recog 2.3.8 → 2.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
3
3
  <!--
4
4
  POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
9
  <description>OSX Cyrus POP</description>
9
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
19
20
  <param pos="1" name="host.domain"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
22
24
  <description>CMU Cyrus POP</description>
23
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
@@ -28,6 +30,7 @@
28
30
  <param pos="2" name="service.version"/>
29
31
  <param pos="1" name="host.domain"/>
30
32
  </fingerprint>
33
+
31
34
  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
32
35
  <description>IBM Lotus Notes/Domino</description>
33
36
  <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
@@ -36,6 +39,7 @@
36
39
  <param pos="0" name="service.product" value="Lotus Domino"/>
37
40
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
38
41
  </fingerprint>
42
+
39
43
  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
40
44
  <description>IBM Lotus Notes/Domino - Release variant</description>
41
45
  <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
@@ -45,6 +49,7 @@
45
49
  <param pos="1" name="service.version"/>
46
50
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
47
51
  </fingerprint>
52
+
48
53
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
49
54
  <description>Qpopper with Sphera mods</description>
50
55
  <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
@@ -54,6 +59,7 @@
54
59
  <param pos="1" name="service.version"/>
55
60
  <param pos="2" name="host.domain"/>
56
61
  </fingerprint>
62
+
57
63
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
58
64
  <description>Qpopper with MySQL auth module</description>
59
65
  <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
@@ -66,6 +72,7 @@
66
72
  <param pos="2" name="service.component.version"/>
67
73
  <param pos="3" name="host.domain"/>
68
74
  </fingerprint>
75
+
69
76
  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
70
77
  <description>Qpopper missing version info</description>
71
78
  <example>Qpopper (version 4.0.16) at foo.example.com</example>
@@ -77,6 +84,7 @@
77
84
  <param pos="1" name="service.version"/>
78
85
  <param pos="2" name="host.domain"/>
79
86
  </fingerprint>
87
+
80
88
  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
81
89
  <description>Qpopper with missing version info</description>
82
90
  <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
@@ -86,6 +94,7 @@
86
94
  <param pos="1" name="qpopper.version"/>
87
95
  <param pos="2" name="host.domain"/>
88
96
  </fingerprint>
97
+
89
98
  <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
90
99
  <description>Microsoft Exchange Server 2003</description>
91
100
  <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
@@ -100,6 +109,7 @@
100
109
  <param pos="0" name="os.product" value="Windows"/>
101
110
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
102
111
  </fingerprint>
112
+
103
113
  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
104
114
  <description>Microsoft Exchange Server 2000</description>
105
115
  <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
@@ -114,6 +124,7 @@
114
124
  <param pos="0" name="os.product" value="Windows"/>
115
125
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
116
126
  </fingerprint>
127
+
117
128
  <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
118
129
  <description>Microsoft Exchange Server</description>
119
130
  <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
@@ -127,6 +138,7 @@
127
138
  <param pos="0" name="os.product" value="Windows"/>
128
139
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
129
140
  </fingerprint>
141
+
130
142
  <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
131
143
  <description>Microsoft POP3 Services on Windows 2003</description>
132
144
  <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
@@ -139,6 +151,7 @@
139
151
  <param pos="0" name="os.product" value="Windows Server 2003"/>
140
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
141
153
  </fingerprint>
154
+
142
155
  <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
143
156
  <description>Microsoft Exchange Server 2007</description>
144
157
  <example>Microsoft Exchange Server 2007 POP3 service ready</example>
@@ -151,6 +164,7 @@
151
164
  <param pos="0" name="os.product" value="Windows"/>
152
165
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
153
166
  </fingerprint>
167
+
154
168
  <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
155
169
  <description>Microsoft Exchange Server, generic</description>
156
170
  <example>The Microsoft Exchange POP3 service is ready.</example>
@@ -163,12 +177,58 @@
163
177
  <param pos="0" name="os.product" value="Windows"/>
164
178
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
165
179
  </fingerprint>
180
+
166
181
  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
167
182
  <description>Dovecot Secure POP Server</description>
183
+ <example>Dovecot ready.</example>
184
+ <example>Dovecot DA ready.</example>
185
+ <example host.name="foo.bar.baz">Dovecot ready. &lt;fea.13865d.5f06b0a4.DuIvzQI4DAGR9MurahIGJw==@foo.bar.baz&gt;</example>
186
+ <param pos="0" name="service.vendor" value="Dovecot"/>
168
187
  <param pos="0" name="service.family" value="Dovecot"/>
169
188
  <param pos="0" name="service.product" value="Dovecot"/>
189
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
