recog 2.3.8 → 2.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
data/xml/sip_banners.xml CHANGED
@@ -1,9 +1,11 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.server" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP Server header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
+
6
7
  <!-- Cisco/Tandberg Products -->
8
+
7
9
  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)\.x$">
8
10
  <description>Cisco IOS SIP Gateway w/ Vague Version</description>
9
11
  <example os.version="12">Cisco-SIPGateway/IOS-12.x</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="hw.vendor" value="Cisco"/>
21
23
  <param pos="0" name="hw.device" value="Router"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^Cisco-SIPGateway/IOS-(\S+)$">
24
27
  <description>Cisco IOS SIP Gateway w/ Full Version</description>
25
28
  <example os.version="15.2.4.M3">Cisco-SIPGateway/IOS-15.2.4.M3</example>
@@ -41,6 +44,7 @@
41
44
  <param pos="0" name="hw.vendor" value="Cisco"/>
42
45
  <param pos="0" name="hw.device" value="Router"/>
43
46
  </fingerprint>
47
+
44
48
  <fingerprint pattern="^Cisco-CP-?(\d+G?)(?:-\S+)?/([\d\.]+)">
45
49
  <description>Cisco CP VoIP Phone</description>
46
50
  <example hw.model="7960G" hw.version="8.0">Cisco-CP7960G/8.0</example>
@@ -55,6 +59,7 @@
55
59
  <param pos="1" name="hw.model"/>
56
60
  <param pos="2" name="hw.version"/>
57
61
  </fingerprint>
62
+
58
63
  <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
59
64
  <description>Cisco/Linksys SPA VoIP Phone</description>
60
65
  <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
@@ -72,6 +77,7 @@
72
77
  <param pos="1" name="hw.model"/>
73
78
  <param pos="2" name="hw.version"/>
74
79
  </fingerprint>
80
+
75
81
  <fingerprint pattern="(?:Cisco|Linksys)(?: |/)(PAP2T?)(?:-|/)(\S+)$">
76
82
  <description>Cisco/Linksys VoIP / Internet Phone adapter</description>
77
83
  <example hw.version="3.1.22(LS)" hw.model="PAP2">PhoneSystems.net aabbccddeeff Linksys/PAP2-3.1.22(LS)</example>
@@ -87,6 +93,7 @@
87
93
  <param pos="1" name="hw.model"/>
88
94
  <param pos="2" name="hw.version"/>
89
95
  </fingerprint>
96
+
90
97
  <fingerprint pattern="^Cisco/(SRP\d+)-([\d\.]+)">
91
98
  <description>Cisco Services Ready Platforms (SRP) Router</description>
92
99
  <example hw.model="SRP541" hw.version="1.2.6">Cisco/SRP541-1.2.6(003)</example>
@@ -99,6 +106,7 @@
99
106
  <param pos="1" name="hw.model"/>
100
107
  <param pos="2" name="hw.version"/>
101
108
  </fingerprint>
109
+
102
110
  <fingerprint pattern="(?:Cisco|Linksys)/(WRP\d+)-(\S+)$">
103
111
  <description>Cisco/Linksys WRP Wireless Router</description>
104
112
  <example hw.version="2.00.26" hw.model="WRP400">aabbccddeeff_FinalStage_Linksys/WRP400-2.00.26</example>
@@ -112,6 +120,7 @@
112
120
  <param pos="1" name="hw.model"/>
113
121
  <param pos="2" name="hw.version"/>
114
122
  </fingerprint>
123
+
115
124
  <fingerprint pattern="^TANDBERG/(\d+) \((.*)\) Cisco-(\S+)$">
116
125
  <description>Cisco/Tandberg TelePresence w/Cisco Model Name</description>
117
126
  <example os.version="TC7.3.7.01c84fd" tandberg.model="528" hw.product="EX60">TANDBERG/528 (TC7.3.7.01c84fd) Cisco-EX60</example>
@@ -126,6 +135,7 @@
126
135
  <param pos="0" name="hw.device" value="Video Conferencing"/>
127
136
  <param pos="3" name="hw.product"/>
128
137
  </fingerprint>
138
+
129
139
  <fingerprint pattern="^(TANDBERG/(\d+)) \((\S+).*\)$">
130
140
  <description>Cisco/Tandberg TelePresence</description>
131
141
  <example os.version="TC7.0.2.aecf2d9" tandberg.model="519" hw.product="TANDBERG/519">TANDBERG/519 (TC7.0.2.aecf2d9)</example>
@@ -144,7 +154,9 @@
144
154
  <param pos="0" name="hw.device" value="Video Conferencing"/>
145
155
  <param pos="1" name="hw.product"/>
146
156
  </fingerprint>
157
+
147
158
  <!-- Various -->
159
+
148
160
  <fingerprint pattern="EnGenius_Router$">
149
161
  <description>EnGenius DuraFon IP Phone</description>
150
162
  <example>EnGenius_Router</example>
@@ -152,6 +164,7 @@
152
164
  <param pos="0" name="hw.product" value="DuraFon"/>
153
165
  <param pos="0" name="hw.device" value="VoIP"/>
154
166
  </fingerprint>
167
+
155
168
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
156
169
  <description>Huawei Softswitch</description>
157
170
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R006</example>
@@ -160,11 +173,13 @@
160
173
  <param pos="0" name="hw.product" value="Softswitch"/>
161
174
