recog 2.3.8 → 2.3.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +6 -0
- data/CONTRIBUTING.md +136 -37
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +30 -6
- data/cpe-remap.yaml +18 -2
- data/identifiers/README.md +9 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +6 -6
- data/identifiers/os_device.txt +45 -3
- data/identifiers/os_family.txt +206 -41
- data/identifiers/os_product.txt +238 -17
- data/identifiers/service_family.txt +144 -57
- data/identifiers/service_product.txt +385 -83
- data/identifiers/vendor.txt +554 -68
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +3 -0
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +41 -2
- data/xml/architecture.xml +11 -3
- data/xml/dns_versionbind.xml +191 -15
- data/xml/favicons.xml +1701 -0
- data/xml/ftp_banners.xml +250 -18
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1278 -25
- data/xml/http_cookies.xml +64 -9
- data/xml/http_servers.xml +1013 -96
- data/xml/http_wwwauth.xml +141 -26
- data/xml/imap_banners.xml +62 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +175 -2
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +134 -7
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +80 -4
- data/xml/operating_system.xml +89 -3
- data/xml/pop_banners.xml +87 -33
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +22 -2
- data/xml/sip_banners.xml +35 -4
- data/xml/sip_user_agents.xml +29 -2
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +79 -2
- data/xml/smtp_banners.xml +230 -9
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +733 -25
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +182 -8
- data/xml/telnet_banners.xml +493 -22
- data/xml/x11_banners.xml +26 -3
- data/xml/x509_issuers.xml +30 -6
- data/xml/x509_subjects.xml +200 -31
- metadata +8 -2
data/xml/sip_banners.xml
CHANGED
@@ -1,9 +1,11 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="sip_header.server" protocol="sip" database_type="service">
|
3
3
|
<!--
|
4
4
|
SIP Server header values are matched against these patterns to fingerprint SIP devices.
|
5
5
|
-->
|
6
|
+
|
6
7
|
<!-- Cisco/Tandberg Products -->
|
8
|
+
|
7
9
|
<fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
|
8
10
|
<description>Cisco IOS SIP Gateway w/ Vague Version</description>
|
9
11
|
<example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
|
@@ -20,6 +22,7 @@
|
|
20
22
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
21
23
|
<param pos="0" name="hw.device" value="Router"/>
|
22
24
|
</fingerprint>
|
25
|
+
|
23
26
|
<fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)$">
|
24
27
|
<description>Cisco IOS SIP Gateway w/ Full Version</description>
|
25
28
|
<example os.version="15.2.4.M3">Cisco-SIPGateway/IOS-15.2.4.M3</example>
|
@@ -41,6 +44,7 @@
|
|
41
44
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
42
45
|
<param pos="0" name="hw.device" value="Router"/>
|
43
46
|
</fingerprint>
|
47
|
+
|
44
48
|
<fingerprint pattern="^Cisco-CP-?(\d+G?)(?:-\S+)?/([\d\.]+)">
|
45
49
|
<description>Cisco CP VoIP Phone</description>
|
46
50
|
<example hw.model="7960G" hw.version="8.0">Cisco-CP7960G/8.0</example>
|
@@ -55,6 +59,7 @@
|
|
55
59
|
<param pos="1" name="hw.model"/>
|
56
60
|
<param pos="2" name="hw.version"/>
|
57
61
|
</fingerprint>
|
62
|
+
|
58
63
|
<fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
|
59
64
|
<description>Cisco/Linksys SPA VoIP Phone</description>
|
60
65
|
<example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
|
@@ -72,6 +77,7 @@
|
|
72
77
|
<param pos="1" name="hw.model"/>
|
73
78
|
<param pos="2" name="hw.version"/>
|
74
79
|
</fingerprint>
|
80
|
+
|
75
81
|
<fingerprint pattern="(?:Cisco|Linksys)(?: |/)(PAP2T?)(?:-|/)(\S+)$">
|
76
82
|
<description>Cisco/Linksys VoIP / Internet Phone adapter</description>
|
77
83
|
<example hw.version="3.1.22(LS)" hw.model="PAP2">PhoneSystems.net aabbccddeeff Linksys/PAP2-3.1.22(LS)</example>
