recog 2.3.8 → 2.3.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
@@ -1,9 +1,11 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.server" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP Server header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
+
6
7
  <!-- Cisco/Tandberg Products -->
8
+
7
9
  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
8
10
  <description>Cisco IOS SIP Gateway w/ Vague Version</description>
9
11
  <example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="hw.vendor" value="Cisco"/>
21
23
  <param pos="0" name="hw.device" value="Router"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)$">
24
27
  <description>Cisco IOS SIP Gateway w/ Full Version</description>
25
28
  <example os.version="15.2.4.M3">Cisco-SIPGateway/IOS-15.2.4.M3</example>
@@ -41,6 +44,7 @@
41
44
  <param pos="0" name="hw.vendor" value="Cisco"/>
42
45
  <param pos="0" name="hw.device" value="Router"/>
43
46
  </fingerprint>
47
+
44
48
  <fingerprint pattern="^Cisco-CP-?(\d+G?)(?:-\S+)?/([\d\.]+)">
45
49
  <description>Cisco CP VoIP Phone</description>
46
50
  <example hw.model="7960G" hw.version="8.0">Cisco-CP7960G/8.0</example>
@@ -55,6 +59,7 @@
55
59
  <param pos="1" name="hw.model"/>
56
60
  <param pos="2" name="hw.version"/>
57
61
  </fingerprint>
62
+
58
63
  <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
59
64
  <description>Cisco/Linksys SPA VoIP Phone</description>
60
65
  <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
@@ -72,6 +77,7 @@
72
77
  <param pos="1" name="hw.model"/>
73
78
  <param pos="2" name="hw.version"/>
74
79
  </fingerprint>
80
+
75
81
  <fingerprint pattern="(?:Cisco|Linksys)(?: |/)(PAP2T?)(?:-|/)(\S+)$">
76
82
  <description>Cisco/Linksys VoIP / Internet Phone adapter</description>
77
83
  <example hw.version="3.1.22(LS)" hw.model="PAP2">PhoneSystems.net aabbccddeeff Linksys/PAP2-3.1.22(LS)</example>
@@ -87,6 +93,7 @@
87
93
  <param pos="1" name="hw.model"/>
88
94
  <param pos="2" name="hw.version"/>
89
95
  </fingerprint>
96
+
90
97
  <fingerprint pattern="^Cisco/(SRP\d+)-([\d\.]+)">
91
98
  <description>Cisco Services Ready Platforms (SRP) Router</description>
92
99
  <example hw.model="SRP541" hw.version="1.2.6">Cisco/SRP541-1.2.6(003)</example>
@@ -99,6 +106,7 @@
99
106
  <param pos="1" name="hw.model"/>
100
107
  <param pos="2" name="hw.version"/>
101
108
  </fingerprint>
109
+
102
110
  <fingerprint pattern="(?:Cisco|Linksys)/(WRP\d+)-(\S+)$">
103
111
  <description>Cisco/Linksys WRP Wireless Router</description>
104
112
  <example hw.version="2.00.26" hw.model="WRP400">aabbccddeeff_FinalStage_Linksys/WRP400-2.00.26</example>
@@ -112,6 +120,7 @@
112
120
  <param pos="1" name="hw.model"/>
113
121
  <param pos="2" name="hw.version"/>
114
122
  </fingerprint>
123
+
115
124
  <fingerprint pattern="^TANDBERG/(\d+) \((.*)\) Cisco-(\S+)$">
116
125
  <description>Cisco/Tandberg TelePresence w/Cisco Model Name</description>
117
126
  <example os.version="TC7.3.7.01c84fd" tandberg.model="528" hw.product="EX60">TANDBERG/528 (TC7.3.7.01c84fd) Cisco-EX60</example>
@@ -126,6 +135,7 @@
126
135
  <param pos="0" name="hw.device" value="Video Conferencing"/>
127
136
  <param pos="3" name="hw.product"/>
128
137
  </fingerprint>
138
+
129
139
  <fingerprint pattern="^(TANDBERG/(\d+)) \((\S+).*\)$">
130
140
  <description>Cisco/Tandberg TelePresence</description>
131
141
  <example os.version="TC7.0.2.aecf2d9" tandberg.model="519" hw.product="TANDBERG/519">TANDBERG/519 (TC7.0.2.aecf2d9)</example>
@@ -144,7 +154,9 @@
144
154
  <param pos="0" name="hw.device" value="Video Conferencing"/>
145
155
  <param pos="1" name="hw.product"/>
146
156
  </fingerprint>
157
+
147
158
  <!-- Various -->
159
+
148
160
  <fingerprint pattern="EnGenius_Router$">
149
161
  <description>EnGenius DuraFon IP Phone</description>
150
162
  <example>EnGenius_Router</example>
@@ -152,6 +164,7 @@
152
164
  <param pos="0" name="hw.product" value="DuraFon"/>
