recog 2.3.8 → 2.3.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.cookie" protocol="http" database_type="service">
3
3
  <!--
4
4
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
5
5
  servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
9
  <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
9
10
  <param pos="1" name="cookie"/>
@@ -12,6 +13,7 @@
12
13
  <param pos="0" name="service.product" value="ColdFusion"/>
13
14
  <param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
14
15
  </fingerprint>
16
+
15
17
  <fingerprint pattern="^ANsession\d+=(\S+);.*">
16
18
  <description>Array Networks Secure Access Gateway / SSL VPN</description>
17
19
  <example>ANsession0002262072457555=IPMI; path=/;secure</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="service.family" value="Secure Access Gateway"/>
21
23
  <param pos="0" name="hw.device" value="VPN"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
24
27
  <description>Apache</description>
25
28
  <param pos="1" name="cookie"/>
@@ -29,6 +32,7 @@
29
32
  <param pos="0" name="service.product" value="HTTPD"/>
30
33
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="^(JServSessionIdroot)=.*">
33
37
  <description>Apache JServ</description>
34
38
  <param pos="1" name="cookie"/>
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="service.family" value="JServ"/>
37
41
  <param pos="0" name="service.product" value="JServ"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
40
45
  <description>ATG Dynamo</description>
41
46
  <param pos="1" name="cookie"/>
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="service.family" value="Dynamo"/>
44
49
  <param pos="0" name="service.product" value="Dynamo"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
47
53
  <description>BEA WebLogic (with timestamp)</description>
48
54
  <param pos="1" name="cookie"/>
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="service.product" value="WebLogic"/>
53
59
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^(WebLogicSession)=.*">
56
63
  <description>BEA WebLogic (no timestamp)</description>
57
64
  <param pos="1" name="cookie"/>
@@ -60,6 +67,7 @@
60
67
  <param pos="0" name="service.product" value="WebLogic"/>
61
68
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
62
69
  </fingerprint>
70
+
63
71
  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
64
72
  <description>BlueCoat Proxy</description>
65
73
  <param pos="1" name="cookie"/>
@@ -67,20 +75,22 @@
67
75
  <param pos="0" name="service.family" value="Proxy"/>
68
76
  <param pos="0" name="service.product" value="Proxy"/>
69
77
  </fingerprint>
78
+
70
79
  <fingerprint pattern="^(CAKEPHP)=.*">
71
80
  <description>CakePHP - http://www.cakephp.org/</description>
72
81
  <param pos="1" name="cookie"/>
73
82
  <param pos="0" name="service.family" value="PHP"/>
74
83
  <param pos="0" name="service.product" value="CakePHP"/>
75
84
  </fingerprint>
85
+
76
86
  <!--
77
87
  For the following two Cisco Content Service Switch fingerprints:
78
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
79
89
  unfortunately, there's no separator so it's hard to tell what the
80
90
  actual break is between the pieces of data.
81
-
82
91
  http://www.cisco.com/warp/public/117/AP_cookies.html
83
92
  -->
93
+
84
94
  <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
85
95
  <description>Cisco 11000 Series Content Service Switch (CSS)</description>
86
96
  <param pos="1" name="cookie"/>
@@ -90,6 +100,7 @@
90
100
  <param pos="0" name="service.family" value="Content Service Switch"/>
91
101
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^(ARPT)=.*">
94
105
  <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
95
106
  <param pos="1" name="cookie"/>
@@ -97,6 +108,7 @@
97
108
  <param pos="0" name="service.family" value="Content Service Switch"/>
98
109
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
99
110
  </fingerprint>
111
+
100
112
  <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
101
113
  <description>Cisco ASA VPN</description>
102
114
  <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
@@ -117,6 +129,7 @@
117
129
  <param pos="0" name="hw.device" value="Firewall"/>
118
130
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
119
131
  </fingerprint>
132
+
120
133
  <fingerprint pattern="^(st8id)=.*">
121
134
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
122
135
  <param pos="1" name="cookie"/>
@@ -124,9 +137,11 @@
124
137
  <param pos="0" name="service.family" value="Application Protection System"/>
125
138
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
126
139
  </fingerprint>
127
- <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS)=.*">
140
+
141
+ <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=.*">
128
142
  <description>Citrix NetScaler</description>
129
143
  <example>NSC_AAAC=xyz;</example>
144
+ <example>NSC_TEMP=xyz;</example>
130
145
  <param pos="0" name="os.vendor" value="Citrix"/>
131
146
  <param pos="0" name="os.family" value="NetScaler"/>
132
147
  <param pos="0" name="os.device" value="Network Management Device"/>
@@ -137,14 +152,16 @@
137
152
  <param pos="0" name="service.product" value="NetScaler"/>
138
153
  <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
139
154
  </fingerprint>
155
+
140
156
  <fingerprint pattern="^DSSignInURL=/">
141
157
  <description>Pulse Secure VPN</description>
142
158
  <example>DSSignInURL=/; path=/; secure</example>
143
159
  <param pos="0" name="os.vendor" value="Pulse Secure"/>
144
- <param pos="0" name="os.family" value="SSL VPN"/>
145
- <param pos="0" name="os.device" value="SSL VPN"/>
146
- <param pos="0" name="os.product" value="SSL VPN"/>
160
+ <param pos="0" name="os.family" value="SSL-VPN"/>
161
+ <param pos="0" name="os.device" value="SSL-VPN"/>
162
+ <param pos="0" name="os.product" value="SSL-VPN"/>
147
163
  </fingerprint>
164
+
148
165
  <fingerprint pattern="^(EktGUID|ecm)=.*">
149
166
  <description>Ektron CMS400.net</description>
150
167
  <param pos="1" name="cookie"/>
@@ -152,8 +169,10 @@
152
169
  <param pos="0" name="service.family" value="CMS400.NET"/>
153
170
  <param pos="0" name="service.product" value="CMS400.NET"/>
154
171
  </fingerprint>
155
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
172
+
173
+ <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
156
174
  <description>F5 BIG-IP LTM - Server variant</description>
175
+ <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
157
176
  <param pos="1" name="cookie"/>
158
177
  <param pos="2" name="loadbalancer.poolname"/>
159
178
  <param pos="0" name="service.vendor" value="F5"/>
@@ -161,6 +180,7 @@
161
180
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
162
181
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
163
182
  </fingerprint>
183
+
164
184
  <fingerprint pattern="^(BigIPCookie)=.*">
165
185
  <description>F5 BIG-IP LTM</description>
166
186
  <param pos="1" name="cookie"/>
@@ -169,6 +189,7 @@
169
189
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
170
190
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
171
191
  </fingerprint>
192
+
172
193
  <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
173
194
  <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
174
195
  <param pos="1" name="cookie"/>
@@ -176,6 +197,7 @@
176
197
  <param pos="0" name="service.family" value="HAProxy"/>
177
198
  <param pos="0" name="service.product" value="HAProxy"/>
178
199
  </fingerprint>
200
+
179
201
  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
180
202
  <description>IBM Tivoli Access Manager for e-business WebSEAL
181
203
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
@@ -187,6 +209,7 @@
187
209
  <param pos="0" name="service.family" value="Tivoli"/>
188
210
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
189
211
  </fingerprint>
212
+
190
213
  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
191
214
  <description>IBM Tivoli Access Manager for e-business WebSeal
192
215
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
@@ -196,6 +219,7 @@
196
219
  <param pos="0" name="service.family" value="Tivoli"/>
197
220
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
198
221
  </fingerprint>
222
+
199
223
  <fingerprint pattern="^(IBMCBR)=.*">
200
224
  <description>IBM WebSphere Load Balancer</description>
201
225
  <param pos="1" name="cookie"/>
@@ -203,12 +227,14 @@
203
227
  <param pos="0" name="service.family" value="WebSphere"/>
204
228
  <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
205
229
  </fingerprint>
230
+
206
231
  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
207
232
  <description>Joom!Fish http://www.joomfish.net/</description>
208
233
  <param pos="1" name="cookie"/>
209
234
  <param pos="0" name="service.family" value="Joom!Fish"/>
210
235
  <param pos="0" name="service.product" value="Joom!Fish"/>
211
236
  </fingerprint>
237
+
212
238
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
213
239
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
214
240
  <param pos="1" name="cookie"/>
@@ -217,6 +243,7 @@
217
243
  <param pos="0" name="service.product" value="Commerce Server"/>
218
244
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
219
245
  </fingerprint>
246
+
220
247
  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
221
248
  <description>Microsoft IIS (ASP.NET)
222
249
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
@@ -232,6 +259,7 @@
232
259
  <param pos="0" name="service.component.product" value="ASP.NET"/>
233
260
  <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
234
261
  </fingerprint>
262
+
235
263
  <fingerprint pattern="^(AlteonP)=.*">
236
264
  <description>Nortel Alteon Web Switch</description>
237
265
  <param pos="1" name="cookie"/>
@@ -239,6 +267,7 @@
239
267
  <param pos="0" name="service.family" value="Alteon"/>
240
268
  <param pos="0" name="service.product" value="Alteon Web Switch"/>
241
269
  </fingerprint>
270
+
242
271
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
243
272
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
244
273
  <param pos="1" name="cookie"/>
@@ -246,6 +275,7 @@
246
275
  <param pos="0" name="service.family" value="Content Server"/>
247
276
  <param pos="0" name="service.product" value="Content Server"/>
248
277
  </fingerprint>
278
+
249
279
  <fingerprint pattern="^(parkinglot)=.*">
250
280
  <description>Oversee Webserver</description>
251
281
  <param pos="1" name="cookie"/>
@@ -253,6 +283,7 @@
253
283
  <param pos="0" name="service.family" value="Webserver"/>
254
284
  <param pos="0" name="service.product" value="Webserver"/>
255
285
  </fingerprint>
286
+
256
287
  <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
257
288
  <description>PHP - http://www.php.net/ref.session</description>
258
289
  <param pos="1" name="cookie"/>
@@ -261,6 +292,7 @@
261
292
  <param pos="0" name="service.product" value="PHP"/>
262
293
  <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
263
294
  </fingerprint>
295
+
264
296
  <fingerprint pattern="^(RMID)=.*">
265
297
  <description>RealMedia OpenAdStream</description>
266
298
  <param pos="1" name="cookie"/>
@@ -268,6 +300,7 @@
268
300
  <param pos="0" name="service.family" value="OpenAdStream"/>
269
301
  <param pos="0" name="service.product" value="OpenAdStream"/>
270
302
  </fingerprint>
303
+
271
304
  <fingerprint pattern="^(RoxenUserID)=.*">
272
305
  <description>Roxen WebServer</description>
273
306
  <param pos="1" name="cookie"/>
@@ -275,6 +308,7 @@
275
308
  <param pos="0" name="service.family" value="WebServer"/>
276
309
  <param pos="0" name="service.product" value="WebServer"/>
277
310
  </fingerprint>
311
+
278
312
  <fingerprint pattern="^(_sn)=.*">
279
313
  <description>Siebel CRM</description>
280
314
  <param pos="1" name="cookie"/>
@@ -282,6 +316,7 @@
282
316
  <param pos="0" name="service.family" value="CRM"/>
283
317
  <param pos="0" name="service.product" value="CRM"/>
284
318
  </fingerprint>
319
+
285
320
  <!-- This fingerprint is not specific enough. Multiple products are sold under
286
321
  the brand iPlanet/Sun ONE/Sun Java.
287
322
  <fingerprint pattern="^(iPlanetUserId)=.*">
@@ -291,7 +326,9 @@
291
326
  <param pos="0" name="service.family" value="???"/>
292
327
  <param pos="0" name="service.product" value="???"/>
293
328
  </fingerprint>
329
+
294
330
  -->
331
+
295
332
  <fingerprint pattern="^(NSES40Session)=.*">
296
333
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
297
334
  <param pos="1" name="cookie"/>
@@ -301,6 +338,7 @@
301
338
  <param pos="0" name="service.version" value="4.0"/>
302
339
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
303
340
  </fingerprint>
341
+
304
342
  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
305
343
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
306
344
  <param pos="1" name="cookie"/>
@@ -309,6 +347,7 @@
309
347
  <param pos="0" name="service.product" value="Java System Application Server"/>
310
348
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
311
349
  </fingerprint>
350
+
312
351
  <fingerprint pattern="^(fe_typo_user)=.*">
313
352
  <description>TYPO3 CMS - http://typo3.com/</description>
314
353
  <param pos="1" name="cookie"/>
@@ -316,6 +355,7 @@
316
355
  <param pos="0" name="service.family" value="CMS"/>
317
356
  <param pos="0" name="service.product" value="CMS"/>
318
357
  </fingerprint>
358
+
319
359
  <fingerprint pattern="^(SaneID)=.*">
320
360
  <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
321
361
  <param pos="1" name="cookie"/>
@@ -323,6 +363,7 @@
323
363
  <param pos="0" name="service.family" value="NetTracker"/>
324
364
  <param pos="0" name="service.product" value="NetTracker"/>
325
365
  </fingerprint>
366
+
326
367
  <fingerprint pattern="^(__utm[a-z])=.*">
327
368
  <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
328
369
  <param pos="1" name="cookie"/>
@@ -330,6 +371,7 @@
330
371
  <param pos="0" name="service.family" value="Urchin"/>
331
372
  <param pos="0" name="service.product" value="Urchin Tracking Module"/>
332
373
  </fingerprint>
374
+
333
375
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
334
376
  <description>Vignette</description>
335
377
  <param pos="1" name="cookie"/>
@@ -337,6 +379,7 @@
337
379
  <param pos="0" name="service.family" value="Vignette"/>
338
380
  <param pos="0" name="service.product" value="Vignette"/>
339
381
  </fingerprint>
382
+
340
383
  <fingerprint pattern="^(wgSession)=.*">
341
384
  <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
342
385
  <param pos="1" name="cookie"/>
@@ -344,6 +387,7 @@
344
387
  <param pos="0" name="service.family" value="WebGUI"/>
345
388
  <param pos="0" name="service.product" value="WebGUI"/>
346
389
  </fingerprint>
390
+
347
391
  <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
348
392
  <description>WebTrends</description>
349
393
  <param pos="1" name="cookie"/>
@@ -351,20 +395,24 @@
351
395
  <param pos="0" name="service.family" value="WebTrends"/>
352
396
  <param pos="0" name="service.product" value="WebTrends"/>
353
397
  </fingerprint>
398
+
354
399
  <fingerprint pattern="^(_ZopeId)=.*">
355
400
  <description>Zope</description>
356
401
  <param pos="1" name="cookie"/>
357
402
  <param pos="0" name="service.family" value="Zope"/>
358
403
  <param pos="0" name="service.product" value="Zope"/>
359
404
  </fingerprint>
405
+
360
406
  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
361
407
  <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
362
408
  <param pos="1" name="cookie"/>
363
409
  <param pos="2" name="service.version"/>
364
410
  <param pos="0" name="service.vendor" value="Oracle"/>
365
411
  <param pos="0" name="service.family" value="OracleAS"/>
366
- <param pos="0" name="service.product" value="OracleAS Portal"/>
412
+ <param pos="0" name="service.product" value="Application Server Portal"/>
413
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
367
414
  </fingerprint>
415
+
368
416
  <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
369
417
  <description>HP System Management Homepage (SMH)</description>
370
418
  <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
@@ -373,6 +421,7 @@
373
421
  <param pos="0" name="service.family" value="SMH"/>
374
422
  <param pos="0" name="service.product" value="SMH"/>
375
423
  </fingerprint>
424
+
376
425
  <fingerprint pattern="^MoodleSession=">
377
426
  <description>Moodle</description>
378
427
  <example>MoodleSession=uohhsgcain708q5l4gqcmmb5s2; path=/</example>
@@ -381,12 +430,14 @@
381
430
  <param pos="0" name="service.component.product" value="Moodle"/>
382
431
  <param pos="0" name="service.component.cpe23" value="cpe:/a:moodle:moodle:-"/>
383
432
  </fingerprint>
433
+
384
434
  <fingerprint pattern="_arachni_webui_session=">
385
435
  <description>Arachni Security Scanner</description>
386
436
  <example>_arachni_webui_session=el2MMEVVcld3Q2dBc3UvSmtQYmlPckpxSE2CMmlwd1Nja2lvUk5tRG5XYTlnRHJuVVVTblVNMTBOdGhrUU02dzC0K1I0Mnk3d1I3SUlCcngwQkliV3Y5VDBnVVZkOWJsS0VGSlYwM1RGMlVzVDNKcXlrdFNQZ0lIM1VBN3RDZFIrZTBrdjZmdSt0YnV2djh1RFE0S1czUmZQcGxNNW9UWVQydXFCZmNHZDRmTlg4cWludE5SUDRYU2JwdWw4Qmk3dEpDV3ZBejRkbU9ueFJKNG1HenplUEJjem9LU09IM0Z6ZHM4YU00aVpKUHJRVzR3SG8rRzBjWG9jclpqZGd2dmp2TnVGbjkvb0lmanZvM3lPZGhXb3c9PS0tR0dXVWppWnorMG1NNjlXTkYvaEswUT09--44b846e66f558667d7503010a726e2388803136f; path=/; HttpOnly</example>
387
437
  <param pos="0" name="service.vendor" value="Arachni"/>
388
438
  <param pos="0" name="service.product" value="Arachni"/>
389
439
  </fingerprint>
440
+
390
441
  <!--
391
442
  Ignore various cookies that are very generic cookies for session IDs
392
443
  that are not necessarily indicative of any particular
@@ -394,12 +445,14 @@
394
445
  a similar cookie name, you must ensure that it is located prior to
395
446
  these and this is enforced by rspec.
396
447
  -->
448
+
397
449
  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
398
450
  <description>Ignore simple JSESSIONID and related cookies</description>
399
451
  <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
400
452
  <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
401
453
  <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
402
454
  </fingerprint>
455
+
403
456
  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
404
457
  <description>Ignore simple SESSIONID and related cookies</description>
405
458
  <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
@@ -407,8 +460,10 @@
407
460
  <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
408
461
  <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
409
462
  </fingerprint>
463
+
410
464
  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
411
465
  <description>Ignore simple SID and related cookies</description>
412
466
  <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
413
467
  </fingerprint>
414
- </fingerprints>
468
+
469
+ </fingerprints>
@@ -1,6 +1,7 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
3
3
  <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
4
+
4
5
  <fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
5
6
  <description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
6
7
  <example service.version="220.68">AirTunes/220.68</example>
@@ -9,6 +10,7 @@
9
10
  <param pos="1" name="service.version"/>
10
11
  <param pos="0" name="hw.device" value="Media Server"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="(?i)^cpsrvd(?:/([\d\.]+))?$">
13
15
  <description>cPanel Service Daemon</description>
14
16
  <example service.version="11.44.3.0">cpsrvd/11.44.3.0</example>
@@ -17,16 +19,21 @@
17
19
  <param pos="0" name="service.product" value="cPanel Service Daemon"/>
18
20
  <param pos="1" name="service.version"/>
19
21
  </fingerprint>
22
+
23
+ <!-- CentOS Web Panel is not part of the CentOS project and runs on CentOS,
24
+ RedHat, and CloudLinux.
