RubyGems - recog - Versions diffs - 2.3.8 → 2.3.13 - Mend

recog 2.3.8 → 2.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

checksums.yaml +4 -4
data/.gitignore +6 -0
data/CONTRIBUTING.md +136 -37
data/README.md +18 -16
data/bin/recog_cleanup +16 -0
data/bin/recog_standardize +30 -6
data/cpe-remap.yaml +18 -2
data/identifiers/README.md +9 -0
data/identifiers/hw_device.txt +77 -0
data/identifiers/hw_family.txt +96 -0
data/identifiers/hw_product.txt +328 -0
data/identifiers/os_architecture.txt +6 -6
data/identifiers/os_device.txt +45 -3
data/identifiers/os_family.txt +206 -41
data/identifiers/os_product.txt +238 -17
data/identifiers/service_family.txt +144 -57
data/identifiers/service_product.txt +385 -83
data/identifiers/vendor.txt +554 -68
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/update_cpes.py +3 -0
data/xml/apache_modules.xml +292 -5
data/xml/apache_os.xml +41 -2
data/xml/architecture.xml +11 -3
data/xml/dns_versionbind.xml +191 -15
data/xml/favicons.xml +1701 -0
data/xml/ftp_banners.xml +250 -18
data/xml/h323_callresp.xml +112 -12
data/xml/hp_pjl_id.xml +47 -5
data/xml/html_title.xml +1278 -25
data/xml/http_cookies.xml +64 -9
data/xml/http_servers.xml +1013 -96
data/xml/http_wwwauth.xml +141 -26
data/xml/imap_banners.xml +62 -13
data/xml/ldap_searchresult.xml +81 -9
data/xml/mdns_device-info_txt.xml +175 -2
data/xml/mdns_workstation_txt.xml +4 -2
data/xml/mysql_banners.xml +134 -7
data/xml/mysql_error.xml +113 -6
data/xml/nntp_banners.xml +10 -2
data/xml/ntp_banners.xml +80 -4
data/xml/operating_system.xml +89 -3
data/xml/pop_banners.xml +87 -33
data/xml/rsh_resp.xml +11 -2
data/xml/rtsp_servers.xml +22 -2
data/xml/sip_banners.xml +35 -4
data/xml/sip_user_agents.xml +29 -2
data/xml/smb_native_lm.xml +10 -2
data/xml/smb_native_os.xml +79 -2
data/xml/smtp_banners.xml +230 -9
data/xml/smtp_debug.xml +6 -4
data/xml/smtp_ehlo.xml +7 -5
data/xml/smtp_expn.xml +13 -4
data/xml/smtp_help.xml +23 -4
data/xml/smtp_mailfrom.xml +5 -2
data/xml/smtp_noop.xml +6 -5
data/xml/smtp_quit.xml +5 -4
data/xml/smtp_rcptto.xml +5 -2
data/xml/smtp_rset.xml +4 -4
data/xml/smtp_turn.xml +4 -4
data/xml/smtp_vrfy.xml +14 -4
data/xml/snmp_sysdescr.xml +733 -25
data/xml/snmp_sysobjid.xml +47 -2
data/xml/ssh_banners.xml +182 -8
data/xml/telnet_banners.xml +493 -22
data/xml/x11_banners.xml +26 -3
data/xml/x509_issuers.xml +30 -6
data/xml/x509_subjects.xml +200 -31
metadata +8 -2