170
190
  <param pos="1" name="host.name"/>
171
191
  </fingerprint>
192
+
193
+ <fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
194
+ <description>Dovecot Secure POP Server - Ubuntu variant</description>
195
+ <example>Dovecot (Ubuntu) ready.</example>
196
+ <param pos="0" name="service.vendor" value="Dovecot"/>
197
+ <param pos="0" name="service.family" value="Dovecot"/>
198
+ <param pos="0" name="service.product" value="Dovecot"/>
199
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
200
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
201
+ <param pos="0" name="os.family" value="Linux"/>
202
+ <param pos="0" name="os.product" value="Linux"/>
203
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
204
+ </fingerprint>
205
+
206
+ <fingerprint pattern="^Dovecot \(Debian\) ready\.$">
207
+ <description>Dovecot Secure POP Server - Debian variant</description>
208
+ <example>Dovecot (Debian) ready.</example>
209
+ <param pos="0" name="service.vendor" value="Dovecot"/>
210
+ <param pos="0" name="service.family" value="Dovecot"/>
211
+ <param pos="0" name="service.product" value="Dovecot"/>
212
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
213
+ <param pos="0" name="os.vendor" value="Debian"/>
214
+ <param pos="0" name="os.family" value="Linux"/>
215
+ <param pos="0" name="os.product" value="Linux"/>
216
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
217
+ </fingerprint>
218
+
219
+ <fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
220
+ <description>Dovecot Secure POP Server - Raspbian variant</description>
221
+ <example>Dovecot (Raspbian) ready.</example>
222
+ <param pos="0" name="service.vendor" value="Dovecot"/>
223
+ <param pos="0" name="service.family" value="Dovecot"/>
224
+ <param pos="0" name="service.product" value="Dovecot"/>
225
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
226
+ <param pos="0" name="os.vendor" value="Raspbian"/>
227
+ <param pos="0" name="os.family" value="Linux"/>
228
+ <param pos="0" name="os.product" value="Linux"/>
229
+ <param pos="0" name="hw.product" value="Raspberry Pi"/>
230
+ </fingerprint>
231
+
172
232
  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
173
233
  <description>VMware Zimbra POP</description>
174
234
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
@@ -177,6 +237,7 @@
177
237
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
178
238
  <param pos="1" name="host.name"/>
179
239
  </fingerprint>
240
+
180
241
  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
181
242
  <description>VMware Zimbra POP with version</description>
182
243
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
@@ -186,12 +247,14 @@
186
247
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
187
248
  <param pos="1" name="host.name"/>
188
249
  </fingerprint>
250
+
189
251
  <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
190
252
  <description>Generic masked POP3 server</description>
191
253
  <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
192
254
  <example>&lt;84427.1298535083@foo.example.com&gt;</example>
193
255
  <param pos="1" name="host.name"/>
194
256
  </fingerprint>
257
+
195
258
  <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
196
259
  <description>Apple Open Directory</description>
197
260
  <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
@@ -205,6 +268,7 @@
205
268
  <param pos="0" name="os.certainty" value="0.5"/>
206
269
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
207
270
  </fingerprint>
271
+
208
272
  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
209
273
  <description>TCP/IP Services for OpenVMS POP server</description>
210
274
  <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
@@ -218,6 +282,7 @@
218
282
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
219
283
  <param pos="2" name="host.name"/>
220
284
  </fingerprint>
285
+
221
286
  <fingerprint pattern="^Hello there\.$">
222
287
  <description>Courier MTA POP</description>
223
288
  <example>Hello there.</example>
@@ -225,6 +290,7 @@
225
290
  <param pos="0" name="service.family" value="Courier MTA"/>
226
291
  <param pos="0" name="service.product" value="Courier POP"/>
227
292
  </fingerprint>
293
+
228
294
  <fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
229
295
  <description>CMailServer</description>
230
296
  <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
@@ -234,6 +300,7 @@
234
300
  <param pos="0" name="os.vendor" value="Microsoft"/>
235
301
  <param pos="1" name="service.version"/>
236
302
  </fingerprint>
303
+
237
304
  <fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
238
305
  <description>POP3 Bigfoot server</description>
239
306
  <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
@@ -242,6 +309,7 @@
242
309
  <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
243
310
  <param pos="1" name="service.version"/>
244
311
  </fingerprint>
312
+
245
313
  <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
246
314
  <description>CCProxy POP3 server</description>
247
315
  <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
@@ -252,6 +320,7 @@
252
320
  <param pos="0" name="service.product" value="CCProxy"/>
253
321
  <param pos="1" name="service.version"/>
254
322
  </fingerprint>
323
+
255
324
  <fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
256
325
  <description>WinWebmail POP3</description>
257
326
  <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
@@ -263,6 +332,7 @@
263
332
