recog 2.3.8 → 2.3.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +6 -0
- data/CONTRIBUTING.md +136 -37
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +30 -6
- data/cpe-remap.yaml +18 -2
- data/identifiers/README.md +9 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +6 -6
- data/identifiers/os_device.txt +45 -3
- data/identifiers/os_family.txt +206 -41
- data/identifiers/os_product.txt +238 -17
- data/identifiers/service_family.txt +144 -57
- data/identifiers/service_product.txt +385 -83
- data/identifiers/vendor.txt +554 -68
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +3 -0
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +41 -2
- data/xml/architecture.xml +11 -3
- data/xml/dns_versionbind.xml +191 -15
- data/xml/favicons.xml +1701 -0
- data/xml/ftp_banners.xml +250 -18
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1278 -25
- data/xml/http_cookies.xml +64 -9
- data/xml/http_servers.xml +1013 -96
- data/xml/http_wwwauth.xml +141 -26
- data/xml/imap_banners.xml +62 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +175 -2
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +134 -7
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +80 -4
- data/xml/operating_system.xml +89 -3
- data/xml/pop_banners.xml +87 -33
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +22 -2
- data/xml/sip_banners.xml +35 -4
- data/xml/sip_user_agents.xml +29 -2
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +79 -2
- data/xml/smtp_banners.xml +230 -9
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +733 -25
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +182 -8
- data/xml/telnet_banners.xml +493 -22
- data/xml/x11_banners.xml +26 -3
- data/xml/x509_issuers.xml +30 -6
- data/xml/x509_subjects.xml +200 -31
- metadata +8 -2
data/xml/pop_banners.xml
CHANGED
@@ -1,9 +1,10 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
|
3
3
|
<!--
|
4
4
|
POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
|
5
5
|
matched against these patterns to fingerprint POP3 servers.
|
6
6
|
-->
|
7
|
+
|
7
8
|
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
|
8
9
|
<description>OSX Cyrus POP</description>
|
9
10
|
<example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1999107648.1324502155@8.8.8.8></example>
|
@@ -18,6 +19,7 @@
|
|
18
19
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
19
20
|
<param pos="1" name="host.domain"/>
|
20
21
|
</fingerprint>
|
22
|
+
|
21
23
|
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
|
22
24
|
<description>CMU Cyrus POP</description>
|
23
25
|
<example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
|
@@ -28,6 +30,7 @@
|
|
28
30
|
<param pos="2" name="service.version"/>
|
29
31
|
<param pos="1" name="host.domain"/>
|
30
32
|
</fingerprint>
|
33
|
+
|
31
34
|
<fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
|
32
35
|
<description>IBM Lotus Notes/Domino</description>
|
33
36
|
<example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
|
@@ -36,6 +39,7 @@
|
|
36
39
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
37
40
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
|
38
41
|
</fingerprint>
|
42
|
+
|
39
43
|
<fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
|
40
44
|
<description>IBM Lotus Notes/Domino - Release variant</description>
|
41
45
|
<example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
|
@@ -45,6 +49,7 @@
|
|
45
49
|
<param pos="1" name="service.version"/>
|
46
50
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
|
47
51
|
</fingerprint>
|
52
|
+
|
48
53
|
<fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
|
49
54
|
<description>Qpopper with Sphera mods</description>
|
50
55
|
<example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. <xxx@domain></example>
|
@@ -54,6 +59,7 @@
|
|
54
59
|
<param pos="1" name="service.version"/>
|
55
60
|
<param pos="2" name="host.domain"/>
|
56
61
|
</fingerprint>
|
62
|
+
|
57
63
|
<fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
|
58
64
|
<description>Qpopper with MySQL auth module</description>
|
59
65
|
<example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. <xxx@domain></example>
|
@@ -66,6 +72,7 @@
|
|
66
72
|
<param pos="2" name="service.component.version"/>
|
67
73
|
<param pos="3" name="host.domain"/>
|
68
74
|
</fingerprint>
|
75
|
+
|
69
76
|
<fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
|
70
77
|
<description>Qpopper missing version info</description>
|
71
78
|
<example>Qpopper (version 4.0.16) at foo.example.com</example>
