fingerprint>
272
+
243
273
  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
244
274
  <description>Windows Server 2016 Storage</description>
245
275
  <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
@@ -250,6 +280,7 @@
250
280
  <param pos="1" name="os.build"/>
251
281
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
252
282
  </fingerprint>
283
+
253
284
  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
254
285
  <description>Windows Server 2008 R2 Web</description>
255
286
  <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -261,6 +292,7 @@
261
292
  <param pos="2" name="os.version"/>
262
293
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
263
294
  </fingerprint>
295
+
264
296
  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+)$">
265
297
  <description>Windows Web Server 2008 R2 Web</description>
266
298
  <example>Windows Web Server 2008 R2 7600</example>
@@ -271,6 +303,7 @@
271
303
  <param pos="1" name="os.build"/>
272
304
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
273
305
  </fingerprint>
306
+
274
307
  <fingerprint pattern="^Windows Storage Server 2008 R2 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
275
308
  <description>Windows Server 2008 Storage R2 (SP)</description>
276
309
  <example os.version="Service Pack 1" os.build="7601">Windows Storage Server 2008 R2 Essentials 7601 Service Pack 1</example>
@@ -282,6 +315,7 @@
282
315
  <param pos="2" name="os.version"/>
283
316
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
284
317
  </fingerprint>
318
+
285
319
  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
286
320
  <description>Windows Vista (SP)</description>
287
321
  <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -293,6 +327,7 @@
293
327
  <param pos="3" name="os.version"/>
294
328
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:{os.version}"/>
295
329
  </fingerprint>
330
+
296
331
  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
297
332
  <description>Windows Vista</description>
298
333
  <example os.edition="Home Premium">Windows Vista (TM) Home Premium 6000</example>
@@ -303,6 +338,7 @@
303
338
  <param pos="2" name="os.build"/>
304
339
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:-"/>
305
340
  </fingerprint>
341
+
306
342
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
307
343
  <description>Windows 7/8 (SP + Edition)</description>
308
344
  <example os.edition="Enterprise" os.version="Service Pack 1">Windows 7 Enterprise 7601 Service Pack 1</example>
@@ -315,6 +351,7 @@
315
351
  <param pos="3" name="os.build"/>
316
352
  <param pos="4" name="os.version"/>
317
353
  </fingerprint>
354
+
318
355
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+) (Service Pack \d+)$">
319
356
  <description>Windows 7/8 (SP)</description>
320
357
  <example os.version="Service Pack 1">Windows 7 7601 Service Pack 1</example>
@@ -324,6 +361,7 @@
324
361
  <param pos="2" name="os.build"/>
325
362
  <param pos="3" name="os.version"/>
326
363
  </fingerprint>
364
+
327
365
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
328
366
  <description>Windows 7/8 (Edition)</description>
329
367
  <example os.edition="Enterprise">Windows 7 Enterprise 7600</example>
@@ -335,6 +373,7 @@
335
373
  <param pos="2" name="os.edition"/>
336
374
  <param pos="3" name="os.build"/>
337
375
  </fingerprint>
376
+
338
377
  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+)$">
339
378
  <description>Windows 7/8</description>
340
379
  <example>Windows 8 9200</example>
@@ -343,8 +382,11 @@
343
382
  <param pos="1" name="os.product"/>
344
383
  <param pos="2" name="os.build"/>
345
384
  </fingerprint>
385
+
346
386
  <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
387
+
347
388
  <!-- TODO: Need an example string -->
389
+
348
390
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
349
391
  <description>Windows Server 2012 R2 (SP)</description>
350
392
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -355,6 +397,7 @@
355
397
  <param pos="3" name="os.version"/>
356
398
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
357
399
  </fingerprint>
400
+
358
401
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
359
402
  <description>Windows Server 2012 R2</description>
360
403
  <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
@@ -365,7 +408,9 @@
365
408
  <param pos="2" name="os.build"/>
366
409
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
367
410
  </fingerprint>
411
+
368
412
  <!-- TODO: Need an example string -->
413
+
369
414
  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
370
415
  <description>Windows Server 2012 (SP)</description>
371
416
  <param pos="0" name="os.certainty" value="1.0"/>
@@ -376,6 +421,7 @@
376
421
  <param pos="3" name="os.version"/>
377
422
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
378
423
  </fingerprint>
424
+
379
425
  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
380
426
  <description>Windows Server 2012</description>
381
427
  <example>Windows Server 2012 Standard 9200</example>