|
@@ -87,6 +93,7 @@
|
|
87
93
|
<param pos="1" name="hw.model"/>
|
88
94
|
<param pos="2" name="hw.version"/>
|
89
95
|
</fingerprint>
|
96
|
+
|
90
97
|
<fingerprint pattern="^Cisco/(SRP\d+)-([\d\.]+)">
|
91
98
|
<description>Cisco Services Ready Platforms (SRP) Router</description>
|
92
99
|
<example hw.model="SRP541" hw.version="1.2.6">Cisco/SRP541-1.2.6(003)</example>
|
@@ -99,6 +106,7 @@
|
|
99
106
|
<param pos="1" name="hw.model"/>
|
100
107
|
<param pos="2" name="hw.version"/>
|
101
108
|
</fingerprint>
|
109
|
+
|
102
110
|
<fingerprint pattern="(?:Cisco|Linksys)/(WRP\d+)-(\S+)$">
|
103
111
|
<description>Cisco/Linksys WRP Wireless Router</description>
|
104
112
|
<example hw.version="2.00.26" hw.model="WRP400">aabbccddeeff_FinalStage_Linksys/WRP400-2.00.26</example>
|
@@ -112,6 +120,7 @@
|
|
112
120
|
<param pos="1" name="hw.model"/>
|
113
121
|
<param pos="2" name="hw.version"/>
|
114
122
|
</fingerprint>
|
123
|
+
|
115
124
|
<fingerprint pattern="^TANDBERG/(\d+) \((.*)\) Cisco-(\S+)$">
|
116
125
|
<description>Cisco/Tandberg TelePresence w/Cisco Model Name</description>
|
117
126
|
<example os.version="TC7.3.7.01c84fd" tandberg.model="528" hw.product="EX60">TANDBERG/528 (TC7.3.7.01c84fd) Cisco-EX60</example>
|
@@ -126,6 +135,7 @@
|
|
126
135
|
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
127
136
|
<param pos="3" name="hw.product"/>
|
128
137
|
</fingerprint>
|
138
|
+
|
129
139
|
<fingerprint pattern="^(TANDBERG/(\d+)) \((\S+).*\)$">
|
130
140
|
<description>Cisco/Tandberg TelePresence</description>
|
131
141
|
<example os.version="TC7.0.2.aecf2d9" tandberg.model="519" hw.product="TANDBERG/519">TANDBERG/519 (TC7.0.2.aecf2d9)</example>
|
@@ -144,7 +154,9 @@
|
|
144
154
|
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
145
155
|
<param pos="1" name="hw.product"/>
|
146
156
|
</fingerprint>
|
157
|
+
|
147
158
|
<!-- Various -->
|
159
|
+
|
148
160
|
<fingerprint pattern="EnGenius_Router$">
|
149
161
|
<description>EnGenius DuraFon IP Phone</description>
|
150
162
|
<example>EnGenius_Router</example>
|
@@ -152,6 +164,7 @@
|
|
152
164
|
<param pos="0" name="hw.product" value="DuraFon"/>
|
153
165
|
<param pos="0" name="hw.device" value="VoIP"/>
|
154
166
|
</fingerprint>
|
167
|
+
|
155
168
|
<fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
|
156
169
|
<description>Huawei Softswitch</description>
|
157
170
|
<example hw.model="SoftX3000">Huawei SoftX3000 V300R006</example>
|
@@ -160,11 +173,13 @@
|
|
160
173
|
<param pos="0" name="hw.product" value="Softswitch"/>
|
161
174
|
<param pos="1" name="hw.model"/>
|
162
175
|
</fingerprint>
|
176
|
+
|
163
177
|
<fingerprint pattern="(?i)^SIP/1.0 \(Huawei\)$">
|
164
178
|
<description>Huawei generic</description>
|
165
179
|
<example>SIP/1.0 (Huawei)</example>
|
166
180
|
<param pos="0" name="hw.vendor" value="Huawei"/>
|
167
181
|
</fingerprint>
|
182
|
+
|
168
183
|
<fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
|
169
184
|
<description>Media5 Corporation SIP Stack</description>
|
170
185
|
<example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
|
@@ -175,6 +190,7 @@
|
|
175
190
|
<param pos="1" name="service.version"/>
|
176
191
|
<param pos="0" name="hw.device" value="VoIP"/>
|
177
192
|
</fingerprint>
|
193
|
+
|
178
194
|
<fingerprint pattern="^Tilgin Vood ([^_\s]+)">
|
179
195
|
<description>Tilgin Vood</description>
|
180
196
|
<example hw.model="HG238x">Tilgin Vood HG238x_ESx000-02_07_03_26</example>
|
@@ -184,6 +200,7 @@
|
|
184
200
|
<param pos="0" name="hw.product" value="Vood"/>
|
185
201
|
<param pos="1" name="hw.model"/>
|
186
202
|
</fingerprint>
|
203
|
+
|
187
204
|
<fingerprint pattern="^(F\d{3})/VT?(\d(?:[\d\.A-Z]+))$">
|
188
205
|
<description>ZTE GPON Router</description>
|
189
206
|
<example hw.product="F620" hw.version="3.30.20P5T4S">F620/V3.30.20P5T4S</example>
