recog 2.3.8 → 2.3.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
3
3
  <!--
4
4
  POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
9
  <description>OSX Cyrus POP</description>
9
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
19
20
  <param pos="1" name="host.domain"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
22
24
  <description>CMU Cyrus POP</description>
23
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
@@ -28,6 +30,7 @@
28
30
  <param pos="2" name="service.version"/>
29
31
  <param pos="1" name="host.domain"/>
30
32
  </fingerprint>
33
+
31
34
  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
32
35
  <description>IBM Lotus Notes/Domino</description>
33
36
  <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
@@ -36,6 +39,7 @@
36
39
  <param pos="0" name="service.product" value="Lotus Domino"/>
37
40
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
38
41
  </fingerprint>
42
+
39
43
  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
40
44
  <description>IBM Lotus Notes/Domino - Release variant</description>
41
45
  <example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
@@ -45,6 +49,7 @@
45
49
  <param pos="1" name="service.version"/>
46
50
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
47
51
  </fingerprint>
52
+
48
53
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
49
54
  <description>Qpopper with Sphera mods</description>
50
55
  <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
@@ -54,6 +59,7 @@
54
59
  <param pos="1" name="service.version"/>
55
60
  <param pos="2" name="host.domain"/>
56
61
  </fingerprint>
62
+
57
63
  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
58
64
  <description>Qpopper with MySQL auth module</description>
59
65
  <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
@@ -66,6 +72,7 @@
66
72
  <param pos="2" name="service.component.version"/>
67
73
  <param pos="3" name="host.domain"/>
68
74
  </fingerprint>
75
+
69
76
  <fingerprint pattern="(?i)^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$">
70
77
  <description>Qpopper missing version info</description>
71
78
  <example>Qpopper (version 4.0.16) at foo.example.com</example>
@@ -77,6 +84,7 @@
77
84
  <param pos="1" name="service.version"/>
78
85
  <param pos="2" name="host.domain"/>
79
86
  </fingerprint>
87
+
80
88
  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
81
89
  <description>Qpopper with missing version info</description>
82
90
  <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
@@ -86,6 +94,7 @@
86
94
  <param pos="1" name="qpopper.version"/>
87
95
  <param pos="2" name="host.domain"/>
88
96
  </fingerprint>
97
+
89
98
  <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
90
99
  <description>Microsoft Exchange Server 2003</description>
91
100
  <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
@@ -100,6 +109,7 @@
100
109
  <param pos="0" name="os.product" value="Windows"/>
101
110
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
102
111
  </fingerprint>
112
+
103
113
  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
104
114
  <description>Microsoft Exchange Server 2000</description>
105
115
  <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
@@ -114,6 +124,7 @@
114
124
  <param pos="0" name="os.product" value="Windows"/>
115
125
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
116
126
  </fingerprint>
127
+
117
128
  <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
118
129
  <description>Microsoft Exchange Server</description>
119
130
  <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
@@ -127,6 +138,7 @@
127
138
  <param pos="0" name="os.product" value="Windows"/>
128
139
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
129
140
  </fingerprint>
141
+
130
142
  <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
131
143
  <description>Microsoft POP3 Services on Windows 2003</description>
132
144
  <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
@@ -139,6 +151,7 @@
139
151
  <param pos="0" name="os.product" value="Windows Server 2003"/>
140
152
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
141
153
  </fingerprint>
154
+
142
155
  <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
143
156
  <description>Microsoft Exchange Server 2007</description>
144
157
  <example>Microsoft Exchange Server 2007 POP3 service ready</example>
@@ -151,6 +164,7 @@
151
164
  <param pos="0" name="os.product" value="Windows"/>
152
165
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
153
166
  </fingerprint>
167
+
154
168
  <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
155
169
  <description>Microsoft Exchange Server, generic</description>
156
170
  <example>The Microsoft Exchange POP3 service is ready.</example>
@@ -163,12 +177,58 @@
163
177
  <param pos="0" name="os.product" value="Windows"/>