25
+ -->
26
+
20
27
  <fingerprint pattern="(?i)^cwpsrv$">
21
28
  <description>CentOS Web Panel</description>
22
29
  <example>cwpsrv</example>
23
- <param pos="0" name="service.vendor" value="CentOS"/>
30
+ <param pos="0" name="service.vendor" value="CentOS WebPanel"/>
24
31
  <param pos="0" name="service.product" value="CentOS Web Panel"/>
25
- <param pos="0" name="os.vendor" value="CentOS"/>
32
+ <param pos="0" name="service.cpe23" value="cpe:/a:centos-webpanel:centos_web_panel:-"/>
26
33
  <param pos="0" name="os.family" value="Linux"/>
27
34
  <param pos="0" name="os.product" value="Linux"/>
28
- <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
29
35
  </fingerprint>
36
+
30
37
  <fingerprint pattern="^Stronghold/(\d\.\d) Apache/([012][\d.]*)\s*(.*)$">
31
38
  <description>Red Hat Stronghold Enterprise Apache</description>
32
39
  <example service.version="1.3.19" service.cpe23="cpe:/a:apache:http_server:1.3.19" service.component.cpe23="cpe:/a:redhat:stronghold:3.0">Stronghold/3.0 Apache/1.3.19 RedHat/3014c</example>
@@ -47,6 +54,7 @@
47
54
  <param pos="0" name="os.family" value="Linux"/>
48
55
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
49
56
  </fingerprint>
57
+
50
58
  <fingerprint pattern="(?i)^Apache/\d$">
51
59
  <description>Apache returning only its major version number</description>
52
60
  <example>Apache/1</example>
@@ -56,6 +64,17 @@
56
64
  <param pos="0" name="service.family" value="Apache"/>
57
65
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
58
66
  </fingerprint>
67
+
68
+ <fingerprint pattern="^Apache ([\d.]+)$">
69
+ <description>Apache returning just version number</description>
70
+ <example service.version="1.3.29">Apache 1.3.29</example>
71
+ <param pos="0" name="service.vendor" value="Apache"/>
72
+ <param pos="0" name="service.product" value="HTTPD"/>
73
+ <param pos="0" name="service.family" value="Apache"/>
74
+ <param pos="1" name="service.version"/>
75
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
76
+ </fingerprint>
77
+
59
78
  <fingerprint pattern="(?i)^Apache$">
60
79
  <description>Apache returning no version information</description>
61
80
  <example>Apache</example>
@@ -65,6 +84,7 @@
65
84
  <param pos="0" name="service.family" value="Apache"/>
66
85
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
67
86
  </fingerprint>
87
+
68
88
  <fingerprint pattern="(?i)^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$">
69
89
  <description>Apache</description>
70
90
  <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
@@ -90,6 +110,7 @@
90
110
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
91
111
  <param pos="2" name="apache.info"/>
92
112
  </fingerprint>
113
+
93
114
  <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
94
115
  <description>Apache CouchDB</description>
95
116
  <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
@@ -98,11 +119,13 @@
98
119
  <param pos="1" name="service.version"/>
99
120
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:couchdb:{service.version}"/>
100
121
  </fingerprint>
122
+
101
123
  <fingerprint pattern="^support@arraynetworks.net$">
102
124
  <description>Array Networks device</description>
103
125
  <example>support@arraynetworks.net</example>
104
126
  <param pos="0" name="service.vendor" value="Array Networks"/>
105
127
  </fingerprint>
128
+
106
129
  <fingerprint pattern="^Check Point SVN foundation$">
107
130
  <description>Check Point Firewall NG</description>
108
131
  <example>Check Point SVN foundation</example>
@@ -120,6 +143,25 @@
120
143
  <param pos="0" name="hw.family" value="Firewall-1"/>
121
144
  <param pos="0" name="hw.product" value="Firewall-1"/>
122
145
  </fingerprint>
146
+
147
+ <fingerprint pattern="^CPWS$">
148
+ <description>Check Point Firewall NG - short version</description>
149
+ <example>CPWS</example>
150
+ <param pos="0" name="service.vendor" value="Check Point"/>
151
+ <param pos="0" name="service.product" value="Firewall-1"/>
152
+ <param pos="0" name="service.family" value="Firewall-1"/>
153
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
154
+ <param pos="0" name="os.vendor" value="Check Point"/>
155
+ <param pos="0" name="os.device" value="Firewall"/>
156
+ <param pos="0" name="os.family" value="Firewall-1"/>
157
+ <param pos="0" name="os.product" value="GAiA OS"/>
158
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
159
+ <param pos="0" name="hw.vendor" value="Check Point"/>
160
+ <param pos="0" name="hw.device" value="Firewall"/>
161
+ <param pos="0" name="hw.family" value="Firewall-1"/>
162
+ <param pos="0" name="hw.product" value="Firewall-1"/>
163
+ </fingerprint>
164
+
123
165
  <fingerprint pattern="^Microsoft-IIS/([1234]\.0)$">
124
166
  <description>Microsoft IIS 1.0 - 4.0 runs on Windows NT 4.0</description>
125
167
  <example>Microsoft-IIS/4.0</example>
@@ -134,6 +176,7 @@
134
176
  <param pos="0" name="os.version" value="4.0"/>
135
177
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:4.0"/>
136
178
  </fingerprint>
179
+
137
180
  <fingerprint pattern="^Microsoft-IIS/5.0$">
138
181
  <description>Microsoft IIS 5.0 runs on Windows 2000</description>
139
182
  <example>Microsoft-IIS/5.0</example>
@@ -147,6 +190,7 @@
147
190
  <param pos="0" name="os.product" value="Windows 2000"/>
148
191
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
149
192
  </fingerprint>
193
+
150
194
  <fingerprint pattern="^Microsoft-IIS/5.1$">
151
195
  <description>Microsoft IIS 5.1 runs on Windows XP</description>
152
196
  <example>Microsoft-IIS/5.1</example>
@@ -160,6 +204,7 @@
160
204
  <param pos="0" name="os.product" value="Windows XP"/>
161
205
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
162
206
  </fingerprint>
207
+
163
208
  <fingerprint pattern="^Microsoft-IIS/6.0$">
164
209
  <description>Microsoft IIS 6.0 runs on Windows Server 2003 (and Windows XP x64)</description>
165
210
  <example>Microsoft-IIS/6.0</example>
@@ -173,6 +218,7 @@
173
218
  <param pos="0" name="os.product" value="Windows Server 2003"/>
174
219
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
175
220
  </fingerprint>
221
+
176
222
  <fingerprint pattern="^Microsoft-IIS/7.0$">
177
223
  <description>Microsoft IIS 7.0 runs on Windows Server 2008 (and Windows Vista)</description>
178
224
  <example>Microsoft-IIS/7.0</example>
@@ -186,6 +232,7 @@
186
232
  <param pos="0" name="os.product" value="Windows Server 2008"/>
187
233
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
188
234
  </fingerprint>
235
+
189
236
  <fingerprint pattern="^Microsoft-IIS/7.5$">
190
237
  <description>Microsoft IIS 7.5 runs on Windows Server 2008 R2 (and Windows 7)</description>
191
238
  <example>Microsoft-IIS/7.5</example>
@@ -199,6 +246,7 @@
199
246
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
200
247
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
201
248
  </fingerprint>
249
+
202
250
  <fingerprint pattern="^Microsoft-IIS/8.0$">
203
251
  <description>Microsoft IIS 8.0 runs on Windows Server 2012 (and Windows 8)</description>
204
252
  <example>Microsoft-IIS/8.0</example>
@@ -212,6 +260,7 @@
212
260
  <param pos="0" name="os.product" value="Windows Server 2012"/>
213
261
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
214
262
  </fingerprint>
263
+
215
264
  <fingerprint pattern="^Microsoft-IIS/8.5$">
216
265
  <description>Microsoft IIS 8.5 runs on Windows Server 2012 R2 (and Windows 8.1)</description>
217
266
  <example>Microsoft-IIS/8.5</example>
@@ -225,6 +274,7 @@
225
274
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
226
275
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
227
276
  </fingerprint>
277
+
228
278
  <fingerprint pattern="^Microsoft-IIS/10.0$">
229
279
  <description>Microsoft IIS 10.0 runs on Windows Server 2016 and 2019</description>
230
280
  <example>Microsoft-IIS/10.0</example>
@@ -236,6 +286,7 @@
236
286
  <param pos="0" name="os.vendor" value="Microsoft"/>
237
287
  <param pos="0" name="os.family" value="Windows"/>
238
288
  </fingerprint>
289
+
239
290
  <fingerprint pattern="^Microsoft-IIS/([\d\.]+)$">
240
291
  <description>Microsoft IIS new, unknown Windows version</description>
241
292
  <example>Microsoft-IIS/9.0</example>
@@ -245,6 +296,7 @@
245
296
  <param pos="1" name="service.version"/>
246
297
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
247
298
  </fingerprint>
299
+
248
300
  <fingerprint pattern="^Microsoft-IIS$">
249
301
  <description>Microsoft IIS, no version information</description>
250
302
  <example>Microsoft-IIS</example>
@@ -255,6 +307,7 @@
255
307
  <param pos="0" name="os.vendor" value="Microsoft"/>
256
308
  <param pos="0" name="os.family" value="Windows"/>
257
309
  </fingerprint>
310
+
258
311
  <fingerprint pattern="^MS .NET Remoting, MS .NET CLR (\d+\.\d+\.\d+\.\d+)$">
259
312
  <description>Microsoft .NET Remoting and Common Language Runtime (CLR)</description>
260
313
  <example>MS .NET Remoting, MS .NET CLR 2.0.50727.42</example>
@@ -270,6 +323,7 @@
270
323
  <param pos="0" name="os.product" value="Windows"/>
271
324
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
272
325
  </fingerprint>
326
+
273
327
  <fingerprint pattern="^Microsoft-WinCE/(\d\.\d+)$">
274
328
  <description>Windows CE embedded devices, including HP iPAQ, Palm Treo, Motorola phones, and many more</description>
275
329
  <example os.version="4.10">Microsoft-WinCE/4.10</example>
@@ -286,6 +340,7 @@
286
340
  <param pos="1" name="os.version"/>
287
341
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:{os.version}"/>
288
342
  </fingerprint>
343
+
289
344
  <fingerprint pattern="^Microsoft-PWS/(\d\.\d+)$">
290
345
  <description>Microsoft Personal Web Server runs on Windows 9x, ME, etc.</description>
291
346
  <example>Microsoft-PWS/4.0</example>
@@ -299,6 +354,7 @@
299
354
  <param pos="0" name="os.product" value="Windows"/>
300
355
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
301
356
  </fingerprint>
357
+
302
358
  <fingerprint pattern="^Microsoft-PWS-95/(\d\.\d+)$">
303
359
  <description>Microsoft Personal Web Server for Windows 95</description>
304
360
  <example>Microsoft-PWS-95/4.0</example>
@@ -312,6 +368,7 @@
312
368
  <param pos="0" name="os.product" value="Windows 95"/>
313
369
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_95:-"/>
314
370
  </fingerprint>
371
+
315
372
  <fingerprint pattern="(?i)^mt-daapd(?:/(.+))?$">
316
373
  <description>Firefly Media Server</description>
317
374
  <example service.version="0.2.4.1">mt-daapd/0.2.4.1</example>
@@ -320,6 +377,7 @@
320
377
  <param pos="0" name="service.product" value="Media Server"/>
321
378
  <param pos="1" name="service.version"/>
322
379
  </fingerprint>
380
+
323
381
  <fingerprint pattern="^Apache[ -]Coyote/(\d\.\d)$">
324
382
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Coyote variant</description>
325
383
  <example>Apache-Coyote/1.1</example>
@@ -333,6 +391,7 @@
333
391
  <param pos="0" name="service.component.family" value="Coyote"/>
334
392
  <param pos="1" name="service.component.version"/>
335
393
  </fingerprint>
394
+
336
395
  <fingerprint pattern="^Apache Tomcat$">
337
396
  <description>HTTP connector for Apache Tomcat with no version</description>
338
397
  <example>Apache Tomcat</example>
@@ -341,6 +400,7 @@
341
400
  <param pos="0" name="service.family" value="Tomcat"/>
342
401
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
343
402
  </fingerprint>
403
+
344
404
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
345
405
  <description>JBoss with embedded Tomcat</description>
346
406
  <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -354,6 +414,7 @@
354
414
  <param pos="2" name="service.component.version"/>
355
415
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
356
416
  </fingerprint>
417
+
357
418
  <fingerprint pattern="^Servlet [\d\.]+; Tomcat-(\S+)/JBoss-(\S+) \(build: .*\)$">
358
419
  <description>JBoss with embedded Tomcat - Tomcat build variant</description>
359
420
  <example service.version="4.0.1sp1" service.component.version="5.0.28">Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)</example>
@@ -367,6 +428,7 @@
367
428
  <param pos="1" name="service.component.version"/>
368
429
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
369
430
  </fingerprint>
431
+
370
432
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-([\S]+)(?: \(build.*)?/JBossWeb-(\S+)$">
371
433
  <description>JBoss with JBossweb</description>
372
434
  <example service.version="4.2.3.GA" service.component.version="2.0">Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0</example>
@@ -375,10 +437,12 @@
375
437
  <param pos="0" name="service.product" value="JBoss EAP"/>
376
438
  <param pos="1" name="service.version"/>
377
439
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
378
- <param pos="0" name="service.component.vendor" value="RedHat"/>
440
+ <param pos="0" name="service.component.vendor" value="Red Hat"/>
379
441
  <param pos="0" name="service.component.product" value="JBossWeb"/>
380
442
  <param pos="2" name="service.component.version"/>
443
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:redhat:jboss_web_framework_kit:{service.component.version}"/>
381
444
  </fingerprint>
445
+
382
446
  <fingerprint pattern="^Servlet\/[\d\.]+; JBossAS-(.*)$">
383
447
  <description>JBoss AS</description>
384
448
  <example service.version="6">Servlet/3.0; JBossAS-6</example>
@@ -387,6 +451,7 @@
387
451
  <param pos="1" name="service.version"/>
388
452
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_wildfly_application_server:{service.version}"/>
389
453
  </fingerprint>
454
+
390
455
  <fingerprint pattern="^JBoss-EAP\/(\d+)$">
391
456
  <description>JBoss EAP</description>
392
457
  <example service.version="7">JBoss-EAP/7</example>
@@ -396,6 +461,7 @@
396
461
  <param pos="1" name="service.version"/>
397
462
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
398
463
  </fingerprint>
464
+
399
465
  <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
400
466
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Apache variant</description>
401
467
  <example service.version="4.0.6">Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
@@ -410,6 +476,7 @@
410
476
  <param pos="0" name="service.component.family" value="Apache Tomcat HTTP Connector"/>
411
477
  <param pos="0" name="service.component.product" value="Apache Tomcat HTTP Connector"/>
412
478
  </fingerprint>
479
+
413
480
  <fingerprint pattern="^Tomcat Web Server/(\d\.[\dA-Z.]+)(?: Final)?(?:\s\(([^\)]+)\))?$">
414
481
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server</description>
415
482
  <example>Tomcat Web Server/3.2.2 (JSP 1.1; Servlet 2.2; Java 1.3.1; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)</example>
@@ -423,15 +490,18 @@
423
490
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
424
491
  <param pos="2" name="tomcat.info"/>
425
492
  </fingerprint>
426
- <fingerprint pattern="^Tomcat/(\S+)$">
427
- <description>Apache tomcat with minimal version information</description>
428
- <example>Tomcat/2.1</example>
493
+
494
+ <fingerprint pattern="^(?:Apache )?Tomcat/([\d.]+)$">
495
+ <description>Apache Tomcat with version information</description>
496
+ <example service.version="2.1">Tomcat/2.1</example>
497
+ <example service.version="9.0.5">Apache Tomcat/9.0.5</example>
429
498
  <param pos="0" name="service.vendor" value="Apache"/>
430
499
  <param pos="0" name="service.product" value="Tomcat"/>
431
500
  <param pos="0" name="service.family" value="Tomcat"/>
432
501
  <param pos="1" name="service.version"/>
433
502
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
434
503
  </fingerprint>
504
+
435
505
  <fingerprint pattern="^PDR-M800/1.0$">
436
506
  <description>Merit LILIN PDR M800</description>
437
507
  <example>PDR-M800/1.0</example>
@@ -439,6 +509,7 @@
439
509
  <param pos="0" name="hw.product" value="PDR M800"/>
440
510
  <param pos="0" name="hw.device" value="DVR"/>
441
511
  </fingerprint>
512
+
442
513
  <fingerprint pattern="^PHP/(\S+)$">
443
514
  <description>PHP</description>
444
515
  <example service.component.version="4.4.2-1build1">PHP/4.4.2-1build1</example>
@@ -446,13 +517,16 @@
446
517
  <param pos="0" name="service.component.product" value="PHP"/>
447
518
  <param pos="1" name="service.component.version"/>
448
519
  </fingerprint>
520
+
449
521
  <!-- TODO: Capture ZendServer version in fingerprint -->
522
+
450
523
  <fingerprint pattern="^PHP/(\S+)\s+ZendServer/\S+$">
451
524
  <description>PHP with ZendServer</description>
452
525
  <example service.component.version="5.3.14">PHP/5.3.14 ZendServer/5.0</example>
453
526
  <param pos="0" name="service.component.product" value="PHP"/>
454
527
  <param pos="1" name="service.component.version"/>
455
528
  </fingerprint>
529
+
456
530
  <fingerprint pattern="^Oracle Application Server Containers for J2EE 10g \(([\d.]+)\)$">
457
531
  <description>Oracle Application Server Containers for J2EE 10g</description>
458
532
  <example>Oracle Application Server Containers for J2EE 10g (9.0.4.0.0)</example>
@@ -461,6 +535,7 @@
461
535
  <param pos="0" name="service.family" value="Oracle"/>
462
536
  <param pos="1" name="service.version"/>
463
537
  </fingerprint>
538
+
464
539
  <fingerprint pattern="^Oracle Containers for J2EE$">
465
540
  <description>Oracle Application Server Containers for J2EE</description>
466
541
  <example>Oracle Containers for J2EE</example>
@@ -468,6 +543,7 @@
468
543
  <param pos="0" name="service.product" value="Oracle Application Server Containers"/>
469
544
  <param pos="0" name="service.family" value="Oracle"/>
470
545
  </fingerprint>
546
+
471
547
  <fingerprint pattern="^Oracle Application Server/10g \(([\d.]+)\) Apache/([12][\d.]+)\s*(.*)$">
472
548
  <description>Oracle Application Server 10g with Apache info (powered by Apache)</description>
473
549
  <example>Oracle Application Server/10g (10.1.2) Apache/1.3.34 (Unix) mod_perl/1.29 mod_jk/1.2.14 OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=119642322340,0)</example>
@@ -480,7 +556,9 @@
480
556
  <param pos="0" name="apache.variant" value="Oracle"/>
481
557
  <param pos="1" name="apache.variant.version"/>
482
558
  </fingerprint>
559
+
483
560
  <!-- TODO: this needs to be improved -->
561
+
484
562
  <fingerprint pattern="^Oracle-Application-Server-\d+[ig](?:[ /]([\d.]+) (?:\(.*\)|Oracle-HTTP-Server\s*(.*)))?$">
485
563
  <description>Oracle Application Server 10g (powered by Apache)</description>
486
564
  <example>Oracle-Application-Server-11g</example>
@@ -497,6 +575,7 @@
497
575
  <param pos="0" name="apache.variant" value="Oracle"/>
498
576
  <param pos="1" name="apache.variant.version"/>
499
577
  </fingerprint>
578
+
500
579
  <fingerprint pattern="^Oracle9iAS/([\d.]+) Oracle HTTP Server\s*(.*)$">
501
580
  <description>Oracle 9i Application Server</description>
502
581
  <example>Oracle9iAS/9.0.2.3.0 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.3.0 (N)</example>
@@ -509,6 +588,7 @@
509
588
  <param pos="0" name="apache.variant" value="Oracle"/>
510
589
  <param pos="1" name="apache.variant.version"/>
511
590
  </fingerprint>
591
+
512
592
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache/([12][\d.]*)\s*(.*)$">
513
593
  <description>Oracle HTTP Server (powered by Apache) - version string variant</description>
514
594
  <example>Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a</example>
@@ -522,6 +602,7 @@
522
602
  <param pos="2" name="apache.info"/>
523
603
  <param pos="0" name="apache.variant" value="Oracle"/>
524
604
  </fingerprint>
605
+
525
606
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache$">
526
607
  <description>Oracle HTTP Server (powered by Apache)</description>
527
608
  <example>Oracle HTTP Server Powered by Apache</example>
@@ -531,6 +612,25 @@
531
612
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
532
613
  <param pos="0" name="apache.variant" value="Oracle"/>
533
614
  </fingerprint>
615
+
616
+ <fingerprint pattern="^Oracle-Web-Cache-11g/([\d.]+) \(N;ecid=[^)]+\)$">
617
+ <description>Oracle Web Cache</description>
618
+ <example service.version="11.1.1.9.0">Oracle-Web-Cache-11g/11.1.1.9.0 (N;ecid=93620137613024,0:1)</example>
619
+ <param pos="0" name="service.vendor" value="Oracle"/>
620
+ <param pos="0" name="service.product" value="Web Cache"/>
621
+ <param pos="1" name="service.version"/>
622
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:web_cache:{service.version}"/>
623
+ </fingerprint>
624
+
625
+ <fingerprint pattern="^OracleAS-Web-Cache-10g/([\d.]+).*">
626
+ <description>Oracle Application Server Web Cache</description>
627
+ <example service.version="10.1.2.3.0">OracleAS-Web-Cache-10g/10.1.2.3.0</example>
628
+ <param pos="0" name="service.vendor" value="Oracle"/>
629
+ <param pos="0" name="service.product" value="Application Server Web Cache"/>
630
+ <param pos="1" name="service.version"/>
631
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_web_cache:{service.version}"/>
632
+ </fingerprint>
633
+
534
634
  <fingerprint pattern="^HP Apache-based Web Server/([012][\d.]*)\s*\(Unix\)\s*(.*)$">
535
635
  <description>Apache running on HP-UX</description>
536
636
  <example>HP Apache-based Web Server/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c</example>
@@ -547,6 +647,7 @@
547
647
  <param pos="0" name="os.product" value="HP-UX"/>
548
648
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
549
649
  </fingerprint>
650
+
550
651
  <fingerprint pattern="^CompaqHTTPServer/([0-9.]*)(?: HP System Management Homepage(?:/.*)?)?$">
551
652
  <description>HP/Compaq HTTP Server</description>
552
653
  <example>CompaqHTTPServer/9.9 HP System Management Homepage/2.1.5.146</example>
@@ -559,6 +660,7 @@
559
660
  <param pos="0" name="service.family" value="Compaq HTTP Server"/>
560
661
  <param pos="1" name="service.version"/>
561
662
  </fingerprint>
663
+
562
664
  <fingerprint pattern="^HPSMH$">
563
665
  <description>HP System Management Homepage (SMH)</description>
564
666
  <example>HPSMH</example>
@@ -566,6 +668,7 @@
566
668
  <param pos="0" name="service.family" value="SMH"/>
567
669
  <param pos="0" name="service.product" value="SMH"/>
568
670
  </fingerprint>
671
+
569
672
  <fingerprint pattern="(?i)^eHTTP[/ ]v?(\d+\.\d+)">
570
673
  <description>HTTP Server present on seemingly only HP ProCurve network devices</description>
571
674
  <example service.version="1.1">EHTTP/1.1</example>
@@ -578,6 +681,7 @@
578
681
  <param pos="0" name="os.family" value="ProCurve"/>
579
682
  <param pos="0" name="os.certainty" value="0.75"/>
580
683
  </fingerprint>
684
+
581
685
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
582
686
  <description>HP Openview Coda (Communications Daemon)</description>
583
687
  <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
@@ -592,6 +696,7 @@
592
696
  <param pos="0" name="service.component.product" value="CODA"/>
593
697
  <param pos="1" name="service.component.version"/>
594
698
  </fingerprint>
699
+
595
700
  <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
596
701
  <description>OpenView Reverse Channel Proxy (RCP)</description>
597
702
  <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
@@ -604,6 +709,7 @@
604
709
  <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
605
710
  <param pos="1" name="service.component.version"/>
606
711
  </fingerprint>
712
+
607
713
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
608
714
  <description>HP Openview LLBServer (Local Location Broker)</description>
609
715
  <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
@@ -617,6 +723,7 @@
617
723
  <param pos="0" name="service.component.product" value="LLBServer"/>
618
724
  <param pos="1" name="service.component.version"/>
619
725
  </fingerprint>
726
+
620
727
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
621
728
  <description>OpenView Communication Broker (ovbbccb)</description>
622
729
  <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
@@ -630,6 +737,7 @@
630
737
  <param pos="0" name="service.component.product" value="Communication Broker"/>
631
738
  <param pos="1" name="service.component.version"/>
632
739
  </fingerprint>
740
+
633
741
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
634
742
  <description>OpenView Communication Broker (ovbbccb) with no version</description>
635
743
  <example>BBC 11.13.007; ovbbccb unknown version</example>
@@ -641,6 +749,7 @@
641
749
  <param pos="0" name="service.component.family" value="OpenView"/>
642
750
  <param pos="0" name="service.component.product" value="Communication Broker"/>
643
751
  </fingerprint>
752
+
644
753
  <fingerprint pattern="^UOS$">
645
754
  <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
646
755
  <example>UOS</example>
@@ -654,6 +763,7 @@
654
763
  <param pos="0" name="hw.family" value="TippingPoint"/>
655
764
  <param pos="0" name="hw.device" value="IPS"/>
656
765
  </fingerprint>
766
+
657
767
  <fingerprint pattern="^uc-httpd[ \/]([\d.]+)$">
658
768
  <description>Xiongmai Tech uc-httpd</description>
659
769
  <example service.version="1.0.0">uc-httpd 1.0.0</example>
@@ -662,6 +772,7 @@
662
772
  <param pos="0" name="service.product" value="uc-httpd"/>
663
773
  <param pos="1" name="service.version"/>
664
774
  </fingerprint>
775
+
665
776
  <fingerprint pattern="^micro_httpd$">
666
777
  <description>ACME micro_httpd</description>
667
778
  <example>micro_httpd</example>
@@ -669,6 +780,7 @@
669
780
  <param pos="0" name="service.product" value="micro_httpd"/>
670
781
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:micro_httpd:-"/>
671
782
  </fingerprint>
783
+
672
784
  <fingerprint pattern="^mini_httpd$">
673
785
  <description>ACME mini_httpd</description>
674
786
  <example>mini_httpd</example>
@@ -676,6 +788,7 @@
676
788