|
@@ -77,6 +84,7 @@
|
|
77
84
|
<param pos="1" name="service.version"/>
|
78
85
|
<param pos="2" name="host.domain"/>
|
79
86
|
</fingerprint>
|
87
|
+
|
80
88
|
<fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
|
81
89
|
<description>Qpopper with missing version info</description>
|
82
90
|
<example>QPOP (version ?) at domain starting. <xxx@domain></example>
|
@@ -86,6 +94,7 @@
|
|
86
94
|
<param pos="1" name="qpopper.version"/>
|
87
95
|
<param pos="2" name="host.domain"/>
|
88
96
|
</fingerprint>
|
97
|
+
|
89
98
|
<fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
|
90
99
|
<description>Microsoft Exchange Server 2003</description>
|
91
100
|
<example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
|
@@ -100,6 +109,7 @@
|
|
100
109
|
<param pos="0" name="os.product" value="Windows"/>
|
101
110
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
102
111
|
</fingerprint>
|
112
|
+
|
103
113
|
<fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
|
104
114
|
<description>Microsoft Exchange Server 2000</description>
|
105
115
|
<example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
|
@@ -114,6 +124,7 @@
|
|
114
124
|
<param pos="0" name="os.product" value="Windows"/>
|
115
125
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
116
126
|
</fingerprint>
|
127
|
+
|
117
128
|
<fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
|
118
129
|
<description>Microsoft Exchange Server</description>
|
119
130
|
<example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
|
@@ -127,6 +138,7 @@
|
|
127
138
|
<param pos="0" name="os.product" value="Windows"/>
|
128
139
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
129
140
|
</fingerprint>
|
141
|
+
|
130
142
|
<fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 <.+@(.+)> ready.$">
|
131
143
|
<description>Microsoft POP3 Services on Windows 2003</description>
|
132
144
|
<example>Microsoft Windows POP3 Service Version 1.0 <xxx@host> ready.</example>
|
@@ -139,6 +151,7 @@
|
|
139
151
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
140
152
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
|
141
153
|
</fingerprint>
|
154
|
+
|
142
155
|
<fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
|
143
156
|
<description>Microsoft Exchange Server 2007</description>
|
144
157
|
<example>Microsoft Exchange Server 2007 POP3 service ready</example>
|
@@ -151,6 +164,7 @@
|
|
151
164
|
<param pos="0" name="os.product" value="Windows"/>
|
152
165
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
153
166
|
</fingerprint>
|
167
|
+
|
154
168
|
<fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
|
155
169
|
<description>Microsoft Exchange Server, generic</description>
|
156
170
|
<example>The Microsoft Exchange POP3 service is ready.</example>
|
@@ -163,12 +177,58 @@
|
|
163
177
|
<param pos="0" name="os.product" value="Windows"/>
|
164
178
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
165
179
|
</fingerprint>
|
180
|
+
|
166
181
|
<fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: <.+@(.+)>)?$">
|
167
182
|
<description>Dovecot Secure POP Server</description>
|
183
|
+
<example>Dovecot ready.</example>
|
184
|
+
<example>Dovecot DA ready.</example>
|
185
|
+
<example host.name="foo.bar.baz">Dovecot ready. <fea.13865d.5f06b0a4.DuIvzQI4DAGR9MurahIGJw==@foo.bar.baz></example>
|
186
|
+
<param pos="0" name="service.vendor" value="Dovecot"/>
|
168
187
|
<param pos="0" name="service.family" value="Dovecot"/>
|
169
188
|
<param pos="0" name="service.product" value="Dovecot"/>
|
189
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
|
170
190
|
<param pos="1" name="host.name"/>
|
171
191
|
</fingerprint>
|
192
|
+
|
193
|
+
<fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
|
194
|
+
<description>Dovecot Secure POP Server - Ubuntu variant</description>
|
195
|
+
<example>Dovecot (Ubuntu) ready.</example>
|
196
|
+
<param pos="0" name="service.vendor" value="Dovecot"/>
|
197
|
+
<param pos="0" name="service.family" value="Dovecot"/>
|
198
|
+
<param pos="0" name="service.product" value="Dovecot"/>
|
199
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
|
200
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
201
|
+
<param pos="0" name="os.family" value="Linux"/>
|
202
|
+
<param pos="0" name="os.product" value="Linux"/>
|
203
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
204
|
+
</fingerprint>
|
205
|
+
|
206
|
+
<fingerprint pattern="^Dovecot \(Debian\) ready\.$">
|
207
|
+