164
178
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
165
179
  </fingerprint>
180
+
166
181
  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
167
182
  <description>Dovecot Secure POP Server</description>
183
+ <example>Dovecot ready.</example>
184
+ <example>Dovecot DA ready.</example>
185
+ <example host.name="foo.bar.baz">Dovecot ready. &lt;fea.13865d.5f06b0a4.DuIvzQI4DAGR9MurahIGJw==@foo.bar.baz&gt;</example>
186
+ <param pos="0" name="service.vendor" value="Dovecot"/>
168
187
  <param pos="0" name="service.family" value="Dovecot"/>
169
188
  <param pos="0" name="service.product" value="Dovecot"/>
189
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
170
190
  <param pos="1" name="host.name"/>
171
191
  </fingerprint>
192
+
193
+ <fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
194
+ <description>Dovecot Secure POP Server - Ubuntu variant</description>
195
+ <example>Dovecot (Ubuntu) ready.</example>
196
+ <param pos="0" name="service.vendor" value="Dovecot"/>
197
+ <param pos="0" name="service.family" value="Dovecot"/>
198
+ <param pos="0" name="service.product" value="Dovecot"/>
199
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
200
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
201
+ <param pos="0" name="os.family" value="Linux"/>
202
+ <param pos="0" name="os.product" value="Linux"/>
203
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
204
+ </fingerprint>
205
+
206
+ <fingerprint pattern="^Dovecot \(Debian\) ready\.$">
207
+ <description>Dovecot Secure POP Server - Debian variant</description>
208
+ <example>Dovecot (Debian) ready.</example>
209
+ <param pos="0" name="service.vendor" value="Dovecot"/>
210
+ <param pos="0" name="service.family" value="Dovecot"/>
211
+ <param pos="0" name="service.product" value="Dovecot"/>
212
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
213
+ <param pos="0" name="os.vendor" value="Debian"/>
214
+ <param pos="0" name="os.family" value="Linux"/>
215
+ <param pos="0" name="os.product" value="Linux"/>
216
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
217
+ </fingerprint>
218
+
219
+ <fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
220
+ <description>Dovecot Secure POP Server - Raspbian variant</description>
221
+ <example>Dovecot (Raspbian) ready.</example>
222
+ <param pos="0" name="service.vendor" value="Dovecot"/>
223
+ <param pos="0" name="service.family" value="Dovecot"/>
224
+ <param pos="0" name="service.product" value="Dovecot"/>
225
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
226
+ <param pos="0" name="os.vendor" value="Raspbian"/>
227
+ <param pos="0" name="os.family" value="Linux"/>
228
+ <param pos="0" name="os.product" value="Linux"/>
229
+ <param pos="0" name="hw.product" value="Raspberry Pi"/>
230
+ </fingerprint>
231
+
172
232
  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
173
233
  <description>VMware Zimbra POP</description>
174
234
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
@@ -177,6 +237,7 @@
177
237
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
178
238
  <param pos="1" name="host.name"/>
179
239
  </fingerprint>
240
+
180
241
  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
181
242
  <description>VMware Zimbra POP with version</description>
182
243
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
@@ -186,12 +247,14 @@
186
247
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
187
248
  <param pos="1" name="host.name"/>
188
249
  </fingerprint>
250
+
189
251
  <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
190
252
  <description>Generic masked POP3 server</description>
191
253
  <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
192
254
  <example>&lt;84427.1298535083@foo.example.com&gt;</example>
193
255
  <param pos="1" name="host.name"/>
194
256
  </fingerprint>
257
+
195
258
  <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
196
259
  <description>Apple Open Directory</description>
197
260
  <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
@@ -205,6 +268,7 @@
205
268
  <param pos="0" name="os.certainty" value="0.5"/>
206
269
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
207
270
  </fingerprint>
271
+
208
272
  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
209
273
  <description>TCP/IP Services for OpenVMS POP server</description>
210
274
  <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
@@ -218,6 +282,7 @@
218
282
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
219
283
  <param pos="2" name="host.name"/>
220
284
  </fingerprint>
285
+
221
286
  <fingerprint pattern="^Hello there\.$">
222
287
  <description>Courier MTA POP</description>
223
288
  <example>Hello there.</example>
@@ -225,6 +290,7 @@
225
290
  <param pos="0" name="service.family" value="Courier MTA"/>
226
291
