recog 2.3.8 → 2.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
data/xml/ftp_banners.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
3
  <!--
4
4
  FTP greeting messages (part of the banner after the response code) are matched
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
9
  <description>Microsoft FTP Server on Windows NT</description>
9
10
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
20
  <param pos="1" name="host.name"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
24
  <description>Microsoft FTP Server on Windows 2000</description>
23
25
  <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
32
34
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
35
  <param pos="1" name="host.name"/>
34
36
  </fingerprint>
37
+
35
38
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
40
  <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
45
48
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
49
  <param pos="1" name="host.name"/>
47
50
  </fingerprint>
51
+
48
52
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
54
  <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
58
62
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
63
  <param pos="1" name="host.name"/>
60
64
  </fingerprint>
65
+
61
66
  <fingerprint pattern="^Microsoft FTP Service$">
62
67
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
68
  <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
70
75
  <param pos="0" name="os.product" value="Windows"/>
71
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
77
  </fingerprint>
78
+
73
79
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
82
88
  <param pos="1" name="host.name"/>
83
89
  <param pos="2" name="service.version"/>
84
90
  </fingerprint>
91
+
85
92
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
94
101
  <param pos="1" name="host.name"/>
95
102
  <param pos="2" name="service.version"/>
96
103
  </fingerprint>
104
+
97
105
  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
106
  <description>WU-FTPD on various OS</description>
99
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
105
113
  <param pos="1" name="host.name"/>
106
114
  <param pos="2" name="service.version"/>
107
115
  </fingerprint>
116
+
108
117
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
118
  <description>FTPD on Mac OS X Server with a version</description>
110
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
119
128
  <param pos="2" name="os.version"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
130
  </fingerprint>
131
+
122
132
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
133
  <description>FTPD on Mac OS X Server without a version</description>
124
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
132
142
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
143
  <param pos="1" name="host.name"/>
134
144
  </fingerprint>
145
+
135
146
  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
147
  <description>Simple tnftpd banner with a version</description>
137
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
139
150
  <param pos="2" name="service.version"/>
140
151
  <param pos="1" name="host.name"/>
141
152
  </fingerprint>
153
+
142
154
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
155
  <description>SunOS/Solaris</description>
144
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
149
161
  <param pos="2" name="os.version"/>
150
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
163
  </fingerprint>
164
+
152
165
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
166
  <description>SunOS/Solaris 5.7-5.10</description>
154
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
160
173
  <param pos="2" name="os.version"/>
161
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
165
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
170
184
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
185
  <param pos="1" name="host.name"/>
172
186
  </fingerprint>
187
+
173
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
189
  <description>ProFTPD on Debian Linux</description>
175
190
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
184
199
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
200
  <param pos="2" name="host.name"/>
186
201
  </fingerprint>
202
+
187
203
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
204
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
205
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
197
213
  <param pos="2" name="os.product"/>
198
214
  <param pos="3" name="host.name"/>
199
215
  </fingerprint>
216
+
200
217
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
218
  <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
219
  <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
210
227
  <param pos="0" name="hw.product" value="ReadyNAS"/>
211
228
  <param pos="2" name="host.ip"/>
212
229
  </fingerprint>
230
+
213
231
  <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
232
  <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
233
  <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
222
240
  <param pos="0" name="hw.product" value="ReadyNAS"/>
223
241
  <param pos="1" name="host.name"/>
224
242
  </fingerprint>
243
+
225
244
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
245
  <description>ProFTPD on a wired Linksys device</description>
227
246
  <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
234
253
  <param pos="2" name="os.product"/>
235
254
  <param pos="3" name="host.name"/>
236
255
  </fingerprint>
256
+
237
257
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
258
  <description>ProFTPD with version info but no obvious OS info</description>
239
259
  <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
247
267
  <param pos="2" name="proftpd.server.name"/>
248
268
  <param pos="3" name="host.name"/>
249
269
  </fingerprint>
270
+
250
271
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
272
  <description>ProFTPD with only version info</description>
252
273
  <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
256
277
  <param pos="1" name="service.version"/>
257
278
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
279
  </fingerprint>
280
+
259
281
  <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
282
  <description>ProFTPD with no version info</description>
261
283
  <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
265
287
  <param pos="0" name="service.product" value="ProFTPD"/>
266
288
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
289
  </fingerprint>
290
+
268
291
  <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
292
  <description>ProFTPD with no version info, parenthetical form</description>
270
293
  <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
277
300
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
301
  <param pos="1" name="host.ip"/>
279
302
  </fingerprint>
303
+
280
304
  <fingerprint pattern="^ProFTPD Server$">
281
305
  <description>ProFTPD with no version info, short form</description>
282
306
  <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
285
309
  <param pos="0" name="service.product" value="ProFTPD"/>
286
310
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
311
  </fingerprint>
312
+
288
313
  <fingerprint pattern="^ProFTPD\s*$">
289
314
  <description>ProFTPD with no version info, super short form</description>
290
315
  <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