@@ -386,6 +432,7 @@
386
432
  <param pos="2" name="os.build"/>
387
433
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
388
434
  </fingerprint>
435
+
389
436
  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
390
437
  <description>Windows MultiPoint Server 2012 (SP)</description>
391
438
  <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -397,6 +444,7 @@
397
444
  <param pos="2" name="os.version"/>
398
445
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
399
446
  </fingerprint>
447
+
400
448
  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
401
449
  <description>Windows MultiPoint Server 2012</description>
402
450
  <example os.build="9200">Windows MultiPoint Server 2012 Premium 9200</example>
@@ -407,7 +455,9 @@
407
455
  <param pos="1" name="os.build"/>
408
456
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
409
457
  </fingerprint>
458
+
410
459
  <!-- Windows 10 Preview -->
460
+
411
461
  <fingerprint pattern="^Windows 10 (\w+|\w+ \w+|\w+ \w+ \w+) Insider Preview (\d+)$">
412
462
  <description>Windows 10 Enterprise Insider Preview</description>
413
463
  <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise Insider Preview 10130</example>
@@ -418,6 +468,7 @@
418
468
  <param pos="2" name="os.build"/>
419
469
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
420
470
  </fingerprint>
471
+
421
472
  <fingerprint pattern="^Windows 10 ((?:\w+|\w+ \w+|\w+ \w+ \w+)(?: LTSB(?: Evaluation)?)?) (\d+)$">
422
473
  <description>Windows 10</description>
423
474
  <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise 10130</example>
@@ -435,6 +486,7 @@
435
486
  <param pos="2" name="os.build"/>
436
487
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
437
488
  </fingerprint>
489
+
438
490
  <fingerprint pattern="^VxWorks">
439
491
  <description>VxWorks</description>
440
492
  <example>VxWorks</example>
@@ -445,6 +497,7 @@
445
497
  <param pos="0" name="service.vendor" value="Wind River"/>
446
498
  <param pos="0" name="service.product" value="VxWorks CIFS"/>
447
499
  </fingerprint>
500
+
448
501
  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
449
502
  <description>OS/400</description>
450
503
  <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
@@ -453,13 +506,16 @@
453
506
  <param pos="1" name="os.version"/>
454
507
  <param pos="2" name="os.version.version"/>
455
508
  <param pos="3" name="os.version.version.version"/>
509
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
456
510
  </fingerprint>
511
+
457
512
  <fingerprint pattern="^Apple Base Station$">
458
513
  <description>SMB exposed via SMB shared USB disks on Apple devices</description>
459
514
  <example>Apple Base Station</example>
460
515
  <param pos="0" name="os.vendor" value="Apple"/>
461
516
  <param pos="0" name="hw.vendor" value="Apple"/>
462
517
  </fingerprint>
518
+
463
519
  <fingerprint pattern="^EMC-SNAS:T([\d\.]+)?$">
464
520
  <description>EMC Celerra</description>
465
521
  <example service.version="7.1.80.7">EMC-SNAS:T7.1.80.7</example>
@@ -474,12 +530,15 @@
474
530
  <param pos="0" name="hw.device" value="Storage"/>
475
531
  <param pos="0" name="hw.product" value="Celerra"/>
476
532
  </fingerprint>
533
+
477
534
  <fingerprint pattern="^Netreon OS 1.0$">
478
535
  <description>Netreon SAN software</description>
479
536
  <example>Netreon OS 1.0</example>
480
537
  <param pos="0" name="service.vendor" value="Netreon"/>
481
538
  </fingerprint>
539
+
482
540
  <!-- VisionFS -->
541
+
483
542
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">
484
543
  <description>AIX</description>
485
544
  <example service.version="9876">axai9876</example>
@@ -490,6 +549,7 @@
490
549
  <param pos="0" name="service.product" value="VisionFS"/>
491
550
  <param pos="1" name="service.version"/>
492
551
  </fingerprint>
552
+
493
553
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dg(\d{4})">
494
554
  <description>DG/UX</description>
495
555
  <example service.version="9876">i3dg9876</example>
@@ -499,6 +559,7 @@
499
559
  <param pos="0" name="service.product" value="VisionFS"/>
500
560
  <param pos="1" name="service.version"/>
501
561
  </fingerprint>
562
+
502
563
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dw(\d{4})">
503
564
  <description>Darwin</description>
504
565
  <example service.version="9876">m8dw9876</example>
@@ -509,6 +570,7 @@
509
570
  <param pos="0" name="service.product" value="VisionFS"/>
510
571
  <param pos="1" name="service.version"/>
511
572
  </fingerprint>
573
+
512
574
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dy(\d{4})">
513
575
  <description>DYNIX</description>
514
576
  <example service.version="9876">m8dy9876</example>
@@ -518,6 +580,7 @@
518
580
  <param pos="0" name="service.product" value="VisionFS"/>
519
581
  <param pos="1" name="service.version"/>
520
582
  </fingerprint>
583
+
521
584
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)fb(\d{4})">
522
585
  <description>FreeBSD</description>
523
586
  <example service.version="9876">m8fb9876</example>