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
264
333
  <param pos="1" name="service.version"/>
265
334
  </fingerprint>
335
+
266
336
  <fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
267
337
  <description>BlackJumboDog</description>
268
338
  <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
@@ -274,6 +344,20 @@
274
344
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
275
345
  <param pos="1" name="service.version"/>
276
346
  </fingerprint>
347
+
348
+ <fingerprint pattern="^Welcome to MailEnable POP3 Server$">
349
+ <description>MailEnable POP3</description>
350
+ <example>Welcome to MailEnable POP3 Server</example>
351
+ <param pos="0" name="os.vendor" value="Microsoft"/>
352
+ <param pos="0" name="os.family" value="Windows"/>
353
+ <param pos="0" name="os.product" value="Windows"/>
354
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
355
+ <param pos="0" name="service.vendor" value="MailEnable"/>
356
+ <param pos="0" name="service.family" value="Mail Server"/>
357
+ <param pos="0" name="service.product" value="MailEnable"/>
358
+ <param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:-"/>
359
+ </fingerprint>
360
+
277
361
  <!--
278
362
  ; Mandrake 8.1 - uses UW IMAP
279
363
  ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -283,66 +367,37 @@
283
367
  // +OK POP3 [158.122.12.70] v2003.83mdk server ready
284
368
  // +OK POP3 [161.58.53.189] 2006b.94 server ready
285
369
  // +OK POP3 [192.168.0.250] v2000.70rh server ready
286
-
287
370
  ; Lotus Domino - NOTE: POP versions do not map to Domino version
288
371
  // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
289
372
  ( call ?j_popPatterns add
290
373
  "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
291
374
  ( call ?j_popNames add "Lotus-Domino" )
292
-
293
375
  // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
294
-
295
376
  // Ipswitch IMail
296
377
  // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
297
-
298
378
  // +OK X1 POP3 Mail Server
299
-
300
379
  // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
301
-
302
380
  // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
303
-
304
381
  // +OK IdeaPop3Server v0.50 ready.
305
-
306
382
  // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
307
-
308
383
  // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
309
-
310
384
  // +OK xxx CMailServer 5.2 POP3 Service Ready
311
-
312
385
  // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
313
-
314
386
  // +OK Gordano Messaging Suite POP3 server ready
315
387
  // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
316
-
317
388
  // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
318
-
319
-
320
389
  // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
321
-
322
- // +OK Welcome to MailEnable POP3 Server
323
-
324
390
  // +OK GroupWise POP3 server ready
325
-
326
391
  // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
327
-
328
392
  // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
329
-
330
393
  // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
331
-
332
394
  // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
333
-
334
395
  // +OK Solid POP3 server ready
335
-
336
396
  // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
337
-
338
397
  // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
339
-
340
398
  // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
341
-
342
399
  // +OK DPOP Version number supressed.
343
-
344
400
  // +OK XPOP3 0.0.1 server ready
345
-
346
401
  -ERR (Proxy) connect error:socket error:No route to host
347
402
  -ERR No permission
348
403
  -ERR sorry, POP server too busy right now. Try again later.
@@ -472,7 +527,6 @@
472
527
  +OK studiovisuals.com POP3 Server (Version 1.020h) ready.
473
528
  +OK themeekermall.com POP3 Server (Version 1.020h) ready.
474
529
  +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
475
- +OK Welcome to MailEnable POP3 Server
476
530
  +OK X1 NT-POP3 Server 2436681011.monstercommercesites.com (IMail 7.15 560907-1)
477
531
  +OK X1 NT-POP3 Server Calvin-Serv (IMail 8.22 1107-1)
478
532
  +OK X1 NT-POP3 Server chealsea.com.cn (IMail 8.15 16990-1)
@@ -494,6 +548,6 @@
494
548
  // apparently this is a P3Scan Proxy bug
495
549
  // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
496
550
  Oops, that would loop!
497
-
498
551
  -->
499
- </fingerprints>
552
+
553
+ </fingerprints>
@@ -1,14 +1,16 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="rsh" database_type="service">
3
3
  <!--
4
4
  Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
5
5
  -->
6
+
6
7
  <fingerprint pattern="^.Permission denied: Error 0$">
7
8
  <description>Digital Unix rlogind</description>
8
9
  <example>xPermission denied: Error 0</example>
9
10
  <param pos="0" name="os.vendor" value="HP"/>
10
11
  <param pos="0" name="os.family" value="Digital Unix"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
13
15
  <description>Windows rlogind</description>
14
16
  <example>xWinsock RSHD/NT: Protocol negotiation error.
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="0" name="os.family" value="Windows"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
22
25
  <description>Solaris rlogind</description>
23
26
  <example>xpermission denied.
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Solaris"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
31
35
  <description>AIX rlogind</description>
32
36
  <example>xrlogind: Accxs refusx.