294
319
  <param pos="0" name="service.product" value="ProFTPD"/>
295
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
321
  </fingerprint>
322
+
297
323
  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
324
  <description>ProFTPD no valid servers configured</description>
299
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
304
330
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
331
  <param pos="1" name="host.name"/>
306
332
  </fingerprint>
333
+
307
334
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
335
  <description>ProFTPD with version info - truncated</description>
309
336
  <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
316
343
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
344
  <param pos="2" name="proftpd.server.name"/>
318
345
  </fingerprint>
346
+
319
347
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
348
  <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
349
  <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -326,15 +354,18 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
326
354
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
327
355
  <param pos="2" name="host.name"/>
328
356
  </fingerprint>
357
+
329
358
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
330
359
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
331
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
332
361
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
333
362
  more stuff</example>
363
+ <param pos="0" name="service.fvendor" value="PureFTPd"/>
334
364
  <param pos="0" name="service.family" value="Pure-FTPd"/>
335
365
  <param pos="0" name="service.product" value="Pure-FTPd"/>
336
366
  <param pos="1" name="service.version"/>
337
367
  </fingerprint>
368
+
338
369
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
339
370
  <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
340
371
  <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -344,39 +375,77 @@ more stuff</example>
344
375
  <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
345
376
  more text</example>
346
377
  <param pos="1" name="pureftpd.config"/>
378
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
347
379
  <param pos="0" name="service.family" value="Pure-FTPd"/>
348
380
  <param pos="0" name="service.product" value="Pure-FTPd"/>
381
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
349
382
  </fingerprint>
383
+
350
384
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
351
385
  <description>Basic Pure-FTPd banner, no version</description>
352
386
  <example>Welcome to Pure-FTPd</example>
353
387
  <example>Pure-FTPd.</example>
388
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
354
389
  <param pos="0" name="service.family" value="Pure-FTPd"/>
355
390
  <param pos="0" name="service.product" value="Pure-FTPd"/>
391
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
356
392
  </fingerprint>
393
+
357
394
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
358
395
  <description>Older Pure-FTPd versions</description>
359
396
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
360
397
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
361
398
  more text</example>
399
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
362
400
  <param pos="0" name="service.family" value="Pure-FTPd"/>
363
401
  <param pos="0" name="service.product" value="Pure-FTPd"/>
364
402
  <param pos="1" name="service.version"/>
403
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
404
+ </fingerprint>
405
+
406
+ <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
407
+
408
+ <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
409
+ <description>SolarWinds Serv-U with version </description>
410
+ <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
411
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
412
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
413
+ <param pos="0" name="service.family" value="Serv-U"/>
414
+ <param pos="1" name="service.version"/>
415
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
365
416
  </fingerprint>
366
- <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
367
- <description>Serv-U (only runs on Windows)</description>
417
+
418
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
419
+ <description>Serv-U Serv-U with version on Windows</description>
368
420
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
369
421
  <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
370
- <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
371
- <param pos="0" name="service.vendor" value="Rhino Software"/>
422
+ <param pos="0" name="service.vendor" value="Serv-U"/>
372
423
  <param pos="0" name="service.product" value="Serv-U"/>
373
424
  <param pos="0" name="service.family" value="Serv-U"/>
374
425
  <param pos="1" name="service.version"/>
426
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
375
427
  <param pos="0" name="os.vendor" value="Microsoft"/>
376
428
  <param pos="0" name="os.family" value="Windows"/>
377
429
  <param pos="0" name="os.product" value="Windows"/>
378
430
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
379
431
  </fingerprint>
432
+
433
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
434
+ <description>Serv-U Serv-U with version </description>
435
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
436
+ <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
437
+ <param pos="0" name="service.vendor" value="Serv-U"/>
438
+ <param pos="0" name="service.product" value="Serv-U"/>
439
+ <param pos="0" name="service.family" value="Serv-U"/>
440
+ <param pos="1" name="service.version"/>
441
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
442
+ </fingerprint>
443
+
444
+ <fingerprint pattern="^Welcom to Serv-U FTP Server$">
445
+ <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
446
+ <example>Welcom to Serv-U FTP Server</example>
447
+ </fingerprint>
448
+
380
449
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
381
450
  <description>zftpserver (only runs on Windows)</description>
382
451
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -388,46 +457,65 @@ more text</example>
388
457
  <param pos="0" name="os.product" value="Windows"/>
389
458
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
390
459
  </fingerprint>
460
+
391
461
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
392
462
  <description>vsFTPd (Very Secure FTP Daemon)</description>
393
463
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
394
464
  <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
465
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
395
466
  <param pos="0" name="service.family" value="vsFTPd"/>
396
467
  <param pos="0" name="service.product" value="vsFTPd"/>
397
468
  <param pos="1" name="service.version"/>
469
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
398
470
  <param pos="2" name="host.name"/>
399
471
  </fingerprint>
472
+
400
473
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
401
474
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
402
475
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
476
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
403
477
  <param pos="0" name="service.family" value="vsFTPd"/>
404
478
  <param pos="0" name="service.product" value="vsFTPd"/>
405
479
  <param pos="1" name="service.version"/>
480
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