<description>Dovecot Secure POP Server - Debian variant</description>
|
208
|
+
<example>Dovecot (Debian) ready.</example>
|
209
|
+
<param pos="0" name="service.vendor" value="Dovecot"/>
|
210
|
+
<param pos="0" name="service.family" value="Dovecot"/>
|
211
|
+
<param pos="0" name="service.product" value="Dovecot"/>
|
212
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
|
213
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
214
|
+
<param pos="0" name="os.family" value="Linux"/>
|
215
|
+
<param pos="0" name="os.product" value="Linux"/>
|
216
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
217
|
+
</fingerprint>
|
218
|
+
|
219
|
+
<fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
|
220
|
+
<description>Dovecot Secure POP Server - Raspbian variant</description>
|
221
|
+
<example>Dovecot (Raspbian) ready.</example>
|
222
|
+
<param pos="0" name="service.vendor" value="Dovecot"/>
|
223
|
+
<param pos="0" name="service.family" value="Dovecot"/>
|
224
|
+
<param pos="0" name="service.product" value="Dovecot"/>
|
225
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
|
226
|
+
<param pos="0" name="os.vendor" value="Raspbian"/>
|
227
|
+
<param pos="0" name="os.family" value="Linux"/>
|
228
|
+
<param pos="0" name="os.product" value="Linux"/>
|
229
|
+
<param pos="0" name="hw.product" value="Raspberry Pi"/>
|
230
|
+
</fingerprint>
|
231
|
+
|
172
232
|
<fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
|
173
233
|
<description>VMware Zimbra POP</description>
|
174
234
|
<example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
|
@@ -177,6 +237,7 @@
|
|
177
237
|
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
|
178
238
|
<param pos="1" name="host.name"/>
|
179
239
|
</fingerprint>
|
240
|
+
|
180
241
|
<fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
|
181
242
|
<description>VMware Zimbra POP with version</description>
|
182
243
|
<example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
|
@@ -186,12 +247,14 @@
|
|
186
247
|
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
|
187
248
|
<param pos="1" name="host.name"/>
|
188
249
|
</fingerprint>
|
250
|
+
|
189
251
|
<fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?<.*@([^>]+)>$">
|
190
252
|
<description>Generic masked POP3 server</description>
|
191
253
|
<example>POP3 server ready <58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com></example>
|
192
254
|
<example><84427.1298535083@foo.example.com></example>
|
193
255
|
<param pos="1" name="host.name"/>
|
194
256
|
</fingerprint>
|
257
|
+
|
195
258
|
<fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
|
196
259
|
<description>Apple Open Directory</description>
|
197
260
|
<example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
|
@@ -205,6 +268,7 @@
|
|
205
268
|
<param pos="0" name="os.certainty" value="0.5"/>
|
206
269
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
207
270
|
</fingerprint>
|
271
|
+
|
208
272
|
<fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
|
209
273
|
<description>TCP/IP Services for OpenVMS POP server</description>
|
210
274
|
<example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
|
@@ -218,6 +282,7 @@
|
|
218
282
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
|
219
283
|
<param pos="2" name="host.name"/>
|
220
284
|
</fingerprint>
|
285
|
+
|
221
286
|
<fingerprint pattern="^Hello there\.$">
|
222
287
|
<description>Courier MTA POP</description>
|
223
288
|
<example>Hello there.</example>
|
@@ -225,6 +290,7 @@
|
|
225
290
|
<param pos="0" name="service.family" value="Courier MTA"/>
|
226
291
|
<param pos="0" name="service.product" value="Courier POP"/>
|
227
292
|
</fingerprint>
|
293
|
+
|
228
294
|
<fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
|
229
295
|
<description>CMailServer</description>
|
230
296
|
<example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
|
@@ -234,6 +300,7 @@
|
|
234
300
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
235
301
|
<param pos="1" name="service.version"/>
|
236
302
|
</fingerprint>
|
303
|
+
|
237
304
|
<fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
|
238
305
|
<description>POP3 Bigfoot server</description>
|
239
306
|
<example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
|
@@ -242,6 +309,7 @@
|
|
242
309
|
<param pos="0" name="service.product" value="Bigfoot Email Tools"/>
|
243
310
|
<param pos="1" name="service.version"/>
|
244
311
|
</fingerprint>
|
312
|
+
|
245
313
|
<fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
|
246
314
|