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="os.product" value="AIX"/>
37
41
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
40
45
  <description>A/UX rlogind</description>
41
46
  <example>xrlogind: Host name for your address (127.0.0.1) unknown.
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="os.vendor" value="Apple"/>
44
49
  <param pos="0" name="os.family" value="A/UX"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
47
53
  <description>HP-UX rexecd</description>
48
54
  <example>xrexecd: Login incorrect.
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="os.product" value="HP-UX"/>
53
59
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
56
63
  <description>AIX rexecd</description>
57
64
  <example>xrexecd: 0-1 The login is not correct.
@@ -61,6 +68,7 @@
61
68
  <param pos="0" name="os.product" value="AIX"/>
62
69
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
63
70
  </fingerprint>
71
+
64
72
  <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
65
73
  <description>HP-UX rshd</description>
66
74
  <example>xremshd: getservbyname
@@ -73,4 +81,5 @@
73
81
  <param pos="0" name="os.product" value="HP-UX"/>
74
82
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ </fingerprints>
@@ -1,4 +1,4 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
3
3
  <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
4
4
  <description>Flussonic Media Server</description>
@@ -8,6 +8,7 @@
8
8
  <param pos="0" name="service.product" value="Flussonic Media Server"/>
9
9
  <param pos="1" name="service.version"/>
10
10
  </fingerprint>
11
+
11
12
  <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
12
13
  <description>Hipcam IP camera running the RealServer RTSP server.</description>
13
14
  <example service.version="1.0">Hipcam RealServer/V1.0</example>
@@ -17,6 +18,7 @@
17
18
  <param pos="0" name="hw.vendor" value="Hipcam"/>
18
19
  <param pos="0" name="hw.device" value="IP Camera"/>
19
20
  </fingerprint>
21
+
20
22
  <fingerprint pattern="^Dahua Rtsp Server$">
21
23
  <description>Dahua IP Camera</description>
22
24
  <example>Dahua Rtsp Server</example>
@@ -24,12 +26,14 @@
24
26
  <param pos="0" name="hw.vendor" value="Dahua"/>
25
27
  <param pos="0" name="hw.device" value="IP Camera"/>
26
28
  </fingerprint>
29
+
27
30
  <fingerprint pattern="^GStreamer RTSP server$">
28
31
  <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
29
32
  <example>GStreamer RTSP server</example>
30
33
  <param pos="0" name="service.vendor" value="GStreamer"/>
31
34
  <param pos="0" name="service.product" value="GStreamer RTSP Server"/>
32
35
  </fingerprint>
36
+
33
37
  <fingerprint pattern="^WMServer\/([\d\.]+)$">
34
38
  <description>Windows Media Server</description>
35
39
  <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
@@ -41,6 +45,7 @@
41
45
  <param pos="0" name="os.vendor" value="Microsoft"/>
42
46
  <param pos="0" name="os.family" value="Windows"/>
43
47
  </fingerprint>
48
+
44
49
  <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
45
50
  <description>Wowza Media Systems Streaming Video Services</description>
46
51
  <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
@@ -50,18 +55,21 @@
50
55
  <param pos="2" name="service.version"/>
51
56
  <param pos="3" name="service.version.version"/>
52
57
  </fingerprint>
58
+
53
59
  <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
54
60
  <description>Foscam IP Camera</description>
55
61
  <example>HiIpcam/V100R003 VodServer/1.0.0</example>
56
62
  <param pos="0" name="hw.vendor" value="Foscam"/>
57
63
  <param pos="0" name="hw.device" value="IP Camera"/>
58
64
  </fingerprint>
65
+
59
66
  <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
60
67
  <description>Indigo Security IP Camera</description>
61
68
  <example>Indigo-Security/1.0</example>
62
69
  <param pos="0" name="hw.vendor" value="Indigo Security"/>
63
70
  <param pos="0" name="hw.device" value="IP Camera"/>
64
71
  </fingerprint>
72
+
65
73
  <fingerprint pattern="^Cisco MediaSense Media Server$">
66
74
  <description>Cisco MediaSense Media Server (RTSP)</description>
67
75
  <example>Cisco MediaSense Media Server</example>
@@ -73,4 +81,16 @@
73
81
  <param pos="0" name="hw.device" value="SIP Gateway"/>
74
82
  <param pos="0" name="hw.product" value="MediaSense"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ <fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
86
+ <description>Avigilon IP Camera</description>
87
+ <example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
88
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
89
+ <param pos="0" name="hw.device" value="IP Camera"/>
90
+ <param pos="0" name="os.vendor" value="Avigilon"/>
91
+ <param pos="0" name="os.family" value="Linux"/>
92
+ <param pos="0" name="os.product" value="Linux"/>
93
+ <param pos="1" name="os.version"/>
94
+ </fingerprint>
95
+
96
+ </fingerprints>