153
165
  <param pos="0" name="hw.device" value="VoIP"/>
154
166
  </fingerprint>
167
+
155
168
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
156
169
  <description>Huawei Softswitch</description>
157
170
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R006</example>
@@ -160,11 +173,13 @@
160
173
  <param pos="0" name="hw.product" value="Softswitch"/>
161
174
  <param pos="1" name="hw.model"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="(?i)^SIP/1.0 \(Huawei\)$">
164
178
  <description>Huawei generic</description>
165
179
  <example>SIP/1.0 (Huawei)</example>
166
180
  <param pos="0" name="hw.vendor" value="Huawei"/>
167
181
  </fingerprint>
182
+
168
183
  <fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
169
184
  <description>Media5 Corporation SIP Stack</description>
170
185
  <example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
@@ -175,6 +190,7 @@
175
190
  <param pos="1" name="service.version"/>
176
191
  <param pos="0" name="hw.device" value="VoIP"/>
177
192
  </fingerprint>
193
+
178
194
  <fingerprint pattern="^Tilgin Vood ([^_\s]+)">
179
195
  <description>Tilgin Vood</description>
180
196
  <example hw.model="HG238x">Tilgin Vood HG238x_ESx000-02_07_03_26</example>
@@ -184,6 +200,7 @@
184
200
  <param pos="0" name="hw.product" value="Vood"/>
185
201
  <param pos="1" name="hw.model"/>
186
202
  </fingerprint>
203
+
187
204
  <fingerprint pattern="^(F\d{3})/VT?(\d(?:[\d\.A-Z]+))$">
188
205
  <description>ZTE GPON Router</description>
189
206
  <example hw.product="F620" hw.version="3.30.20P5T4S">F620/V3.30.20P5T4S</example>
@@ -194,6 +211,7 @@
194
211
  <param pos="1" name="hw.product"/>
195
212
  <param pos="2" name="hw.version"/>
196
213
  </fingerprint>
214
+
197
215
  <fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
198
216
  <description>ZTE ZXDSL router</description>
199
217
  <example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
@@ -203,6 +221,7 @@
203
221
  <param pos="1" name="hw.product"/>
204
222
  <param pos="2" name="hw.version"/>
205
223
  </fingerprint>
224
+
206
225
  <fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
207
226
  <description>ZTE ZXHN router</description>
208
227
  <example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
@@ -216,6 +235,7 @@
216
235
  <param pos="1" name="hw.product"/>
217
236
  <param pos="2" name="hw.version"/>
218
237
  </fingerprint>
238
+
219
239
  <fingerprint pattern="^Aastra ([^/]+)/([a-zA-Z0-9\.\-]+)$">
220
240
  <description>Aastra IP Phone</description>
221
241
  <example hw.product="6865i" os.version="4.2.0.2023">Aastra 6865i/4.2.0.2023</example>
@@ -228,19 +248,21 @@
228
248
  <param pos="0" name="hw.device" value="VoIP"/>
229
249
  <param pos="1" name="hw.product"/>
230
250
  </fingerprint>
251
+
231
252
  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
232
253
  <description>Audiocodes-Sip-Gateway</description>
233
254
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
234
255
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
235
256
  <example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
236
- <param pos="0" name="os.vendor" value="Audiocodes"/>
257
+ <param pos="0" name="os.vendor" value="AudioCodes"/>
237
258
  <param pos="0" name="os.family" value="SIP Gateway"/>
238
259
  <param pos="2" name="os.version"/>
239
- <param pos="0" name="hw.vendor" value="Audiocodes"/>
260
+ <param pos="0" name="hw.vendor" value="AudioCodes"/>
240
261
  <param pos="0" name="hw.family" value="SIP Gateway"/>
241
262
  <param pos="0" name="hw.device" value="SIP Gateway"/>
242
263
  <param pos="1" name="hw.product"/>
243
264
  </fingerprint>
265
+
244
266
  <fingerprint pattern="^Wildix GW-(\S+)$">
245
267
  <description>Wildix SIP Gateway</description>
246
268
  <example os.version="5.0.3.42145">Wildix GW-5.0.3.42145</example>
@@ -252,6 +274,7 @@
252
274
  <param pos="0" name="hw.device" value="SIP Gateway"/>
253
275