  <param pos="0" name="service.product" value="mini_httpd"/>
677
789
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
678
790
  </fingerprint>
791
+
679
792
  <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
680
793
  <description>LiteSpeed</description>
681
794
  <example>LiteSpeed</example>
@@ -683,7 +796,9 @@
683
796
  <param pos="0" name="service.vendor" value="LiteSpeed Technologies"/>
684
797
  <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
685
798
  <param pos="1" name="service.version"/>
799
+ <param pos="0" name="service.cpe23" value="cpe:/a:litespeedtech:litespeed_web_server:{service.version}"/>
686
800
  </fingerprint>
801
+
687
802
  <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
688
803
  <description>Idea Web Server</description>
689
804
  <example service.version="0.83.74">IdeaWebServer/0.83.74</example>
@@ -692,6 +807,7 @@
692
807
  <param pos="0" name="service.product" value="Idea Web Server"/>
693
808
  <param pos="1" name="service.version"/>
694
809
  </fingerprint>
810
+
695
811
  <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
696
812
  <description>OpenResty OpenResty</description>
697
813
  <example>openresty</example>
@@ -701,6 +817,7 @@
701
817
  <param pos="1" name="service.version"/>
702
818
  <param pos="0" name="service.cpe23" value="cpe:/a:openresty:openresty:{service.version}"/>
703
819
  </fingerprint>
820
+
704
821
  <fingerprint pattern="^gunicorn\/([\d.]+)+$">
705
822
  <description>Gunicorn Gunicorn</description>
706
823
  <example service.version="19.7.1">gunicorn/19.7.1</example>
@@ -709,14 +826,36 @@
709
826
  <param pos="1" name="service.version"/>
710
827
  <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:{service.version}"/>
711
828
  </fingerprint>
829
+
712
830
  <fingerprint pattern="^Serv-U\/([\d.]+)$">
713
831
  <description>Serv-U HTTP interface</description>
714
832
  <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
715
833
  <param pos="0" name="service.vendor" value="SolarWinds"/>
716
834
  <param pos="0" name="service.family" value="Serv-U"/>
717
- <param pos="0" name="service.product" value="FTP Server"/>
835
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
836
+ <param pos="1" name="service.version"/>
837
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
838
+ </fingerprint>
839
+
840
+ <fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
841
+ <description>Wing FTP HTTP interface - with version</description>
842
+ <example service.version="3.6.0">Wing FTP Server/3.6.0(customer name here)</example>
843
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
844
+ <param pos="0" name="service.family" value="Wing FTP"/>
845
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
718
846
  <param pos="1" name="service.version"/>
847
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:{service.version}"/>
848
+ </fingerprint>
849
+
850
+ <fingerprint pattern="^Wing FTP Server\([^)]*\)$">
851
+ <description>Wing FTP HTTP interface - no version</description>
852
+ <example>Wing FTP Server(customer name here)</example>
853
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
854
+ <param pos="0" name="service.family" value="Wing FTP"/>
855
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
856
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:-"/>
719
857
  </fingerprint>
858
+
720
859
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
721
860
  <description>Sonos Bridge/ZoneBridge</description>
722
861
  <example hw.model="BR100" hw.version="47.2-59120">Linux UPnP/1.0 Sonos/47.2-59120 (BR100)</example>
@@ -727,6 +866,7 @@
727
866
  <param pos="2" name="hw.model"/>
728
867
  <param pos="0" name="os.product" value="Linux"/>
729
868
  </fingerprint>
869
+
730
870
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
731
871
  <description>Sonos Subwoofer Speaker</description>
732
872
  <example>Linux UPnP/1.0 Sonos/31.3-22220 (ANVIL)</example>
@@ -736,6 +876,7 @@
736
876
  <param pos="1" name="hw.version"/>
737
877
  <param pos="0" name="os.product" value="Linux"/>
738
878
  </fingerprint>
879
+
739
880
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ZP(S?\d+)\)$">
740
881
  <description>Sonos PLAY/ZonePlayer wireless speaker</description>
741
882
  <example hw.model="S1" hw.version="39.2-47040c">Linux UPnP/1.0 Sonos/39.2-47040c (ZPS1)</example>
@@ -748,6 +889,7 @@
748
889
  <param pos="2" name="hw.model"/>
749
890
  <param pos="0" name="os.product" value="Linux"/>
750
891
  </fingerprint>
892
+
751
893
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(WD(\d+)\)$">
752
894
  <description>Sonos Wireless Dock</description>
753
895
  <example hw.model="100" hw.version="36.4-41270">Linux UPnP/1.0 Sonos/36.4-41270 (WD100)</example>
@@ -758,6 +900,7 @@
758
900
  <param pos="2" name="hw.model"/>
759
901
  <param pos="0" name="os.product" value="Linux"/>
760
902
  </fingerprint>
903
+
761
904
  <fingerprint pattern="^Varnish(?:[- ]Cache)?$">
762
905
  <description>Varnish Cache</description>
763
906
  <example>Varnish</example>
@@ -767,6 +910,7 @@
767
910
  <param pos="0" name="service.product" value="Varnish"/>
768
911
  <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
769
912
  </fingerprint>
913
+
770
914
  <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
771
915
  <description>Tengine</description>
772
916
  <example>Tengine</example>
@@ -776,6 +920,7 @@
776
920
  <param pos="0" name="service.product" value="Tengine"/>
777
921
  <param pos="1" name="service.version"/>
778
922
  </fingerprint>
923
+
779
924
  <fingerprint pattern="^Mikrotik HttpProxy$">
780
925
  <description>MikroTik RouterOS - Proxy service</description>
781
926
  <example>Mikrotik HttpProxy</example>
@@ -788,6 +933,7 @@
788
933
  <param pos="0" name="hw.vendor" value="MikroTik"/>
789
934
  <param pos="0" name="hw.device" value="Router"/>
790
935
  </fingerprint>
936
+
791
937
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
792
938
  <description>RealMedia Helix Server - Windows</description>
793
939
  <example>Helix Server Version 9.0.4.960 (win32) (RealServer compatible)</example>
@@ -800,6 +946,7 @@
800
946
  <param pos="0" name="service.family" value="Helix Server"/>
801
947
  <param pos="1" name="service.version"/>
802
948
  </fingerprint>
949
+
803
950
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(linux-\S+\) \(RealServer compatible\)$">
804
951
  <description>RealMedia Helix Server - Linux</description>
805
952
  <example>Helix Server Version 9.0.4.960 (linux-2.2-libc6-i586-server) (RealServer compatible)</example>
@@ -810,6 +957,7 @@
810
957
  <param pos="0" name="service.family" value="Helix Server"/>
811
958
  <param pos="1" name="service.version"/>
812
959
  </fingerprint>
960
+
813
961
  <fingerprint pattern="^ReeCam IP Camera$">
814
962
  <description>Shenzhen ReeCam cameras</description>
815
963
  <example>ReeCam IP Camera</example>
@@ -817,12 +965,14 @@
817
965
  <param pos="0" name="hw.product" value="ReeCam"/>
818
966
  <param pos="0" name="hw.device" value="Web cam"/>
819
967
  </fingerprint>
968
+
820
969
  <fingerprint pattern="^Netwave IP Camera$">
821
970
  <description>Netwave cameras</description>
822
971
  <example>Netwave IP Camera</example>
823
972
  <param pos="0" name="hw.vendor" value="Netwave"/>
824
973
  <param pos="0" name="hw.device" value="Web cam"/>
825
974
  </fingerprint>
975
+
826
976
  <fingerprint pattern="^Cougar/([0-9.]*)$">
827
977
  <description>Windows Media Services (older versions)</description>
828
978
  <example>Cougar/9.01.01.3841</example>
@@ -835,6 +985,7 @@
835
985
  <param pos="0" name="service.family" value="Windows Media Services"/>
836
986
  <param pos="1" name="service.version"/>
837
987
  </fingerprint>
988
+
838
989
  <fingerprint pattern="^WMServer/([0-9.]*)$">
839
990
  <description>Windows Media Services (newer versions)</description>
840
991
  <example>WMServer/9.1.1.3841</example>
@@ -847,6 +998,7 @@
847
998
  <param pos="0" name="service.family" value="Windows Media Services"/>
848
999
  <param pos="1" name="service.version"/>
849
1000
  </fingerprint>
1001
+
850
1002
  <fingerprint pattern="^Microsoft-HTTPAPI/(?:[0-9\.]*)$">
851
1003
  <description>Generic Microsoft HTTP service</description>
852
1004
  <example>Microsoft-HTTPAPI/2.0</example>
@@ -855,6 +1007,7 @@
855
1007
  <param pos="0" name="os.product" value="Windows"/>
856
1008
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
857
1009
  </fingerprint>
1010
+
858
1011
  <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
859
1012
  <description>Generic IP Cameras</description>
860
1013
  <example>camera</example>
@@ -862,6 +1015,7 @@
862
1015
  <example>Mini Dome IP Camera</example>
863
1016
  <param pos="0" name="hw.device" value="Web cam"/>
864
1017
  </fingerprint>
1018
+
865
1019
  <fingerprint pattern="^ASP.NET$">
866
1020
  <description>Something written in ASP.NET</description>
867
1021
  <example>ASP.NET</example>
@@ -871,6 +1025,7 @@
871
1025
  <param pos="0" name="os.certainty" value="0.6"/>
872
1026
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
873
1027
  </fingerprint>
1028
+
874
1029
  <fingerprint pattern="^[Xx]itami$">
875
1030
  <description>Xitami web server</description>
876
1031
  <example>Xitami</example>
@@ -878,6 +1033,7 @@
878
1033
  <param pos="0" name="service.product" value="HTTP"/>
879
1034
  <param pos="0" name="service.family" value="Webserver"/>
880
1035
  </fingerprint>
1036
+
881
1037
  <fingerprint pattern="^VCS-VIDOS-NVR$">
882
1038
  <description>Bosch VCS VIDOS-NVR network video recorder</description>
883
1039
  <example>VCS-VIDOS-NVR</example>
@@ -887,12 +1043,14 @@
887
1043
  <param pos="0" name="hw.vendor" value="Bosch"/>
888
1044
  <param pos="0" name="hw.device" value="DVR"/>
889
1045
  </fingerprint>
1046
+
890
1047
  <fingerprint pattern="^FUHO-DVR$">
891
1048
  <description>FUHO Surveillance/DVR</description>
892
1049
  <example>FUHO-DVR</example>
893
1050
  <param pos="0" name="hw.vendor" value="FUHO"/>
894
1051
  <param pos="0" name="hw.device" value="DVR"/>
895
1052
  </fingerprint>
1053
+
896
1054
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
897
1055
  <description>HeiTel Digital Video Recorder</description>
898
1056
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -902,6 +1060,7 @@
902
1060
  <param pos="0" name="hw.vendor" value="HeiTel"/>
903
1061
  <param pos="0" name="hw.device" value="DVR"/>
904
1062
  </fingerprint>
1063
+
905
1064
  <fingerprint pattern="^MiniServ/([0-9.]*)$">
906
1065
  <description>mini_httpd</description>
907
1066
  <example>MiniServ/0.01</example>
@@ -909,6 +1068,7 @@
909
1068
  <param pos="0" name="service.family" value="WebServer"/>
910
1069
  <param pos="1" name="service.version"/>
911
1070
  </fingerprint>
1071
+
912
1072
  <fingerprint pattern="^IBM HTTP Server/(V\d+R\d+M\d+)$">
913
1073
  <description>IBM HTTP server running on AS/400</description>
914
1074
  <example>IBM HTTP Server/V5R3M0</example>
@@ -923,6 +1083,7 @@
923
1083
  <param pos="1" name="os.version"/>
924
1084
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
925
1085
  </fingerprint>
1086
+
926
1087
  <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
927
1088
  <description>IBM HTTP Server</description>
928
1089
  <example>IBM_HTTP_SERVER/1.3.19.2 Apache/1.3.20 (Win32)</example>
@@ -944,6 +1105,7 @@
944
1105
  <param pos="0" name="apache.variant" value="IBM"/>
945
1106
  <param pos="1" name="apache.variant.version"/>
946
1107
  </fingerprint>
1108
+
947
1109
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$">
948
1110
  <description>IBM HTTP Server with hardly useful version info</description>
949
1111
  <example>IBM-HTTP-Server/1.0</example>
@@ -955,6 +1117,7 @@
955
1117
  <param pos="0" name="apache.variant" value="IBM"/>
956
1118
  <param pos="1" name="apache.variant.version"/>
957
1119
  </fingerprint>
1120
+
958
1121
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
959
1122
  <description>IBM HTTP Server with no version info</description>
960
1123
  <example>IBM_HTTP_SERVER</example>
@@ -965,9 +1128,11 @@
965
1128
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
966
1129
  <param pos="0" name="apache.variant" value="IBM"/>
967
1130
  </fingerprint>
1131
+
968
1132
  <!--
969
1133
  Netscape/Sun's Application Server
970
1134
  -->
1135
+
971
1136
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server( \d\.[\d_]+)?$">
972
1137
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
973
1138
  <example>Sun-Java-System/Application-Server</example>
@@ -977,6 +1142,7 @@
977
1142
  <param pos="1" name="service.version"/>
978
1143
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:{service.version}"/>
979
1144
  </fingerprint>
1145
+
980
1146
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server Platform Edition (\d\.[\d_]+)?$">
981
1147
  <description>Sun Java System Application Server Platform Edition(formerly iPlanet Application Server, Sun ONE Application Server)</description>
982
1148
  <example>Sun Java System Application Server Platform Edition 9.0</example>
@@ -986,22 +1152,46 @@
986
1152
  <param pos="0" name="service.product" value="Java System Application Server Platform Edition"/>
987
1153
  <param pos="1" name="service.version"/>
988
1154
  </fingerprint>
1155
+
989
1156
  <fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
990
1157
  <description>Glassfish with version information</description>
991
- <example>Sun GlassFish Enterprise Server v2.1</example>
992
- <param pos="0" name="service.vendor" value="Sun"/>
993
- <param pos="0" name="service.product" value="GlassFish"/>
1158
+ <example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
1159
+ <param pos="0" name="service.vendor" value="Oracle"/>
1160
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1161
+ <param pos="1" name="service.version"/>
1162
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
1163
+ </fingerprint>
1164
+
1165
+ <fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
1166
+ <description>Glassfish Open Source Edition with version information</description>
1167
+ <example service.version="4.1.2">GlassFish Server Open Source Edition 4.1.2</example>
1168
+ <example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
1169
+ <param pos="0" name="service.vendor" value="Oracle"/>
1170
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1171
+ <param pos="1" name="service.version"/>
1172
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
1173
+ </fingerprint>
1174
+
1175
+ <fingerprint pattern="^Oracle GlassFish Server ([\d.]+)$">
1176
+ <description>Oracle GlassFish Server</description>
1177
+ <example service.version="3.1.2.14">Oracle GlassFish Server 3.1.2.14</example>
1178
+ <param pos="0" name="service.vendor" value="Oracle"/>
1179
+ <param pos="0" name="service.product" value="GlassFish Server"/>
994
1180
  <param pos="1" name="service.version"/>
1181
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
995
1182
  </fingerprint>
1183
+
996
1184
  <fingerprint pattern="^GlassFish$">
997
1185
  <description>Glassfish without version information</description>
998
1186
  <example>GlassFish</example>
999
1187
  <param pos="0" name="service.vendor" value="Sun"/>
1000
- <param pos="0" name="service.product" value="GlassFish"/>
1188
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1001
1189
  </fingerprint>
1190
+
1002
1191
  <!--
1003
1192
  Netscape/Sun's Web Server
1004
1193
  -->
1194
+
1005
1195
  <fingerprint pattern="^Netscape-Enterprise/(\d+\.[\w\s.]+)$">
1006
1196
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
1007
1197
  <example>Netscape-Enterprise/3.5.1</example>
@@ -1013,6 +1203,7 @@
1013
1203
  <param pos="1" name="service.version"/>
1014
1204
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:{service.version}"/>
1015
1205
  </fingerprint>
1206
+
1016
1207
  <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
1017
1208
  <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web Server and Sun ONE Web Server)</description>
1018
1209
  <example>Sun-Java-System-Web-Server/7.0</example>
@@ -1022,19 +1213,20 @@
1022
1213
  <param pos="0" name="service.product" value="Java System Web Server"/>
1023
1214
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:-"/>
1024
1215
  </fingerprint>
1216
+
1025
1217
  <!--
1026
1218
  Netscape/Sun's Web Proxy Server
1027
1219
  -->
1220
+
1028
1221
  <!--
1029
1222
  Header seen on admin port 8081 (not regular proxy port 8080) of Sun Java
1030
1223
  System Web Proxy Server 3.6 Service Pack 4 running on Windows:
1031
-
1032
1224
  Server: Netscape-Administrator/3.54
1033
-
1034
1225
  However this header might be used by Web Server too, so it might be
1035
1226
  impossible to differentiate Web Server from Web Proxy Server. Also note how
1036
1227
  there seems to be no relation between 3.54 and "3.6 Service Pack 4".
1037
1228
  -->
1229
+
1038
1230
  <fingerprint pattern="^iPlanet-Web-Proxy-Server/(.*)$">
1039
1231
  <description>iPlanet WebProxy Server (subsequently Sun ONE WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1040
1232
  <example>iPlanet-Web-Proxy-Server/3.6</example>
@@ -1045,6 +1237,7 @@
1045
1237
  <param pos="1" name="service.version"/>
1046
1238
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1047
1239
  </fingerprint>
1240
+
1048
1241
  <fingerprint pattern="^Sun-ONE-Web-Proxy-Server/(.*)$">
1049
1242
  <description>Sun ONE WebProxy Server (formerly iPlanet WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1050
1243
  <example service.version="3.6-SP4">Sun-ONE-Web-Proxy-Server/3.6-SP4</example>
@@ -1054,6 +1247,7 @@
1054
1247
  <param pos="1" name="service.version"/>
1055
1248
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1056
1249
  </fingerprint>
1250
+
1057
1251
  <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(\d\.[\d.]+)$">
1058
1252
  <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server, Sun ONE WebProxy Server)</description>
1059
1253
  <example>Sun-Java-System-Web-Proxy-Server/4.0.2</example>
@@ -1064,6 +1258,7 @@
1064
1258
  <param pos="1" name="service.version"/>
1065
1259
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1066
1260
  </fingerprint>
1261
+
1067
1262
  <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
1068
1263
  <description>Sun Integrated Lights Out Manager (ILOM) usually bundled with Sun Fire servers</description>
1069
1264
  <example>Sun-ILOM-Web-Server/1.0</example>
@@ -1073,6 +1268,7 @@
1073
1268
  <param pos="0" name="hw.vendor" value="Sun"/>
1074
1269
  <param pos="0" name="hw.family" value="Sun Fire"/>
1075
1270
  </fingerprint>
1271
+
1076
1272
  <fingerprint pattern="^HP-iLO-Server/(?:[\S]+)">
1077
1273
  <description>HP Integrated Lights Out Manager (iLO). Version in the Server header (found on in iLO4) is the firmware version and is not currently used.</description>
1078
1274
  <example>HP-iLO-Server/1.30</example>
@@ -1087,12 +1283,14 @@
1087
1283
  <param pos="0" name="os.family" value="iLO"/>
1088
1284
  <param pos="0" name="os.device" value="Lights Out Management"/>
1089
1285
  </fingerprint>
1286
+
1090
1287
  <!--
1091
1288
  TODO:
1092
-
1093
1289
  Sun_WebServer/2.1
1094
1290
  -->
1291
+
1095
1292
  <!-- Mort Bay Jetty 1.0 to 6.x -->
1293
+
1096
1294
  <fingerprint pattern="^Jetty\/([1-6]\.[\w.]+)(?: \(([^)]*))?">
1097
1295
  <description>Mort Bay Jetty with info</description>
1098
1296
  <example service.version="4.0.1" jetty.info="SunOS 5.8 sparc">Jetty/4.0.1 (SunOS 5.8 sparc)</example>
@@ -1107,6 +1305,7 @@
1107
1305
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1108
1306
  <param pos="2" name="jetty.info"/>
1109
1307
  </fingerprint>
1308
+
1110
1309
  <fingerprint pattern="^Jetty\(([1-6]\S+)\)$">
1111
1310
  <description>Mort Bay Jetty</description>
1112
1311
  <example service.version="1.4.5">Jetty(1.4.5)</example>
@@ -1117,10 +1316,12 @@
1117
1316
  <param pos="1" name="service.version"/>
1118
1317
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1119
1318
  </fingerprint>
1319
+
1120
1320
  <!--
1121
1321
  Jetty moved to Eclipse.org at version 7, CVEs after this version are
1122
1322
  associated with Eclipse CPEs.
1123
1323
  -->
1324
+
1124
1325
  <fingerprint pattern="^Jetty\((\S+)\)$">
1125
1326
  <description>Eclipse Jetty</description>
1126
1327
  <example service.version="7.6.9.v20130131">Jetty(7.6.9.v20130131)</example>
@@ -1132,6 +1333,7 @@
1132
1333
  <param pos="1" name="service.version"/>
1133
1334
  <param pos="0" name="service.cpe23" value="cpe:/a:eclipse:jetty:{service.version}"/>
1134
1335
  </fingerprint>
1336
+
1135
1337
  <fingerprint pattern="^(?i)squid/(\d+\.[\w.\-\+]+)$">
1136
1338
  <description>Squid Web Proxy with a version</description>
1137
1339
  <example service.version="2.3.STABLE1">Squid/2.3.STABLE1</example>
@@ -1143,6 +1345,7 @@
1143
1345
  <param pos="1" name="service.version"/>
1144
1346
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:{service.version}"/>
1145
1347
  </fingerprint>
1348
+
1146
1349
  <fingerprint pattern="^(?i)squid$">
1147
1350
  <description>Squid Web Proxy without a version</description>
1148
1351
  <example>Squid</example>
@@ -1152,14 +1355,18 @@
1152
1355
  <param pos="0" name="service.family" value="Squid"/>
1153
1356
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:-"/>
1154
1357
  </fingerprint>
1358
+
1155
1359
  <fingerprint pattern="^thttpd/(\d\.[\w.]+)-MX\s*.*$">
1156
1360
  <description>thttpd with SSL support</description>
1157
1361
  <example>thttpd/2.19-MX Jan 24 2006</example>
1362
+ <param pos="0" name="service.vendor" value="ACME"/>
1158
1363
  <param pos="0" name="service.product" value="thttpd"/>
1159
1364
  <param pos="0" name="service.family" value="thttpd"/>
1160
1365
  <param pos="1" name="service.version"/>
1366
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:thttpd:{service.version}"/>
1161
1367
  <param pos="0" name="thttpd.mx-patch" value="enabled"/>
1162
1368
  </fingerprint>
1369
+
1163
1370
  <fingerprint pattern="^thttpd(?:/(\d\.[\w.]+)\s*.*)?$">
1164
1371
  <description>thttpd</description>
1165
1372
  <example>thttpd</example>
@@ -1171,15 +1378,20 @@
1171
1378
  <param pos="0" name="service.family" value="thttpd"/>
1172
1379
  <param pos="1" name="service.version"/>
1173
1380
  </fingerprint>
1174
- <fingerprint pattern="^lighttpd(?:/(\d[\d.]+))?.*$">
1381
+
1382
+ <fingerprint pattern="(?i)^lighttpd(?:/(\d[\d.]+))?.*$">
1175
1383
  <description>Lighttpd</description>
1176
1384
  <example>lighttpd</example>
1385
+ <example>Lighttpd</example>
1177
1386
  <example service.version="1.4.16">lighttpd/1.4.16</example>
1178
1387
  <example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
1388
+ <param pos="0" name="service.vendor" value="lighttpd"/>
1179
1389
  <param pos="0" name="service.product" value="lighttpd"/>
1180
1390
  <param pos="0" name="service.family" value="lighttpd"/>
1181
1391
  <param pos="1" name="service.version"/>
1392
+ <param pos="0" name="service.cpe23" value="cpe:/a:lighttpd:lighttpd:{service.version}"/>
1182
1393
  </fingerprint>
1394
+
1183
1395
  <fingerprint pattern="^nginx$">
1184
1396
  <description>nginx without version info</description>
1185
1397
  <example>nginx</example>
@@ -1188,6 +1400,7 @@
1188
1400
  <param pos="0" name="service.vendor" value="nginx"/>
1189
1401
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
1190
1402
  </fingerprint>
1403
+
1191
1404
  <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
1192
1405
  <description>nginx with version info and/or mods</description>
1193
1406
  <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
@@ -1200,6 +1413,7 @@
1200
1413
  <param pos="1" name="service.version"/>
1201
1414
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
1202
1415
  </fingerprint>
1416
+
1203
1417
  <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
1204
1418
  <description>IBM Lotus Notes/Domino with no useful version info</description>
1205
1419
  <example>Lotus</example>
@@ -1211,6 +1425,7 @@
1211
1425
  <param pos="0" name="service.family" value="Lotus Domino"/>
1212
1426
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
1213
1427
  </fingerprint>
1428
+
1214
1429
  <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
1215
1430
  <description>IBM Lotus Notes/Domino with version info</description>
1216
1431
  <example>Lotus-Domino/5.0.8</example>
@@ -1221,6 +1436,7 @@
1221
1436
  <param pos="1" name="service.version"/>
1222
1437
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
1223
1438
  </fingerprint>
1439
+
1224
1440
  <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
1225
1441
  <description>BEA WebLogic</description>
1226
1442
  <example service.version="8.1 SP3">WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
@@ -1232,6 +1448,7 @@
1232
1448
  <param pos="1" name="service.version"/>
1233
1449
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:{service.version}"/>
1234
1450
  </fingerprint>
1451
+
1235
1452
  <fingerprint pattern="^WebSphere Application Server/(\d+\.\d+)$">
1236
1453
  <description>IBM WebSphere</description>
1237
1454
  <example service.version="5.0">WebSphere Application Server/5.0</example>
@@ -1242,6 +1459,7 @@
1242
1459
  <param pos="1" name="service.version"/>
1243
1460
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:websphere:{service.version}"/>
1244
1461
  </fingerprint>
1462
+
1245
1463
  <fingerprint pattern="^Resin/(\S+)$">
1246
1464
  <description>Caucho Resin</description>
1247
1465
  <example>Resin/2.1.13</example>
@@ -1253,6 +1471,7 @@
1253
1471
  <param pos="1" name="service.version"/>
1254
1472
  <param pos="0" name="service.cpe23" value="cpe:/a:caucho:resin:{service.version}"/>
1255
1473
  </fingerprint>
1474
+
1256
1475
  <fingerprint pattern="^Ipswitch-IMail/(\d\.\d+)$">
1257
1476
  <description>Ipswitch IMail Server</description>
1258
1477
  <example>Ipswitch-IMail/5.08</example>