|
@@ -194,6 +211,7 @@
|
|
194
211
|
<param pos="1" name="hw.product"/>
|
195
212
|
<param pos="2" name="hw.version"/>
|
196
213
|
</fingerprint>
|
214
|
+
|
197
215
|
<fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
|
198
216
|
<description>ZTE ZXDSL router</description>
|
199
217
|
<example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
|
@@ -203,6 +221,7 @@
|
|
203
221
|
<param pos="1" name="hw.product"/>
|
204
222
|
<param pos="2" name="hw.version"/>
|
205
223
|
</fingerprint>
|
224
|
+
|
206
225
|
<fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
|
207
226
|
<description>ZTE ZXHN router</description>
|
208
227
|
<example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
|
@@ -216,6 +235,7 @@
|
|
216
235
|
<param pos="1" name="hw.product"/>
|
217
236
|
<param pos="2" name="hw.version"/>
|
218
237
|
</fingerprint>
|
238
|
+
|
219
239
|
<fingerprint pattern="^Aastra ([^/]+)/([a-zA-Z0-9\.\-]+)$">
|
220
240
|
<description>Aastra IP Phone</description>
|
221
241
|
<example hw.product="6865i" os.version="4.2.0.2023">Aastra 6865i/4.2.0.2023</example>
|
@@ -228,19 +248,21 @@
|
|
228
248
|
<param pos="0" name="hw.device" value="VoIP"/>
|
229
249
|
<param pos="1" name="hw.product"/>
|
230
250
|
</fingerprint>
|
251
|
+
|
231
252
|
<fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
|
232
253
|
<description>Audiocodes-Sip-Gateway</description>
|
233
254
|
<example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
|
234
255
|
<example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
|
235
256
|
<example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
|
236
|
-
<param pos="0" name="os.vendor" value="
|
257
|
+
<param pos="0" name="os.vendor" value="AudioCodes"/>
|
237
258
|
<param pos="0" name="os.family" value="SIP Gateway"/>
|
238
259
|
<param pos="2" name="os.version"/>
|
239
|
-
<param pos="0" name="hw.vendor" value="
|
260
|
+
<param pos="0" name="hw.vendor" value="AudioCodes"/>
|
240
261
|
<param pos="0" name="hw.family" value="SIP Gateway"/>
|
241
262
|
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
242
263
|
<param pos="1" name="hw.product"/>
|
243
264
|
</fingerprint>
|
265
|
+
|
244
266
|
<fingerprint pattern="^Wildix GW-(\S+)$">
|
245
267
|
<description>Wildix SIP Gateway</description>
|
246
268
|
<example os.version="5.0.3.42145">Wildix GW-5.0.3.42145</example>
|
@@ -252,6 +274,7 @@
|
|
252
274
|
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
253
275
|
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
254
276
|
</fingerprint>
|
277
|
+
|
255
278
|
<fingerprint pattern="^Wildix GW$">
|
256
279
|
<description>Wildix SIP Gateway w/o Version</description>
|
257
280
|
<example>Wildix GW</example>
|
@@ -262,6 +285,7 @@
|
|
262
285
|
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
263
286
|
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
264
287
|
</fingerprint>
|
288
|
+
|
265
289
|
<fingerprint pattern="^Asterisk PBX (\S+)$">
|
266
290
|
<description>Asterisk PBX w/ Version</description>
|
267
291
|
<example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
|
@@ -271,6 +295,7 @@
|
|
271
295
|
<param pos="0" name="service.product" value="PBX"/>
|
272
296
|
<param pos="1" name="service.version"/>
|
273
297
|
</fingerprint>
|
298
|
+
|
274
299
|
<fingerprint pattern="^Asterisk PBX$">
|
275
300
|
<description>Asterisk PBX w/o Version</description>
|
276
301
|
<example>Asterisk PBX</example>
|
@@ -278,6 +303,7 @@
|
|
278
303
|
<param pos="0" name="service.family" value="PBX"/>
|
279
304
|
<param pos="0" name="service.product" value="PBX"/>
|
280
305
|
</fingerprint>
|
306
|
+
|
281
307
|
<fingerprint pattern="^FPBX-(\S+)$">
|
282
308
|
<description>FreePBX</description>
|
283
309
|
<example service.version="12.0.70(11.20.0)">FPBX-12.0.70(11.20.0)</example>
|
@@ -287,6 +313,7 @@
|
|
287
313
|