  <param pos="0" name="service.product" value="Courier POP"/>
227
292
  </fingerprint>
293
+
228
294
  <fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
229
295
  <description>CMailServer</description>
230
296
  <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
@@ -234,6 +300,7 @@
234
300
  <param pos="0" name="os.vendor" value="Microsoft"/>
235
301
  <param pos="1" name="service.version"/>
236
302
  </fingerprint>
303
+
237
304
  <fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
238
305
  <description>POP3 Bigfoot server</description>
239
306
  <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
@@ -242,6 +309,7 @@
242
309
  <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
243
310
  <param pos="1" name="service.version"/>
244
311
  </fingerprint>
312
+
245
313
  <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
246
314
  <description>CCProxy POP3 server</description>
247
315
  <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
@@ -252,6 +320,7 @@
252
320
  <param pos="0" name="service.product" value="CCProxy"/>
253
321
  <param pos="1" name="service.version"/>
254
322
  </fingerprint>
323
+
255
324
  <fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
256
325
  <description>WinWebmail POP3</description>
257
326
  <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
@@ -263,6 +332,7 @@
263
332
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
264
333
  <param pos="1" name="service.version"/>
265
334
  </fingerprint>
335
+
266
336
  <fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
267
337
  <description>BlackJumboDog</description>
268
338
  <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
@@ -274,6 +344,20 @@
274
344
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
275
345
  <param pos="1" name="service.version"/>
276
346
  </fingerprint>
347
+
348
+ <fingerprint pattern="^Welcome to MailEnable POP3 Server$">
349
+ <description>MailEnable POP3</description>
350
+ <example>Welcome to MailEnable POP3 Server</example>
351
+ <param pos="0" name="os.vendor" value="Microsoft"/>
352
+ <param pos="0" name="os.family" value="Windows"/>
353
+ <param pos="0" name="os.product" value="Windows"/>
354
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
355
+ <param pos="0" name="service.vendor" value="MailEnable"/>
356
+ <param pos="0" name="service.family" value="Mail Server"/>
357
+ <param pos="0" name="service.product" value="MailEnable"/>
358
+ <param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:-"/>
359
+ </fingerprint>
360
+
277
361
  <!--
278
362
  ; Mandrake 8.1 - uses UW IMAP
279
363
  ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -283,66 +367,37 @@
283
367
  // +OK POP3 [158.122.12.70] v2003.83mdk server ready
284
368
  // +OK POP3 [161.58.53.189] 2006b.94 server ready
285
369
  // +OK POP3 [192.168.0.250] v2000.70rh server ready
286
-
287
370
  ; Lotus Domino - NOTE: POP versions do not map to Domino version
288
371
  // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
289
372
  ( call ?j_popPatterns add
290
373
  "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
291
374
  ( call ?j_popNames add "Lotus-Domino" )
292
-
293
375
  // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
294
-
295
376
  // Ipswitch IMail
296
377
  // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
297
-
298
378
  // +OK X1 POP3 Mail Server
299
-
300
379
  // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
301
-
302
380
  // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
303
-
304
381
  // +OK IdeaPop3Server v0.50 ready.
305
-
306
382
  // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
307
-
308
383
  // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
309
-
310
384
  // +OK xxx CMailServer 5.2 POP3 Service Ready
311
-
312
385
  // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
313
-
314
386
  // +OK Gordano Messaging Suite POP3 server ready
315
387
  // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
316
-
317
388
  // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
318
-
319
-
320
389
  // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
321
-
322
- // +OK Welcome to MailEnable POP3 Server
323
-
324
390
  // +OK GroupWise POP3 server ready
325
-
326
391
  // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
327
-
328
392
  // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
329
-
330
393
  // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
331
-
332
394
  // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
333
-
334
395
  // +OK Solid POP3 server ready
335
-
336
396
  // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
337
-
338
397
  // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
339
-
340
398
  // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
341
-
342
399
  // +OK DPOP Version number supressed.