  <param pos="0" name="hw.product" value="SIP Gateway"/>
254
276
  </fingerprint>
277
+
255
278
  <fingerprint pattern="^Wildix GW$">
256
279
  <description>Wildix SIP Gateway w/o Version</description>
257
280
  <example>Wildix GW</example>
@@ -262,6 +285,7 @@
262
285
  <param pos="0" name="hw.device" value="SIP Gateway"/>
263
286
  <param pos="0" name="hw.product" value="SIP Gateway"/>
264
287
  </fingerprint>
288
+
265
289
  <fingerprint pattern="^Asterisk PBX (\S+)$">
266
290
  <description>Asterisk PBX w/ Version</description>
267
291
  <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
@@ -271,6 +295,7 @@
271
295
  <param pos="0" name="service.product" value="PBX"/>
272
296
  <param pos="1" name="service.version"/>
273
297
  </fingerprint>
298
+
274
299
  <fingerprint pattern="^Asterisk PBX$">
275
300
  <description>Asterisk PBX w/o Version</description>
276
301
  <example>Asterisk PBX</example>
@@ -278,6 +303,7 @@
278
303
  <param pos="0" name="service.family" value="PBX"/>
279
304
  <param pos="0" name="service.product" value="PBX"/>
280
305
  </fingerprint>
306
+
281
307
  <fingerprint pattern="^FPBX-(\S+)$">
282
308
  <description>FreePBX</description>
283
309
  <example service.version="12.0.70(11.20.0)">FPBX-12.0.70(11.20.0)</example>
@@ -287,6 +313,7 @@
287
313
  <param pos="0" name="service.product" value="PBX"/>
288
314
  <param pos="1" name="service.version"/>
289
315
  </fingerprint>
316
+
290
317
  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
291
318
  <description>Kamailio SIP Server</description>
292
319
  <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
@@ -296,7 +323,9 @@
296
323
  <param pos="1" name="service.version"/>
297
324
  <param pos="2" name="kamailio.platform"/>
298
325
  </fingerprint>
326
+
299
327
  <!-- This match covers multiple product families and should be split up further -->
328
+
300
329
  <fingerprint pattern="^Algo-([^/]+)/(.*)$">
301
330
  <description>Algo SIP Device</description>
302
331
  <example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
@@ -308,6 +337,7 @@
308
337
  <param pos="0" name="hw.device" value="SIP Device"/>
309
338
  <param pos="1" name="hw.product"/>
310
339
  </fingerprint>
340
+
311
341
  <fingerprint pattern="^(?:SIParator|Ingate-Firewall)/(\S+)$">
312
342
  <description>Ingate SIParator Firewall</description>
313
343
  <example os.version="5.0.10">Ingate-Firewall/5.0.10</example>
@@ -320,4 +350,5 @@
320
350
  <param pos="0" name="hw.device" value="SIP Gateway"/>
321
351
  <param pos="0" name="hw.product" value="SIParator Firewall"/>
322
352
  </fingerprint>
323
- </fingerprints>
353
+
354
+ </fingerprints>
@@ -1,9 +1,11 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
+
6
7
  <!-- Axis devices -->
8
+
7
9
  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
8
10
  <description>Axis Network Video Door stations, which have voice</description>
9
11
  <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
@@ -14,6 +16,7 @@
14
16
  <param pos="0" name="os.vendor" value="AXIS"/>
15
17
  <param pos="0" name="os.family" value="Linux"/>
16
18
  </fingerprint>
19
+
17
20
  <fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
18
21
  <description>Axis Network audio devices</description>
19
22
  <example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
@@ -25,7 +28,9 @@
25
28
  <param pos="0" name="os.vendor" value="AXIS"/>
26
29
  <param pos="0" name="os.family" value="Linux"/>
27
30
  </fingerprint>
31
+
28
32
  <!-- Cisco Devices -->
33
+
29
34
  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
30
35
  <description>Cisco SIPGateway</description>
31
36
  <example>Cisco-SIPGateway/IOS-12.x</example>
@@ -34,13 +39,16 @@
34
39
  <param pos="1" name="os.version"/>
35
40
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
36
41
  </fingerprint>
42
+
37
43
  <!-- AVM.DE Devices -->
44
+
38
45
  <fingerprint pattern="^FRITZ!OS$">
39
46
  <description>AVM FritzOS Device</description>