406
481
  </fingerprint>
482
+
407
483
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
408
484
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
409
485
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
486
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
410
487
  <param pos="0" name="service.family" value="vsFTPd"/>
411
488
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
412
489
  <param pos="1" name="service.version"/>
413
490
  </fingerprint>
491
+
414
492
  <fingerprint pattern="^OOPS: .*vsftp.*$">
415
493
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
416
494
  <example>OOPS: vsftpd: root is not mounted.</example>
417
495
  <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
496
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
418
497
  <param pos="0" name="service.family" value="vsFTPd"/>
419
498
  <param pos="0" name="service.product" value="vsFTPd"/>
499
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
420
500
  </fingerprint>
501
+
421
502
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
422
503
  <description>FileZilla FTP Server</description>
423
504
  <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
424
505
  <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
425
506
  <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
426
507
  <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
427
- <param pos="0" name="service.family" value="FileZilla FTP Server"/>
428
- <param pos="0" name="service.product" value="FileZilla FTP Server"/>
508
+ <param pos="0" name="service.vendor" value="Filezilla-Project"/>
509
+ <param pos="0" name="service.family" value="FileZilla FTP"/>
510
+ <param pos="0" name="service.product" value="FileZilla Server"/>
429
511
  <param pos="1" name="service.version"/>
512
+ <param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
513
+ <param pos="0" name="os.vendor" value="Microsoft"/>
514
+ <param pos="0" name="os.family" value="Windows"/>
515
+ <param pos="0" name="os.product" value="Windows"/>
516
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
430
517
  </fingerprint>
518
+
431
519
  <fingerprint pattern="^\s*APC FTP server ready\.$">
432
520
  <description>APC device</description>
433
521
  <example>APC FTP server ready.</example>
@@ -438,6 +526,7 @@ more text</example>
438
526
  <param pos="0" name="hw.vendor" value="APC"/>
439
527
  <param pos="0" name="hw.device" value="Power device"/>
440
528
  </fingerprint>
529
+
441
530
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
442
531
  <description>APC power/cooling device</description>
443
532
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -454,6 +543,7 @@ more text</example>
454
543
  <param pos="0" name="hw.vendor" value="APC"/>
455
544
  <param pos="0" name="hw.device" value="Power device"/>
456
545
  </fingerprint>
546
+
457
547
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
458
548
  <description>EMC Celerra</description>
459
549
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -471,6 +561,7 @@ more text</example>
471
561
  <param pos="0" name="hw.device" value="Storage"/>
472
562
  <param pos="0" name="hw.product" value="Celerra"/>
473
563
  </fingerprint>
564
+
474
565
  <fingerprint pattern="^JD FTP Server Ready.*$">
475
566
  <description>HP JetDirect printer</description>
476
567
  <example>JD FTP Server Ready</example>
@@ -487,6 +578,7 @@ more text</example>
487
578
  <param pos="0" name="hw.family" value="JetDirect"/>
488
579
  <param pos="0" name="hw.product" value="JetDirect"/>
489
580
  </fingerprint>
581
+
490
582
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
491
583
  <description>Check Point FireWall-1</description>
492
584
  <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -504,6 +596,7 @@ more text</example>
504
596
  <param pos="0" name="hw.family" value="Firewall-1"/>
505
597
  <param pos="1" name="host.name"/>
506
598
  </fingerprint>
599
+
507
600
  <fingerprint pattern="^Blue Coat FTP Service$">
508
601
  <description>Blue Coat security appliances</description>
509
602
  <example>Blue Coat FTP Service</example>
@@ -512,11 +605,13 @@ more text</example>
512
605
  <param pos="0" name="os.vendor" value="Blue Coat"/>
513
606
  <param pos="0" name="os.device" value="Web proxy"/>
514
607
  </fingerprint>
608
+
515
609
  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
516
610
  <description>Nepenthes honeypot</description>
517
611
  <param pos="0" name="service.family" value="Nepenthes"/>
518
612
  <param pos="0" name="service.product" value="Nepenthes"/>
519
613
  </fingerprint>
614
+
520
615
  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
521
616
  <description>IBM z/OS FTP Service</description>
522
617
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -527,8 +622,10 @@ more text</example>
527
622
  <param pos="0" name="os.family" value="z/OS"/>
528
623
  <param pos="0" name="os.device" value="Mainframe"/>
529
624
  <param pos="1" name="os.version"/>
625
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
530
626
  <param pos="2" name="host.name"/>
531
627
  </fingerprint>
628
+
532
629
  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
533
630
  <description>IBM 4690 FTP Service</description>
534
631
  <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -539,6 +636,7 @@ more text</example>
539
636
  <param pos="0" name="os.family" value="4690"/>
540
637
  <param pos="0" name="os.device" value="Point of sale"/>
541
638
  </fingerprint>
639
+
542
640
  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
543
641
  <description>NcFTPd Server
544
642
  http://www.ncftp.com/ncftpd/</description>
@@ -547,6 +645,7 @@ more text</example>
547
645
  <param pos="0" name="service.product" value="NcFTPd Server"/>
548
646
  <param pos="1" name="host.name"/>
549
647
  </fingerprint>
648
+
550
649
  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
551
650
  <description>D-Link DCS-2100 wireless internet camera</description>
552
651
  <example>hostname DCS-2100 FTP server ready.</example>
@@ -555,6 +654,7 @@ more text</example>
555
654
  <param pos="0" name="os.device" value="Web cam"/>
556
655
  <param pos="1" name="host.name"/>
557
656
  </fingerprint>
657
+
558
658
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
559
659
  <description>Raptor firewall</description>
560
660
  <example>Secure Gateway FTP server ready.</example>
@@ -563,6 +663,7 @@ more text</example>
563
663
  <param pos="0" name="os.product" value="Raptor"/>
564
664
  <param pos="0" name="os.device" value="Firewall"/>
565
665
  </fingerprint>
666
+
566
667
  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
567
668
  <description>Sun StorEdge disk array</description>
568
669
  <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -571,6 +672,7 @@ more text</example>
571
672
  <param pos="1" name="os.product"/>
572
673
  <param pos="0" name="os.device" value="Storage"/>
573
674
  </fingerprint>
675
+
574
676
  <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
575
677
  <description>Axis Network Camera</description>
576
678
  <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -587,27 +689,43 @@ more text</example>
587
689
  <param pos="0" name="os.family" value="Linux"/>
588
690
  <param pos="0" name="os.device" value="Web cam"/>
589
691
  </fingerprint>
590
- <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
591