343
-
344
400
  // +OK XPOP3 0.0.1 server ready
345
-
346
401
  -ERR (Proxy) connect error:socket error:No route to host
347
402
  -ERR No permission
348
403
  -ERR sorry, POP server too busy right now. Try again later.
@@ -472,7 +527,6 @@
472
527
  +OK studiovisuals.com POP3 Server (Version 1.020h) ready.
473
528
  +OK themeekermall.com POP3 Server (Version 1.020h) ready.
474
529
  +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
475
- +OK Welcome to MailEnable POP3 Server
476
530
  +OK X1 NT-POP3 Server 2436681011.monstercommercesites.com (IMail 7.15 560907-1)
477
531
  +OK X1 NT-POP3 Server Calvin-Serv (IMail 8.22 1107-1)
478
532
  +OK X1 NT-POP3 Server chealsea.com.cn (IMail 8.15 16990-1)
@@ -494,6 +548,6 @@
494
548
  // apparently this is a P3Scan Proxy bug
495
549
  // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
496
550
  Oops, that would loop!
497
-
498
551
  -->
499
- </fingerprints>
552
+
553
+ </fingerprints>
@@ -1,14 +1,16 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="rsh" database_type="service">
3
3
  <!--
4
4
  Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
5
5
  -->
6
+
6
7
  <fingerprint pattern="^.Permission denied: Error 0$">
7
8
  <description>Digital Unix rlogind</description>
8
9
  <example>xPermission denied: Error 0</example>
9
10
  <param pos="0" name="os.vendor" value="HP"/>
10
11
  <param pos="0" name="os.family" value="Digital Unix"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
13
15
  <description>Windows rlogind</description>
14
16
  <example>xWinsock RSHD/NT: Protocol negotiation error.
@@ -18,6 +20,7 @@
18
20
  <param pos="0" name="os.vendor" value="Microsoft"/>
19
21
  <param pos="0" name="os.family" value="Windows"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
22
25
  <description>Solaris rlogind</description>
23
26
  <example>xpermission denied.
@@ -27,6 +30,7 @@
27
30
  <param pos="0" name="os.product" value="Solaris"/>
28
31
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
29
32
  </fingerprint>
33
+
30
34
  <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
31
35
  <description>AIX rlogind</description>
32
36
  <example>xrlogind: Accxs refusx.
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="os.product" value="AIX"/>
37
41
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
40
45
  <description>A/UX rlogind</description>
41
46
  <example>xrlogind: Host name for your address (127.0.0.1) unknown.
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="os.vendor" value="Apple"/>
44
49
  <param pos="0" name="os.family" value="A/UX"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
47
53
  <description>HP-UX rexecd</description>
48
54
  <example>xrexecd: Login incorrect.
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="os.product" value="HP-UX"/>
53
59
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
56
63
  <description>AIX rexecd</description>
57
64
  <example>xrexecd: 0-1 The login is not correct.
@@ -61,6 +68,7 @@
61
68
  <param pos="0" name="os.product" value="AIX"/>
62
69
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
63
70
  </fingerprint>
71
+
64
72
  <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
65
73
  <description>HP-UX rshd</description>
66
74
  <example>xremshd: getservbyname
@@ -73,4 +81,5 @@
73
81
  <param pos="0" name="os.product" value="HP-UX"/>
74
82
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ </fingerprints>
@@ -1,4 +1,4 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="rtsp_header.server" protocol="rtsp" database_type="service" preference="0.85">
3
3
  <fingerprint pattern="^Flussonic \(http:\/\/www.flussonic.com\/\) ([\d\.]+)$">
4
4
  <description>Flussonic Media Server</description>