<param pos="0" name="service.product" value="PBX"/>
|
288
314
|
<param pos="1" name="service.version"/>
|
289
315
|
</fingerprint>
|
316
|
+
|
290
317
|
<fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
|
291
318
|
<description>Kamailio SIP Server</description>
|
292
319
|
<example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
|
@@ -296,7 +323,9 @@
|
|
296
323
|
<param pos="1" name="service.version"/>
|
297
324
|
<param pos="2" name="kamailio.platform"/>
|
298
325
|
</fingerprint>
|
326
|
+
|
299
327
|
<!-- This match covers multiple product families and should be split up further -->
|
328
|
+
|
300
329
|
<fingerprint pattern="^Algo-([^/]+)/(.*)$">
|
301
330
|
<description>Algo SIP Device</description>
|
302
331
|
<example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
|
@@ -308,6 +337,7 @@
|
|
308
337
|
<param pos="0" name="hw.device" value="SIP Device"/>
|
309
338
|
<param pos="1" name="hw.product"/>
|
310
339
|
</fingerprint>
|
340
|
+
|
311
341
|
<fingerprint pattern="^(?:SIParator|Ingate-Firewall)/(\S+)$">
|
312
342
|
<description>Ingate SIParator Firewall</description>
|
313
343
|
<example os.version="5.0.10">Ingate-Firewall/5.0.10</example>
|
@@ -320,4 +350,5 @@
|
|
320
350
|
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
321
351
|
<param pos="0" name="hw.product" value="SIParator Firewall"/>
|
322
352
|
</fingerprint>
|
323
|
-
|
353
|
+
|
354
|
+
</fingerprints>
|
data/xml/sip_user_agents.xml
CHANGED
@@ -1,9 +1,11 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
|
3
3
|
<!--
|
4
4
|
SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
|
5
5
|
-->
|
6
|
+
|
6
7
|
<!-- Axis devices -->
|
8
|
+
|
7
9
|
<fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
|
8
10
|
<description>Axis Network Video Door stations, which have voice</description>
|
9
11
|
<example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
|
@@ -14,6 +16,7 @@
|
|
14
16
|
<param pos="0" name="os.vendor" value="AXIS"/>
|
15
17
|
<param pos="0" name="os.family" value="Linux"/>
|
16
18
|
</fingerprint>
|
19
|
+
|
17
20
|
<fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
|
18
21
|
<description>Axis Network audio devices</description>
|
19
22
|
<example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
|
@@ -25,7 +28,9 @@
|
|
25
28
|
<param pos="0" name="os.vendor" value="AXIS"/>
|
26
29
|
<param pos="0" name="os.family" value="Linux"/>
|
27
30
|
</fingerprint>
|
31
|
+
|
28
32
|
<!-- Cisco Devices -->
|
33
|
+
|
29
34
|
<fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
|
30
35
|
<description>Cisco SIPGateway</description>
|
31
36
|
<example>Cisco-SIPGateway/IOS-12.x</example>
|
@@ -34,13 +39,16 @@
|
|
34
39
|
<param pos="1" name="os.version"/>
|
35
40
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
|
36
41
|
</fingerprint>
|
42
|
+
|
37
43
|
<!-- AVM.DE Devices -->
|
44
|
+
|
38
45
|
<fingerprint pattern="^FRITZ!OS$">
|
39
46
|
<description>AVM FritzOS Device</description>
|
40
47
|
<example>FRITZ!OS</example>
|
41
48
|
<param pos="0" name="os.vendor" value="AVM"/>
|
42
49
|
<param pos="0" name="os.product" value="FRITZ!BOX"/>
|
43
50
|
</fingerprint>
|
51
|
+
|
44
52
|
<fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
|
45
53
|
<description>AVM FritzBox</description>
|
46
54
|
<example>AVM FRITZ!Box Fon 06.03.13</example>
|
@@ -60,6 +68,7 @@
|
|
60
68
|
<param pos="1" name="os.product"/>
|
61
69
|
<param pos="2" name="os.version"/>
|
62
70
|
</fingerprint>
|
71
|
+
|
63
72
|
<fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
|
64
73
|
<description>AVM FritzFon</description>
|
65
74
|
<example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
|
@@ -69,6 +78,7 @@
|
|
69
78
|
<param pos="1" name="os.product"/>
|
70
79
|
<param pos="2" name="os.version"/>
|
71
80
|
</fingerprint>
|
81
|
+
|
72
82
|
<fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
|
73
83
|