- <description>Axis Audio/Video encoders/servers</description>
692
+
693
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
694
+ <description>Axis Video encoders/servers</description>
592
695
  <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
593
696
  <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
594
697
  <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
595
698
  <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
596
699
  <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
597
700
  <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
701
+ <param pos="0" name="hw.vendor" value="Axis"/>
702
+ <param pos="1" name="hw.product"/>
703
+ <param pos="2" name="hw.version"/>
704
+ <param pos="0" name="hw.device" value="Video Encoder"/>
705
+ <param pos="0" name="os.vendor" value="AXIS"/>
706
+ <param pos="0" name="os.family" value="Linux"/>
707
+ </fingerprint>
708
+
709
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
710
+ <description>Axis Audio encoders/servers</description>
598
711
  <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
599
712
  <param pos="0" name="hw.vendor" value="Axis"/>
600
713
  <param pos="1" name="hw.product"/>
601
714
  <param pos="2" name="hw.version"/>
715
+ <param pos="0" name="hw.device" value="Audio Encoder"/>
716
+ <param pos="0" name="os.vendor" value="AXIS"/>
717
+ <param pos="0" name="os.family" value="Linux"/>
602
718
  </fingerprint>
719
+
603
720
  <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
604
721
  <description>Axis Door Controllers</description>
605
722
  <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
606
723
  <param pos="0" name="hw.vendor" value="Axis"/>
607
- <param pos="0" name="hw.device" value="Access Controller"/>
724
+ <param pos="0" name="hw.device" value="Access Control"/>
608
725
  <param pos="1" name="hw.product"/>
609
726
  <param pos="2" name="hw.version"/>
610
727
  </fingerprint>
728
+
611
729
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
612
730
  <description>Axis print servers</description>
613
731
  <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -618,6 +736,7 @@ more text</example>
618
736
  <param pos="1" name="hw.product"/>
619
737
  <param pos="2" name="hw.version"/>
620
738
  </fingerprint>
739
+
621
740
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
622
741
  <description>Ricoh Aficio multifunction device</description>
623
742
  <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -633,6 +752,7 @@ more text</example>
633
752
  <param pos="1" name="os.product"/>
634
753
  <param pos="2" name="os.version"/>
635
754
  </fingerprint>
755
+
636
756
  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
637
757
  <description>Ricoh NRG multifunction device</description>
638
758
  <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -651,6 +771,7 @@ more text</example>
651
771
  <param pos="0" name="hw.device" value="Multifunction Device"/>
652
772
  <param pos="1" name="hw.product"/>
653
773
  </fingerprint>
774
+
654
775
  <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
655
776
  <description>Xerox WorkCentre</description>
656
777
  <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -665,6 +786,7 @@ more text</example>
665
786
  <param pos="0" name="hw.device" value="Printer"/>
666
787
  <param pos="1" name="hw.product"/>
667
788
  </fingerprint>
789
+
668
790
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
669
791
  <description>Xerox Phaser Laser Printer</description>
670
792
  <example>Xerox Phaser 6130N</example>
@@ -678,6 +800,7 @@ more text</example>
678
800
  <param pos="0" name="hw.device" value="Printer"/>
679
801
  <param pos="1" name="hw.product"/>
680
802
  </fingerprint>
803
+
681
804
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
682
805
  <description>Xerox Wide Format Series of Printers</description>
683
806
  <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -690,6 +813,7 @@ more text</example>
690
813
  <param pos="0" name="hw.device" value="Printer"/>
691
814
  <param pos="1" name="hw.product"/>
692
815
  </fingerprint>
816
+
693
817
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
694
818
  <description>FUJI XEROX DocuPrint Series of Printers</description>
695
819
  <example>FUJI XEROX DocuPrint 3055</example>
@@ -700,6 +824,7 @@ more text</example>
700
824
  <param pos="0" name="os.device" value="Printer"/>
701
825
  <param pos="1" name="os.product"/>
702
826
  </fingerprint>
827
+
703
828
  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
704
829
  <description>Lexmark printer with MAC address</description>
705
830
  <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -711,6 +836,7 @@ more text</example>
711
836
  <param pos="0" name="hw.device" value="Printer"/>
712
837
  <param pos="2" name="hw.product"/>
713
838
  </fingerprint>
839
+
714
840
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
715
841
  <description>Lexmark printer with OS version</description>
716
842
  <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -721,6 +847,7 @@ more text</example>
721
847
  <param pos="0" name="hw.device" value="Printer"/>
722
848
  <param pos="1" name="hw.product"/>
723
849
  </fingerprint>
850
+
724
851
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
725
852
  <description>Lexmark printer</description>
726
853
  <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -730,6 +857,7 @@ more text</example>
730
857
  <param pos="0" name="hw.device" value="Printer"/>
731
858
  <param pos="1" name="hw.product"/>
732
859
  </fingerprint>
860
+
733
861
  <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
734
862
  <description>Kyocera Multifunction Device</description>
735
863
  <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
@@ -739,6 +867,7 @@ more text</example>
739
867
  <param pos="0" name="hw.device" value="Multifunction Device"/>
740
868
  <param pos="1" name="hw.product"/>
741
869
  </fingerprint>
870
+
742
871
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
743
872
  <description>VxWorks with version information</description>
744
873
  <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -750,6 +879,7 @@ more text</example>
750
879
  <param pos="1" name="os.version"/>
751
880
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
752
881
  </fingerprint>
882
+
753
883
  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
754
884
  <description>VxWorks without version information</description>
755
885
  <example>Tornado-vxWorks FTP server ready</example>
@@ -757,6 +887,7 @@ more text</example>
757
887
  <param pos="0" name="os.product" value="VxWorks"/>
758
888
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
759
889
  </fingerprint>
890
+
760
891
  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
761
892
  <description>VxWorks 6 with version information</description>
762
893
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -766,6 +897,7 @@ more text</example>
766
897
  <param pos="1" name="os.version"/>
767
898
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
768
899
  </fingerprint>
900
+
769
901
  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
770
902
  <description>VxWorks on Tenor MultiPath with version information</description>
771
903
  <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
@@ -774,6 +906,7 @@ more text</example>
774
906
  <param pos="1" name="os.version"/>
775
907
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
776