@@ -8,6 +8,7 @@
8
8
  <param pos="0" name="service.product" value="Flussonic Media Server"/>
9
9
  <param pos="1" name="service.version"/>
10
10
  </fingerprint>
11
+
11
12
  <fingerprint pattern="^Hipcam RealServer\/V([\d\.]+)$">
12
13
  <description>Hipcam IP camera running the RealServer RTSP server.</description>
13
14
  <example service.version="1.0">Hipcam RealServer/V1.0</example>
@@ -17,6 +18,7 @@
17
18
  <param pos="0" name="hw.vendor" value="Hipcam"/>
18
19
  <param pos="0" name="hw.device" value="IP Camera"/>
19
20
  </fingerprint>
21
+
20
22
  <fingerprint pattern="^Dahua Rtsp Server$">
21
23
  <description>Dahua IP Camera</description>
22
24
  <example>Dahua Rtsp Server</example>
@@ -24,12 +26,14 @@
24
26
  <param pos="0" name="hw.vendor" value="Dahua"/>
25
27
  <param pos="0" name="hw.device" value="IP Camera"/>
26
28
  </fingerprint>
29
+
27
30
  <fingerprint pattern="^GStreamer RTSP server$">
28
31
  <description>GStreamer RTSP Server (https://github.com/GStreamer/gst-rtsp-server)</description>
29
32
  <example>GStreamer RTSP server</example>
30
33
  <param pos="0" name="service.vendor" value="GStreamer"/>
31
34
  <param pos="0" name="service.product" value="GStreamer RTSP Server"/>
32
35
  </fingerprint>
36
+
33
37
  <fingerprint pattern="^WMServer\/([\d\.]+)$">
34
38
  <description>Windows Media Server</description>
35
39
  <example service.version="9.1.1.3862">WMServer/9.1.1.3862</example>
@@ -41,6 +45,7 @@
41
45
  <param pos="0" name="os.vendor" value="Microsoft"/>
42
46
  <param pos="0" name="os.family" value="Windows"/>
43
47
  </fingerprint>
48
+
44
49
  <fingerprint pattern="^Wowza (Streaming Engine|Media Server) ([\d\.]+) build(\d*)$">
45
50
  <description>Wowza Media Systems Streaming Video Services</description>
46
51
  <example service.version="4.7.7" service.version.version="20181108145350" service.product="Streaming Engine">Wowza Streaming Engine 4.7.7 build20181108145350</example>
@@ -50,18 +55,21 @@
50
55
  <param pos="2" name="service.version"/>
51
56
  <param pos="3" name="service.version.version"/>
52
57
  </fingerprint>
58
+
53
59
  <fingerprint pattern="^HiIpcam\/V\d+R\d+ VodServer\/[\d\.]+$">
54
60
  <description>Foscam IP Camera</description>
55
61
  <example>HiIpcam/V100R003 VodServer/1.0.0</example>
56
62
  <param pos="0" name="hw.vendor" value="Foscam"/>
57
63
  <param pos="0" name="hw.device" value="IP Camera"/>
58
64
  </fingerprint>
65
+
59
66
  <fingerprint pattern="^Indigo\-Security\/[\d\.]+$">
60
67
  <description>Indigo Security IP Camera</description>
61
68
  <example>Indigo-Security/1.0</example>
62
69
  <param pos="0" name="hw.vendor" value="Indigo Security"/>
63
70
  <param pos="0" name="hw.device" value="IP Camera"/>
64
71
  </fingerprint>
72
+
65
73
  <fingerprint pattern="^Cisco MediaSense Media Server$">
66
74
  <description>Cisco MediaSense Media Server (RTSP)</description>
67
75
  <example>Cisco MediaSense Media Server</example>
@@ -73,4 +81,16 @@
73
81
  <param pos="0" name="hw.device" value="SIP Gateway"/>
74
82
  <param pos="0" name="hw.product" value="MediaSense"/>
75
83
  </fingerprint>
76
- </fingerprints>
84
+
85
+ <fingerprint pattern="^AvigilonOnvifNvt/(\d+\.\S+)">
86
+ <description>Avigilon IP Camera</description>
87
+ <example os.version="2.6.0.130">AvigilonOnvifNvt/2.6.0.130</example>
88
+ <param pos="0" name="hw.vendor" value="Avigilon"/>
89
+ <param pos="0" name="hw.device" value="IP Camera"/>
90
+ <param pos="0" name="os.vendor" value="Avigilon"/>
91
+ <param pos="0" name="os.family" value="Linux"/>
92
+ <param pos="0" name="os.product" value="Linux"/>
93
+ <param pos="1" name="os.version"/>
94
+ </fingerprint>
95
+
96
+ </fingerprints>