@@ -1268,6 +1487,7 @@
1268
1487
  <param pos="0" name="os.product" value="Windows"/>
1269
1488
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1270
1489
  </fingerprint>
1490
+
1271
1491
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1272
1492
  <description>Aprelium Technologies Abyss Web Server X1 (free personal edition) on Windows</description>
1273
1493
  <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
@@ -1281,6 +1501,7 @@
1281
1501
  <param pos="0" name="os.product" value="Windows"/>
1282
1502
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1283
1503
  </fingerprint>
1504
+
1284
1505
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X2-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1285
1506
  <description>Aprelium Technologies Abyss Web Server X2 (licensed professional edition) on Windows</description>
1286
1507
  <param pos="0" name="service.vendor" value="Aprelium Technologies"/>
@@ -1292,6 +1513,7 @@
1292
1513
  <param pos="0" name="os.product" value="Windows"/>
1293
1514
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1294
1515
  </fingerprint>
1516
+
1295
1517
  <fingerprint pattern="^Microsoft (Commerce Server\s*(?:2002|2007)?, (?:Enterprise|Standard|Evaluation|Developer) Edition)$">
1296
1518
  <description>Microsoft Commerce Server</description>
1297
1519
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -1302,6 +1524,7 @@
1302
1524
  <param pos="0" name="os.product" value="Windows"/>
1303
1525
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1304
1526
  </fingerprint>
1527
+
1305
1528
  <fingerprint pattern="^NetWare-Enterprise-Web-Server/(\d+\.\d+)$">
1306
1529
  <description>NetWare Enterprise Web Server (runs on NetWare 5.1)</description>
1307
1530
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1316,6 +1539,7 @@
1316
1539
  <param pos="1" name="os.version"/>
1317
1540
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:{os.version}"/>
1318
1541
  </fingerprint>
1542
+
1319
1543
  <fingerprint pattern="^NetWare HTTP Stack$">
1320
1544
  <description>NetWare HTTP stack (runs on 6.0 and 6.5)</description>
1321
1545
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1326,6 +1550,7 @@
1326
1550
  <param pos="0" name="os.product" value="NetWare"/>
1327
1551
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
1328
1552
  </fingerprint>
1553
+
1329
1554
  <fingerprint pattern="^Novell-HTTP-Server/3.1R1$">
1330
1555
  <description>NetWare HTTP Server (runs on NetWare 4.11)</description>
1331
1556
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1339,6 +1564,7 @@
1339
1564
  <param pos="0" name="os.version" value="4.11"/>
1340
1565
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.11"/>
1341
1566
  </fingerprint>
1567
+
1342
1568
  <fingerprint pattern="^Novell-HTTP-Server/2.51R1$">
1343
1569
  <description>NetWare HTTP Server (runs on NetWare 4.1)</description>
1344
1570
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1352,6 +1578,7 @@
1352
1578
  <param pos="0" name="os.version" value="4.1"/>
1353
1579
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.1"/>
1354
1580
  </fingerprint>
1581
+
1355
1582
  <fingerprint pattern="^Netscape-FastTrack/(\d+\.[\w\s.]+)$">
1356
1583
  <description>Netscape FastTrack Server</description>
1357
1584
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1360,6 +1587,7 @@
1360
1587
  <param pos="1" name="service.version"/>
1361
1588
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:fasttrack_server:{service.version}"/>
1362
1589
  </fingerprint>
1590
+
1363
1591
  <fingerprint pattern="^Netscape-Commerce/(\d+\.[\w\s.]+)$">
1364
1592
  <description>Netscape Commerce Server</description>
1365
1593
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1368,47 +1596,157 @@
1368
1596
  <param pos="1" name="service.version"/>
1369
1597
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:commerce_server:{service.version}"/>
1370
1598
  </fingerprint>
1599
+
1371
1600
  <!--
1372
1601
  TODO
1373
-
1374
1602
  "Powered by PowerBSD - Apache"
1375
1603
  "SSE(Apache)"
1376
1604
  -->
1605
+
1377
1606
  <fingerprint pattern="^SAP J2EE Engine/(\d+\.\d+)$">
1378
- <description>SAP NetWeaver Web AS (Application Server)</description>
1607
+ <description>SAP NetWeaver Application Server Java - short version</description>
1608
+ <example service.version="7.01">SAP J2EE Engine/7.01</example>
1609
+ <param pos="0" name="service.vendor" value="SAP"/>
1610
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1611
+ <param pos="0" name="service.family" value="NetWeaver"/>
1612
+ <param pos="1" name="service.version"/>
1613
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1614
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1615
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1616
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1617
+ </fingerprint>
1618
+
1619
+ <fingerprint pattern="^SAP J2EE Engine$">
1620
+ <description>SAP NetWeaver Application Server Java - without version</description>
1621
+ <example>SAP J2EE Engine</example>
1622
+ <param pos="0" name="service.vendor" value="SAP"/>
1623
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1624
+ <param pos="0" name="service.family" value="NetWeaver"/>
1625
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:-"/>
1626
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1627
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1628
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1629
+ </fingerprint>
1630
+
1631
+ <fingerprint pattern="^SAP NetWeaver Application Server$">
1632
+ <description>SAP NetWeaver Application Server without version</description>
1633
+ <example>SAP NetWeaver Application Server</example>
1634
+ <param pos="0" name="service.vendor" value="SAP"/>
1635
+ <param pos="0" name="service.product" value="NetWeaver Application Server"/>
1636
+ <param pos="0" name="service.family" value="NetWeaver"/>
1637
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1638
+ </fingerprint>
1639
+
1640
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / AS Java ([\d.]+)$">
1641
+ <description>SAP NetWeaver Application Server Java</description>
1642
+ <example service.version="7.30" service.component.version="7.22">SAP NetWeaver Application Server 7.22 / AS Java 7.30</example>
1643
+ <param pos="0" name="service.vendor" value="SAP"/>
1644
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1645
+ <param pos="0" name="service.family" value="NetWeaver"/>
1646
+ <param pos="2" name="service.version"/>
1647
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1648
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1649
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1650
+ <param pos="1" name="service.component.version"/>
1651
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1652
+ </fingerprint>
1653
+
1654
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / ICM ([\d.]+)$">
1655
+ <description>SAP NetWeaver Application Server - Internet Communication Manager</description>
1656
+ <example service.version="7.21" service.component.version="7.21">SAP NetWeaver Application Server 7.21 / ICM 7.21</example>
1379
1657
  <param pos="0" name="service.vendor" value="SAP"/>
1380
- <param pos="0" name="service.product" value="NetWeaver Web AS"/>
1658
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1381
1659
  <param pos="0" name="service.family" value="NetWeaver"/>
1660
+ <param pos="2" name="service.version"/>
1661
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1662
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1663
+ <param pos="1" name="service.component.version"/>
1664
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1665
+ </fingerprint>
1666
+
1667
+ <fingerprint pattern="^SAP NetWeaver Application Server \(ICM\)$">
1668
+ <description>SAP NetWeaver Application Server - Internet Communication Manager without version</description>
1669
+ <example>SAP NetWeaver Application Server (ICM)</example>
1670
+ <param pos="0" name="service.vendor" value="SAP"/>
1671
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1672
+ <param pos="0" name="service.family" value="NetWeaver"/>
1673
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1674
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1675
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1676
+ </fingerprint>
1677
+
1678
+ <fingerprint pattern="^SAP NetWeaver Application Server / ABAP ([\d.]+)$">
1679
+ <description>SAP NetWeaver Application Server - Advanced Business Application Programming</description>
1680
+ <example service.version="731">SAP NetWeaver Application Server / ABAP 731</example>
1681
+ <param pos="0" name="service.vendor" value="SAP"/>
1682
+ <param pos="0" name="service.product" value="NetWeaver AS ABAP"/>
1683
+ <param pos="0" name="service.family" value="NetWeaver"/>
1684
+ <param pos="1" name="service.version"/>
1685
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_as_abap:{service.version}"/>
1686
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1687
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1688
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1689
+ </fingerprint>
1690
+
1691
+ <fingerprint pattern="^SAP Internet Graphics Server$">
1692
+ <description>SAP Internet Graphics Server</description>
1693
+ <example>SAP Internet Graphics Server</example>
1694
+ <param pos="0" name="service.vendor" value="SAP"/>
1695
+ <param pos="0" name="service.product" value="Internet Graphics Server"/>
1696
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1697
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1698
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1699
+ </fingerprint>
1700
+
1701
+ <fingerprint pattern="^SAP Message Server, release ([\d.]+) \(LNK\)$">
1702
+ <description>SAP Message Server</description>
1703
+ <example service.version="753">SAP Message Server, release 753 (LNK)</example>
1704
+ <param pos="0" name="service.vendor" value="SAP"/>
1705
+ <param pos="0" name="service.product" value="SAP Message Server"/>
1706
+ <param pos="1" name="service.version"/>
1707
+ </fingerprint>
1708
+
1709
+ <fingerprint pattern="^SQLAnywhere/([\d.]+)$">
1710
+ <description>SAP SQLAnywhere</description>
1711
+ <example service.version="16.0.0.2207">SQLAnywhere/16.0.0.2207</example>
1712
+ <param pos="0" name="service.vendor" value="SAP"/>
1713
+ <param pos="0" name="service.product" value="SQL Anywhere"/>
1382
1714
  <param pos="1" name="service.version"/>
1715
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:sql_anywhere:{service.version}"/>
1383
1716
  </fingerprint>
1717
+
1384
1718
  <fingerprint pattern="^OpenVPN-AS$">
1385
1719
  <description>OpenVPN Access Server</description>
1386
1720
  <example>OpenVPN-AS</example>
1387
1721
  <param pos="0" name="service.vendor" value="OpenVPN"/>
1388
- <param pos="0" name="service.product" value="Access Server"/>
1722
+ <param pos="0" name="service.product" value="OpenVPN Access Server"/>
1723
+ <param pos="0" name="service.cpe23" value="cpe:/a:openvpn:openvpn_access_server:-"/>
1389
1724
  <param pos="0" name="hw.device" value="VPN"/>
1390
1725
  </fingerprint>
1726
+
1391
1727
  <fingerprint pattern="^SonicWALL (SSL-?VPN(?: (?:\d+))?) Web Server\.?$">
1392
1728
  <description>SonicWALL SSL-VPN device</description>
1393
1729
  <example>SonicWALL SSLVPN Web Server</example>
1394
1730
  <example>SonicWALL SSL-VPN Web Server</example>
1395
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1731
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1396
1732
  <param pos="0" name="service.product" value="SSL-VPN"/>
1397
1733
  <param pos="0" name="service.family" value="SSL-VPN"/>
1398
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1734
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1399
1735
  <param pos="0" name="os.device" value="VPN"/>
1400
1736
  <param pos="0" name="os.family" value="SSL-VPN"/>
1401
1737
  <param pos="1" name="os.product"/>
1402
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1738
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1403
1739
  <param pos="0" name="hw.device" value="VPN"/>
1404
1740
  </fingerprint>
1741
+
1405
1742
  <fingerprint pattern="^SonicWALL$">
1406
1743
  <description>SonicWALL device</description>
1407
1744
  <example>SonicWALL</example>
1408
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1745
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1409
1746
  <param pos="0" name="service.product" value="HTTP"/>
1410
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1747
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1411
1748
  </fingerprint>
1749
+
1412
1750
  <fingerprint pattern="^NetCache appliance \(NetApp/+(\d+\.\d+[\w.]+)\)$">
1413
1751
  <description>NetCache appliance (product line formerly owned by Network Appliances, now owned by Blue Coat Systems).</description>
1414
1752
  <example service.version="5.3.1R3">NetCache appliance (NetApp/5.3.1R3)</example>
@@ -1426,6 +1764,7 @@
1426
1764
  <param pos="0" name="os.family" value="NetCache"/>
1427
1765
  <param pos="0" name="os.product" value="NetCache"/>
1428
1766
  </fingerprint>
1767
+
1429
1768
  <fingerprint pattern="^NetApp/+(.*)$">
1430
1769
  <description>NetApp file servers</description>
1431
1770
  <example>NetApp/7.3.4P1</example>
@@ -1439,6 +1778,7 @@
1439
1778
  <param pos="1" name="os.version"/>
1440
1779
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
1441
1780
  </fingerprint>
1781
+
1442
1782
  <fingerprint pattern="^BlueCoat-Security-Appliance$">
1443
1783
  <description>Blue Coat security appliance</description>
1444
1784
  <example>BlueCoat-Security-Appliance</example>
@@ -1447,6 +1787,7 @@
1447
1787
  <param pos="0" name="os.family" value="Blue Coat"/>
1448
1788
  <param pos="0" name="os.product" value="Appliance"/>
1449
1789
  </fingerprint>
1790
+
1450
1791
  <fingerprint pattern="^(?:BigIP|BIG-IP)$">
1451
1792
  <description>F5 BIG-IP</description>
1452
1793
  <param pos="0" name="service.vendor" value="F5"/>
@@ -1456,13 +1797,15 @@
1456
1797
  <param pos="0" name="os.family" value="Linux"/>
1457
1798
  <param pos="0" name="os.product" value="Linux"/>
1458
1799
  </fingerprint>
1800
+
1459
1801
  <fingerprint pattern="^TargetWeb/[\d\.]+ \(TargetOS\)$">
1460
1802
  <description>Mercurity Security TargetOS</description>
1461
1803
  <example>TargetWeb/2011.0 (TargetOS)</example>
1462
1804
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
1463
- <param pos="0" name="hw.device" value="Access Controller"/>
1805
+ <param pos="0" name="hw.device" value="Access Control"/>
1464
1806
  <param pos="0" name="hw.product" value="EP-series"/>
1465
1807
  </fingerprint>
1808
+
1466
1809
  <fingerprint pattern="^Foundry Networks(?:/(\d+\.\d+))?$">
1467
1810
  <description>Foundry Networks device (though not sure which)</description>
1468
1811
  <param pos="0" name="service.vendor" value="Foundry"/>
@@ -1470,6 +1813,7 @@
1470
1813
  <param pos="1" name="service.version"/>
1471
1814
  <param pos="0" name="os.vendor" value="Foundry"/>
1472
1815
  </fingerprint>
1816
+
1473
1817
  <fingerprint pattern="^HP-Chai(?:Server|SOE)/(\d+\.\d+)$">
1474
1818
  <description>HP Printer running the Chai embedded web server</description>
1475
1819
  <example>HP-ChaiServer/2.2</example>
@@ -1487,6 +1831,11 @@
1487
1831
  <param pos="0" name="hw.product" value="JetDirect"/>
1488
1832
  <param pos="0" name="hw.device" value="Printer"/>
1489
1833
  </fingerprint>
1834
+
1835
+ <!-- This section needs to be reworked to extract module / version to make
1836
+ this information useful and mappable to CPE
1837
+ -->
1838
+
1490
1839
  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
1491
1840
  <description>HP Printer</description>
1492
1841
  <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
@@ -1504,6 +1853,7 @@
1504
1853
  <param pos="0" name="hw.product" value="JetDirect"/>
1505
1854
  <param pos="0" name="hw.device" value="Printer"/>
1506
1855
  </fingerprint>
1856
+
1507
1857
  <fingerprint pattern="^HTTP/1\.0$">
1508
1858
  <description>Old HP printers identify themselves as "HTTP/1.0"</description>
1509
1859
  <param pos="0" name="service.vendor" value="HP"/>
@@ -1518,6 +1868,7 @@
1518
1868
  <param pos="0" name="hw.product" value="JetDirect"/>
1519
1869
  <param pos="0" name="hw.device" value="Printer"/>
1520
1870
  </fingerprint>
1871
+
1521
1872
  <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
1522
1873
  <description>Embedded HTTP server used by many vendors and device
1523
1874
  types, including APC, 3Com, Andover Controls, Cisco VoIP, D-Link,
@@ -1532,6 +1883,7 @@
1532
1883
  <param pos="0" name="service.product" value="RomPager"/>
1533
1884
  <param pos="1" name="service.version"/>
1534
1885
  </fingerprint>
1886
+
1535
1887
  <fingerprint pattern="^YAMAHA-RT$">
1536
1888
  <description>Yamaha RT series routers</description>
1537
1889
  <param pos="0" name="service.vendor" value="Yamaha"/>
@@ -1544,6 +1896,7 @@
1544
1896
  <param pos="0" name="hw.vendor" value="Yamaha"/>
1545
1897
  <param pos="0" name="hw.device" value="Router"/>
1546
1898
  </fingerprint>
1899
+
1547
1900
  <fingerprint pattern="^(?:Canon Http|CANON HTTP) Server (?:Ver)?(?:\d+\.\d+)$">
1548
1901
  <description>Canon Multifunction Printer/Copiers</description>
1549
1902
  <param pos="0" name="service.vendor" value="Canon"/>
@@ -1552,6 +1905,7 @@
1552
1905
  <param pos="0" name="hw.vendor" value="Canon"/>
1553
1906
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1554
1907
  </fingerprint>
1908
+
1555
1909
  <fingerprint pattern=".*Linksys.*">
1556
1910
  <description>Linksys Wireless Access Point</description>
1557
1911
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -1559,6 +1913,7 @@
1559
1913
  <param pos="0" name="hw.vendor" value="Linksys"/>
1560
1914
  <param pos="0" name="hw.device" value="WAP"/>
1561
1915
  </fingerprint>
1916
+
1562
1917
  <fingerprint pattern="^cisco-IOS$">
1563
1918
  <description>Cisco IOS</description>
1564
1919
  <example>cisco-IOS</example>
@@ -1573,6 +1928,7 @@
1573
1928
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1574
1929
  <param pos="0" name="hw.vendor" value="Cisco"/>
1575
1930
  </fingerprint>
1931
+
1576
1932
  <fingerprint pattern="^cisco-IOS/([^\s]+) HTTP-server/.*$">
1577
1933
  <description>Cisco IOS with version information</description>
1578
1934
  <example>cisco-IOS/12.1 HTTP-server/1.0(1)</example>
@@ -1587,6 +1943,7 @@
1587
1943
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
1588
1944
  <param pos="0" name="hw.vendor" value="Cisco"/>
1589
1945
  </fingerprint>
1946
+
1590
1947
  <fingerprint pattern="^Cisco AWARE (.*)$">
1591
1948
  <description>Cisco ASA</description>
1592
1949
  <example>Cisco AWARE 2.0</example>
@@ -1603,6 +1960,7 @@
1603
1960
  <param pos="0" name="hw.device" value="Firewall"/>
1604
1961
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
1605
1962
  </fingerprint>
1963
+
1606
1964
  <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1607
1965
  <description>Cradlepoint HTTP service</description>
1608
1966
  <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
@@ -1610,6 +1968,7 @@
1610
1968
  <param pos="0" name="service.vendor" value="Cradlepoint"/>
1611
1969
  <param pos="0" name="service.product" value="HTTP"/>
1612
1970
  </fingerprint>
1971
+
1613
1972
  <fingerprint pattern="^DesktopAuthority/(.*)$">
1614
1973
  <description>ScriptLogic DesktopAuthority</description>
1615
1974
  <param pos="1" name="service.version"/>
@@ -1621,6 +1980,7 @@
1621
1980
  <param pos="0" name="os.product" value="Windows"/>
1622
1981
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1623
1982
  </fingerprint>
1983
+
1624
1984
  <fingerprint pattern="^Agent-ListenServer-HttpSvr/.*$">
1625
1985
  <description>McAfee ePolicy Orchestrator</description>
1626
1986
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1628,12 +1988,14 @@
1628
1988
  <param pos="0" name="service.family" value="ePolicy Orchestrator"/>
1629
1989
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:epolicy_orchestrator:-"/>
1630
1990
  </fingerprint>
1991
+
1631
1992
  <fingerprint pattern="^LANDesk Management Agent/.*$">
1632
1993
  <description>LANDesk Management Agent</description>
1633
1994
  <param pos="0" name="service.vendor" value="LANDesk"/>
1634
1995
  <param pos="0" name="service.product" value="Management Agent"/>
1635
1996
  <param pos="0" name="service.family" value="Management Agent"/>
1636
1997
  </fingerprint>
1998
+
1637
1999
  <fingerprint pattern="^EWS-NIC\d/(\S+)$">
1638
2000
  <description>Xerox Embedded Web Server (EWS)</description>
1639
2001
  <example service.version="6.31">EWS-NIC3/6.31</example>
@@ -1648,6 +2010,7 @@
1648
2010
  <param pos="0" name="hw.vendor" value="Xerox"/>
1649
2011
  <param pos="0" name="hw.device" value="Printer"/>
1650
2012
  </fingerprint>
2013
+
1651
2014
  <fingerprint pattern="^Adaptec ASM (\S+)$">
1652
2015
  <description>Adaptec - Adaptec Storage Manager (runs on Windows Only)</description>
1653
2016
  <param pos="0" name="service.vendor" value="Adaptec"/>
@@ -1659,6 +2022,7 @@
1659
2022
  <param pos="0" name="os.product" value="Windows"/>
1660
2023
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1661
2024
  </fingerprint>
2025
+
1662
2026
  <fingerprint pattern="^JRun Web Server$">
1663
2027
  <description>Macromedia (formerly Allaire) JRun</description>
1664
2028
  <param pos="0" name="service.vendor" value="Macromedia"/>
@@ -1666,6 +2030,7 @@
1666
2030
  <param pos="0" name="service.product" value="JRun"/>
1667
2031
  <param pos="0" name="service.cpe23" value="cpe:/a:macromedia:jrun:-"/>
1668
2032
  </fingerprint>
2033
+
1669
2034
  <fingerprint pattern="^(?:Raptor )?Simple, Secure Web Server ([\d.]+)$">
1670
2035
  <description>Symantec Raptor Firewall</description>
1671
2036
  <example>Simple, Secure Web Server 1.1</example>
@@ -1676,6 +2041,7 @@
1676
2041
  <param pos="0" name="os.product" value="Raptor"/>
1677
2042
  <param pos="1" name="os.version"/>
1678
2043
  </fingerprint>
2044
+
1679
2045
  <fingerprint pattern="^IPG(\d+)$">
1680
2046
  <description>Systech Internet Payment Gateway</description>
1681
2047
  <example hw.model="8000">IPG8000</example>
@@ -1684,9 +2050,10 @@
1684
2050
  <param pos="0" name="hw.product" value="Internet Payment Gateway"/>
1685
2051
  <param pos="1" name="hw.model"/>
1686
2052
  </fingerprint>
2053
+
1687
2054
  <fingerprint pattern="^NS_(\d\.\d)$">
1688
2055
  <description>Citrix NetScaler</description>
1689
- <example>NS_6.1</example>
2056
+ <example service.version="6.1">NS_6.1</example>
1690
2057
  <param pos="0" name="os.vendor" value="Citrix"/>
1691
2058
  <param pos="0" name="os.family" value="NetScaler"/>
1692
2059
  <param pos="0" name="os.device" value="Network Management Device"/>
@@ -1698,6 +2065,15 @@
1698
2065
  <param pos="1" name="service.version"/>
1699
2066
  <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:{service.version}"/>
1700
2067
  </fingerprint>
2068
+
2069
+ <fingerprint pattern="^Citrix-([\d.]+) \'[^']*\'$">
2070
+ <description>Citrix STUN server</description>
2071
+ <example service.version="3.2.5.9">Citrix-3.2.5.9 'Marshal West'</example>
2072
+ <param pos="0" name="service.vendor" value="Citrix"/>
2073
+ <param pos="0" name="service.product" value="STUN Server"/>
2074
+ <param pos="1" name="service.version"/>
2075
+ </fingerprint>
2076
+
1701
2077
  <fingerprint pattern="^Rumpus$">
1702
2078
  <description>Rumpus FTP Server, Web File Manager interface</description>
1703
2079
  <example>Rumpus</example>
@@ -1706,6 +2082,7 @@
1706
2082
  <param pos="0" name="os.product" value="Mac OS X"/>
1707
2083
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1708
2084
  </fingerprint>
2085
+
1709
2086
  <fingerprint pattern="^servermgrd$">
1710
2087
  <description>Mac OS X Server administrative daemon</description>
1711
2088
  <example>servermgrd</example>
@@ -1714,6 +2091,7 @@
1714
2091
  <param pos="0" name="os.product" value="Mac OS X"/>
1715
2092
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1716
2093
  </fingerprint>
2094
+
1717
2095
  <fingerprint pattern="^(RMC Webserver|RAC_ONE_HTTP) (\d\.\d)$">
1718
2096
  <description>Dell Remote Access Controller</description>
1719
2097
  <param pos="0" name="os.vendor" value="Dell"/>
@@ -1724,6 +2102,7 @@
1724
2102
  <param pos="1" name="service.product"/>
1725
2103
  <param pos="2" name="service.version"/>
1726
2104
  </fingerprint>
2105
+
1727
2106
  <fingerprint pattern="^Xerox_MicroServer/Xerox11$">
1728
2107
  <description>Xerox Document Centre</description>
1729
2108
  <param pos="0" name="os.vendor" value="Xerox"/>
@@ -1735,6 +2114,7 @@
1735
2114
  <param pos="0" name="hw.product" value="Document Centre"/>
1736
2115
  <param pos="0" name="hw.device" value="Printer"/>
1737
2116
  </fingerprint>
2117
+
1738
2118
  <fingerprint pattern="^TSM_HTTP/\d\.\d$">
1739
2119
  <description>IBM Tivoli Storage Manager</description>
1740
2120
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -1742,11 +2122,13 @@
1742
2122
  <param pos="0" name="service.product" value="Tivoli Storage Manager"/>
1743
2123
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:tivoli_storage_manager:-"/>
1744
2124
  </fingerprint>
2125
+
1745
2126
  <fingerprint pattern="^D-Link MiniAVServer$">
1746
2127
  <description>D-Link embedded web server for web cams</description>
1747
2128
  <param pos="0" name="os.vendor" value="D-Link"/>
1748
2129
  <param pos="0" name="os.device" value="Web cam"/>
1749
2130
  </fingerprint>
2131
+
1750
2132
  <fingerprint pattern="^ListManagerWeb/(\S+) .*$">
1751
2133
  <description>Lyris ListManager</description>
1752
2134
  <example>ListManagerWeb/8.8a (based on Tcl-Webserver/3.4.2)</example>
@@ -1754,6 +2136,7 @@
1754
2136
  <param pos="0" name="service.product" value="ListManager"/>