data/xml/pop_banners.xml CHANGED

@@ -1,9 +1,10 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
   <!--
   POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
   matched against these patterns to fingerprint POP3 servers.
   -->
   <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
     <description>OSX Cyrus POP</description>
     <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
@@ -18,6 +19,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
     <param pos="1" name="host.domain"/>
   </fingerprint>
   <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
     <description>CMU Cyrus POP</description>
     <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
@@ -28,6 +30,7 @@
     <param pos="2" name="service.version"/>
     <param pos="1" name="host.domain"/>
   </fingerprint>
   <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
     <description>IBM Lotus Notes/Domino</description>
     <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
@@ -36,6 +39,7 @@
     <param pos="0" name="service.product" value="Lotus Domino"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
   </fingerprint>
   <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
     <description>IBM Lotus Notes/Domino - Release variant</description>
     <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
@@ -45,6 +49,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
   </fingerprint>
   <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
     <description>Qpopper with Sphera mods</description>
     <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting.  &lt;xxx@domain&gt;</example>
@@ -54,6 +59,7 @@
     <param pos="1" name="service.version"/>
     <param pos="2" name="host.domain"/>
   </fingerprint>
   <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
     <description>Qpopper with MySQL auth module</description>
     <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting.  &lt;xxx@domain&gt;</example>
@@ -66,6 +72,7 @@
     <param pos="2" name="service.component.version"/>
     <param pos="3" name="host.domain"/>
   </fingerprint>
   <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
     <description>Qpopper missing version info</description>
     <example>Qpopper (version 4.0.16) at foo.example.com</example>
@@ -77,6 +84,7 @@
     <param pos="1" name="service.version"/>
     <param pos="2" name="host.domain"/>
   </fingerprint>
   <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
     <description>Qpopper with missing version info</description>
     <example>QPOP (version ?) at domain starting.  &lt;xxx@domain&gt;</example>
@@ -86,6 +94,7 @@
     <param pos="1" name="qpopper.version"/>
     <param pos="2" name="host.domain"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
     <description>Microsoft Exchange Server 2003</description>
     <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
@@ -100,6 +109,7 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
     <description>Microsoft Exchange Server 2000</description>
     <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
@@ -114,6 +124,7 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
     <description>Microsoft Exchange Server</description>
     <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
@@ -127,6 +138,7 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
     <description>Microsoft POP3 Services on Windows 2003</description>
     <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
@@ -139,6 +151,7 @@
     <param pos="0" name="os.product" value="Windows Server 2003"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
     <description>Microsoft Exchange Server 2007</description>
     <example>Microsoft Exchange Server 2007 POP3 service ready</example>
@@ -151,6 +164,7 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
   <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
     <description>Microsoft Exchange Server, generic</description>
     <example>The Microsoft Exchange POP3 service is ready.</example>
@@ -163,12 +177,58 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
   <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
     <description>Dovecot Secure POP Server</description>
+    <example>Dovecot ready.</example>
+    <example>Dovecot DA ready.</example>
+    <example host.name="foo.bar.baz">Dovecot ready. &lt;fea.13865d.5f06b0a4.DuIvzQI4DAGR9MurahIGJw==@foo.bar.baz&gt;</example>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
+  <fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
+    <description>Dovecot Secure POP Server - Ubuntu variant</description>
+    <example>Dovecot (Ubuntu) ready.</example>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
+    <param pos="0" name="service.family" value="Dovecot"/>
+    <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
+    <param pos="0" name="os.vendor" value="Ubuntu"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Dovecot \(Debian\) ready\.$">
+    <description>Dovecot Secure POP Server - Debian variant</description>
+    <example>Dovecot (Debian) ready.</example>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
+    <param pos="0" name="service.family" value="Dovecot"/>
+    <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
+    <description>Dovecot Secure POP Server - Raspbian variant</description>
+    <example>Dovecot (Raspbian) ready.</example>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
+    <param pos="0" name="service.family" value="Dovecot"/>
+    <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