908
  </fingerprint>
909
+
777
910
  <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
778
911
  <description>VxWorks with Secure NetLinx</description>
779
912
  <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
@@ -782,6 +915,7 @@ more text</example>
782
915
  <param pos="1" name="os.version"/>
783
916
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
784
917
  </fingerprint>
918
+
785
919
  <fingerprint pattern="^ADC iScale$">
786
920
  <description>ADC iScale</description>
787
921
  <example>ADC iScale</example>
@@ -790,6 +924,7 @@ more text</example>
790
924
  <param pos="0" name="os.vendor" value="ADC"/>
791
925
  <param pos="0" name="os.product" value="iScale"/>
792
926
  </fingerprint>
927
+
793
928
  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
794
929
  <description>Taskalfa Series of Printers</description>
795
930
  <example>TASKalfa 300ci FTP server</example>
@@ -803,6 +938,7 @@ more text</example>
803
938
  <param pos="0" name="hw.device" value="Multifunction Device"/>
804
939
  <param pos="1" name="hw.product"/>
805
940
  </fingerprint>
941
+
806
942
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
807
943
  <description>SAVIN Printer FTP Server</description>
808
944
  <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -823,6 +959,7 @@ more text</example>
823
959
  <param pos="0" name="hw.device" value="Printer"/>
824
960
  <param pos="1" name="hw.product"/>
825
961
  </fingerprint>
962
+
826
963
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
827
964
  <description>OCE IM series Printer</description>
828
965
  <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -833,6 +970,7 @@ more text</example>
833
970
  <param pos="1" name="os.product"/>
834
971
  <param pos="2" name="os.version"/>
835
972
  </fingerprint>
973
+
836
974
  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
837
975
  <description>OCE Printer</description>
838
976
  <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -842,6 +980,7 @@ more text</example>
842
980
  <param pos="1" name="os.product"/>
843
981
  <param pos="2" name="os.version"/>
844
982
  </fingerprint>
983
+
845
984
  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
846
985
  <description>MPI Technologies Linkcom Express FTP Server with os version</description>
847
986
  <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -851,6 +990,7 @@ more text</example>
851
990
  <param pos="1" name="hw.product"/>
852
991
  <param pos="2" name="os.version"/>
853
992
  </fingerprint>
993
+
854
994
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
855
995
  <description>MPI Technologies Linkcom Express FTP Server</description>
856
996
  <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -859,6 +999,7 @@ more text</example>
859
999
  <param pos="0" name="hw.device" value="Print server"/>
860
1000
  <param pos="1" name="hw.product"/>
861
1001
  </fingerprint>
1002
+
862
1003
  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
863
1004
  <description>IBM Infoprint FTP</description>
864
1005
  <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -871,6 +1012,7 @@ more text</example>
871
1012
  <param pos="1" name="os.product"/>
872
1013
  <param pos="2" name="os.version"/>
873
1014
  </fingerprint>
1015
+
874
1016
  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
875
1017
  <description>Gestetner Printer FTP</description>
876
1018
  <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -883,6 +1025,7 @@ more text</example>
883
1025
  <param pos="1" name="os.product"/>
884
1026
  <param pos="2" name="os.version"/>
885
1027
  </fingerprint>
1028
+
886
1029
  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
887
1030
  <description>Gestetner Printer FTP - short banner</description>
888
1031
  <example>Gestetner MPC2500</example>
@@ -890,6 +1033,7 @@ more text</example>
890
1033
  <param pos="0" name="os.device" value="Multifunction Device"/>
891
1034
  <param pos="1" name="os.product"/>
892
1035
  </fingerprint>
1036
+
893
1037
  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
894
1038
  <description>Lexmark Marknet Printers FTP</description>
895
1039
  <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -899,6 +1043,7 @@ more text</example>
899
1043
  <param pos="1" name="os.product"/>
900
1044
  <param pos="2" name="os.version"/>
901
1045
  </fingerprint>
1046
+
902
1047
  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
903
1048
  <description>Source Technologies ST9600 Series Secure Printer</description>
904
1049
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -911,6 +1056,7 @@ more text</example>
911
1056
  <param pos="2" name="os.product"/>
912
1057
  <param pos="3" name="os.version"/>
913
1058
  </fingerprint>
1059
+
914
1060
  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
915
1061
  <description>Lexmark ProXXX Series of Printers</description>
916
1062
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -923,6 +1069,7 @@ more text</example>
923
1069
  <param pos="0" name="hw.device" value="Printer"/>
924
1070
  <param pos="2" name="hw.product"/>
925
1071
  </fingerprint>
1072
+
926
1073
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
927
1074
  <description>Lexmark Forms Printer</description>
928
1075
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -937,6 +1084,7 @@ more text</example>
937
1084
  <param pos="0" name="hw.device" value="Printer"/>
938
1085
  <param pos="2" name="hw.product"/>
939
1086
  </fingerprint>
1087
+
940
1088
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
941
1089
  <description>Toshiba e-STUDIO Printer with MAC address</description>
942
1090
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -950,6 +1098,7 @@ more text</example>
950
1098
  <param pos="0" name="hw.device" value="Multifunction Device"/>
951
1099
  <param pos="0" name="hw.product" value="e-STUDIO"/>
952
1100
  </fingerprint>
1101
+
953
1102
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
954
1103
  <description>Toshiba e-STUDIO Printer</description>
955
1104
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -961,6 +1110,7 @@ more text</example>
961
1110
  <param pos="0" name="hw.device" value="Multifunction Device"/>
962
1111
  <param pos="0" name="hw.product" value="e-STUDIO"/>
963
1112
  </fingerprint>
1113
+
964
1114
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
965
1115
  <description>Lexmark Optra Printer</description>
966
1116
  <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -975,6 +1125,7 @@ more text</example>
975
1125
  <param pos="0" name="hw.device" value="Printer"/>
976
1126
  <param pos="1" name="hw.product"/>
977
1127
  </fingerprint>
1128
+
978
1129
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
979
1130
  <description>Sharp Printer/Copier/Scanne</description>
980
1131
  <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -996,6 +1147,7 @@ more text</example>
996
1147
  <param pos="0" name="hw.family" value="MX Series"/>
997
1148
  <param pos="1" name="hw.product"/>
998
1149
  </fingerprint>
1150
+
999
1151
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
1000
1152
  <description>Kyocera Printer with version string</description>
1001
1153
  <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -1008,6 +1160,7 @@ more text</example>
1008
1160
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1009
1161
  <param pos="1" name="hw.product"/>
1010
1162
  </fingerprint>
1163
+
1011
1164