1755
2137
  <param pos="1" name="service.version"/>
1756
2138
  </fingerprint>
2139
+
1757
2140
  <fingerprint pattern="^kHTTPd (\S+)" certainty="0.50">
1758
2141
  <description>TUX web server, an in-kernel Linux HTTP Accelerator</description>
1759
2142
  <example>kHTTPd 0.1.6</example>
@@ -1764,6 +2147,7 @@
1764
2147
  <param pos="0" name="os.product" value="Linux"/>
1765
2148
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
1766
2149
  </fingerprint>
2150
+
1767
2151
  <fingerprint pattern="^RealVNC/(?:\S+)$">
1768
2152
  <description>RealVNC built-in webserver</description>
1769
2153
  <example>RealVNC/4.0</example>
@@ -1771,6 +2155,7 @@
1771
2155
  <param pos="0" name="service.product" value="RealVNC"/>
1772
2156
  <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
1773
2157
  </fingerprint>
2158
+
1774
2159
  <fingerprint pattern="^SecureTransport (\d+[\d\.]+) \(build: (\d+)\)$">
1775
2160
  <description>AxWay SecureTransport</description>
1776
2161
  <example>SecureTransport 5.3.6 (build: 412)</example>
@@ -1780,6 +2165,7 @@
1780
2165
  <param pos="0" name="service.cpe23" value="cpe:/a:axway:securetransport:{service.version}"/>
1781
2166
  <param pos="2" name="securetransport.build"/>
1782
2167
  </fingerprint>
2168
+
1783
2169
  <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
1784
2170
  <description>EmWeb variants</description>
1785
2171
  <example>Agranat-EmWeb/R4_01</example>
@@ -1803,6 +2189,7 @@
1803
2189
  <param pos="0" name="service.product" value="EmWeb"/>
1804
2190
  <param pos="2" name="service.version"/>
1805
2191
  </fingerprint>
2192
+
1806
2193
  <fingerprint pattern="^NSC/\S+ \(JVM\)$">
1807
2194
  <description>Rapid7 NSC</description>
1808
2195
  <example>NSC/0.6.4 (JVM)</example>
@@ -1810,6 +2197,7 @@
1810
2197
  <param pos="0" name="service.product" value="Nexpose"/>
1811
2198
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1812
2199
  </fingerprint>
2200
+
1813
2201
  <fingerprint pattern="^Security Console$">
1814
2202
  <description>Rapid7 Nexpose Security Console</description>
1815
2203
  <example>Security Console</example>
@@ -1817,6 +2205,7 @@
1817
2205
  <param pos="0" name="service.product" value="Nexpose"/>
1818
2206
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1819
2207
  </fingerprint>
2208
+
1820
2209
  <fingerprint pattern="^Polycom SoundPoint IP Telephone HTTPd$">
1821
2210
  <description>Polycom Soundpoint IP Telephone</description>
1822
2211
  <example>Polycom SoundPoint IP Telephone HTTPd</example>
@@ -1826,23 +2215,21 @@
1826
2215
  <param pos="0" name="hw.family" value="SoundPoint"/>
1827
2216
  <param pos="0" name="hw.device" value="VoIP"/>
1828
2217
  </fingerprint>
2218
+
1829
2219
  <!-- 4D WebSTAR was aquired by Kerio but it seems that both
1830
2220
  Kerio and 4D have branched the product. The 4D banners
1831
2221
  use the new version scheme (just 2004 it would appear):
1832
-
1833
2222
  4D_WebStar_D/2004
1834
-
1835
2223
  whereas Kerio banners are:
1836
-
1837
2224
  4D_WebSTAR_S/5.3.2 (MacOS X)
1838
2225
  4D_WebStar_D/7.8
1839
2226
  4D_WebSTAR_S/5.4.1 (MacOS X)
1840
-
1841
2227
  WebSTAR/4.4 ID/72547
1842
2228
  WebSTAR/4.5(SSL) ID/82535
1843
2229
  WebSTAR NetCloak
1844
2230
  WebSTAR/4.5(SSL) ID/85282
1845
2231
  -->
2232
+
1846
2233
  <!--
1847
2234
  <fingerprint pattern="^4D_WebSTAR_S/2004$">
1848
2235
  <description>4D 4th Dimension 2004</description>
@@ -1853,6 +2240,7 @@
1853
2240
  <param pos="0" name="os.family" value="Windows"/>
1854
2241
  <param pos="0" name="os.product" value="Windows"/>
1855
2242
  </fingerprint>
2243
+
1856
2244
  <fingerprint pattern="^4D_WebSTAR_S/5.3.2 \(MacOS X\)$">
1857
2245
  <description>Kerio WebSTAR</description>
1858
2246
  <param pos="0" name="service.vendor" value="Kerio"/>
@@ -1863,7 +2251,9 @@
1863
2251
  <param pos="0" name="os.family" value="Windows"/>
1864
2252
  <param pos="0" name="os.product" value="Windows"/>
1865
2253
  </fingerprint>
2254
+
1866
2255
  -->
2256
+
1867
2257
  <fingerprint pattern="^SentinelProtectionServer/((?:\d+\.)*\d+)$">
1868
2258
  <description>Sentinel Protection Server - Embedded httpd in SafeNet's memory key dongles</description>
1869
2259
  <example service.version="7.1">SentinelProtectionServer/7.1</example>
@@ -1875,6 +2265,7 @@
1875
2265
  <param pos="0" name="service.family" value="Sentinel"/>
1876
2266
  <param pos="1" name="service.version"/>
1877
2267
  </fingerprint>
2268
+
1878
2269
  <fingerprint pattern="^SentinelKeysServer/((?:\d+\.)*\d+)$">
1879
2270
  <description>Sentinel Key Server - Embedded httpd in SafeNet's memory key dongles</description>
1880
2271
  <example service.version="1.3.1">SentinelKeysServer/1.3.1</example>
@@ -1885,6 +2276,7 @@
1885
2276
  <param pos="0" name="service.family" value="Sentinel"/>
1886
2277
  <param pos="1" name="service.version"/>
1887
2278
  </fingerprint>
2279
+
1888
2280
  <fingerprint pattern="^CherryPy/((?:\d+\.)*\d+)$">
1889
2281
  <description>Web server component of CherryPy web application framework.</description>
1890
2282
  <example>CherryPy/3.1.2</example>
@@ -1895,6 +2287,7 @@
1895
2287
  <param pos="1" name="service.version"/>
1896
2288
  <param pos="0" name="service.cpe23" value="cpe:/a:cherrypy:cherrypy:{service.version}"/>
1897
2289
  </fingerprint>
2290
+
1898
2291
  <fingerprint pattern="(?i)^TornadoServer/((?:\d+\.)*\d+)$">
1899
2292
  <description>Tornado Python web framework and asynchronous networking library.</description>
1900
2293
  <example>TornadoServer/4.0.2</example>
@@ -1904,16 +2297,18 @@
1904
2297
  <param pos="1" name="service.version"/>
1905
2298
  <param pos="0" name="service.cpe23" value="cpe:/a:tornadoweb:tornado:{service.version}"/>
1906
2299
  </fingerprint>
2300
+
1907
2301
  <fingerprint pattern="(?i)^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
1908
2302
  <description>SimpleHTTPRequestHandler Python class is a simple HTTP request handler.</description>
1909
- <example>SimpleHTTP/0.6 Python/2.7.6</example>
1910
- <example>SimpleHTTP/0.6 Python/3.4.0</example>
2303
+ <example service.version="0.6">SimpleHTTP/0.6 Python/2.7.6</example>
2304
+ <example python.version="3.4.0">SimpleHTTP/0.6 Python/3.4.0</example>
1911
2305
  <param pos="0" name="service.vendor" value="Python Software Foundation"/>
1912
2306
  <param pos="0" name="service.product" value="SimpleHTTP"/>
1913
2307
  <param pos="0" name="service.family" value="Python"/>
1914
2308
  <param pos="1" name="service.version"/>
1915
2309
  <param pos="2" name="python.version"/>
1916
2310
  </fingerprint>
2311
+
1917
2312
  <fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
1918
2313
  <description>Apache variant for web access to HP printers.</description>
1919
2314
  <example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
@@ -1926,6 +2321,7 @@
1926
2321
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
1927
2322
  <param pos="2" name="apache.info"/>
1928
2323
  </fingerprint>
2324
+
1929
2325
  <fingerprint pattern="^HP Web Jetadmin ([\d\.]+)(?: \([^\)]+\))?$">
1930
2326
  <description>HP printers, perhaps Apache, but we can't say for sure</description>
1931
2327
  <example service.version="10.3.85669">HP Web Jetadmin 10.3.85669</example>
@@ -1935,17 +2331,19 @@
1935
2331
  <param pos="1" name="service.version"/>
1936
2332
  <param pos="0" name="service.cpe23" value="cpe:/a:hp:web_jetadmin:{service.version}"/>
1937
2333
  </fingerprint>
2334
+
1938
2335
  <fingerprint pattern="^KM-MFP-http/V([\d\.]+)$">
1939
2336
  <description>Kyocera Printers</description>
1940
2337
  <example service.version="0.0.1">KM-MFP-http/V0.0.1</example>
1941
- <param pos="0" name="os.vendor" value="Kycoera"/>
2338
+ <param pos="0" name="os.vendor" value="Kyocera"/>
1942
2339
  <param pos="0" name="os.device" value="Multifunction Device"/>
1943
- <param pos="0" name="hw.vendor" value="Kycoera"/>
2340
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
1944
2341
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1945
2342
  <param pos="0" name="service.vendor" value="Kyocera"/>
1946
2343
  <param pos="0" name="service.product" value="KM-MFP-HTTP"/>
1947
2344
  <param pos="1" name="service.version"/>
1948
2345
  </fingerprint>
2346
+
1949
2347
  <fingerprint pattern="^Citrix Web PN Server$">
1950
2348
  <description>Citrix Web PN (Program Neighborhood) Server is an HTTP server used by Citrix products</description>
1951
2349
  <example>Citrix Web PN Server</example>
@@ -1953,6 +2351,7 @@
1953
2351
  <param pos="0" name="service.product" value="Web PN Server"/>
1954
2352
  <param pos="0" name="service.family" value="Web PN Server"/>
1955
2353
  </fingerprint>
2354
+
1956
2355
  <fingerprint pattern="^Lotus Expeditor Web Container/((?:\d+\.)*\d+)$">
1957
2356
  <description>Expeditor is a framework used by IBM in many products in the Lotus brand, such as Sametime and Notes.</description>
1958
2357
  <example>Lotus Expeditor Web Container/6.1</example>
@@ -1962,27 +2361,34 @@
1962
2361
  <param pos="0" name="service.family" value="Lotus Expeditor"/>
1963
2362
  <param pos="1" name="service.version"/>
1964
2363
  </fingerprint>
2364
+
1965
2365
  <!-- GoAhead software was acquired by Oracle in 2011. They later handed this
1966
2366
  off to (E)Mbedthis. Version 3.0 released in October 2012 appears to be
1967
2367
  the first version to fully be Mbedthis software.
1968
2368
  -->
2369
+
1969
2370
  <fingerprint pattern="^GoAhead-(?:Webs|http)$">
1970
2371
  <description>GoAhead-Webs - no version</description>
1971
2372
  <example>GoAhead-Webs</example>
1972
- <param pos="0" name="service.vendor" value="Oracle"/>
2373
+ <param pos="0" name="service.vendor" value="EmbedThis"/>
1973
2374
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1974
2375
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
2376
+ <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:goahead:-"/>
1975
2377
  </fingerprint>
1976
- <fingerprint pattern="^GoAhead-(?:Webs|http)\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
2378
+
2379
+ <fingerprint pattern="(?i)^GoAhead(?:-Webs|-http)?\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
1977
2380
  <description>GoAhead-Webs - version</description>
1978
2381
  <example service.version="2.5.0">GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.4.2-OPEN</example>
2382
+ <example service.version="2.5.0">Goahead/2.5.0 PeerSec-MatrixSSL/3.2.1-OPEN</example>
1979
2383
  <example>GoAhead-Webs/2.5.0</example>
1980
2384
  <param pos="0" name="service.vendor" value="Oracle"/>
1981
2385
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1982
2386
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1983
2387
  <param pos="1" name="service.version"/>
1984
2388
  </fingerprint>
2389
+
1985
2390
  <!-- MBedthis changed its name/branding to Embedthis-->
2391
+
1986
2392
  <fingerprint pattern="^Mbedthis-App[Ww]eb/([\d.]+)$">
1987
2393
  <description>Mbedthis Appweb</description>
1988
2394
  <example service.version="2.4.0">Mbedthis-Appweb/2.4.0</example>
@@ -1994,6 +2400,7 @@
1994
2400
  <param pos="0" name="service.family" value="Appweb"/>
1995
2401
  <param pos="1" name="service.version"/>
1996
2402
  </fingerprint>
2403
+
1997
2404
  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
1998
2405
  <description>Embedthis AppWeb</description>
1999
2406
  <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
@@ -2005,6 +2412,7 @@
2005
2412
  <param pos="1" name="service.version"/>
2006
2413
  <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
2007
2414
  </fingerprint>
2415
+
2008
2416
  <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
2009
2417
  <description>Web server for Avaya Aura Communication Manager Branch, a SIP-based communications platform.</description>
2010
2418
  <example>Avaya CMBE/2.0.0</example>
@@ -2015,6 +2423,7 @@
2015
2423
  <param pos="1" name="service.version"/>
2016
2424
  <param pos="0" name="service.cpe23" value="cpe:/a:avaya:aura_communication_manager:{service.version}"/>
2017
2425
  </fingerprint>
2426
+
2018
2427
  <fingerprint pattern="^Rapid Logic/((?:\d+\.)*\d+)$">
2019
2428
  <description>Embedded web server by Rapid Logic, which was acquired by Wind River.</description>
2020
2429
  <example service.version="1.1">Rapid Logic/1.1</example>
@@ -2023,6 +2432,7 @@
2023
2432
  <param pos="0" name="service.product" value="Rapid Logic"/>
2024
2433
  <param pos="1" name="service.version"/>
2025
2434
  </fingerprint>
2435
+
2026
2436
  <fingerprint pattern="^WindRiver-WebServer/((?:\d+\.)*\d+)$">
2027
2437
  <description>Wind River HTTP server</description>
2028
2438
  <example service.version="4.4">WindRiver-WebServer/4.4</example>
@@ -2030,14 +2440,16 @@
2030
2440
  <param pos="0" name="service.product" value="WebServer"/>
2031
2441
  <param pos="1" name="service.version"/>
2032
2442
  </fingerprint>
2443
+
2033
2444
  <fingerprint pattern="^Sophos Email Appliance$">
2034
- <description>Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
2445
+ <description>Sophos - Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
2035
2446
  <example>Sophos Email Appliance</example>
2036
2447
  <param pos="0" name="service.vendor" value="Sophos"/>
2037
2448
  <param pos="0" name="service.product" value="Email Appliance"/>
2038
2449
  <param pos="0" name="os.vendor" value="Sophos"/>
2039
2450
  <param pos="0" name="os.product" value="Email Appliance"/>
2040
2451
  </fingerprint>
2452
+
2041
2453
  <fingerprint pattern="^CUPS\/((?:\d\.)+\d+)(?:\s*IPP\/\d+\.\d+)?$">
2042
2454
  <description>Server for the CUPS web interface.</description>
2043
2455
  <example service.version="1.1">CUPS/1.1</example>
@@ -2048,6 +2460,7 @@
2048
2460
  <param pos="1" name="service.version"/>
2049
2461
  <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:{service.version}"/>
2050
2462
  </fingerprint>
2463
+
2051
2464
  <fingerprint pattern="^TwistedWeb/([\d.rc]+)$">
2052
2465
  <description>Twisted Matrix Labs - TwistedWeb</description>
2053
2466
  <example>TwistedWeb/2.5.0</example>
@@ -2058,23 +2471,27 @@
2058
2471
  <param pos="0" name="service.family" value="Twisted Web"/>
2059
2472
  <param pos="1" name="service.version"/>
2060
2473
  </fingerprint>
2474
+
2061
2475
  <fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
2062
- <description>A small HTTP server</description>
2476
+ <description>ACME mini_httpd with version and date</description>
2063
2477
  <example>mini_httpd/1.14 23jun2000</example>
2064
2478
  <example>mini_httpd/1 23jun2000</example>
2065
- <param pos="0" name="service.vendor" value="ACME Laboratories"/>
2479
+ <param pos="0" name="service.vendor" value="ACME"/>
2066
2480
  <param pos="0" name="service.product" value="mini_httpd"/>
2067
2481
  <param pos="0" name="service.family" value="mini_httpd"/>
2068
2482
  <param pos="1" name="service.version"/>
2483
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:{service.version}"/>
2069
2484
  </fingerprint>
2485
+
2070
2486
  <fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
2071
- <description>A Ruby-based web server.</description>
2072
- <example>thin 1.2.4 codename Flaming Astroboy</example>
2487
+ <description>Marc-André Cournoyer's thin webserver</description>
2488
+ <example service.version="1.2.4">thin 1.2.4 codename Flaming Astroboy</example>
2073
2489
  <example>thin 1 codename Flaming Astroboy</example>
2074
2490
  <param pos="0" name="service.product" value="Thin"/>
2075
2491
  <param pos="0" name="service.family" value="Thin"/>
2076
2492
  <param pos="1" name="service.version"/>
2077
2493
  </fingerprint>
2494
+
2078
2495
  <fingerprint pattern="^Avocent DSView \d+/((?:\d+\.)*\d+)$">
2079
2496
  <description>Web server interface for controlling data centers.</description>
2080
2497
  <example>Avocent DSView 3/3.7.0.71</example>
@@ -2085,14 +2502,18 @@
2085
2502
  <param pos="1" name="service.version"/>
2086
2503
  <param pos="0" name="service.cpe23" value="cpe:/a:avocent:dsview:{service.version}"/>
2087
2504
  </fingerprint>
2505
+
2088
2506
  <fingerprint pattern="^Mongrel ((?:\d+\.)*\d+)$">
2089
2507
  <description>Ruby-based web server and HTTP library.</description>
2090
- <example>Mongrel 1.1.5</example>
2508
+ <example service.version="1.1.5">Mongrel 1.1.5</example>
2091
2509
  <example>Mongrel 1</example>
2510
+ <param pos="0" name="service.vendor" value="Zed Shaw"/>
2092
2511
  <param pos="0" name="service.product" value="Mongrel"/>
2093
2512
  <param pos="0" name="service.family" value="Mongrel"/>
2094
2513
  <param pos="1" name="service.version"/>
2514
+ <param pos="0" name="service.cpe23" value="cpe:/a:zed_shaw:mongrel:{service.version}"/>
2095
2515
  </fingerprint>
2516
+
2096
2517
  <fingerprint pattern="^Microplex emHTTPD/((?:\d+\.)*\d+)$">
2097
2518
  <description>Embedded web server used by Microplex.</description>
2098
2519
  <example>Microplex emHTTPD/1.0</example>
@@ -2105,6 +2526,7 @@
2105
2526
  <param pos="0" name="os.vendor" value="Microplex"/>
2106
2527
  <param pos="0" name="os.device" value="Print server"/>
2107
2528
  </fingerprint>
2529
+
2108
2530
  <fingerprint pattern="^UPS_Server/((?:\d+\.)*\d+)$">
2109
2531
  <description>An embedded web server used for UPS management; primarily by Eaton, but also by APC.</description>
2110
2532
  <example>UPS_Server/1.0</example>
@@ -2116,6 +2538,7 @@
2116
2538
  <param pos="0" name="os.vendor" value="Eaton"/>
2117
2539
  <param pos="0" name="os.device" value="UPS"/>
2118
2540
  </fingerprint>
2541
+
2119
2542
  <fingerprint pattern="^JC-HTTPD/((?:\d+\.)*\d+)$">
2120
2543
  <description>An embedded web server, used notably by Oki and Kyocera in printers.</description>
2121
2544
  <example>JC-HTTPD/1.11.14</example>
@@ -2124,23 +2547,27 @@
2124
2547
  <param pos="0" name="service.family" value="JC-HTTPD"/>
2125
2548
  <param pos="1" name="service.version"/>
2126
2549
  </fingerprint>
2550
+
2127
2551
  <fingerprint pattern="^JC-SHTTPD/((?:\d+\.)*\d+)$">
2128
2552
  <description>An embedded web server.</description>
2129
- <example>JC-SHTTPD/1.17.20</example>
2553
+ <example service.version="1.17.20">JC-SHTTPD/1.17.20</example>
2130
2554
  <example>JC-SHTTPD/1</example>
2131
2555
  <param pos="0" name="service.product" value="JC-SHTTPD"/>
2132
2556
  <param pos="0" name="service.family" value="JC-SHTTPD"/>
2133
2557
  <param pos="1" name="service.version"/>
2134
2558
  </fingerprint>
2135
- <fingerprint pattern="^Oracle XML DB/Oracle\S+ Enterprise Edition Release ((?:\d+\.)*\d+) - Production$">
2559
+
2560
+ <fingerprint pattern="^Oracle XML DB/Oracle\S+ (?:Enterprise Edition )?Release ((?:\d+\.)*\d+) - Production$">
2136
2561
  <description>Web server providing web services for Oracle's XML DB - with version string</description>
2137
- <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2562
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2138
2563
  <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9 - Production</example>
2564
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Release 9.2.0.1.0 - Production</example>
2139
2565
  <param pos="0" name="service.vendor" value="Oracle"/>
2140
2566
  <param pos="0" name="service.product" value="XML DB"/>
2141
2567
  <param pos="0" name="service.family" value="Oracle"/>
2142
2568
  <param pos="1" name="service.version"/>
2143
2569
  </fingerprint>
2570
+
2144
2571
  <fingerprint pattern="^Oracle XML DB/Oracle Database$">
2145
2572
  <description>Web server providing web services for Oracle's XML DB</description>
2146
2573
  <example>Oracle XML DB/Oracle Database</example>
@@ -2148,6 +2575,7 @@
2148
2575
  <param pos="0" name="service.product" value="XML DB"/>
2149
2576
  <param pos="0" name="service.family" value="Oracle"/>
2150
2577
  </fingerprint>
2578
+
2151
2579
  <fingerprint pattern="^sfcHttpd$">
2152
2580
  <description>Server for HTTP interface to sfcb, a lightweight CIM server</description>
2153
2581
  <example>sfcHttpd</example>
@@ -2155,6 +2583,7 @@
2155
2583
  <param pos="0" name="service.product" value="sfcb"/>
2156
2584
  <param pos="0" name="service.family" value="sfcb"/>
2157
2585
  </fingerprint>
2586
+
2158
2587
  <fingerprint pattern="^PanWeb Server/ -">
2159
2588
  <description>HTTP and HTTPS server found on Palo Alto Networks devices</description>
2160
2589
  <example>PanWeb Server/ -</example>
@@ -2165,6 +2594,7 @@
2165
2594
  <param pos="0" name="os.device" value="Firewall"/>
2166
2595
  <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
2167
2596
  </fingerprint>
2597
+
2168
2598
  <fingerprint pattern="^Ews/((?:\d+\.)*\d+)$">
2169
2599
  <description>IBM Network Printer Manager.</description>
2170
2600
  <example>Ews/0.1</example>
@@ -2174,29 +2604,41 @@
2174
2604
  <param pos="0" name="service.family" value="Network Printer Manager"/>
2175
2605
  <param pos="1" name="service.version"/>
2176
2606
  </fingerprint>
2607
+
2177
2608
  <!-- NOTE: '$ProjectRevision: {some version string} $' has been seen in a
2178
2609
  variety of products including printers, PDUs, etc.
2179
2610
  -->
2180
- <fingerprint pattern="^\$ProjectRevision: 4.0.2.38 \$$">
2181
- <description>This banner is seen on some HP LaserJet printers.</description>
2611
+
2612
+ <fingerprint pattern="^\$ProjectRevision:[\s\w:]* ([\d\.]+) \$$">
2613
+ <description>This banner is used to see if devices have Treck TCP/IP</description>
2182
2614
  <example>$ProjectRevision: 4.0.2.38 $</example>
2183
- <param pos="0" name="os.vendor" value="HP"/>
2184
- <param pos="0" name="os.device" value="Printer"/>
2185
- <param pos="0" name="os.family" value="LaserJet"/>
2615
+ <example>$ProjectRevision: 4.2 $</example>
2616
+ <example>$ProjectRevision: 6.0.1.5 $</example>
2617
+ <example>$ProjectRevision: Last Checkpoint: 4.2.2.13 $</example>
2618
+ <param pos="0" name="service.vendor" value="Treck"/>
2619
+ <param pos="0" name="service.product" value="TCP/IP"/>
2620
+ <param pos="1" name="service.version"/>
2621
+ <param pos="0" name="service.cpe23" value="cpe:/a:treck:tcp\/ip:{service.version}"/>
2186
2622
  </fingerprint>
2623
+
2187
2624
  <fingerprint pattern="^WEBrick/([\d\.]+) .*$">
2188
2625
  <description>WEBrick default setup</description>
2189
- <example>WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
2190
- <param pos="0" name="service.vendor" value="Ruby"/>
2626
+ <example service.version="1.3.1">WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
2627
+ <param pos="0" name="service.vendor" value="Ruby-Lang"/>
2191
2628
  <param pos="0" name="service.product" value="WEBrick"/>
2192
2629
  <param pos="1" name="service.version"/>
2630
+ <param pos="0" name="service.cpe23" value="cpe:/a:ruby-lang:webrick:{service.version}"/>
2193
2631
  </fingerprint>
2632
+
2194
2633
  <fingerprint pattern="^Aspen/(\S+)">
2195
2634
  <description>Aspen web server</description>
2196
2635
  <example service.version="0.8">Aspen/0.8</example>
2636
+ <param pos="0" name="service.vendor" value="Aspen"/>
2197
2637
  <param pos="0" name="service.product" value="Aspen"/>
2198
2638
  <param pos="1" name="service.version"/>
2639
+ <param pos="0" name="service.cpe23" value="cpe:/a:aspen:aspen:{service.version}"/>
2199
2640
  </fingerprint>
2641
+
2200
2642
  <fingerprint pattern="^Boa/([\d\.]+\S*)">
2201
2643
  <description>Boa web server</description>
2202
2644
  <example service.version="0.94.14rc21">Boa/0.94.14rc21</example>
@@ -2204,10 +2646,14 @@
2204
2646
  <example service.version="0.93.15">Boa/0.93.15 (with Intersil Extensions)</example>
2205
2647
  <example service.version="0.92p">Boa/0.92p OS-9 Version</example>
2206
2648
  <example service.version="0.93.15">Boa/0.93.15</example>
2649
+ <param pos="0" name="service.vendor" value="Boa"/>
2207
2650
  <param pos="0" name="service.product" value="Boa"/>
2208
2651
  <param pos="1" name="service.version"/>
2652
+ <param pos="0" name="service.cpe23" value="cpe:/a:boa:boa:{service.version}"/>
2209
2653
  </fingerprint>
2654
+
2210
2655
  <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
2656
+
2211
2657
  <fingerprint pattern="^Cross Web Server$">
2212
2658
  <description>Web server found on DVR and webcam servers sourced from HiSilicon</description>
2213
2659
  <example>Cross Web Server</example>
@@ -2217,7 +2663,9 @@
2217
2663
  <param pos="0" name="os.device" value="DVR"/>
2218
2664
  <param pos="0" name="hw.device" value="DVR"/>
2219
2665
  </fingerprint>
2666
+
2220
2667
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
2668
+
2221
2669
  <fingerprint pattern="^(?:Hikvision|DNVRS|DVRDVS)-Webs$">
2222
2670
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
2223
2671
  <example>Hikvision-Webs</example>
@@ -2227,8 +2675,10 @@
2227
2675
  <param pos="0" name="service.product" value="Hikvision Web Server"/>
2228
2676
  <param pos="0" name="os.vendor" value="Hikvision"/>
2229
2677
  <param pos="0" name="os.device" value="DVR"/>
2678
+ <param pos="0" name="hw.vendor" value="Hikvision"/>
2230
2679
  <param pos="0" name="hw.device" value="DVR"/>
2231
2680
  </fingerprint>
2681
+
2232
2682
  <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
2233
2683
  <description>Web server found on ARRIS cable modems</description>
2234
2684
  <example>NET-DK/1.0</example>
@@ -2241,12 +2691,14 @@
2241
2691
  <param pos="0" name="hw.vendor" value="ARRIS"/>
2242
2692
  <param pos="0" name="hw.device" value="Cable Modem"/>
2243
2693
  </fingerprint>
2694
+
2244
2695
  <fingerprint pattern="^2wire Gateway$">
2245
2696
  <description>Web server found on some Arris/2wire devices</description>
2246
2697
  <example>2wire Gateway</example>
2247
2698
  <param pos="0" name="service.vendor" value="ARRIS"/>
2248
2699
  <param pos="0" name="service.product" value="2wire"/>
2249
2700
  </fingerprint>
2701
+
2250
2702
  <!-- junit says,
2251
2703
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
2252
2704
  Figure out if we have a way to support matching empty strings later.