@@ -528,6 +591,7 @@
528
591
  <param pos="0" name="service.product" value="VisionFS"/>
529
592
  <param pos="1" name="service.version"/>
530
593
  </fingerprint>
594
+
531
595
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)hp(\d{4})">
532
596
  <description>HP-UX</description>
533
597
  <example service.version="9876">m8hp9876</example>
@@ -538,6 +602,7 @@
538
602
  <param pos="0" name="service.product" value="VisionFS"/>
539
603
  <param pos="1" name="service.version"/>
540
604
  </fingerprint>
605
+
541
606
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ir(\d{4})">
542
607
  <description>IRIX</description>
543
608
  <example service.version="9876">m8ir9876</example>
@@ -548,6 +613,7 @@
548
613
  <param pos="0" name="service.product" value="VisionFS"/>
549
614
  <param pos="1" name="service.version"/>
550
615
  </fingerprint>
616
+
551
617
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)li(\d{4})">
552
618
  <description>Linux</description>
553
619
  <example service.version="9876">m8li9876</example>
@@ -558,6 +624,7 @@
558
624
  <param pos="0" name="service.product" value="VisionFS"/>
559
625
  <param pos="1" name="service.version"/>
560
626
  </fingerprint>
627
+
561
628
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)mo(\d{4})">
562
629
  <description>SVR</description>
563
630
  <example service.version="9876">m8mo9876</example>
@@ -567,6 +634,7 @@
567
634
  <param pos="0" name="service.product" value="VisionFS"/>
568
635
  <param pos="1" name="service.version"/>
569
636
  </fingerprint>
637
+
570
638
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)o1(\d{4})">
571
639
  <description>OSF/1</description>
572
640
  <example service.version="9876">m8o19876</example>
@@ -576,6 +644,7 @@
576
644
  <param pos="0" name="service.product" value="VisionFS"/>
577
645
  <param pos="1" name="service.version"/>
578
646
  </fingerprint>
647
+
579
648
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ro(\d{4})">
580
649
  <description>RISC OS</description>
581
650
  <example service.version="9876">m8ro9876</example>
@@ -584,6 +653,7 @@
584
653
  <param pos="0" name="service.product" value="VisionFS"/>
585
654
  <param pos="1" name="service.version"/>
586
655
  </fingerprint>
656
+
587
657
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sc(\d{4})">
588
658
  <description>OpenServer</description>
589
659
  <example service.version="9876">m8sc9876</example>
@@ -593,6 +663,7 @@
593
663
  <param pos="0" name="service.product" value="VisionFS"/>
594
664
  <param pos="1" name="service.version"/>
595
665
  </fingerprint>
666
+
596
667
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)so(\d{4})">
597
668
  <description>SunOS</description>
598
669
  <example service.version="9876">m8so9876</example>
@@ -603,6 +674,7 @@
603
674
  <param pos="0" name="service.product" value="VisionFS"/>
604
675
  <param pos="1" name="service.version"/>
605
676
  </fingerprint>
677
+
606
678
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)su(\d{4})">
607
679
  <description>Solaris</description>
608
680
  <example service.version="9876">m8su9876</example>
@@ -613,6 +685,7 @@
613
685
  <param pos="0" name="service.product" value="VisionFS"/>
614
686
  <param pos="1" name="service.version"/>
615
687
  </fingerprint>
688
+
616
689
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sx(\d{4})">
617
690
  <description>SINIX</description>
618
691
  <example service.version="9876">m8sx9876</example>
@@ -622,6 +695,7 @@
622
695
  <param pos="0" name="service.product" value="VisionFS"/>
623
696
  <param pos="1" name="service.version"/>
624
697
  </fingerprint>
698
+
625
699
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ul(\d{4})">
626
700
  <description>Ultrix/1</description>
627
701
  <example service.version="9876">m8ul9876</example>
@@ -631,6 +705,7 @@
631
705
  <param pos="0" name="service.product" value="VisionFS"/>
632
706
  <param pos="1" name="service.version"/>
633
707
  </fingerprint>
708
+
634
709
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)un(\d{4})">
635
710
  <description>UnixWare</description>
636
711
  <example service.version="9876">m8un9876</example>
@@ -640,6 +715,7 @@
640
715
  <param pos="0" name="service.product" value="VisionFS"/>
641
716
  <param pos="1" name="service.version"/>
642
717
  </fingerprint>
718
+
643
719
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)wi(\d{4})">
644
720
  <description>Windows</description>
645
721
  <example service.version="9876">m8wi9876</example>
@@ -650,6 +726,7 @@
650
726
  <param pos="0" name="service.product" value="VisionFS"/>
651
727
  <param pos="1" name="service.version"/>
652
728
  </fingerprint>
729
+
653
730
  <fingerprint pattern="^(?i:unix)$">
654
731
  <description>Generally some Samba variant, which reports Unix</description>
655
732
  <example>Unix</example>
@@ -659,4 +736,5 @@
659
736
  <param pos="0" name="service.vendor" value="Samba"/>
660
737
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
661
738
  </fingerprint>
662
- </fingerprints>
739
+
740
+ </fingerprints>