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
1012
1165
  <description>Kyocera Printer</description>
1013
1166
  <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1021,6 +1174,7 @@ more text</example>
1021
1174
  <param pos="0" name="hw.family" value="FS"/>
1022
1175
  <param pos="1" name="hw.product"/>
1023
1176
  </fingerprint>
1177
+
1024
1178
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1025
1179
  <description>Extended Systems ExtendNet Print Server</description>
1026
1180
  <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1042,6 +1196,7 @@ more text</example>
1042
1196
  <param pos="0" name="hw.device" value="Print server"/>
1043
1197
  <param pos="1" name="hw.product"/>
1044
1198
  </fingerprint>
1199
+
1045
1200
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1046
1201
  <description>SATO Printer</description>
1047
1202
  <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1052,6 +1207,7 @@ more text</example>
1052
1207
  <param pos="0" name="hw.vendor" value="SATO"/>
1053
1208
  <param pos="0" name="hw.device" value="Printer"/>
1054
1209
  </fingerprint>
1210
+
1055
1211
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1056
1212
  <description>AMTDatasouth Fastmark M5</description>
1057
1213
  <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1069,6 +1225,7 @@ more text</example>
1069
1225
  <param pos="0" name="hw.product" value="Fastmark M5"/>
1070
1226
  <param pos="0" name="hw.device" value="Printer"/>
1071
1227
  </fingerprint>
1228
+
1072
1229
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1073
1230
  <description>EFI FTP Print Server</description>
1074
1231
  <example>EFI FTP Print server ready.</example>
@@ -1078,7 +1235,9 @@ more text</example>
1078
1235
  <param pos="0" name="os.product" value="Fiery Print Server"/>
1079
1236
  <param pos="0" name="os.device" value="Print server"/>
1080
1237
  </fingerprint>
1238
+
1081
1239
  <!-- Conjectured based on known MX FTP fingerprints -->
1240
+
1082
1241
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1083
1242
  <description>Sharp AR Series multifunction device</description>
1084
1243
  <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1092,6 +1251,7 @@ more text</example>
1092
1251
  <param pos="0" name="hw.family" value="AR Series"/>
1093
1252
  <param pos="1" name="hw.product"/>
1094
1253
  </fingerprint>
1254
+
1095
1255
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1096
1256
  <description>Konica Minolta FTP Server - w/o version</description>
1097
1257
  <example>KONICA MINOLTA FTP server ready.</example>
@@ -1104,6 +1264,7 @@ more text</example>
1104
1264
  <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1105
1265
  <param pos="0" name="hw.product" value="Printer"/>
1106
1266
  </fingerprint>
1267
+
1107
1268
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1108
1269
  <description>Konica Minolta FTP Server</description>
1109
1270
  <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1121,6 +1282,7 @@ more text</example>
1121
1282
  <param pos="0" name="service.product" value="KM FTPD"/>
1122
1283
  <param pos="2" name="service.version"/>
1123
1284
  </fingerprint>
1285
+
1124
1286
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1125
1287
  <description>ZebraNet Print Server FTP</description>
1126
1288
  <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1134,6 +1296,7 @@ more text</example>
1134
1296
  <param pos="0" name="hw.device" value="Print server"/>
1135
1297
  <param pos="1" name="hw.product"/>
1136
1298
  </fingerprint>
1299
+
1137
1300
  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1138
1301
  <description>Dell Laser Printer</description>
1139
1302
  <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
@@ -1145,12 +1308,14 @@ more text</example>
1145
1308
  <param pos="2" name="host.mac"/>
1146
1309
  <param pos="3" name="hw.product"/>
1147
1310
  </fingerprint>
1311
+
1148
1312
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1149
1313
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1150
1314
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1151
1315
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1152
1316
  <param pos="1" name="host.name"/>
1153
1317
  </fingerprint>
1318
+
1154
1319
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1155
1320
  <description>Cisco TelePresence</description>
1156
1321
  <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1166,6 +1331,7 @@ more text</example>
1166
1331
  <param pos="2" name="hw.model"/>
1167
1332
  <param pos="3" name="os.version"/>
1168
1333
  </fingerprint>
1334
+
1169
1335
  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1170
1336
  <description>Digital/Compaq/HP Tru64 Unix</description>
1171
1337
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1174,8 +1340,9 @@ more text</example>
1174
1340
  <param pos="0" name="os.product" value="Tru64 Unix"/>
1175
1341
  <param pos="1" name="host.name"/>
1176
1342
  <param pos="2" name="os.version"/>
1177
- <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1343
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
1178
1344
  </fingerprint>
1345
+
1179
1346
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1180
1347
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1181
1348
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1185,6 +1352,7 @@ more text</example>
1185
1352
  <param pos="1" name="host.name"/>
1186
1353
  <param pos="2" name="os.version"/>
1187
1354
  </fingerprint>
1355
+
1188
1356
  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1189
1357
  <description>MikroTik</description>
1190
1358
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1194,14 +1362,18 @@ more text</example>
1194
1362
  <param pos="2" name="os.version"/>
1195
1363
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1196
1364
  </fingerprint>
1197
- <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1198
- <description>MikroTik w/o hostname</description>
1199
- <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
1365
+
1366
+ <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
1367
+ <description>MikroTik with description</description>
1368
+ <example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
1369
+ <example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
1370
+ <example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
1200
1371
  <param pos="0" name="os.vendor" value="MikroTik"/>
1201
1372
  <param pos="0" name="os.product" value="RouterOS"/>
1202
1373
  <param pos="1" name="os.version"/>
1203
1374
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1204
1375
  </fingerprint>
1376
+
1205
1377
  <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1206
1378
  <description>FTPD on an Asus Wireless Access Point/Router</description>
1207
1379
  <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1213,6 +1385,7 @@ more text</example>
1213
1385
  <param pos="0" name="hw.device" value="WAP"/>
1214
1386
  <param pos="1" name="hw.product"/>
1215
1387
  </fingerprint>
1388
+
1216
1389
  <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1217
1390
  <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1218
1391
  <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1223,6 +1396,7 @@ more text</example>
1223
1396
  <param pos="0" name="hw.device" value="DSL Modem"/>
1224
1397
  <param pos="1" name="hw.product"/>
1225
1398
  </fingerprint>
1399
+
1226
1400