@@ -2254,20 +2706,26 @@
2254
2706
  <example></example>
2255
2707
  <description>A blank banner; assert nothing.</description>
2256
2708
  </fingerprint>
2709
+
2257
2710
  -->
2711
+
2258
2712
  <fingerprint pattern="^(?:(?:\d+.){3}\d+):\d{1,4}$">
2259
2713
  <description>A banner consisting of an IP address and port -- assert nothing.</description>
2260
2714
  <example>192.168.0.4:9999</example>
2261
2715
  </fingerprint>
2716
+
2262
2717
  <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
2263
2718
  <description>Obfuscated web server -- assert nothing.</description>
2264
2719
  <example>Web-Server/3.0</example>
2265
2720
  </fingerprint>
2721
+
2266
2722
  <fingerprint pattern="^httpd$">
2267
2723
  <description>httpd - generic -- assert nothing.</description>
2268
2724
  <example>httpd</example>
2269
2725
  </fingerprint>
2726
+
2270
2727
  <!-- Service provider equipment (CDNs, etc) -->
2728
+
2271
2729
  <fingerprint pattern="^AkamaiGHost$">
2272
2730
  <description>Akamai Global Host</description>
2273
2731
  <example>AkamaiGHost</example>
@@ -2276,6 +2734,7 @@
2276
2734
  <param pos="0" name="os.vendor" value="Akamai"/>
2277
2735
  <param pos="0" name="os.device" value="Web proxy"/>
2278
2736
  </fingerprint>
2737
+
2279
2738
  <fingerprint pattern="^gws$">
2280
2739
  <description>Google Web Services</description>
2281
2740
  <example>gws</example>
@@ -2283,6 +2742,7 @@
2283
2742
  <param pos="0" name="service.product" value="Google Web Services"/>
2284
2743
  <param pos="0" name="service.family" value="Google Web Server"/>
2285
2744
  </fingerprint>
2745
+
2286
2746
  <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
2287
2747
  <description>Google Front End for apps running on Google services.</description>
2288
2748
  <example>GFE/1.3</example>
@@ -2292,6 +2752,7 @@
2292
2752
  <param pos="0" name="service.family" value="Google Web Server"/>
2293
2753
  <param pos="1" name="service.version"/>
2294
2754
  </fingerprint>
2755
+
2295
2756
  <fingerprint pattern="^CloudFront$">
2296
2757
  <description>Amazon CloudFront web load balancer endpoint</description>
2297
2758
  <example>CloudFront</example>
@@ -2299,30 +2760,35 @@
2299
2760
  <param pos="0" name="service.product" value="CloudFront Load Balancer"/>
2300
2761
  <param pos="0" name="service.family" value="CloudFront"/>
2301
2762
  </fingerprint>
2763
+
2302
2764
  <fingerprint pattern="^Amazon-Cloud-Drive$">
2303
2765
  <description>Amazon Cloud Drive / Drive</description>
2304
2766
  <example>Amazon-Cloud-Drive</example>
2305
2767
  <param pos="0" name="service.vendor" value="Amazon"/>
2306
2768
  <param pos="0" name="service.product" value="Drive"/>
2307
2769
  </fingerprint>
2770
+
2308
2771
  <fingerprint pattern="^AmazonS3$">
2309
2772
  <description>Amazon S3 (Simple Cloud Storage Service)</description>
2310
2773
  <example>AmazonS3</example>
2311
2774
  <param pos="0" name="service.vendor" value="Amazon"/>
2312
2775
  <param pos="0" name="service.product" value="S3"/>
2313
2776
  </fingerprint>
2777
+
2314
2778
  <fingerprint pattern="^Amazon SimpleDB$">
2315
2779
  <description>Amazon SimpleDB / Simple Database Service</description>
2316
2780
  <example>Amazon SimpleDB</example>
2317
2781
  <param pos="0" name="service.vendor" value="Amazon"/>
2318
2782
  <param pos="0" name="service.product" value="SimpleDB"/>
2319
2783
  </fingerprint>
2784
+
2320
2785
  <fingerprint pattern="^AmazonSnowball$">
2321
2786
  <description>Amazon Snowball</description>
2322
2787
  <example>AmazonSnowball</example>
2323
2788
  <param pos="0" name="service.vendor" value="Amazon"/>
2324
2789
  <param pos="0" name="service.product" value="Snowball"/>
2325
2790
  </fingerprint>
2791
+
2326
2792
  <fingerprint pattern="^awselb/([\d.rc]+)$">
2327
2793
  <description>Amazon Elastic Load Balancing</description>
2328
2794
  <example service.version="2.0">awselb/2.0</example>
@@ -2330,6 +2796,7 @@
2330
2796
  <param pos="0" name="service.family" value="Elastic Load Balancing"/>
2331
2797
  <param pos="1" name="service.version"/>
2332
2798
  </fingerprint>
2799
+
2333
2800
  <fingerprint pattern="^cloudflare(?:-nginx)?$">
2334
2801
  <description>CloudFlare web load balancer endpoint</description>
2335
2802
  <example>cloudflare-nginx</example>
@@ -2338,13 +2805,18 @@
2338
2805
  <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
2339
2806
  <param pos="0" name="service.family" value="CloudFlare"/>
2340
2807
  </fingerprint>
2808
+
2341
2809
  <fingerprint pattern="^gSOAP/([\d\.]+)$">
2342
2810
  <description>gSOAP</description>
2343
2811
  <example service.version="2.7">gSOAP/2.7</example>
2812
+ <param pos="0" name="service.vendor" value="Genivia"/>
2344
2813
  <param pos="0" name="service.product" value="gSOAP"/>
2345
2814
  <param pos="1" name="service.version"/>
2815
+ <param pos="0" name="service.cpe23" value="cpe:/a:genivia:gsoap:{service.version}"/>
2346
2816
  </fingerprint>
2817
+
2347
2818
  <!-- Apple QuickTime streaming server -->
2819
+
2348
2820
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Panther">
2349
2821
  <description>QTSS on OS X 10.3</description>
2350
2822
  <example service.version="5.0">QTSS/5.0 (Build/452; Platform/MacOSX; Release/Panther; )</example>
@@ -2357,6 +2829,7 @@
2357
2829
  <param pos="0" name="service.product" value="QTSS"/>
2358
2830
  <param pos="1" name="service.version"/>
2359
2831
  </fingerprint>
2832
+
2360
2833
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Mac OS X">
2361
2834
  <description>QTSS OS X</description>
2362
2835
  <example service.version="6.1.0">QTSS/6.1.0 (Build/532; Platform/MacOSX; Release/Mac OS X Server; )</example>
@@ -2367,13 +2840,25 @@
2367
2840
  <param pos="0" name="service.product" value="QTSS"/>
2368
2841
  <param pos="1" name="service.version"/>
2369
2842
  </fingerprint>
2843
+
2370
2844
  <fingerprint pattern="^SEPM$">
2371
2845
  <description>Symantec Endpoint Protection Manager</description>
2372
2846
  <example>SEPM</example>
2373
2847
  <param pos="0" name="service.vendor" value="Symantec"/>
2374
- <param pos="0" name="service.product" value="Symantec Endpoint Protection Manager"/>
2375
- <param pos="0" name="service.family" value="Symantec Endpoint Protection Manager"/>
2848
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2849
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2850
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2851
+ </fingerprint>
2852
+
2853
+ <fingerprint pattern="^Symantec Endpoint Protection Manager$">
2854
+ <description>Symantec Endpoint Protection Manager - long variant</description>
2855
+ <example>Symantec Endpoint Protection Manager</example>
2856
+ <param pos="0" name="service.vendor" value="Symantec"/>
2857
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2858
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2859
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2376
2860
  </fingerprint>
2861
+
2377
2862
  <fingerprint pattern="^Intel\(R\) Active Management Technology\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2378
2863
  <description>Intel(R) Active Management Technology (AMT) with a version</description>
2379
2864
  <example service.version="7.1.86">Intel(R) Active Management Technology 7.1.86</example>
@@ -2382,6 +2867,7 @@
2382
2867
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2383
2868
  <param pos="1" name="service.version"/>
2384
2869
  </fingerprint>
2870
+
2385
2871
  <fingerprint pattern="^(?:AMT|Intel\(R\) Active Management Technology)$">
2386
2872
  <description>Intel(R) Active Management Technology (AMT) without a version</description>
2387
2873
  <example>AMT</example>
@@ -2390,6 +2876,7 @@
2390
2876
  <param pos="0" name="service.product" value="Intel(R) Active Management Technology"/>
2391
2877
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2392
2878
  </fingerprint>
2879
+
2393
2880
  <fingerprint pattern="^Intel\(R\) Standard Manageability\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2394
2881
  <description>Intel(R) Standard Manageability</description>
2395
2882
  <example service.version="5.0.50">Intel(R) Standard Manageability 5.0.50</example>
@@ -2399,20 +2886,24 @@
2399
2886
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2400
2887
  <param pos="1" name="service.version"/>
2401
2888
  </fingerprint>
2889
+
2402
2890
  <fingerprint pattern="^Sunny WebBox$">
2403
2891
  <description>Sunny WebBox</description>
2404
2892
  <example>Sunny WebBox</example>
2405
- <param pos="0" name="service.vendor" value="SMA Solar Technology Ag"/>
2893
+ <param pos="0" name="service.vendor" value="SMA"/>
2406
2894
  <param pos="0" name="service.family" value="Sunny"/>
2407
- <param pos="0" name="service.product" value="WebBox"/>
2895
+ <param pos="0" name="service.product" value="Sunny WebBox"/>
2896
+ <param pos="0" name="hw.vendor" value="SMA"/>
2408
2897
  <param pos="0" name="hw.family" value="Sunny"/>
2409
- <param pos="0" name="hw.product" value="WebBox"/>
2898
+ <param pos="0" name="hw.product" value="Sunny WebBox"/>
2410
2899
  <param pos="0" name="hw.device" value="Power device"/>
2900
+ <param pos="0" name="hw.cpe23" value="cpe:/h:sma:sunny_webbox:-"/>
2411
2901
  <param pos="0" name="os.vendor" value="Microsoft"/>
2412
2902
  <param pos="0" name="os.family" value="Windows"/>
2413
2903
  <param pos="0" name="os.product" value="Windows CE"/>
2414
2904
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
2415
2905
  </fingerprint>
2906
+
2416
2907
  <fingerprint pattern="^EnergyICT RTU \d+-\w+-\d+$">
2417
2908
  <description>EnergyICT RTU</description>
2418
2909
  <example>EnergyICT RTU 101-F25CE1-1524</example>
@@ -2420,6 +2911,7 @@
2420
2911
  <param pos="0" name="hw.product" value="RTU"/>
2421
2912
  <param pos="0" name="hw.device" value="Power device"/>
2422
2913
  </fingerprint>
2914
+
2423
2915
  <fingerprint pattern="^AV-TECH AV787 Video Web Server$">
2424
2916
  <description>AV-TECH AVC787 Video Web Server</description>
2425
2917
  <example>AV-TECH AV787 Video Web Server</example>
@@ -2430,11 +2922,13 @@
2430
2922
  <param pos="0" name="hw.product" value="AVC787"/>
2431
2923
  <param pos="0" name="hw.device" value="DVR"/>
2432
2924
  </fingerprint>
2925
+
2433
2926
  <fingerprint pattern="^Splunkd$">
2434
2927
  <description>Splunk HTTP server used in the web interface, forwarders, indexers and more</description>
2435
2928
  <example>Splunkd</example>
2436
2929
  <param pos="0" name="service.vendor" value="Splunk"/>
2437
2930
  </fingerprint>
2931
+
2438
2932
  <fingerprint pattern="^tivo-httpd-\S+$">
2439
2933
  <description>Tivo DVR</description>
2440
2934
  <example>tivo-httpd-1:20.7.4.RC35-D18-6:D18</example>
@@ -2442,6 +2936,7 @@
2442
2936
  <param pos="0" name="hw.family" value="DVR"/>
2443
2937
  <param pos="0" name="hw.device" value="DVR"/>
2444
2938
  </fingerprint>
2939
+
2445
2940
  <fingerprint pattern="^OpenTV/([\d\.]+)$">
2446
2941
  <description>OpenTV</description>
2447
2942
  <example os.version="5.40">OpenTV/5.40</example>
@@ -2451,7 +2946,28 @@
2451
2946
  <param pos="1" name="os.version"/>
2452
2947
  <param pos="0" name="hw.device" value="DVR"/>
2453
2948
  </fingerprint>
2949
+
2950
+ <fingerprint pattern="^kong/([\d.]+)$">
2951
+ <description>Kong Gateway</description>
2952
+ <example service.version="1.2.1">kong/1.2.1</example>
2953
+ <param pos="0" name="service.vendor" value="Kong"/>
2954
+ <param pos="0" name="service.family" value="Gateway"/>
2955
+ <param pos="0" name="service.product" value="Gateway"/>
2956
+ <param pos="1" name="service.version"/>
2957
+ </fingerprint>
2958
+
2959
+ <fingerprint pattern="^kong/([\d.-]+)-enterprise-edition$">
2960
+ <description>Kong Gateway - Enterprise Edition</description>
2961
+ <example service.version="0.30">kong/0.30-enterprise-edition</example>
2962
+ <example service.version="0.35-1">kong/0.35-1-enterprise-edition</example>
2963
+ <param pos="0" name="service.vendor" value="Kong"/>
2964
+ <param pos="0" name="service.family" value="Gateway"/>
2965
+ <param pos="0" name="service.product" value="Gateway"/>
2966
+ <param pos="1" name="service.version"/>
2967
+ </fingerprint>
2968
+
2454
2969
  <!-- Tridium previously had a product with the 'Niagra' spelling -->
2970
+
2455
2971
  <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
2456
2972
  <description>Tridium Niagara AX Framework</description>
2457
2973
  <example service.version="3.8.111">Niagara Web Server/3.8.111</example>
@@ -2460,6 +2976,7 @@
2460
2976
  <param pos="0" name="service.product" value="Niagara AX"/>
2461
2977
  <param pos="1" name="service.version"/>
2462
2978
  </fingerprint>
2979
+
2463
2980
  <fingerprint pattern="^Microsoft WinCE Fidelix v([\d.]+)$">
2464
2981
  <description>Fidelix Industrial Control Web Server</description>
2465
2982
  <example service.version="11.50.29">Microsoft WinCE Fidelix v11.50.29</example>
@@ -2474,12 +2991,14 @@
2474
2991
  <param pos="0" name="hw.vendor" value="Fidelix"/>
2475
2992
  <param pos="0" name="hw.device" value="Industrial Control"/>
2476
2993
  </fingerprint>
2994
+
2477
2995
  <fingerprint pattern="^chainpoint-node$">
2478
2996
  <description>Chainpoint Node</description>
2479
2997
  <example>chainpoint-node</example>
2480
2998
  <param pos="0" name="service.vendor" value="Chainpoint"/>
2481
2999
  <param pos="0" name="service.product" value="Node"/>
2482
3000
  </fingerprint>
3001
+
2483
3002
  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
2484
3003
  <description>AVM FRITZ! devices of various types</description>
2485
3004
  <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
@@ -2489,71 +3008,89 @@
2489
3008
  <param pos="3" name="os.version"/>
2490
3009
  <param pos="1" name="host.name"/>
2491
3010
  </fingerprint>
3011
+
2492
3012
  <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
2493
3013
  <description>Linux MiniUPnPd UPnP Server</description>
2494
- <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
3014
+ <example service.version="1.0">Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
2495
3015
  <example>Linux/2.6.29.6-217.2.3.fc11.i686.PAE UPnP/1.0 miniupnpd/1.0</example>
2496
3016
  <example>Linux/2.4.21 UPnP/1.0 miniupnpd/1.0</example>
3017
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2497
3018
  <param pos="0" name="service.product" value="MiniUPnP"/>
2498
3019
  <param pos="2" name="service.version"/>
3020
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2499
3021
  <param pos="0" name="os.vendor" value="Linux"/>
2500
3022
  <param pos="0" name="os.product" value="Linux"/>
2501
3023
  <param pos="1" name="os.version"/>
2502
3024
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2503
3025
  </fingerprint>
3026
+
2504
3027
  <fingerprint pattern="^Tomato UPnP/\S+ MiniUPnPd/(\S+)$">
2505
3028
  <description>Tomato UPnP Server</description>
2506
- <example>Tomato UPnP/1.0 MiniUPnPd/1.2</example>
2507
- <example>Tomato UPnP/1.0 MiniUPnPd/1.4</example>
2508
- <param pos="0" name="service.vendor" value="Tomato"/>
3029
+ <example service.version="1.2">Tomato UPnP/1.0 MiniUPnPd/1.2</example>
3030
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2509
3031
  <param pos="0" name="service.product" value="MiniUPnP"/>
2510
3032
  <param pos="1" name="service.version"/>
3033
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2511
3034
  </fingerprint>
2512
- <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/(\S+)$">
3035
+
3036
+ <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/([\d.]+)$">
2513
3037
  <description>Asus WAP UPnP Server</description>
2514
- <example>RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
3038
+ <example service.version="1.2">RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
3039
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2515
3040
  <param pos="0" name="service.product" value="MiniUPnP"/>
2516
3041
  <param pos="2" name="service.version"/>
3042
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2517
3043
  <param pos="0" name="os.vendor" value="Asus"/>
2518
3044
  <param pos="1" name="os.product"/>
2519
3045
  <param pos="0" name="os.device" value="WAP"/>
2520
3046
  </fingerprint>
2521
- <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/(\S+)$">
3047
+
3048
+ <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/([\d.]+)$">
2522
3049
  <description>DrayTek Vigor router UPnP Server</description>
2523
- <example hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
3050
+ <example service.version="1.0" hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
3051
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2524
3052
  <param pos="0" name="service.product" value="MiniUPnP"/>
2525
3053
  <param pos="2" name="service.version"/>
3054
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2526
3055
  <param pos="0" name="hw.vendor" value="DrayTek"/>
2527
3056
  <param pos="0" name="hw.product" value="Vigor"/>
2528
3057
  <param pos="1" name="hw.model"/>
2529
3058
  <param pos="0" name="hw.device" value="Router"/>
2530
3059
  </fingerprint>
3060
+
2531
3061
  <fingerprint pattern="(?i)Linux UPnP/\d\.\d Huawei-ATP-IGD$">
2532
3062
  <description>Huawei Echolife / Home Gateway (and possibly other) devices with UPnP</description>
2533
3063
  <example>Linux UPnP/1.0 Huawei-ATP-IGD</example>
2534
3064
  <param pos="0" name="hw.vendor" value="Huawei"/>
2535
3065
  <param pos="0" name="hw.device" value="Broadband router"/>
2536
3066
  </fingerprint>
2537
- <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/(\S+)$">
3067
+
3068
+ <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/([\d.]+)$">
2538
3069
  <description>OpenWRT Kamikaze WAP UPnP Server</description>
2539
- <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
2540
- <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.2</example>
2541
- <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.4</example>
3070
+ <example service.version="1.5">OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
3071
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2542
3072
  <param pos="0" name="service.product" value="MiniUPnP"/>
2543
3073
  <param pos="1" name="service.version"/>
3074
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2544
3075
  <param pos="0" name="os.vendor" value="Linux"/>
2545
3076
  <param pos="0" name="os.family" value="OpenWRT"/>
2546
3077
  <param pos="0" name="os.product" value="Kamikaze"/>
2547
3078
  <param pos="0" name="os.device" value="WAP"/>
2548
3079
  </fingerprint>
2549
- <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/(\S+)$">
3080
+
3081
+ <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/([\d.]+)$">
2550
3082
  <description>Netgear DG834G or WNDR3300 WAP UPnP Server</description>
2551
- <example>Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
3083
+ <example service.version="1.0">Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
3084
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2552
3085
  <param pos="0" name="service.product" value="MiniUPnP"/>
2553
3086
  <param pos="1" name="service.version"/>
3087
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2554
3088
  <param pos="0" name="os.vendor" value="Netgear"/>
2555
3089
  <param pos="0" name="os.device" value="WAP"/>
3090
+ <param pos="0" name="hw.vendor" value="Netgear"/>
3091
+ <param pos="0" name="hw.device" value="WAP"/>
2556
3092
  </fingerprint>
3093
+
2557
3094
  <fingerprint pattern="^[^/]+/(\S+) DLNADOC/\S+ UPnP/\S+ MiniDLNA/(\S+)$">
2558
3095
  <description>DLNADOC UPnP Server</description>
2559
3096
  <example>Debian/4.0r8 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0</example>
@@ -2566,224 +3103,288 @@
2566
3103
  <param pos="1" name="os.version"/>
2567
3104
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2568
3105
  </fingerprint>
3106
+
2569
3107
  <fingerprint pattern="(?i)^Debian\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2570
3108
  <description>miniupnpd on a Debian variant</description>
2571
3109
  <example os.version="wheezy/sid" service.version="1.8">Debian/wheezy/sid UPnP/1.1 MiniUPnPd/1.8</example>
2572
3110
  <example os.version="4.0" service.version="1.0">Debian/4.0 UPnP/1.0 miniupnpd/1.0</example>
3111
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2573
3112
  <param pos="0" name="service.product" value="MiniUPnP"/>
2574
3113
  <param pos="2" name="service.version"/>
3114
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2575
3115
  <param pos="0" name="os.vendor" value="Debian"/>
2576
3116
  <param pos="0" name="os.product" value="Linux"/>
2577
3117
  <param pos="0" name="os.certainty" value="0.5"/>
2578
3118
  <param pos="1" name="os.version"/>
2579
3119
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
2580
3120
  </fingerprint>
3121
+
2581
3122
  <fingerprint pattern="(?i)^Fedora(?:Core)?\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2582
3123
  <description>miniupnpd on a Fedora variant</description>
2583
3124
  <example os.version="10" service.version="1.4">Fedora/10 UPnP/1.0 MiniUPnPd/1.4</example>
2584
3125
  <example os.version="8" service.version="1.0">Fedora/8 UPnP/1.0 miniupnpd/1.0</example>
2585
3126
  <example os.version="6" service.version="1.0">FedoraCore/6 UPnP/1.0 miniupnpd/1.0</example>
3127
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2586
3128
  <param pos="0" name="service.product" value="MiniUPnP"/>
2587
3129
  <param pos="2" name="service.version"/>
3130
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2588
3131
  <param pos="0" name="os.family" value="Linux"/>
2589
3132
  <param pos="0" name="os.vendor" value="Red Hat"/>
2590
3133
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
2591
3134
  <param pos="1" name="os.version"/>
2592
3135
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
2593
3136
  </fingerprint>
3137
+
2594
3138
  <fingerprint pattern="(?i)^Ubuntu\/([\d\.]+) UPnP/\S+ MiniUPnPd/(\S+)$">
2595
3139
  <description>miniupnpd on an Ubuntu variant</description>
2596
3140
  <example os.version="10.04" service.version="1.0">Ubuntu/10.04 UPnP/1.0 miniupnpd/1.0</example>
2597
3141
  <example os.version="10.10" service.version="1.0">Ubuntu/10.10 UPnP/1.0 miniupnpd/1.0</example>
2598
3142
  <example os.version="7.10" service.version="1.0">Ubuntu/7.10 UPnP/1.0 miniupnpd/1.0</example>
2599
3143
  <example os.version="9.04" service.version="1.0">Ubuntu/9.04 UPnP/1.0 miniupnpd/1.0</example>
3144
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2600
3145
  <param pos="0" name="service.product" value="MiniUPnP"/>
2601
3146
  <param pos="2" name="service.version"/>
3147
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2602
3148
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2603
3149
  <param pos="0" name="os.product" value="Linux"/>
2604
3150
  <param pos="1" name="os.version"/>
2605
3151
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
2606
3152
  </fingerprint>
3153
+
2607
3154
  <fingerprint pattern="(?i)^Ubuntu\/bionic UPnP/\S+ MiniUPnPd/(\S+)$">
2608
3155
  <description>miniupnpd on an Ubuntu bionic/18.04</description>
2609
3156
  <example os.version="18.04" service.version="1.4">Ubuntu/bionic UPnP/1.0 MiniUPnPd/1.4</example>
3157
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2610
3158
  <param pos="0" name="service.product" value="MiniUPnP"/>
2611
3159
  <param pos="1" name="service.version"/>
3160
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2612
3161
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2613
3162
  <param pos="0" name="os.product" value="Linux"/>
2614
3163
  <param pos="0" name="os.version" value="18.04"/>
2615
3164
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
2616
3165
  </fingerprint>
3166
+
2617
3167
  <fingerprint pattern="(?i)^Ubuntu\/yakkety UPnP/\S+ MiniUPnPd/(\S+)$">
2618
3168
  <description>miniupnpd on an Ubuntu yakkety/16.10</description>
2619
3169