  <param pos="1" name="hw.model"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="(?i)^SIP/1.0 \(Huawei\)$">
164
178
  <description>Huawei generic</description>
165
179
  <example>SIP/1.0 (Huawei)</example>
166
180
  <param pos="0" name="hw.vendor" value="Huawei"/>
167
181
  </fingerprint>
182
+
168
183
  <fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
169
184
  <description>Media5 Corporation SIP Stack</description>
170
185
  <example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
@@ -175,6 +190,7 @@
175
190
  <param pos="1" name="service.version"/>
176
191
  <param pos="0" name="hw.device" value="VoIP"/>
177
192
  </fingerprint>
193
+
178
194
  <fingerprint pattern="^Tilgin Vood ([^_\s]+)">
179
195
  <description>Tilgin Vood</description>
180
196
  <example hw.model="HG238x">Tilgin Vood HG238x_ESx000-02_07_03_26</example>
@@ -184,6 +200,7 @@
184
200
  <param pos="0" name="hw.product" value="Vood"/>
185
201
  <param pos="1" name="hw.model"/>
186
202
  </fingerprint>
203
+
187
204
  <fingerprint pattern="^(F\d{3})/VT?(\d(?:[\d\.A-Z]+))$">
188
205
  <description>ZTE GPON Router</description>
189
206
  <example hw.product="F620" hw.version="3.30.20P5T4S">F620/V3.30.20P5T4S</example>
@@ -194,6 +211,7 @@
194
211
  <param pos="1" name="hw.product"/>
195
212
  <param pos="2" name="hw.version"/>
196
213
  </fingerprint>
214
+
197
215
  <fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
198
216
  <description>ZTE ZXDSL router</description>
199
217
  <example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
@@ -203,6 +221,7 @@
203
221
  <param pos="1" name="hw.product"/>
204
222
  <param pos="2" name="hw.version"/>
205
223
  </fingerprint>
224
+
206
225
  <fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
207
226
  <description>ZTE ZXHN router</description>
208
227
  <example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
@@ -216,6 +235,7 @@
216
235
  <param pos="1" name="hw.product"/>
217
236
  <param pos="2" name="hw.version"/>
218
237
  </fingerprint>
238
+
219
239
  <fingerprint pattern="^Aastra ([^/]+)/([a-zA-Z0-9\.\-]+)$">
220
240
  <description>Aastra IP Phone</description>
221
241
  <example hw.product="6865i" os.version="4.2.0.2023">Aastra 6865i/4.2.0.2023</example>
@@ -228,19 +248,21 @@
228
248
  <param pos="0" name="hw.device" value="VoIP"/>
229
249
  <param pos="1" name="hw.product"/>
230
250
  </fingerprint>
251
+
231
252
  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
232
253
  <description>Audiocodes-Sip-Gateway</description>
233
254
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
234
255
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
235
256
  <example hw.product="MP-114" os.version="6.60A.241.010">MP-114 FXS_FXO/v.6.60A.241.010</example>
236
- <param pos="0" name="os.vendor" value="Audiocodes"/>
257
+ <param pos="0" name="os.vendor" value="AudioCodes"/>
237
258
  <param pos="0" name="os.family" value="SIP Gateway"/>
238
259
  <param pos="2" name="os.version"/>
239
- <param pos="0" name="hw.vendor" value="Audiocodes"/>
260
+ <param pos="0" name="hw.vendor" value="AudioCodes"/>
240
261
  <param pos="0" name="hw.family" value="SIP Gateway"/>
241
262
  <param pos="0" name="hw.device" value="SIP Gateway"/>
242
263
  <param pos="1" name="hw.product"/>
243
264
  </fingerprint>
265
+
244
266
  <fingerprint pattern="^Wildix GW-(\S+)$">
245
267
  <description>Wildix SIP Gateway</description>
246
268
  <example os.version="5.0.3.42145">Wildix GW-5.0.3.42145</example>
@@ -252,6 +274,7 @@
252
274
  <param pos="0" name="hw.device" value="SIP Gateway"/>
253
275
  <param pos="0" name="hw.product" value="SIP Gateway"/>
254
276
  </fingerprint>
277
+
255
278
  <fingerprint pattern="^Wildix GW$">
256
279
  <description>Wildix SIP Gateway w/o Version</description>
257
280
  <example>Wildix GW</example>
@@ -262,6 +285,7 @@
262
285
  <param pos="0" name="hw.device" value="SIP Gateway"/>
263
286
  <param pos="0" name="hw.product" value="SIP Gateway"/>
264
287
  </fingerprint>
288
+
265
289
  <fingerprint pattern="^Asterisk PBX (\S+)$">
266
290
  <description>Asterisk PBX w/ Version</description>
267
291
  <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
@@ -271,6 +295,7 @@
271
295
  <param pos="0" name="service.product" value="PBX"/>
272
296
  <param pos="1" name="service.version"/>
273
297
  </fingerprint>
298
+
274
299
  <fingerprint pattern="^Asterisk PBX$">
275
300
  <description>Asterisk PBX w/o Version</description>
276
301
  <example>Asterisk PBX</example>
@@ -278,6 +303,7 @@