  <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1227
1401
  <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1228
1402
  <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1232,6 +1406,7 @@ more text</example>
1232
1406
  <param pos="0" name="hw.device" value="WAP"/>
1233
1407
  <param pos="1" name="hw.product"/>
1234
1408
  </fingerprint>
1409
+
1235
1410
  <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1236
1411
  <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1237
1412
  <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1245,6 +1420,7 @@ more text</example>
1245
1420
  <param pos="0" name="hw.family" value="FRITZ!Box"/>
1246
1421
  <param pos="1" name="hw.product"/>
1247
1422
  </fingerprint>
1423
+
1248
1424
  <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1249
1425
  <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1250
1426
  <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1252,10 +1428,11 @@ more text</example>
1252
1428
  <param pos="0" name="service.product" value="inetutils ftpd"/>
1253
1429
  <param pos="0" name="service.vendor" value="GNU"/>
1254
1430
  <param pos="1" name="service.version"/>
1255
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1431
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1256
1432
  <param pos="0" name="hw.family" value="WiMax"/>
1257
1433
  <param pos="0" name="hw.device" value="WAP"/>
1258
1434
  </fingerprint>
1435
+
1259
1436
  <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1260
1437
  <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1261
1438
  <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1267,6 +1444,7 @@ more text</example>
1267
1444
  <param pos="1" name="hw.product"/>
1268
1445
  <param pos="2" name="os.version"/>
1269
1446
  </fingerprint>
1447
+
1270
1448
  <fingerprint pattern="^DiskStation FTP server ready\.$">
1271
1449
  <description>FTPD on a Synology DiskStation NAS</description>
1272
1450
  <example>DiskStation FTP server ready.</example>
@@ -1279,6 +1457,7 @@ more text</example>
1279
1457
  <param pos="0" name="hw.family" value="DiskStation"/>
1280
1458
  <param pos="0" name="hw.device" value="NAS"/>
1281
1459
  </fingerprint>
1460
+
1282
1461
  <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1283
1462
  <description>FTPD on a Synology device</description>
1284
1463
  <example>Synology FTP server ready.</example>
@@ -1290,6 +1469,7 @@ more text</example>
1290
1469
  <param pos="0" name="os.product" value="Linux"/>
1291
1470
  <param pos="0" name="hw.vendor" value="Synology"/>
1292
1471
  </fingerprint>
1472
+
1293
1473
  <fingerprint pattern="^.Welcome to MyBookLive.$">
1294
1474
  <description>FTPD on Western Digital My Book Live NAS</description>
1295
1475
  <example>"Welcome to MyBookLive"</example>
@@ -1298,6 +1478,7 @@ more text</example>
1298
1478
  <param pos="0" name="hw.product" value="My Book Live"/>
1299
1479
  <param pos="0" name="hw.device" value="NAS"/>
1300
1480
  </fingerprint>
1481
+
1301
1482
  <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1302
1483
  <description>Multicraft FTPD Server</description>
1303
1484
  <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1307,6 +1488,7 @@ more text</example>
1307
1488
  <param pos="0" name="service.vendor" value="Multicraft"/>
1308
1489
  <param pos="1" name="service.version"/>
1309
1490
  </fingerprint>
1491
+
1310
1492
  <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1311
1493
  <description>Bftpd FTPD Server</description>
1312
1494
  <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1318,6 +1500,7 @@ more text</example>
1318
1500
  <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1319
1501
  <param pos="2" name="host.ip"/>
1320
1502
  </fingerprint>
1503
+
1321
1504
  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1322
1505
  <description>ProFTPD on QNAP Turbo Station NAS</description>
1323
1506
  <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1333,6 +1516,7 @@ more text</example>
1333
1516
  <param pos="0" name="hw.device" value="NAS"/>
1334
1517
  <param pos="2" name="host.ip"/>
1335
1518
  </fingerprint>
1519
+
1336
1520
  <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1337
1521
  <description>Twisted (Python) FTP Server</description>
1338
1522
  <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1342,6 +1526,7 @@ more text</example>
1342
1526
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1343
1527
  <param pos="1" name="service.version"/>
1344
1528
  </fingerprint>
1529
+
1345
1530
  <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1346
1531
  <description>Gene6 FTP Server on Windows</description>
1347
1532
  <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1355,6 +1540,7 @@ more text</example>
1355
1540
  <param pos="0" name="os.product" value="Windows"/>
1356
1541
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1357
1542
  </fingerprint>
1543
+
1358
1544
  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1359
1545
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1360
1546
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1370,6 +1556,7 @@ more text</example>
1370
1556
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1371
1557
  <param pos="1" name="host.name"/>
1372
1558
  </fingerprint>
1559
+
1373
1560
  <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1374
1561
  <description>WS_FTP FTP Server on Windows - V2 variant</description>
1375
1562
  <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1383,24 +1570,27 @@ more text</example>
1383
1570
  <param pos="0" name="os.product" value="Windows"/>
1384
1571
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1385
1572
  </fingerprint>
1573
+
1386
1574
  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1387
1575
  <description>ZyXEL Unified Security Gateway</description>
1388
1576
  <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1389
1577
  <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1390
1578
  <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1391
- <param pos="0" name="service.vendor" value="ZyXEL"/>
1579
+ <param pos="0" name="service.vendor" value="Zyxel"/>
1392
1580
  <param pos="0" name="service.family" value="Unified Security Gateway"/>
1393
1581
  <param pos="0" name="service.product" value="FTPD"/>
1394
1582
  <param pos="2" name="host.ip"/>
1395
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1583
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1396
1584
  <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1397
1585
  <param pos="1" name="hw.product"/>
1398
1586
  </fingerprint>
1587
+
1399
1588
  <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1400
1589
  <description>FTPD on a TP-LINK device (no version/host info)</description>
1401
1590
  <example>Welcome to TP-LINK FTP server</example>
1402
1591
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
1403
1592
  </fingerprint>
1593
+
1404
1594
  <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1405
1595
  <description>FTPD on a TP-LINK device with version, but no host info</description>
1406
1596
  <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
@@ -1408,6 +1598,7 @@ more text</example>
1408
1598
  <param pos="0" name="service.product" value="FTPD"/>
1409
1599
  <param pos="1" name="service.version"/>
1410
1600
  </fingerprint>
1601
+
1411
1602
  <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1412
1603