<description>CCProxy POP3 server</description>
|
247
315
|
<example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
|
@@ -252,6 +320,7 @@
|
|
252
320
|
<param pos="0" name="service.product" value="CCProxy"/>
|
253
321
|
<param pos="1" name="service.version"/>
|
254
322
|
</fingerprint>
|
323
|
+
|
255
324
|
<fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
|
256
325
|
<description>WinWebmail POP3</description>
|
257
326
|
<example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
|
@@ -263,6 +332,7 @@
|
|
263
332
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
264
333
|
<param pos="1" name="service.version"/>
|
265
334
|
</fingerprint>
|
335
|
+
|
266
336
|
<fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
|
267
337
|
<description>BlackJumboDog</description>
|
268
338
|
<example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
|
@@ -274,6 +344,20 @@
|
|
274
344
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
275
345
|
<param pos="1" name="service.version"/>
|
276
346
|
</fingerprint>
|
347
|
+
|
348
|
+
<fingerprint pattern="^Welcome to MailEnable POP3 Server$">
|
349
|
+
<description>MailEnable POP3</description>
|
350
|
+
<example>Welcome to MailEnable POP3 Server</example>
|
351
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
352
|
+
<param pos="0" name="os.family" value="Windows"/>
|
353
|
+
<param pos="0" name="os.product" value="Windows"/>
|
354
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
355
|
+
<param pos="0" name="service.vendor" value="MailEnable"/>
|
356
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
357
|
+
<param pos="0" name="service.product" value="MailEnable"/>
|
358
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:-"/>
|
359
|
+
</fingerprint>
|
360
|
+
|
277
361
|
<!--
|
278
362
|
; Mandrake 8.1 - uses UW IMAP
|
279
363
|
; +OK POP3 mandrake81-f540k v2000.70mdk server ready
|
@@ -283,66 +367,37 @@
|
|
283
367
|
// +OK POP3 [158.122.12.70] v2003.83mdk server ready
|
284
368
|
// +OK POP3 [161.58.53.189] 2006b.94 server ready
|
285
369
|
// +OK POP3 [192.168.0.250] v2000.70rh server ready
|
286
|
-
|
287
370
|
; Lotus Domino - NOTE: POP versions do not map to Domino version
|
288
371
|
// +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
|
289
372
|
( call ?j_popPatterns add
|
290
373
|
"^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
|
291
374
|
( call ?j_popNames add "Lotus-Domino" )
|
292
|
-
|
293
375
|
// +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
|
294
|
-
|
295
376
|
// Ipswitch IMail
|
296
377
|
// +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
|
297
|
-
|
298
378
|
// +OK X1 POP3 Mail Server
|
299
|
-
|
300
379
|
// +OK server POP3 server (DeskNow POP3 Server 1.0) ready
|
301
|
-
|
302
380
|
// +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
|
303
|
-
|
304
381
|
// +OK IdeaPop3Server v0.50 ready.
|
305
|
-
|
306
382
|
// +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
|
307
|
-
|
308
383
|
// +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
|
309
|
-
|
310
384
|
// +OK xxx CMailServer 5.2 POP3 Service Ready
|
311
|
-
|
312
385
|
// +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
|
313
|
-
|
314
386
|
// +OK Gordano Messaging Suite POP3 server ready
|
315
387
|
// +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
|
316
|
-
|
317
388
|
// +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
|
318
|
-
|
319
|
-
|
320
389
|
// +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
|
321
|
-
|
322
|
-
// +OK Welcome to MailEnable POP3 Server
|
323
|
-
|
324
390
|
// +OK GroupWise POP3 server ready
|
325
|
-
|
326
391
|
// +OK POP3 AnalogX Proxy 4.14 (Release) ready.
|
327
|
-
|
328
392
|
// +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
|
329
|
-
|
330
393
|
// +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
|
331
|
-
|
332
394
|
// +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
|
333
|
-
|
334
395
|
// +OK Solid POP3 server ready
|
335
|
-
|
336
396
|
// +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
|
337
|
-
|
338
397
|
// +OK POP3 titan [cppop 20.0] at [207.150.171.34]
|
339
|
-
|
340
398
|
// +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
|
341
|
-
|
342
399
|
// +OK DPOP Version number supressed.
|
343
|
-
|
344
400
|
// +OK XPOP3 0.0.1 server ready
|
345
|
-
|
346
401
|
-ERR (Proxy) connect error:socket error:No route to host
|
347
402
|
-ERR No permission
|
348
403
|
-ERR sorry, POP server too busy right now. Try again later.