  <example os.version="16.10" service.version="1.4">Ubuntu/yakkety UPnP/1.0 MiniUPnPd/1.4</example>
3170
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2620
3171
  <param pos="0" name="service.product" value="MiniUPnP"/>
2621
3172
  <param pos="1" name="service.version"/>
3173
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2622
3174
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2623
3175
  <param pos="0" name="os.product" value="Linux"/>
2624
3176
  <param pos="0" name="os.version" value="16.10"/>
2625
3177
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.10"/>
2626
3178
  </fingerprint>
3179
+
2627
3180
  <fingerprint pattern="(?i)^Ubuntu\/xenial UPnP/\S+ MiniUPnPd/(\S+)$">
2628
3181
  <description>miniupnpd on an Ubuntu xenial/16.04</description>
2629
3182
  <example os.version="16.04" service.version="1.4">Ubuntu/xenial UPnP/1.0 MiniUPnPd/1.4</example>
3183
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2630
3184
  <param pos="0" name="service.product" value="MiniUPnP"/>
2631
3185
  <param pos="1" name="service.version"/>
3186
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2632
3187
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2633
3188
  <param pos="0" name="os.product" value="Linux"/>
2634
3189
  <param pos="0" name="os.version" value="16.04"/>
2635
3190
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.04"/>
2636
3191
  </fingerprint>
3192
+
2637
3193
  <fingerprint pattern="(?i)^Ubuntu\/utopic UPnP/\S+ MiniUPnPd/(\S+)$">
2638
3194
  <description>miniupnpd on an Ubuntu utopic/14.10</description>
2639
3195
  <example os.version="14.10" service.version="1.4">Ubuntu/utopic UPnP/1.0 MiniUPnPd/1.4</example>
3196
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2640
3197
  <param pos="0" name="service.product" value="MiniUPnP"/>
2641
3198
  <param pos="1" name="service.version"/>
3199
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2642
3200
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2643
3201
  <param pos="0" name="os.product" value="Linux"/>
2644
3202
  <param pos="0" name="os.version" value="14.10"/>
2645
3203
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
2646
3204
  </fingerprint>
3205
+
2647
3206
  <fingerprint pattern="(?i)^Ubuntu\/trusty UPnP/\S+ MiniUPnPd/(\S+)$">
2648
3207
  <description>miniupnpd on an Ubuntu trusty/14.04</description>
2649
3208
  <example os.version="14.04" service.version="1.4">Ubuntu/trusty UPnP/1.0 MiniUPnPd/1.4</example>
3209
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2650
3210
  <param pos="0" name="service.product" value="MiniUPnP"/>
2651
3211
  <param pos="1" name="service.version"/>
3212
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2652
3213
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2653
3214
  <param pos="0" name="os.product" value="Linux"/>
2654
3215
  <param pos="0" name="os.version" value="14.04"/>
2655
3216
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.04"/>
2656
3217
  </fingerprint>
3218
+
2657
3219
  <fingerprint pattern="(?i)^Ubuntu\/saucy UPnP/\S+ MiniUPnPd/(\S+)$">
2658
3220
  <description>miniupnpd on an Ubuntu saucy/13.10</description>
2659
3221
  <example os.version="13.10" service.version="1.4">Ubuntu/saucy UPnP/1.0 MiniUPnPd/1.4</example>
3222
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2660
3223
  <param pos="0" name="service.product" value="MiniUPnP"/>
2661
3224
  <param pos="1" name="service.version"/>
3225
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2662
3226
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2663
3227
  <param pos="0" name="os.product" value="Linux"/>
2664
3228
  <param pos="0" name="os.version" value="13.10"/>
2665
3229
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.10"/>
2666
3230
  </fingerprint>
3231
+
2667
3232
  <fingerprint pattern="(?i)^Ubuntu\/raring UPnP/\S+ MiniUPnPd/(\S+)$">
2668
3233
  <description>miniupnpd on an Ubuntu raring/13.04</description>
2669
3234
  <example os.version="13.04" service.version="1.4">Ubuntu/raring UPnP/1.0 MiniUPnPd/1.4</example>
3235
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2670
3236
  <param pos="0" name="service.product" value="MiniUPnP"/>
2671
3237
  <param pos="1" name="service.version"/>
3238
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2672
3239
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2673
3240
  <param pos="0" name="os.product" value="Linux"/>
2674
3241
  <param pos="0" name="os.version" value="13.04"/>
2675
3242
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
2676
3243
  </fingerprint>
3244
+
2677
3245
  <fingerprint pattern="(?i)^Ubuntu\/quantal UPnP/\S+ MiniUPnPd/(\S+)$">
2678
3246
  <description>miniupnpd on an Ubuntu quantal/12.10</description>
2679
3247
  <example os.version="12.10" service.version="1.4">Ubuntu/quantal UPnP/1.0 MiniUPnPd/1.4</example>
3248
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2680
3249
  <param pos="0" name="service.product" value="MiniUPnP"/>
2681
3250
  <param pos="1" name="service.version"/>
3251
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2682
3252
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2683
3253
  <param pos="0" name="os.product" value="Linux"/>
2684
3254
  <param pos="0" name="os.version" value="12.10"/>
2685
3255
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.10"/>
2686
3256
  </fingerprint>
3257
+
2687
3258
  <fingerprint pattern="(?i)^Ubuntu\/precise UPnP/\S+ MiniUPnPd/(\S+)$">
2688
3259
  <description>miniupnpd on an Ubuntu precise/12.04</description>
2689
3260
  <example os.version="12.04" service.version="1.4">Ubuntu/precise UPnP/1.0 MiniUPnPd/1.4</example>
3261
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2690
3262
  <param pos="0" name="service.product" value="MiniUPnP"/>
2691
3263
  <param pos="1" name="service.version"/>
3264
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2692
3265
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2693
3266
  <param pos="0" name="os.product" value="Linux"/>
2694
3267
  <param pos="0" name="os.version" value="12.04"/>
2695
3268
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.04"/>
2696
3269
  </fingerprint>
3270
+
2697
3271
  <fingerprint pattern="(?i)^Ubuntu\/oneiric UPnP/\S+ MiniUPnPd/(\S+)$">
2698
3272
  <description>miniupnpd on an Ubuntu oneiric/11.10</description>
2699
3273
  <example os.version="11.10" service.version="1.4">Ubuntu/oneiric UPnP/1.0 MiniUPnPd/1.4</example>
3274
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2700
3275
  <param pos="0" name="service.product" value="MiniUPnP"/>
2701
3276
  <param pos="1" name="service.version"/>
3277
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2702
3278
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2703
3279
  <param pos="0" name="os.product" value="Linux"/>
2704
3280
  <param pos="0" name="os.version" value="11.10"/>
2705
3281
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.10"/>
2706
3282
  </fingerprint>
3283
+
2707
3284
  <fingerprint pattern="(?i)^Ubuntu\/natty UPnP/\S+ MiniUPnPd/(\S+)$">
2708
3285
  <description>miniupnpd on an Ubuntu natty/11.04</description>
2709
3286
  <example os.version="11.04" service.version="1.4">Ubuntu/natty UPnP/1.0 MiniUPnPd/1.4</example>
3287
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2710
3288
  <param pos="0" name="service.product" value="MiniUPnP"/>
2711
3289
  <param pos="1" name="service.version"/>
3290
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2712
3291
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2713
3292
  <param pos="0" name="os.product" value="Linux"/>
2714
3293
  <param pos="0" name="os.version" value="11.04"/>
2715
3294
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.04"/>
2716
3295
  </fingerprint>
3296
+
2717
3297
  <fingerprint pattern="(?i)^Ubuntu\/maverick UPnP/\S+ MiniUPnPd/(\S+)$">
2718
3298
  <description>miniupnpd on an Ubuntu maverick/10.10</description>
2719
3299
  <example os.version="10.10" service.version="1.4">Ubuntu/maverick UPnP/1.0 MiniUPnPd/1.4</example>
3300
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2720
3301
  <param pos="0" name="service.product" value="MiniUPnP"/>
2721
3302
  <param pos="1" name="service.version"/>
3303
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2722
3304
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2723
3305
  <param pos="0" name="os.product" value="Linux"/>
2724
3306
  <param pos="0" name="os.version" value="10.10"/>
2725
3307
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.10"/>
2726
3308
  </fingerprint>
3309
+
2727
3310
  <fingerprint pattern="(?i)^Ubuntu\/lucid UPnP/\S+ MiniUPnPd/(\S+)$">
2728
3311
  <description>miniupnpd on an Ubuntu lucid/10.04</description>
2729
3312
  <example os.version="10.04" service.version="1.4">Ubuntu/lucid UPnP/1.0 MiniUPnPd/1.4</example>
3313
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2730
3314
  <param pos="0" name="service.product" value="MiniUPnP"/>
2731
3315
  <param pos="1" name="service.version"/>
3316
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2732
3317
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2733
3318
  <param pos="0" name="os.product" value="Linux"/>
2734
3319
  <param pos="0" name="os.version" value="10.04"/>
2735
3320
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
2736
3321
  </fingerprint>
3322
+
2737
3323
  <fingerprint pattern="(?i)^Ubuntu\/karmic UPnP/\S+ MiniUPnPd/(\S+)$">
2738
3324
  <description>miniupnpd on an Ubuntu karmic/9.10</description>
2739
3325
  <example os.version="9.10" service.version="1.4">Ubuntu/karmic UPnP/1.0 MiniUPnPd/1.4</example>
3326
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2740
3327
  <param pos="0" name="service.product" value="MiniUPnP"/>
2741
3328
  <param pos="1" name="service.version"/>
3329
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2742
3330
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2743
3331
  <param pos="0" name="os.product" value="Linux"/>
2744
3332
  <param pos="0" name="os.version" value="9.10"/>
2745
3333
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.10"/>
2746
3334
  </fingerprint>
3335
+
2747
3336
  <fingerprint pattern="(?i)^Ubuntu\/jaunty UPnP/\S+ MiniUPnPd/(\S+)$">
2748
3337
  <description>miniupnpd on an Ubuntu jaunty/9.04</description>
2749
3338
  <example os.version="9.04" service.version="1.4">Ubuntu/jaunty UPnP/1.0 MiniUPnPd/1.4</example>
3339
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2750
3340
  <param pos="0" name="service.product" value="MiniUPnP"/>
2751
3341
  <param pos="1" name="service.version"/>
3342
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2752
3343
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2753
3344
  <param pos="0" name="os.product" value="Linux"/>
2754
3345
  <param pos="0" name="os.version" value="9.04"/>
2755
3346
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.04"/>
2756
3347
  </fingerprint>
3348
+
2757
3349
  <fingerprint pattern="(?i)^Ubuntu\/hardy UPnP/\S+ MiniUPnPd/(\S+)$">
2758
3350
  <description>miniupnpd on an Ubuntu hardy/8.04</description>
2759
3351
  <example os.version="8.04" service.version="1.4">Ubuntu/hardy UPnP/1.0 MiniUPnPd/1.4</example>
3352
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2760
3353
  <param pos="0" name="service.product" value="MiniUPnP"/>
2761
3354
  <param pos="1" name="service.version"/>
3355
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2762
3356
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2763
3357
  <param pos="0" name="os.product" value="Linux"/>
2764
3358
  <param pos="0" name="os.version" value="8.04"/>
2765
3359
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:8.04"/>
2766
3360
  </fingerprint>
3361
+
2767
3362
  <fingerprint pattern="(?i)^Linux Mips (\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2768
3363
  <description>Linux MIPS UPnP Server</description>
2769
3364
  <example>Linux Mips 2.4.20 UPnP/1.0 MiniUPnPd/1.2</example>
3365
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2770
3366
  <param pos="0" name="service.product" value="MiniUPnP"/>
2771
3367
  <param pos="2" name="service.version"/>
3368
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2772
3369
  <param pos="0" name="os.vendor" value="Linux"/>
2773
3370
  <param pos="0" name="os.product" value="Linux"/>
2774
3371
  <param pos="1" name="os.version"/>
2775
3372
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2776
3373
  </fingerprint>
3374
+
2777
3375
  <fingerprint pattern="(?i)^SmoothWall Express/(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2778
3376
  <description>Smoothwall Express UPnP Server</description>
2779
3377
  <example os.version="3.0" service.version="1.0">SmoothWall Express/3.0 UPnP/1.0 miniupnpd/1.0</example>
2780
- <param pos="0" name="os.vendor" value="Smoothwall"/>
2781
- <param pos="0" name="os.product" value="Smoothwall"/>
3378
+ <param pos="0" name="os.vendor" value="SmoothWall"/>
3379
+ <param pos="0" name="os.product" value="SmoothWall"/>
2782
3380
  <param pos="1" name="os.version"/>
2783
3381
  <param pos="0" name="os.cpe23" value="cpe:/o:smoothwall:smoothwall:{os.version}"/>
3382
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2784
3383
  <param pos="0" name="service.product" value="MiniUPnP"/>
2785
3384
  <param pos="2" name="service.version"/>
3385
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2786
3386
  </fingerprint>
3387
+
2787
3388
  <fingerprint pattern="^(\S+) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
2788
3389
  <description>TVersity Media Server UPnP Server with Service Pack</description>
2789
3390
  <example>5.2.3790 2/Service Pack 1, UPnP/1.0, TVersity Media Server</example>
@@ -2792,6 +3393,7 @@
2792
3393
  <param pos="0" name="service.product" value="Media Server"/>
2793
3394
  <param pos="1" name="service.version"/>
2794
3395
  </fingerprint>
3396
+
2795
3397
  <fingerprint pattern="^(\S+) 2/, UPnP/\S+, TVersity Media Server$">
2796
3398
  <description>TVersity Media Server UPnP Server</description>
2797
3399
  <example>6.2.8400 2/, UPnP/1.0, TVersity Media Server</example>
@@ -2802,6 +3404,7 @@
2802
3404
  <param pos="0" name="service.product" value="Media Server"/>
2803
3405
  <param pos="1" name="service.version"/>
2804
3406
  </fingerprint>
3407
+
2805
3408
  <fingerprint pattern="^LINUX/([\d\.]+) UPnP/[\d\.]+ BRCM400/([\d\.]+)$">
2806
3409
  <description>Belkin/Linksys BRCM400 Wireless Router UPnP Server</description>
2807
3410
  <example>LINUX/2.4 UPnP/1.0 BRCM400/1.0</example>
@@ -2813,6 +3416,7 @@
2813
3416
  <param pos="1" name="os.version"/>
2814
3417
  <param pos="0" name="os.device" value="Router"/>
2815
3418
  </fingerprint>
3419
+
2816
3420
  <fingerprint pattern="^Linux-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2817
3421
  <description>PlayStation3 Media Server UPnP Server - linux</description>
2818
3422
  <example>Linux-amd64-2.6.18-238.9.1.el5, UPnP/1.0, PMS/1.52.1</example>
@@ -2825,6 +3429,7 @@
2825
3429
  <param pos="1" name="os.version"/>
2826
3430
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2827
3431
  </fingerprint>
3432
+
2828
3433
  <fingerprint pattern="^Windows_XP-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2829
3434
  <description>PlayStation3 Media Server UPnP Server - Windows XP</description>
2830
3435
  <example>Windows_XP-amd64-5.2, UPnP/1.0, PMS/1.54.0</example>
@@ -2837,27 +3442,16 @@
2837
3442
  <param pos="1" name="os.version"/>
2838
3443
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
2839
3444
  </fingerprint>
3445
+
2840
3446
  <fingerprint pattern="^Windows_7-x86-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2841
3447
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86</description>
2842
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
3448
+ <example service.version="1.20">Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
2843
3449
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.22.0</example>
2844
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.25.1</example>
2845
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.51.0</example>
2846
3450
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20.412</example>
2847
3451
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.71.0</example>
2848
3452
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20.409</example>
2849
3453
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.72.0</example>
2850
3454
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.10.51</example>
2851
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.40.0</example>
2852
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.53.0</example>
2853
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.52.0</example>
2854
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.50.1</example>
2855
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.30.1</example>
2856
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.50.0</example>
2857
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.54.0</example>
2858
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.52.1</example>
2859
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.60.0</example>
2860
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.70.1</example>
2861
3455
  <param pos="0" name="service.vendor" value="Sony"/>
2862
3456
  <param pos="0" name="service.product" value="PMS"/>
2863
3457
  <param pos="2" name="service.version"/>
@@ -2866,6 +3460,7 @@
2866
3460
  <param pos="1" name="os.version"/>
2867
3461
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2868
3462
  </fingerprint>
3463
+
2869
3464
  <fingerprint pattern="^Windows_7-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2870
3465
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86_64</description>
2871
3466
  <param pos="0" name="service.vendor" value="Sony"/>
@@ -2876,6 +3471,7 @@
2876
3471
  <param pos="1" name="os.version"/>
2877
3472
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2878
3473
  </fingerprint>
3474
+
2879
3475
  <fingerprint pattern="^Microsoft-Windows/6.2 UPnP/(?:\S+) UPnP-Device-Host/(?:\S+)$">
2880
3476
  <description>Windows 8 or Windows Server 2012 with unknown UPnP components</description>
2881
3477
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -2883,6 +3479,7 @@
2883
3479
  <param pos="0" name="os.certainty" value="0.65"/>
2884
3480
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_8:-"/>
2885
3481
  </fingerprint>
3482
+
2886
3483
  <fingerprint pattern="^Mac_OS_X-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2887
3484
  <description>PlayStation3 Media Server UPnP Server - macOS x86_64</description>
2888
3485
  <example>Mac_OS_X-x86_64-10.5.8, UPnP/1.0, PMS/1.20</example>
@@ -2894,6 +3491,7 @@
2894
3491
  <param pos="1" name="os.version"/>
2895
3492
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2896
3493
  </fingerprint>
3494
+
2897
3495
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/ReadyNAS$">
2898
3496
  <description>Free UPnP Entertainment Service UPnP Server - Linux on ReadyNAS</description>
2899
3497
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2906,6 +3504,7 @@
2906
3504
  <param pos="0" name="hw.family" value="ReadyNAS"/>
2907
3505
  <param pos="0" name="hw.product" value="ReadyNAS"/>
2908
3506
  </fingerprint>
3507
+
2909
3508
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2910
3509
  <description>Free UPnP Entertainment Service UPnP Server - Linux</description>
2911
3510
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2914,6 +3513,7 @@
2914
3513
  <param pos="1" name="os.version"/>
2915
3514
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2916
3515
  </fingerprint>
3516
+
2917
3517
  <fingerprint pattern="^FreeBSD/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2918
3518
  <description>Free UPnP Entertainment Service UPnP Server - FreeBSD</description>
2919
3519
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2922,6 +3522,7 @@
2922
3522
  <param pos="1" name="os.version"/>
2923
3523
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
2924
3524
  </fingerprint>
3525
+
2925
3526
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipUPnP/([\d\.]+)$">
2926
3527
  <description>D-Link WAP Dynamic DNS UPnP Server</description>
2927
3528
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2932,6 +3533,7 @@
2932
3533
  <param pos="1" name="os.version"/>
2933
3534
  <param pos="0" name="os.device" value="WAP"/>
2934
3535
  </fingerprint>
3536
+
2935
3537
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipGENADevice/([\d\.]+)$">
2936
3538
  <description>D-Link DGL-4300 Gaming Router UPnP Server</description>
2937
3539
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2942,11 +3544,74 @@
2942
3544
  <param pos="1" name="os.version"/>
2943
3545
  <param pos="0" name="os.device" value="Router"/>
2944
3546
  </fingerprint>
2945
- <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
3547
+
3548
+ <fingerprint pattern="Linux, STUNNEL/1.0, (DIR-8\d+\w*) Ver (\S+)$">
3549
+ <description>D-Link DIR-8XX Router</description>
3550
+ <example hw.product="DIR-850L">Linux, STUNNEL/1.0, DIR-850L Ver 1.09</example>
3551
+ <example os.version="2.00W">Linux, STUNNEL/1.0, DIR-820LW Ver 2.00W</example>
3552
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3553
+ <param pos="1" name="hw.product"/>
3554
+ <param pos="0" name="hw.device" value="Router"/>
3555
+ <param pos="0" name="os.vendor" value="D-Link"/>
3556
+ <param pos="2" name="os.version"/>
3557
+ <param pos="0" name="os.device" value="Router"/>
3558
+ </fingerprint>
3559
+
3560
+ <fingerprint pattern="Linux, WEBACCESS/1.0, (DIR-\d+\w*) Ver (\S+)$">
3561
+ <description>D-Link DIR-XXX Router - WEBACCESS variant</description>
3562
+ <example hw.product="DIR-850L">Linux, WEBACCESS/1.0, DIR-850L Ver 1.09</example>
3563
+ <example os.version="1.14WW">Linux, WEBACCESS/1.0, DIR-850L Ver 1.14WW</example>
3564
+ <example os.version="1.04">Linux, WEBACCESS/1.0, DIR-645 Ver 1.04</example>
3565
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3566
+ <param pos="1" name="hw.product"/>
3567
+ <param pos="0" name="hw.device" value="Router"/>
3568
+ <param pos="0" name="os.vendor" value="D-Link"/>
3569
+ <param pos="2" name="os.version"/>
3570
+ <param pos="0" name="os.device" value="Router"/>
3571
+ </fingerprint>
3572
+
3573
+ <fingerprint pattern="Linux, HTTP/1.1, (DIR-\d+\w*) Ver (\S+)$">
3574
+ <description>D-Link DIR-XXX Router - HTTP variant</description>
3575
+ <example hw.product="DIR-815" os.version="1.04">Linux, HTTP/1.1, DIR-815 Ver 1.04</example>
3576
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3577
+ <param pos="1" name="hw.product"/>
3578
+ <param pos="0" name="hw.device" value="Router"/>
3579
+ <param pos="0" name="os.vendor" value="D-Link"/>
3580
+ <param pos="2" name="os.version"/>
3581
+ <param pos="0" name="os.device" value="Router"/>
3582
+ </fingerprint>
3583
+
3584
+ <fingerprint pattern="Linux, WEBACCESS/1.0, (DSL-\d+\w*) Ver (\S+)$">
3585
+ <description>D-Link DSL-XXX Router - WEBACCESS variant</description>
3586
+ <example hw.product="DSL-2890AL" os.version="AU_1.02.10">Linux, WEBACCESS/1.0, DSL-2890AL Ver AU_1.02.10</example>
3587
+ <example hw.product="DSL-2890AL" os.version="1.01">Linux, WEBACCESS/1.0, DSL-2890AL Ver 1.01</example>
3588
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3589
+ <param pos="1" name="hw.product"/>
3590
+ <param pos="0" name="hw.device" value="Router"/>
3591
+ <param pos="0" name="os.vendor" value="D-Link"/>
3592
+ <param pos="2" name="os.version"/>
3593
+ <param pos="0" name="os.device" value="Router"/>
3594
+ </fingerprint>
3595
+
3596
+ <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/([\d\.]+)$">
2946
3597
  <description>D-Link generic</description>
2947
- <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
3598
+ <example service.version="1.2">TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