  <description>ucftpd with version</description>
1413
1604
  <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
@@ -1416,18 +1607,21 @@ more text</example>
1416
1607
  <param pos="0" name="service.product" value="ucftpd"/>
1417
1608
  <param pos="1" name="service.version"/>
1418
1609
  </fingerprint>
1610
+
1419
1611
  <fingerprint pattern="^ucftpd FTP server ready\.$">
1420
1612
  <description>ucftpd without version</description>
1421
1613
  <example>ucftpd FTP server ready.</example>
1422
1614
  <param pos="0" name="service.family" value="ucftpd"/>
1423
1615
  <param pos="0" name="service.product" value="ucftpd"/>
1424
1616
  </fingerprint>
1617
+
1425
1618
  <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1426
1619
  <description>TBS FTP Server</description>
1427
1620
  <example>Welcome to TBS FTP Server.</example>
1428
1621
  <param pos="0" name="service.family" value="TBS FTP Server"/>
1429
1622
  <param pos="0" name="service.product" value="TBS FTP Server"/>
1430
1623
  </fingerprint>
1624
+
1431
1625
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1432
1626
  <description>Sofrel Remote Terminal Unit</description>
1433
1627
  <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
@@ -1438,6 +1632,7 @@ more text</example>
1438
1632
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1439
1633
  <param pos="3" name="system.time"/>
1440
1634
  </fingerprint>
1635
+
1441
1636
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1442
1637
  <description>ALCATEL Service Router running TiMOS</description>
1443
1638
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1448,11 +1643,13 @@ more text</example>
1448
1643
  <param pos="0" name="hw.family" value="Service Router"/>
1449
1644
  <param pos="2" name="hw.product"/>
1450
1645
  </fingerprint>
1646
+
1451
1647
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1452
1648
  <description>Generic FTP fingerprint with a hostname</description>
1453
1649
  <example host.name="example.com">example.com FTP server ready.</example>
1454
1650
  <param pos="1" name="host.name"/>
1455
1651
  </fingerprint>
1652
+
1456
1653
  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1457
1654
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1458
1655
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1460,6 +1657,7 @@ more text</example>
1460
1657
  <param pos="1" name="host.name"/>
1461
1658
  <param pos="2" name="service.version"/>
1462
1659
  </fingerprint>
1660
+
1463
1661
  <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1464
1662
  <description>Generic FTP fingerprint without a hostname</description>
1465
1663
  <example>FTP server is ready.</example>
@@ -1469,12 +1667,14 @@ more text</example>
1469
1667
  <example>FTP Server</example>
1470
1668
  <example>FTP service ready.</example>
1471
1669
  </fingerprint>
1670
+
1472
1671
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1473
1672
  <description>The FTP server of the ProRat malware</description>
1474
1673
  <example>Welcom to ProRat Ftp Server</example>
1475
1674
  <param pos="0" name="service.vendor" value="Pro Group"/>
1476
1675
  <param pos="0" name="service.product" value="ProRat"/>
1477
1676
  </fingerprint>
1677
+
1478
1678
  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1479
1679
  <description>Vermillion FTP Daemon</description>
1480
1680
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1488,6 +1688,7 @@ more text</example>
1488
1688
  <param pos="2" name="service.version"/>
1489
1689
  <param pos="1" name="host.name"/>
1490
1690
  </fingerprint>
1691
+
1491
1692
  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1492
1693
  <description>QVT/Net FTP Server</description>
1493
1694
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1501,6 +1702,7 @@ more text</example>
1501
1702
  <param pos="2" name="service.version"/>
1502
1703
  <param pos="1" name="host.name"/>
1503
1704
  </fingerprint>
1705
+
1504
1706
  <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1505
1707
  <description>Amazon Linux AMI</description>
1506
1708
  <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1509,8 +1711,10 @@ more text</example>
1509
1711
  <param pos="0" name="os.product" value="Linux AMI"/>
1510
1712
  <param pos="1" name="os.version"/>
1511
1713
  </fingerprint>
1714
+
1512
1715
  <!-- Below are banners for FTP service providers, not necessarily
1513
1716
  specific FTP servers-->
1717
+
1514
1718
  <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1515
1719
  <description>Idea FTP Server</description>
1516
1720
  <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1521,18 +1725,21 @@ more text</example>
1521
1725
  <param pos="2" name="host.name"/>
1522
1726
  <param pos="3" name="host.ip"/>
1523
1727
  </fingerprint>
1728
+
1524
1729
  <fingerprint pattern="^Amazon Ftp$">
1525
1730
  <description>Amazon FTP endpoint</description>
1526
1731
  <example>Amazon Ftp</example>
1527
1732
  <param pos="0" name="service.vendor" value="Amazon"/>
1528
1733
  <param pos="0" name="service.product" value="FTP Server"/>
1529
1734
  </fingerprint>
1735
+
1530
1736
  <fingerprint pattern="^Dreamhost FTP Server$">
1531
1737
  <description>Dreamhost FTP endpoint</description>
1532
1738
  <example>Dreamhost FTP Server</example>
1533
1739
  <param pos="0" name="service.vendor" value="Dreamhost"/>
1534
1740
  <param pos="0" name="service.product" value="FTP Server"/>
1535
1741
  </fingerprint>
1742
+
1536
1743
  <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1537
1744
  <description>IBM iSeries FTP</description>
1538
1745
  <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
@@ -1542,6 +1749,7 @@ more text</example>
1542
1749
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1543
1750
  <param pos="1" name="host.name"/>
1544
1751
  </fingerprint>
1752
+
1545
1753
  <fingerprint pattern="^HomeLogic FTP Server">
1546
1754
  <description>ELAN Smart Home Controller</description>
1547
1755
  <example>HomeLogic FTP Server Please Give User Name</example>
@@ -1551,4 +1759,28 @@ more text</example>
1551
1759
  <param pos="0" name="os.vendor" value="ELAN"/>
1552
1760
  <param pos="0" name="os.family" value="Linux"/>
1553
1761
  </fingerprint>
1554
- </fingerprints>
1762
+
1763
+ <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
1764
+ <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
1765
+ <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
1766
+ <param pos="0" name="hw.vendor" value="Honeywell"/>
1767
+ <param pos="1" name="hw.model"/>
1768
+ <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
1769
+ <param pos="0" name="hw.device" value="Printer"/>
1770
+ <param pos="0" name="os.vendor" value="Honeywell"/>
1771
+ <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
1772
+ <param pos="0" name="os.device" value="Printer"/>
1773
+ </fingerprint>
1774
+
1775
+ <fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
1776
+ <description>NetWin SurgeFTP</description>
1777
+ <example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
1778
+ <example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
1779
+ <param pos="0" name="service.vendor" value="NetWin"/>
1780
+ <param pos="0" name="service.product" value="SurgeFTP"/>
1781
+ <param pos="2" name="service.version"/>
1782
+ <param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
1783
+ <param pos="1" name="host.name"/>
1784
+ </fingerprint>
1785
+
1786
+ </fingerprints>