40
47
  <example>FRITZ!OS</example>
41
48
  <param pos="0" name="os.vendor" value="AVM"/>
42
49
  <param pos="0" name="os.product" value="FRITZ!BOX"/>
43
50
  </fingerprint>
51
+
44
52
  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
45
53
  <description>AVM FritzBox</description>
46
54
  <example>AVM FRITZ!Box Fon 06.03.13</example>
@@ -60,6 +68,7 @@
60
68
  <param pos="1" name="os.product"/>
61
69
  <param pos="2" name="os.version"/>
62
70
  </fingerprint>
71
+
63
72
  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
64
73
  <description>AVM FritzFon</description>
65
74
  <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
@@ -69,6 +78,7 @@
69
78
  <param pos="1" name="os.product"/>
70
79
  <param pos="2" name="os.version"/>
71
80
  </fingerprint>
81
+
72
82
  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
73
83
  <description>AVM Multibox</description>
74
84
  <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
@@ -77,12 +87,15 @@
77
87
  <param pos="1" name="os.product"/>
78
88
  <param pos="2" name="os.version"/>
79
89
  </fingerprint>
90
+
80
91
  <!-- Huawei devices -->
92
+
81
93
  <fingerprint pattern="(?i)^Huawei$">
82
94
  <description>Huawei generic</description>
83
95
  <example>Huawei</example>
84
96
  <param pos="0" name="hw.vendor" value="Huawei"/>
85
97
  </fingerprint>
98
+
86
99
  <fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
87
100
  <description>Huawei Home Gateway</description>
88
101
  <example>Huawei-HomeGateway/V100R001</example>
@@ -90,6 +103,7 @@
90
103
  <param pos="0" name="hw.device" value="Broadband router"/>
91
104
  <param pos="0" name="hw.product" value="Home Gateway"/>
92
105
  </fingerprint>
106
+
93
107
  <fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
94
108
  <description>Huawei EchoLife Home Gateway</description>
95
109
  <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
@@ -98,6 +112,7 @@
98
112
  <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
99
113
  <param pos="1" name="hw.model"/>
100
114
  </fingerprint>
115
+
101
116
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
102
117
  <description>Huawei Softswitch</description>
103
118
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
@@ -106,6 +121,7 @@
106
121
  <param pos="0" name="hw.product" value="Softswitch"/>
107
122
  <param pos="1" name="hw.model"/>
108
123
  </fingerprint>
124
+
109
125
  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
110
126
  <description>Mitel SIP Phones</description>
111
127
  <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
@@ -115,6 +131,7 @@
115
131
  <param pos="2" name="hw.version"/>
116
132
  <param pos="3" name="host.mac"/>
117
133
  </fingerprint>
134
+
118
135
  <fingerprint pattern="^Mitel Border GW/(\S+)$">
119
136
  <description>Mitel SIP Gateway</description>
120
137
  <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
@@ -123,6 +140,7 @@
123
140
  <param pos="0" name="hw.product" value="Border GW"/>
124
141
  <param pos="1" name="hw.version"/>
125
142
  </fingerprint>
143
+
126
144
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
127
145
  <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
128
146
  <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
@@ -138,6 +156,7 @@
138
156
  <param pos="3" name="hw.version"/>
139
157
  <param pos="4" name="host.mac"/>
140
158
  </fingerprint>
159
+
141
160
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
142
161
  <description>Polycom RealPresence Trio Phones</description>
143
162
  <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
@@ -151,6 +170,7 @@
151
170
  <param pos="2" name="hw.version"/>
152
171
  <param pos="3" name="host.mac"/>
153
172
  </fingerprint>
173
+
154
174
  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
155
175
  <description>Polycom HDX Video Conferencing</description>
156
176
  <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
@@ -164,6 +184,7 @@
164
184