+    <param pos="0" name="os.vendor" value="Raspbian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="hw.product" value="Raspberry Pi"/>
+  </fingerprint>
   <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
     <description>VMware Zimbra POP</description>
     <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
@@ -177,6 +237,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
     <description>VMware Zimbra POP with version</description>
     <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
@@ -186,12 +247,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
     <description>Generic masked POP3 server</description>
     <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
     <example>&lt;84427.1298535083@foo.example.com&gt;</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
     <description>Apple Open Directory</description>
     <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
@@ -205,6 +268,7 @@
     <param pos="0" name="os.certainty" value="0.5"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
     <description>TCP/IP Services for OpenVMS POP server</description>
     <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
@@ -218,6 +282,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^Hello there\.$">
     <description>Courier MTA POP</description>
     <example>Hello there.</example>
@@ -225,6 +290,7 @@
     <param pos="0" name="service.family" value="Courier MTA"/>
     <param pos="0" name="service.product" value="Courier POP"/>
   </fingerprint>
   <fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
     <description>CMailServer</description>
     <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
@@ -234,6 +300,7 @@
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
     <description>POP3 Bigfoot server</description>
     <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
@@ -242,6 +309,7 @@
     <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
     <description>CCProxy POP3 server</description>
     <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
@@ -252,6 +320,7 @@
     <param pos="0" name="service.product" value="CCProxy"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
     <description>WinWebmail POP3</description>
     <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
@@ -263,6 +332,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
     <description>BlackJumboDog</description>
     <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
@@ -274,6 +344,20 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+  <fingerprint pattern="^Welcome to MailEnable POP3 Server$">
+    <description>MailEnable POP3</description>
+    <example>Welcome to MailEnable POP3 Server</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
+    <param pos="0" name="service.vendor" value="MailEnable"/>
+    <param pos="0" name="service.family" value="Mail Server"/>
+    <param pos="0" name="service.product" value="MailEnable"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:-"/>
+  </fingerprint>
   <!--
 ; Mandrake 8.1 - uses UW IMAP
 ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -283,66 +367,37 @@
 // +OK POP3 [158.122.12.70] v2003.83mdk server ready
 // +OK POP3 [161.58.53.189] 2006b.94 server ready
 // +OK POP3 [192.168.0.250] v2000.70rh server ready
 ; Lotus Domino - NOTE: POP versions do not map to Domino version
 // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
 ( call ?j_popPatterns add
 "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
 ( call ?j_popNames add "Lotus-Domino" )
 // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
 // Ipswitch IMail
 // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
 // +OK X1 POP3 Mail Server
 // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
 // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
 // +OK IdeaPop3Server v0.50 ready.
 // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
 // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
 // +OK xxx CMailServer 5.2 POP3 Service Ready
 // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
 // +OK Gordano Messaging Suite POP3 server ready
 // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
 // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
 // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
-// +OK Welcome to MailEnable POP3 Server
 // +OK GroupWise POP3 server ready
 // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
 // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
 // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
 // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
 // +OK Solid POP3 server ready
 // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
 // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
 // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
 // +OK DPOP Version number supressed.
 // +OK XPOP3 0.0.1 server ready
 -ERR (Proxy) connect error:socket error:No route to host
 -ERR No permission
 -ERR sorry, POP server too busy right now.  Try again later.
@@ -472,7 +527,6 @@
 +OK studiovisuals.com POP3 Server (Version 1.020h) ready.
 +OK themeekermall.com POP3 Server (Version 1.020h) ready.
 +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
-+OK Welcome to MailEnable POP3 Server
 +OK X1 NT-POP3 Server 2436681011.monstercommercesites.com (IMail 7.15 560907-1)
 +OK X1 NT-POP3 Server Calvin-Serv (IMail 8.22 1107-1)
 +OK X1 NT-POP3 Server chealsea.com.cn (IMail 8.15 16990-1)
@@ -494,6 +548,6 @@
 // apparently this is a P3Scan Proxy bug
 // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
 Oops, that would loop!
 -->
-</fingerprints>
+</fingerprints>