<description>AVM Multibox</description>
|
74
84
|
<example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
|
@@ -77,12 +87,15 @@
|
|
77
87
|
<param pos="1" name="os.product"/>
|
78
88
|
<param pos="2" name="os.version"/>
|
79
89
|
</fingerprint>
|
90
|
+
|
80
91
|
<!-- Huawei devices -->
|
92
|
+
|
81
93
|
<fingerprint pattern="(?i)^Huawei$">
|
82
94
|
<description>Huawei generic</description>
|
83
95
|
<example>Huawei</example>
|
84
96
|
<param pos="0" name="hw.vendor" value="Huawei"/>
|
85
97
|
</fingerprint>
|
98
|
+
|
86
99
|
<fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
|
87
100
|
<description>Huawei Home Gateway</description>
|
88
101
|
<example>Huawei-HomeGateway/V100R001</example>
|
@@ -90,6 +103,7 @@
|
|
90
103
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
91
104
|
<param pos="0" name="hw.product" value="Home Gateway"/>
|
92
105
|
</fingerprint>
|
106
|
+
|
93
107
|
<fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
|
94
108
|
<description>Huawei EchoLife Home Gateway</description>
|
95
109
|
<example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
|
@@ -98,6 +112,7 @@
|
|
98
112
|
<param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
|
99
113
|
<param pos="1" name="hw.model"/>
|
100
114
|
</fingerprint>
|
115
|
+
|
101
116
|
<fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
|
102
117
|
<description>Huawei Softswitch</description>
|
103
118
|
<example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
|
@@ -106,6 +121,7 @@
|
|
106
121
|
<param pos="0" name="hw.product" value="Softswitch"/>
|
107
122
|
<param pos="1" name="hw.model"/>
|
108
123
|
</fingerprint>
|
124
|
+
|
109
125
|
<fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
|
110
126
|
<description>Mitel SIP Phones</description>
|
111
127
|
<example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
|
@@ -115,6 +131,7 @@
|
|
115
131
|
<param pos="2" name="hw.version"/>
|
116
132
|
<param pos="3" name="host.mac"/>
|
117
133
|
</fingerprint>
|
134
|
+
|
118
135
|
<fingerprint pattern="^Mitel Border GW/(\S+)$">
|
119
136
|
<description>Mitel SIP Gateway</description>
|
120
137
|
<example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
|
@@ -123,6 +140,7 @@
|
|
123
140
|
<param pos="0" name="hw.product" value="Border GW"/>
|
124
141
|
<param pos="1" name="hw.version"/>
|
125
142
|
</fingerprint>
|
143
|
+
|
126
144
|
<fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
|
127
145
|
<description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
|
128
146
|
<example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
|
@@ -138,6 +156,7 @@
|
|
138
156
|
<param pos="3" name="hw.version"/>
|
139
157
|
<param pos="4" name="host.mac"/>
|
140
158
|
</fingerprint>
|
159
|
+
|
141
160
|
<fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
|
142
161
|
<description>Polycom RealPresence Trio Phones</description>
|
143
162
|
<example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
|
@@ -151,6 +170,7 @@
|
|
151
170
|
<param pos="2" name="hw.version"/>
|
152
171
|
<param pos="3" name="host.mac"/>
|
153
172
|
</fingerprint>
|
173
|
+
|
154
174
|
<fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
|
155
175
|
<description>Polycom HDX Video Conferencing</description>
|
156
176
|
<example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
|
@@ -164,6 +184,7 @@
|
|
164
184
|
<param pos="1" name="hw.model"/>
|
165
185
|
<param pos="2" name="hw.version"/>
|
166
186
|
</fingerprint>
|
187
|
+
|
167
188
|
<fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
|
168
189
|
<description>Polycom RealPresence Group Video Conferencing</description>
|
169
190
|
<example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
|
@@ -174,6 +195,7 @@
|
|
174
195
|
<param pos="1" name="hw.model"/>
|
175
196
|
<param pos="2" name="hw.version"/>
|
176
197
|
</fingerprint>
|
198
|
+
|
177
199
|
<fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
|
178
200
|
<description>Nero SIPPS IP Phone</description>
|
179
201
|
<example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
|
@@ -183,6 +205,7 @@
|
|
183
205
|
<param pos="0" name="service.product" value="SIPPS IP Phone"/>
|
184
206
|
<param pos="1" name="service.version"/>
|
185
207
|
</fingerprint>
|
208
|
+
|
186
209
|
<fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
|
187
210
|
<description>ShoreTel VoIP Switch</description>
|
188
211
|
<example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
|
@@ -191,6 +214,7 @@
|
|
191
214
|
<param pos="0" name="hw.device" value="VoIP Switch"/>
|
192
215
|
<param pos="1" name="hw.version"/>
|
193
216
|
</fingerprint>
|
217
|
+
|
194
218
|
<fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
|
195
219
|
<description>Crestron Mercury</description>
|
196
220
|
<example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
|
@@ -202,6 +226,7 @@
|
|
202
226
|
<param pos="0" name="os.device" value="Video Conferencing"/>
|
203
227
|
<param pos="1" name="host.mac"/>
|
204
228
|
</fingerprint>
|
229
|
+
|
205
230
|
<fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
|
206
231
|
<description>Konftel IP Phone</description>
|
207
232
|
<example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
|
@@ -210,6 +235,7 @@
|
|
210
235
|
<param pos="1" name="hw.version"/>
|
211
236
|
<param pos="2" name="host.mac"/>
|
212
237
|
</fingerprint>
|
238
|
+
|
213
239
|
<fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
|
214
240
|
<description>Sangoma IP Phone</description>
|
215
241
|
<example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
|
@@ -218,4 +244,5 @@
|
|
218
244
|
<param pos="2" name="hw.version"/>
|
219
245
|
<param pos="1" name="hw.product"/>
|
220
246
|
</fingerprint>
|
221
|
-
|
247
|
+
|
248
|
+
</fingerprints>
|
data/xml/smb_native_lm.xml
CHANGED
@@ -1,10 +1,12 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
|
3
3
|
<!--
|
4
4
|
SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
|
5
5
|
negotations
|
6
6
|
-->
|
7
|
+
|
7
8
|
<!-- Mac OS X -->
|
9
|
+
|
8
10
|
<fingerprint pattern="^Samba (3\.0\.28a-apple)$">
|
9
11
|
<description>Samba on OS X 10.6</description>
|
10
12
|
<example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
|
@@ -18,6 +20,7 @@
|
|
18
20
|
<param pos="1" name="service.version"/>
|
19
21
|
<param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
|
20
22
|
</fingerprint>
|
23
|
+
|
21
24
|
<fingerprint pattern="^Samba (3\.0\.25b-apple)$">
|
22
25
|
<description>Samba on OS X 10.5</description>
|
23
26
|
<example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
|
@@ -31,7 +34,9 @@
|
|
31
34
|
<param pos="1" name="service.version"/>
|
32
35
|
<param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
|
33
36
|
</fingerprint>
|
37
|
+
|
34
38
|
<!-- TODO: Detect vendor, distribution, and package versions -->
|
39
|
+
|
35
40
|
<fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
|
36
41
|
<description>Samba</description>
|
37
42
|
<example>Samba 3.0.24</example>
|
@@ -45,11 +50,13 @@
|
|
45
50
|
<param pos="1" name="service.version"/>
|
46
51
|
<param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
|
47
52
|
</fingerprint>
|
53
|
+
|
48
54
|
<fingerprint pattern="^Netreon LANMAN 1.0$">
|
49
55
|
<description>Netreon SAN software</description>
|
50
56
|
<example>Netreon LANMAN 1.0</example>
|
51
57
|
<param pos="0" name="service.vendor" value="Netreon"/>
|
52
58
|
</fingerprint>
|
59
|
+
|
53
60
|
<fingerprint pattern="(?i)^MikrotikSMB$">
|
54
61
|
<description>Mikrotik</description>
|
55
62
|
<example>MikrotikSMB</example>
|
@@ -59,4 +66,5 @@
|
|
59
66
|
<param pos="0" name="os.product" value="RouterOS"/>
|
60
67
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
|
61
68
|
</fingerprint>
|
62
|
-
|
69
|
+
|
70
|
+
</fingerprints>
|