|
@@ -472,7 +527,6 @@
|
|
472
527
|
+OK studiovisuals.com POP3 Server (Version 1.020h) ready.
|
473
528
|
+OK themeekermall.com POP3 Server (Version 1.020h) ready.
|
474
529
|
+OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
|
475
|
-
+OK Welcome to MailEnable POP3 Server
|
476
530
|
+OK X1 NT-POP3 Server 2436681011.monstercommercesites.com (IMail 7.15 560907-1)
|
477
531
|
+OK X1 NT-POP3 Server Calvin-Serv (IMail 8.22 1107-1)
|
478
532
|
+OK X1 NT-POP3 Server chealsea.com.cn (IMail 8.15 16990-1)
|
@@ -494,6 +548,6 @@
|
|
494
548
|
// apparently this is a P3Scan Proxy bug
|
495
549
|
// http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
|
496
550
|
Oops, that would loop!
|
497
|
-
|
498
551
|
-->
|
499
|
-
|
552
|
+
|
553
|
+
</fingerprints>
|
data/xml/rsh_resp.xml
CHANGED
@@ -1,14 +1,16 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="rsh" database_type="service">
|
3
3
|
<!--
|
4
4
|
Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
|
5
5
|
-->
|
6
|
+
|
6
7
|
<fingerprint pattern="^.Permission denied: Error 0$">
|
7
8
|
<description>Digital Unix rlogind</description>
|
8
9
|
<example>xPermission denied: Error 0</example>
|
9
10
|
<param pos="0" name="os.vendor" value="HP"/>
|
10
11
|
<param pos="0" name="os.family" value="Digital Unix"/>
|
11
12
|
</fingerprint>
|
13
|
+
|
12
14
|
<fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
|
13
15
|
<description>Windows rlogind</description>
|
14
16
|
<example>xWinsock RSHD/NT: Protocol negotiation error.
|
@@ -18,6 +20,7 @@
|
|
18
20
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
19
21
|
<param pos="0" name="os.family" value="Windows"/>
|
20
22
|
</fingerprint>
|
23
|
+
|
21
24
|
<fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
|
22
25
|
<description>Solaris rlogind</description>
|
23
26
|
<example>xpermission denied.
|
@@ -27,6 +30,7 @@
|
|
27
30
|
<param pos="0" name="os.product" value="Solaris"/>
|
28
31
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
|
29
32
|
</fingerprint>
|
33
|
+
|
30
34
|
<fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
|
31
35
|
<description>AIX rlogind</description>
|
32
36
|
<example>xrlogind: Accxs refusx.
|
@@ -36,6 +40,7 @@
|
|
36
40
|
<param pos="0" name="os.product" value="AIX"/>
|
37
41
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
|
38
42
|
</fingerprint>
|
43
|
+
|
39
44
|
<fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
|
40
45
|
<description>A/UX rlogind</description>
|
41
46
|
<example>xrlogind: Host name for your address (127.0.0.1) unknown.
|
@@ -43,6 +48,7 @@
|
|
43
48
|
<param pos="0" name="os.vendor" value="Apple"/>
|
44
49
|
<param pos="0" name="os.family" value="A/UX"/>
|
45
50
|
</fingerprint>
|
51
|
+
|
46
52
|
<fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
|
47
53
|
<description>HP-UX rexecd</description>
|
48
54
|
<example>xrexecd: Login incorrect.
|
@@ -52,6 +58,7 @@
|
|
52
58
|
<param pos="0" name="os.product" value="HP-UX"/>
|
53
59
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
|
54
60
|
</fingerprint>
|
61
|
+
|
55
62
|
<fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
|
56
63
|
<description>AIX rexecd</description>
|
57
64
|
<example>xrexecd: 0-1 The login is not correct.