data/xml/rsh_resp.xml CHANGED

@@ -1,14 +1,16 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints protocol="rsh" database_type="service">
   <!--
   Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
   -->
   <fingerprint pattern="^.Permission denied: Error 0$">
     <description>Digital Unix rlogind</description>
     <example>xPermission denied: Error 0</example>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.family" value="Digital Unix"/>
   </fingerprint>
   <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
     <description>Windows rlogind</description>
     <example>xWinsock RSHD/NT: Protocol negotiation error.
@@ -18,6 +20,7 @@
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
   </fingerprint>
   <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
     <description>Solaris rlogind</description>
     <example>xpermission denied.
@@ -27,6 +30,7 @@
     <param pos="0" name="os.product" value="Solaris"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
   </fingerprint>
   <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
     <description>AIX rlogind</description>
     <example>xrlogind: Accxs refusx.
@@ -36,6 +40,7 @@
     <param pos="0" name="os.product" value="AIX"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
   </fingerprint>
   <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
     <description>A/UX rlogind</description>
     <example>xrlogind: Host name for your address (127.0.0.1) unknown.
@@ -43,6 +48,7 @@
     <param pos="0" name="os.vendor" value="Apple"/>
     <param pos="0" name="os.family" value="A/UX"/>
   </fingerprint>
   <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
     <description>HP-UX rexecd</description>
     <example>xrexecd: Login incorrect.
@@ -52,6 +58,7 @@
     <param pos="0" name="os.product" value="HP-UX"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
   </fingerprint>
   <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
     <description>AIX rexecd</description>
     <example>xrexecd: 0-1 The login is not correct.
@@ -61,6 +68,7 @@
     <param pos="0" name="os.product" value="AIX"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
   </fingerprint>
   <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
     <description>HP-UX rshd</description>
     <example>xremshd: getservbyname
@@ -73,4 +81,5 @@
     <param pos="0" name="os.product" value="HP-UX"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
   </fingerprint>
-</fingerprints>
+</fingerprints>

data/xml/rtsp_servers.xml CHANGED

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
   <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
     <description>Flussonic Media Server</description>
@@ -8,6 +8,7 @@
     <param pos="0" name="service.product" value="Flussonic Media Server"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
     <description>Hipcam IP camera running the RealServer RTSP server.</description>
     <example service.version="1.0">Hipcam RealServer/V1.0</example>
@@ -17,6 +18,7 @@
     <param pos="0" name="hw.vendor" value="Hipcam"/>
     <param pos="0" name="hw.device" value="IP Camera"/>
   </fingerprint>
   <fingerprint pattern="^Dahua Rtsp Server$">
     <description>Dahua IP Camera</description>
     <example>Dahua Rtsp Server</example>
@@ -24,12 +26,14 @@
     <param pos="0" name="hw.vendor" value="Dahua"/>
     <param pos="0" name="hw.device" value="IP Camera"/>
   </fingerprint>
   <fingerprint pattern="^GStreamer RTSP server$">
     <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
     <example>GStreamer RTSP server</example>
     <param pos="0" name="service.vendor" value="GStreamer"/>
     <param pos="0" name="service.product" value="GStreamer RTSP Server"/>
   </fingerprint>
   <fingerprint pattern="^WMServer\/([\d\.]+)$">
     <description>Windows Media Server</description>
     <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
@@ -41,6 +45,7 @@
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
   </fingerprint>
   <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
     <description>Wowza Media Systems Streaming Video Services</description>
     <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
@@ -50,18 +55,21 @@
     <param pos="2" name="service.version"/>
     <param pos="3" name="service.version.version"/>
   </fingerprint>
   <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
     <description>Foscam IP Camera</description>
     <example>HiIpcam/V100R003 VodServer/1.0.0</example>
     <param pos="0" name="hw.vendor" value="Foscam"/>
     <param pos="0" name="hw.device" value="IP Camera"/>
   </fingerprint>
   <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
     <description>Indigo Security IP Camera</description>
     <example>Indigo-Security/1.0</example>
     <param pos="0" name="hw.vendor" value="Indigo Security"/>
     <param pos="0" name="hw.device" value="IP Camera"/>
   </fingerprint>
   <fingerprint pattern="^Cisco MediaSense Media Server$">
     <description>Cisco MediaSense Media Server (RTSP)</description>
     <example>Cisco MediaSense Media Server</example>
@@ -73,4 +81,16 @@
     <param pos="0" name="hw.device" value="SIP Gateway"/>
     <param pos="0" name="hw.product" value="MediaSense"/>
   </fingerprint>
-</fingerprints>
+  <fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
+    <description>Avigilon IP Camera</description>
+    <example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
+    <param pos="0" name="hw.vendor" value="Avigilon"/>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+    <param pos="0" name="os.vendor" value="Avigilon"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+</fingerprints>