  <param pos="1" name="hw.model"/>
165
185
  <param pos="2" name="hw.version"/>
166
186
  </fingerprint>
187
+
167
188
  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
168
189
  <description>Polycom RealPresence Group Video Conferencing</description>
169
190
  <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
@@ -174,6 +195,7 @@
174
195
  <param pos="1" name="hw.model"/>
175
196
  <param pos="2" name="hw.version"/>
176
197
  </fingerprint>
198
+
177
199
  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
178
200
  <description>Nero SIPPS IP Phone</description>
179
201
  <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
@@ -183,6 +205,7 @@
183
205
  <param pos="0" name="service.product" value="SIPPS IP Phone"/>
184
206
  <param pos="1" name="service.version"/>
185
207
  </fingerprint>
208
+
186
209
  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
187
210
  <description>ShoreTel VoIP Switch</description>
188
211
  <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
@@ -191,6 +214,7 @@
191
214
  <param pos="0" name="hw.device" value="VoIP Switch"/>
192
215
  <param pos="1" name="hw.version"/>
193
216
  </fingerprint>
217
+
194
218
  <fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
195
219
  <description>Crestron Mercury</description>
196
220
  <example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
@@ -202,6 +226,7 @@
202
226
  <param pos="0" name="os.device" value="Video Conferencing"/>
203
227
  <param pos="1" name="host.mac"/>
204
228
  </fingerprint>
229
+
205
230
  <fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
206
231
  <description>Konftel IP Phone</description>
207
232
  <example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
@@ -210,6 +235,7 @@
210
235
  <param pos="1" name="hw.version"/>
211
236
  <param pos="2" name="host.mac"/>
212
237
  </fingerprint>
238
+
213
239
  <fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
214
240
  <description>Sangoma IP Phone</description>
215
241
  <example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
@@ -218,4 +244,5 @@
218
244
  <param pos="2" name="hw.version"/>
219
245
  <param pos="1" name="hw.product"/>
220
246
  </fingerprint>
221
- </fingerprints>
247
+
248
+ </fingerprints>
@@ -1,10 +1,12 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
5
5
  negotations
6
6
  -->
7
+
7
8
  <!-- Mac OS X -->
9
+
8
10
  <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
9
11
  <description>Samba on OS X 10.6</description>
10
12
  <example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
@@ -18,6 +20,7 @@
18
20
  <param pos="1" name="service.version"/>
19
21
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^Samba (3\.0\.25b-apple)$">
22
25
  <description>Samba on OS X 10.5</description>
23
26
  <example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
@@ -31,7 +34,9 @@
31
34
  <param pos="1" name="service.version"/>
32
35
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
33
36
  </fingerprint>
37
+
34
38
  <!-- TODO: Detect vendor, distribution, and package versions -->
39
+
35
40
  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
36
41
  <description>Samba</description>
37
42
  <example>Samba 3.0.24</example>
@@ -45,11 +50,13 @@
45
50
  <param pos="1" name="service.version"/>
46
51
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
47
52
  </fingerprint>
53
+
48
54
  <fingerprint pattern="^Netreon LANMAN 1.0$">
49
55
  <description>Netreon SAN software</description>
50
56
  <example>Netreon LANMAN 1.0</example>
51
57
  <param pos="0" name="service.vendor" value="Netreon"/>
52
58
  </fingerprint>
59
+
53
60
  <fingerprint pattern="(?i)^MikrotikSMB$">
54
61
  <description>Mikrotik</description>
55
62
  <example>MikrotikSMB</example>
@@ -59,4 +66,5 @@
59
66
  <param pos="0" name="os.product" value="RouterOS"/>
60
67
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
61
68
  </fingerprint>
62
- </fingerprints>
69
+
70
+ </fingerprints>