|
@@ -61,6 +68,7 @@
|
|
61
68
|
<param pos="0" name="os.product" value="AIX"/>
|
62
69
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
|
63
70
|
</fingerprint>
|
71
|
+
|
64
72
|
<fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
|
65
73
|
<description>HP-UX rshd</description>
|
66
74
|
<example>xremshd: getservbyname
|
@@ -73,4 +81,5 @@
|
|
73
81
|
<param pos="0" name="os.product" value="HP-UX"/>
|
74
82
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
|
75
83
|
</fingerprint>
|
76
|
-
|
84
|
+
|
85
|
+
</fingerprints>
|
data/xml/rtsp_servers.xml
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
|
3
3
|
<fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
|
4
4
|
<description>Flussonic Media Server</description>
|
@@ -8,6 +8,7 @@
|
|
8
8
|
<param pos="0" name="service.product" value="Flussonic Media Server"/>
|
9
9
|
<param pos="1" name="service.version"/>
|
10
10
|
</fingerprint>
|
11
|
+
|
11
12
|
<fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
|
12
13
|
<description>Hipcam IP camera running the RealServer RTSP server.</description>
|
13
14
|
<example service.version="1.0">Hipcam RealServer/V1.0</example>
|
@@ -17,6 +18,7 @@
|
|
17
18
|
<param pos="0" name="hw.vendor" value="Hipcam"/>
|
18
19
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
19
20
|
</fingerprint>
|
21
|
+
|
20
22
|
<fingerprint pattern="^Dahua Rtsp Server$">
|
21
23
|
<description>Dahua IP Camera</description>
|
22
24
|
<example>Dahua Rtsp Server</example>
|
@@ -24,12 +26,14 @@
|
|
24
26
|
<param pos="0" name="hw.vendor" value="Dahua"/>
|
25
27
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
26
28
|
</fingerprint>
|
29
|
+
|
27
30
|
<fingerprint pattern="^GStreamer RTSP server$">
|
28
31
|
<description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
|
29
32
|
<example>GStreamer RTSP server</example>
|
30
33
|
<param pos="0" name="service.vendor" value="GStreamer"/>
|
31
34
|
<param pos="0" name="service.product" value="GStreamer RTSP Server"/>
|
32
35
|
</fingerprint>
|
36
|
+
|
33
37
|
<fingerprint pattern="^WMServer\/([\d\.]+)$">
|
34
38
|
<description>Windows Media Server</description>
|
35
39
|
<example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
|
@@ -41,6 +45,7 @@
|
|
41
45
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
42
46
|
<param pos="0" name="os.family" value="Windows"/>
|
43
47
|
</fingerprint>
|
48
|
+
|
44
49
|
<fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
|
45
50
|
<description>Wowza Media Systems Streaming Video Services</description>
|
46
51
|
<example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
|
@@ -50,18 +55,21 @@
|
|
50
55
|
<param pos="2" name="service.version"/>
|
51
56
|
<param pos="3" name="service.version.version"/>
|
52
57
|
</fingerprint>
|
58
|
+
|
53
59
|
<fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
|
54
60
|
<description>Foscam IP Camera</description>
|
55
61
|
<example>HiIpcam/V100R003 VodServer/1.0.0</example>
|
56
62
|
<param pos="0" name="hw.vendor" value="Foscam"/>
|
57
63
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
58
64
|
</fingerprint>
|
65
|
+
|
59
66
|
<fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
|
60
67
|
<description>Indigo Security IP Camera</description>
|
61
68
|
<example>Indigo-Security/1.0</example>
|
62
69
|
<param pos="0" name="hw.vendor" value="Indigo Security"/>
|
63
70
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
64
71
|
</fingerprint>
|
72
|
+
|
65
73
|
<fingerprint pattern="^Cisco MediaSense Media Server$">
|
66
74
|
<description>Cisco MediaSense Media Server (RTSP)</description>
|
67
75
|
<example>Cisco MediaSense Media Server</example>
|
@@ -73,4 +81,16 @@
|
|
73
81
|
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
74
82
|
<param pos="0" name="hw.product" value="MediaSense"/>
|
75
83
|
</fingerprint>
|
76
|
-
|
84
|
+
|
85
|
+
<fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
|
86
|
+
<description>Avigilon IP Camera</description>
|
87
|
+
<example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
|
88
|
+
<param pos="0" name="hw.vendor" value="Avigilon"/>
|
89
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
90
|
+
<param pos="0" name="os.vendor" value="Avigilon"/>
|
91
|
+
<param pos="0" name="os.family" value="Linux"/>
|
92
|
+
<param pos="0" name="os.product" value="Linux"/>
|
93
|
+
<param pos="1" name="os.version"/>
|
94
|
+
</fingerprint>
|
95
|
+
|
96
|
+
</fingerprints>
|