3599
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3600
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
3601
+ <param pos="0" name="service.product" value="MiniUPnP"/>
3602
+ <param pos="1" name="service.version"/>
3603
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
3604
+ </fingerprint>
3605
+
3606
+ <fingerprint pattern="^alphapd/(\d\.[\d.]+)$">
3607
+ <description>D-Link alphapd - likely DCS series cameras</description>
3608
+ <example service.version="2.1.8">alphapd/2.1.8</example>
2948
3609
  <param pos="0" name="hw.vendor" value="D-Link"/>
3610
+ <param pos="0" name="service.vendor" value="D-Link"/>
3611
+ <param pos="0" name="service.product" value="alphapd"/>
3612
+ <param pos="1" name="service.version"/>
2949
3613
  </fingerprint>
3614
+
2950
3615
  <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
2951
3616
  <description>TP-Link WAP UPnP Server</description>
2952
3617
  <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -2958,14 +3623,42 @@
2958
3623
  <example>ipos/7.0 UPnP/1.0 TL-WR741N/1.0/2.0</example>
2959
3624
  <example>ipos/7.0 UPnP/1.0 TL-WR740N/1.0/2.0</example>
2960
3625
  <example>ipos/7.0 UPnP/1.0 TL-WR941N/2.0</example>
2961
- <param pos="0" name="service.vendor" value="TP-Link"/>
3626
+ <param pos="0" name="service.vendor" value="TP-LINK"/>
2962
3627
  <param pos="2" name="service.product"/>
2963
3628
  <param pos="3" name="service.version"/>
2964
- <param pos="0" name="os.vendor" value="TP-Link"/>
3629
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
2965
3630
  <param pos="0" name="os.product" value="ipOS"/>
2966
3631
  <param pos="1" name="os.version"/>
2967
3632
  <param pos="0" name="os.device" value="WAP"/>
2968
3633
  </fingerprint>
3634
+
3635
+ <fingerprint pattern="^Linux/(\S+\_eureka_1), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3636
+ <description>Siqura Video Encoder</description>
3637
+ <example>Linux/2.6.37_eureka_1, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3638
+ <param pos="0" name="hw.vendor" value="Siqura"/>
3639
+ <param pos="0" name="hw.device" value="Video Encoder"/>
3640
+ <param pos="0" name="os.vendor" value="Siqura"/>
3641
+ <param pos="0" name="os.family" value="Linux"/>
3642
+ <param pos="0" name="os.product" value="Linux"/>
3643
+ <param pos="1" name="os.version"/>
3644
+ <param pos="0" name="service.product" value="libupnp"/>
3645
+ <param pos="2" name="service.version"/>
3646
+ </fingerprint>
3647
+
3648
+ <fingerprint pattern="^Linux/(\S+\-Mozart-8G), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3649
+ <description>Steinsvik Orbit IP Camera (Truen TCAM Rebrand)</description>
3650
+ <example>Linux/2.6.28.9-Mozart-8G, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3651
+ <param pos="0" name="hw.vendor" value="Steinsvik"/>
3652
+ <param pos="0" name="hw.device" value="Web cam"/>
3653
+ <param pos="0" name="hw.product" value="Orbit IP Camera"/>
3654
+ <param pos="0" name="os.vendor" value="Steinsvik"/>
3655
+ <param pos="0" name="os.family" value="Linux"/>
3656
+ <param pos="0" name="os.product" value="Linux"/>
3657
+ <param pos="1" name="os.version"/>
3658
+ <param pos="0" name="service.product" value="libupnp"/>
3659
+ <param pos="2" name="service.version"/>
3660
+ </fingerprint>
3661
+
2969
3662
  <fingerprint pattern="^Linux/(\S+\-ami), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2970
3663
  <description>AMI MegaRAC LOM UPnP</description>
2971
3664
  <example>Linux/3.14.17-ami, UPnP/1.0, Portable SDK for UPnP devices/1.6.20</example>
@@ -2981,6 +3674,7 @@
2981
3674
  <param pos="0" name="service.product" value="libupnp"/>
2982
3675
  <param pos="2" name="service.version"/>
2983
3676
  </fingerprint>
3677
+
2984
3678
  <fingerprint pattern="^Linux/(\S+\-axis[^,]+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2985
3679
  <description>Axis Network Camera</description>
2986
3680
  <example>Linux/4.9.94-axis5, UPnP/1.0, Portable SDK for UPnP devices/1.6.22</example>
@@ -2991,10 +3685,10 @@
2991
3685
  <param pos="0" name="os.family" value="Linux"/>
2992
3686
  <param pos="0" name="os.product" value="Linux"/>
2993
3687
  <param pos="1" name="os.version"/>
2994
- <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2995
3688
  <param pos="0" name="service.product" value="libupnp"/>
2996
3689
  <param pos="2" name="service.version"/>
2997
3690
  </fingerprint>
3691
+
2998
3692
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2999
3693
  <description>Portable SDK for UPnP Server - Linux</description>
3000
3694
  <example>Linux/2.4.20-46.7asp, UPnP/1.0, Portable SDK for UPnP devices/1.6.17</example>
@@ -3021,6 +3715,7 @@
3021
3715
  <param pos="1" name="os.version"/>
3022
3716
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
3023
3717
  </fingerprint>
3718
+
3024
3719
  <fingerprint pattern="^Linux/(\S+) UPnP/[\d\.]+ DLNADOC/[\d\.]+ Portable SDK for UPnP devices/(\S+)$">
3025
3720
  <description>DLNADOC Portable SDK for UPnP Server - Linux DNLADOC variant</description>
3026
3721
  <example>Linux/3.0.8 UPnP/1.0 DLNADOC/1.50 Portable SDK for UPnP devices/1.6.6</example>
@@ -3032,6 +3727,7 @@
3032
3727
  <param pos="1" name="os.version"/>
3033
3728
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
3034
3729
  </fingerprint>
3730
+
3035
3731
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
3036
3732
  <description>Intel SDK for UPnP Server with verbose banner</description>
3037
3733
  <example>Linux/2.6.10_dev-malta-mips2_fp_le, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
@@ -3043,12 +3739,14 @@
3043
3739
  <param pos="1" name="os.version"/>
3044
3740
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
3045
3741
  </fingerprint>
3742
+
3046
3743
  <fingerprint pattern="^Linux, UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
3047
3744
  <description>Intel SDK for UPnP Server</description>
3048
3745
  <example>Linux, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
3049
3746
  <param pos="0" name="service.product" value="libupnp"/>
3050
3747
  <param pos="1" name="service.version"/>
3051
3748
  </fingerprint>
3749
+
3052
3750
  <fingerprint pattern="^Darwin/(\S+), UPnP/\S+, Portable SDK for UPnP devices/(\S+)$">
3053
3751
  <description>Portable SDK for UPnP Server - macOS</description>
3054
3752
  <example service.version="1.6.6" os.version="10.2.0">Darwin/10.2.0, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
@@ -3059,6 +3757,7 @@
3059
3757
  <param pos="1" name="os.version"/>
3060
3758
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
3061
3759
  </fingerprint>
3760
+
3062
3761
  <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
3063
3762
  <description>Loxone Miniserver Smart Home</description>
3064
3763
  <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
@@ -3067,6 +3766,7 @@
3067
3766
  <param pos="0" name="hw.device" value="Building Automation"/>
3068
3767
  <param pos="1" name="host.name"/>
3069
3768
  </fingerprint>
3769
+
3070
3770
  <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
3071
3771
  <description>MikroTik RouterOS</description>
3072
3772
  <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
@@ -3077,6 +3777,7 @@
3077
3777
  <param pos="1" name="os.version"/>
3078
3778
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
3079
3779
  </fingerprint>
3780
+
3080
3781
  <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
3081
3782
  <description>Roku with a version</description>
3082
3783
  <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
@@ -3085,6 +3786,7 @@
3085
3786
  <param pos="0" name="hw.device" value="Media Server"/>
3086
3787
  <param pos="1" name="hw.version"/>
3087
3788
  </fingerprint>
3789
+
3088
3790
  <fingerprint pattern="^Roku/(\S+) UPnP/\S+ Roku/\S+$">
3089
3791
  <description>Roku with double versions</description>
3090
3792
  <example hw.version="9.2.0">Roku/9.2.0 UPnP/1.0 Roku/9.2.0</example>
@@ -3093,13 +3795,19 @@
3093
3795
  <param pos="0" name="hw.device" value="Media Server"/>
3094
3796
  <param pos="1" name="hw.version"/>
3095
3797
  </fingerprint>
3096
- <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
3798
+
3799
+ <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/([\d\.]+)$">
3097
3800
  <description>Roku without a version</description>
3098
- <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
3801
+ <example service.version="1.4">Roku UPnP/1.0 MiniUPnPd/1.4</example>
3099
3802
  <param pos="0" name="hw.vendor" value="Roku"/>
3100
3803
  <param pos="0" name="hw.product" value="Roku"/>
3101
3804
  <param pos="0" name="hw.device" value="Media Server"/>
3805
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
3806
+ <param pos="0" name="service.product" value="MiniUPnP"/>
3807
+ <param pos="1" name="service.version"/>
3808
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
3102
3809
  </fingerprint>
3810
+
3103
3811
  <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
3104
3812
  <description>Xbox Media Center UPnP Server</description>
3105
3813
  <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -3110,6 +3818,7 @@
3110
3818
  <param pos="0" name="service.product" value="XBMC"/>
3111
3819
  <param pos="1" name="service.version"/>
3112
3820
  </fingerprint>
3821
+
3113
3822
  <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
3114
3823
  <description>Synology DiskStation NAS with IP</description>
3115
3824
  <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
@@ -3122,6 +3831,7 @@
3122
3831
  <param pos="0" name="os.vendor" value="Synology"/>
3123
3832
  <param pos="1" name="host.ip"/>
3124
3833
  </fingerprint>
3834
+
3125
3835
  <fingerprint pattern="Synology/DSM/(\S+)$">
3126
3836
  <description>Synology DiskStation NAS with hostname</description>
3127
3837
  <example host.name="stuff">Synology/DSM/stuff</example>
@@ -3130,6 +3840,7 @@
3130
3840
  <param pos="0" name="hw.device" value="NAS"/>
3131
3841
  <param pos="1" name="host.name"/>
3132
3842
  </fingerprint>
3843
+
3133
3844
  <fingerprint pattern="^NetData Embedded HTTP Server v([a-zA-Z0-9\-\.]+)$">
3134
3845
  <description>NetData Embedded HTTP Server</description>
3135
3846
  <example service.version="1.16.1-146-g2f5e36ef">NetData Embedded HTTP Server v1.16.1-146-g2f5e36ef</example>
@@ -3138,6 +3849,7 @@
3138
3849
  <param pos="1" name="service.version"/>
3139
3850
  <param pos="0" name="service.cpe23" value="cpe:/a:netdata:netdata:{service.version}"/>
3140
3851
  </fingerprint>
3852
+
3141
3853
  <fingerprint pattern="^Solstice 2\.0+$">
3142
3854
  <description>SolsticePod</description>
3143
3855
  <example>Solstice 2.0</example>
@@ -3145,6 +3857,7 @@
3145
3857
  <param pos="0" name="hw.device" value="Wireless Presenter"/>
3146
3858
  <param pos="0" name="hw.product" value="SolsticePod"/>
3147
3859
  </fingerprint>
3860
+
3148
3861
  <fingerprint pattern="^MLC ([^\/]+)/([\d\.]+)$">
3149
3862
  <description>Extron MediaLink Controller HTTP Server</description>
3150
3863
  <example extron.model="104 IP PLUS" hw.version="1.03">MLC 104 IP PLUS/1.03</example>
@@ -3156,12 +3869,14 @@
3156
3869
  <param pos="1" name="extron.model"/>
3157
3870
  <param pos="2" name="hw.version"/>
3158
3871
  </fingerprint>
3872
+
3159
3873
  <fingerprint pattern="^Jetty \(Bluecat Networks\)$">
3160
3874
  <description>BlueCat Appliance</description>
3161
3875
  <example>Jetty (Bluecat Networks)</example>
3162
3876
  <param pos="0" name="hw.vendor" value="BlueCat"/>
3163
3877
  <param pos="0" name="hw.device" value="Network Appliance"/>
3164
3878
  </fingerprint>
3879
+
3165
3880
  <fingerprint pattern="^Crestron Webserver$">
3166
3881
  <description>Crestron Video Conferencing</description>
3167
3882
  <example>Crestron Webserver</example>
@@ -3171,6 +3886,7 @@
3171
3886
  <param pos="0" name="os.family" value="Linux"/>
3172
3887
  <param pos="0" name="os.device" value="Video Conferencing"/>
3173
3888
  </fingerprint>
3889
+
3174
3890
  <fingerprint pattern="^OPNsense$">
3175
3891
  <description>OPNsense Firewall</description>
3176
3892
  <example>OPNsense</example>
@@ -3180,6 +3896,7 @@
3180
3896
  <param pos="0" name="os.vendor" value="OPNsense"/>
3181
3897
  <param pos="0" name="os.product" value="FreeBSD"/>
3182
3898
  </fingerprint>
3899
+
3183
3900
  <fingerprint pattern="^ELAN Controller$">
3184
3901
  <description>ELAN Smart Home Controller</description>
3185
3902
  <example>ELAN Controller</example>
@@ -3189,6 +3906,7 @@
3189
3906
  <param pos="0" name="os.vendor" value="ELAN"/>
3190
3907
  <param pos="0" name="os.family" value="Linux"/>
3191
3908
  </fingerprint>
3909
+
3192
3910
  <fingerprint pattern="^STR_SettingServer$">
3193
3911
  <description>Sony STR AV Receiver</description>
3194
3912
  <example>STR_SettingServer</example>
@@ -3196,6 +3914,16 @@
3196
3914
  <param pos="0" name="hw.device" value="Media Server"/>
3197
3915
  <param pos="0" name="hw.product" value="AV Receiver"/>
3198
3916
  </fingerprint>
3917
+
3918
+ <fingerprint pattern="^AV_Receiver/([\d\.]+) \(([^\)]+)\)$">
3919
+ <description>Yamaha AV Receiver</description>
3920
+ <example hw.version="3.1" hw.product="RX-V675">AV_Receiver/3.1 (RX-V675)</example>
3921
+ <param pos="0" name="hw.vendor" value="Yamaha"/>
3922
+ <param pos="0" name="hw.device" value="AV Receiver"/>
3923
+ <param pos="1" name="hw.version"/>
3924
+ <param pos="2" name="hw.product"/>
3925
+ </fingerprint>
3926
+
3199
3927
  <fingerprint pattern="^MWS 0.01$">
3200
3928
  <description>ANNKE IP Camera</description>
3201
3929
  <example>MWS 0.01</example>
@@ -3203,4 +3931,193 @@
3203
3931
  <param pos="0" name="hw.device" value="Web cam"/>
3204
3932
  <param pos="0" name="hw.product" value="IP Camera"/>
3205
3933
  </fingerprint>
3206
- </fingerprints>
3934
+
3935
+ <fingerprint pattern="^Icecast (\S+)$">
3936
+ <description>Icecast Streaming Media server</description>
3937
+ <example service.version="2.4.3">Icecast 2.4.3</example>
3938
+ <example service.version="2.4.0-kh13">Icecast 2.4.0-kh13</example>
3939
+ <param pos="0" name="service.vendor" value="Xiph"/>
3940
+ <param pos="0" name="service.product" value="Icecast"/>
3941
+ <param pos="1" name="service.version"/>
3942
+ <param pos="0" name="service.cpe23" value="cpe:/a:xiph:icecast:{service.version}"/>
3943
+ </fingerprint>
3944
+
3945
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) CE$">
3946
+ <description>Couchbase Sync Gateway Community Edition</description>
3947
+ <example service.version="2.5.0">Couchbase Sync Gateway/2.5.0 CE</example>
3948
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3949
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3950
+ <param pos="0" name="service.edition" value="Community Edition"/>
3951
+ <param pos="1" name="service.version"/>
3952
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3953
+ </fingerprint>
3954
+
3955
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) EE$">
3956
+ <description>Couchbase Sync Gateway Enterprise Edition</description>
3957
+ <example service.version="2.7.1">Couchbase Sync Gateway/2.7.1 EE</example>
3958
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3959
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3960
+ <param pos="0" name="service.edition" value="Enterprise Edition"/>
3961
+ <param pos="1" name="service.version"/>
3962
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3963
+ </fingerprint>
3964
+
3965
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+)$">
3966
+ <description>Couchbase Sync Gateway</description>
3967
+ <example service.version="1.3.0">Couchbase Sync Gateway/1.3.0</example>
3968
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3969
+ <param pos="0" name="service.product" value="Sync Gateway"/>
3970
+ <param pos="1" name="service.version"/>
3971
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
3972
+ </fingerprint>
3973
+
3974
+ <fingerprint pattern="^Couchbase Server$">
3975
+ <description>Couchbase Server without version</description>
3976
+ <example>Couchbase Server</example>
3977
+ <param pos="0" name="service.vendor" value="Couchbase"/>
3978
+ <param pos="0" name="service.product" value="Couchbase Server"/>
3979
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:couchbase_server:-"/>
3980
+ </fingerprint>
3981
+
3982
+ <fingerprint pattern="^Kestrel$">
3983
+ <description>Kestrel web server implementation in ASP.NET core</description>
3984
+ <example>Kestrel</example>
3985
+ <param pos="0" name="service.vendor" value="Microsoft"/>
3986
+ <param pos="0" name="service.product" value="Kestrel web server"/>
3987
+ </fingerprint>
3988
+
3989
+ <fingerprint pattern="^stgw/([\d.]+)_([\d.]+)$">
3990
+ <description>Tencent Secure Tencent Gateway</description>
3991
+ <example service.version="1.3.12.9" service.component.version="1.13.5">stgw/1.3.12.9_1.13.5</example>
3992
+ <param pos="0" name="service.vendor" value="Tencent"/>
3993
+ <param pos="0" name="service.product" value="Secure Tencent Gateway"/>
3994
+ <param pos="1" name="service.version"/>
3995
+ <param pos="2" name="service.component.version"/>
3996
+ </fingerprint>
3997
+
3998
+ <fingerprint pattern="^axhttpd/([\d.]+)$">
3999
+ <description>axTLS Project axTLS web server</description>
4000
+ <example service.version="1.5.3">axhttpd/1.5.3</example>
4001
+ <param pos="0" name="service.vendor" value="axTLS Project"/>
4002
+ <param pos="0" name="service.product" value="axTLS"/>
4003
+ <param pos="1" name="service.version"/>
4004
+ <param pos="0" name="service.cpe23" value="cpe:/a:axtls_project:axtls:{service.version}"/>
4005
+ </fingerprint>
4006
+
4007
+ <fingerprint pattern="^tinyproxy/([\d.]+)$">
4008
+ <description>TinyProxy Project tinyproxy</description>
4009
+ <example service.version="1.8.2">tinyproxy/1.8.2</example>
4010
+ <param pos="0" name="service.vendor" value="Tinyproxy Project"/>
4011
+ <param pos="0" name="service.product" value="Tinyproxy"/>
4012
+ <param pos="1" name="service.version"/>
4013
+ <param pos="0" name="service.cpe23" value="cpe:/a:tinyproxy_project:tinyproxy:{service.version}"/>
4014
+ </fingerprint>
4015
+
4016
+ <fingerprint pattern="^Xfinity Broadband Router Server$">
4017
+ <description>Comcast Xfinity Broadband Router Server</description>
4018
+ <example>Xfinity Broadband Router Server</example>
4019
+ <param pos="0" name="hw.vendor" value="Comcast"/>
4020
+ <param pos="0" name="hw.product" value="Xfinity Broadband Router"/>
4021
+ <param pos="0" name="hw.device" value="Broadband router"/>
4022
+ </fingerprint>
4023
+
4024
+ <fingerprint pattern="^IX Series IX21\d\d \(magellan-sec\) Software, Version ([^, ]+), (?:MAINTENANCE )?RELEASE SOFTWARE$">
4025
+ <description>NEC Univerge Router - enterprise class with VPN, UTM, etc</description>
4026
+ <example hw.version="10.2.20">IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
4027
+ <example>IX Series IX2105 (magellan-sec) Software, Version 9.6.12A, MAINTENANCE RELEASE SOFTWARE</example>
4028
+ <param pos="0" name="hw.vendor" value="NEC"/>
4029
+ <param pos="0" name="hw.product" value="Univerge"/>
4030
+ <param pos="1" name="hw.version"/>
4031
+ <param pos="0" name="hw.device" value="Router"/>
4032
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:univerge:{hw.version}"/>
4033
+ </fingerprint>
4034
+
4035
+ <fingerprint pattern="^Caddy$">
4036
+ <description>CaddyServer Caddy - golang based httpd</description>
4037
+ <example>Caddy</example>
4038
+ <param pos="0" name="service.vendor" value="CaddyServer"/>
4039
+ <param pos="0" name="service.product" value="Caddy"/>
4040
+ <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
4041
+ </fingerprint>
4042
+
4043
+ <fingerprint pattern="^MoxaHttp/(\d\.\d)$">
4044
+ <description>Moxa devices - service used on multiple families of devices</description>
4045
+ <example service.version="2.3">MoxaHttp/2.3</example>
4046
+ <example>MoxaHttp/2.2</example>
4047
+ <example>MoxaHttp/1.0</example>
4048
+ <param pos="0" name="service.vendor" value="Moxa"/>
4049
+ <param pos="0" name="service.product" value="httpd"/>
4050
+ <param pos="1" name="service.version"/>
4051
+ <param pos="0" name="hw.vendor" value="Moxa"/>
4052
+ <param pos="0" name="os.vendor" value="Moxa"/>
4053
+ </fingerprint>
4054
+
4055
+ <fingerprint pattern="^proxygen-bolt$">
4056
+ <description>Facebook Proxygen httpd software</description>
4057
+ <example>proxygen-bolt</example>
4058
+ <param pos="0" name="service.vendor" value="Facebook"/>
4059
+ <param pos="0" name="service.product" value="Proxygen"/>
4060
+ <param pos="0" name="service.cpe23" value="cpe:/a:facebook:proxygen:-"/>
4061
+ </fingerprint>
4062
+
4063
+ <fingerprint pattern="^Kerio Connect ([\d.]+)(?: patch (\d))?$">
4064
+ <description>GFI Kerio Connect</description>
4065
+ <example service.version="8.2.2">Kerio Connect 8.2.2</example>
4066
+ <example service.version="9.2.12" service.version.version="1">Kerio Connect 9.2.12 patch 1</example>
4067
+ <param pos="0" name="service.vendor" value="GFI"/>
4068
+ <param pos="0" name="service.product" value="Kerio Connect"/>
4069
+ <param pos="1" name="service.version"/>
4070
+ <param pos="2" name="service.version.version"/>
4071
+ </fingerprint>
4072
+
4073
+ <fingerprint pattern="^Kerio Control Embedded Web Server$">
4074
+ <description>GFI Kerio Control - embedded web server</description>
4075
+ <example>Kerio Control Embedded Web Server</example>
4076
+ <param pos="0" name="service.vendor" value="GFI"/>
4077
+ <param pos="0" name="service.product" value="Kerio Control"/>
4078
+ <param pos="0" name="service.cpe23" value="cpe:/a:gfi:kerio_control:-"/>
4079
+ </fingerprint>
4080
+
4081
+ <fingerprint pattern="^Mongoose/([\d.]+)$">
4082
+ <description>Cesanta Mongoose embedded web server / networking library</description>
4083
+ <example service.version="6.7.1">Mongoose/6.7.1</example>
4084
+ <param pos="0" name="service.vendor" value="Cesanta"/>
4085
+ <param pos="0" name="service.product" value="Mongoose"/>
4086
+ <param pos="1" name="service.version"/>
4087
+ <param pos="0" name="service.cpe23" value="cpe:/a:cesanta:mongoose:{service.version}"/>
4088
+ </fingerprint>
4089
+
4090
+ <fingerprint pattern="^kangle/([\d.]+)$">
4091
+ <description>Bangteng Kangle web server</description>
4092
+ <example service.version="3.5.21.9">kangle/3.5.21.9</example>
4093
+ <param pos="0" name="service.vendor" value="Bangteng"/>
4094
+ <param pos="0" name="service.product" value="Kangle"/>
4095
+ <param pos="1" name="service.version"/>
4096
+ </fingerprint>
4097
+
4098
+ <fingerprint pattern="^Werkzeug/([\d.]+) Python/([\d.]+)$">
4099
+ <description>PalletsProjects Werkzeug web server</description>
4100
+ <example service.version="0.14.1" python.version="3.6.9">Werkzeug/0.14.1 Python/3.6.9</example>
4101
+ <param pos="0" name="service.vendor" value="PalletsProjects"/>
4102
+ <param pos="0" name="service.product" value="Werkzeug"/>
4103
+ <param pos="1" name="service.version"/>
4104
+ <param pos="0" name="service.cpe23" value="cpe:/a:palletsprojects:werkzeug:{service.version}"/>
4105
+ <param pos="2" name="python.version"/>
4106
+ </fingerprint>
4107
+
4108
+ <!-- This is a version of ACME mini_httpd where the value 'mini_httpd' has been
4109
+ replaced with a UUID in the Server header AND body of the response. It
4110
+ is likely vendor or product specific.
4111
+ -->
4112
+
4113
+ <fingerprint pattern="^[a-f\d]{7,8}-[a-f\d]{3,4}-[a-f\d]{3,4}-[a-f\d]{3,4}-[a-f\d]{10,12}$">
4114
+ <description>ACME mini_httpd with randomized Server header</description>
4115
+ <example>a74b7cd4-4a4e-4115-7a48-1c7ebb4ae45b</example>
4116
+ <example>f09f73f0-cac6-422-3660-32ac658c5ae7</example>
4117
+ <example>f24ddd9c-e2a6-23c-ec95-4563173bbe</example>
4118
+ <param pos="0" name="service.vendor" value="ACME"/>
4119
+ <param pos="0" name="service.product" value="mini_httpd"/>
4120
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
4121
+ </fingerprint>
4122
+
4123
+ </fingerprints>