278
303
  <param pos="0" name="service.family" value="PBX"/>
279
304
  <param pos="0" name="service.product" value="PBX"/>
280
305
  </fingerprint>
306
+
281
307
  <fingerprint pattern="^FPBX-(\S+)$">
282
308
  <description>FreePBX</description>
283
309
  <example service.version="12.0.70(11.20.0)">FPBX-12.0.70(11.20.0)</example>
@@ -287,6 +313,7 @@
287
313
  <param pos="0" name="service.product" value="PBX"/>
288
314
  <param pos="1" name="service.version"/>
289
315
  </fingerprint>
316
+
290
317
  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
291
318
  <description>Kamailio SIP Server</description>
292
319
  <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
@@ -296,7 +323,9 @@
296
323
  <param pos="1" name="service.version"/>
297
324
  <param pos="2" name="kamailio.platform"/>
298
325
  </fingerprint>
326
+
299
327
  <!-- This match covers multiple product families and should be split up further -->
328
+
300
329
  <fingerprint pattern="^Algo-([^/]+)/(.*)$">
301
330
  <description>Algo SIP Device</description>
302
331
  <example hw.product="8186" os.version="1.7">Algo-8186/1.7</example>
@@ -308,6 +337,7 @@
308
337
  <param pos="0" name="hw.device" value="SIP Device"/>
309
338
  <param pos="1" name="hw.product"/>
310
339
  </fingerprint>
340
+
311
341
  <fingerprint pattern="^(?:SIParator|Ingate-Firewall)/(\S+)$">
312
342
  <description>Ingate SIParator Firewall</description>
313
343
  <example os.version="5.0.10">Ingate-Firewall/5.0.10</example>
@@ -320,4 +350,5 @@
320
350
  <param pos="0" name="hw.device" value="SIP Gateway"/>
321
351
  <param pos="0" name="hw.product" value="SIParator Firewall"/>
322
352
  </fingerprint>
323
- </fingerprints>
353
+
354
+ </fingerprints>
data/xml/sip_user_agents.xml CHANGED
@@ -1,9 +1,11 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
3
3
  <!--
4
4
  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
+
6
7
  <!-- Axis devices -->
8
+
7
9
  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
8
10
  <description>Axis Network Video Door stations, which have voice</description>
9
11
  <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
@@ -14,6 +16,7 @@
14
16
  <param pos="0" name="os.vendor" value="AXIS"/>
15
17
  <param pos="0" name="os.family" value="Linux"/>
16
18
  </fingerprint>
19
+
17
20
  <fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
18
21
  <description>Axis Network audio devices</description>
19
22
  <example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
@@ -25,7 +28,9 @@
25
28
  <param pos="0" name="os.vendor" value="AXIS"/>
26
29
  <param pos="0" name="os.family" value="Linux"/>
27
30
  </fingerprint>
31
+
28
32
  <!-- Cisco Devices -->
33
+
29
34
  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
30
35
  <description>Cisco SIPGateway</description>
31
36
  <example>Cisco-SIPGateway/IOS-12.x</example>
@@ -34,13 +39,16 @@
34
39
  <param pos="1" name="os.version"/>
35
40
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
36
41
  </fingerprint>
42
+
37
43
  <!-- AVM.DE Devices -->
44
+
38
45
  <fingerprint pattern="^FRITZ!OS$">
39
46
  <description>AVM FritzOS Device</description>
40
47
  <example>FRITZ!OS</example>
41
48
  <param pos="0" name="os.vendor" value="AVM"/>
42
49
  <param pos="0" name="os.product" value="FRITZ!BOX"/>
43
50
  </fingerprint>
51
+
44
52
  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
45
53
  <description>AVM FritzBox</description>
46
54
  <example>AVM FRITZ!Box Fon 06.03.13</example>
@@ -60,6 +68,7 @@
60
68
  <param pos="1" name="os.product"/>
61
69
  <param pos="2" name="os.version"/>
62
70
  </fingerprint>
71
+
63
72
  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
64
73
  <description>AVM FritzFon</description>
65
74
  <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
@@ -69,6 +78,7 @@
69
78
  <param pos="1" name="os.product"/>
70
79
  <param pos="2" name="os.version"/>
71
80
  </fingerprint>
81
+
72
82
  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
73
83
  <description>AVM Multibox</description>
74
84
  <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
@@ -77,12 +87,15 @@
77
87
  <param pos="1" name="os.product"/>
78
88
  <param pos="2" name="os.version"/>
79
89
  </fingerprint>
90
+
80
91
  <!-- Huawei devices -->
92
+
81
93
  <fingerprint pattern="(?i)^Huawei$">
82
94
  <description>Huawei generic</description>
83
95
  <example>Huawei</example>
84
96
  <param pos="0" name="hw.vendor" value="Huawei"/>
85
97
  </fingerprint>
98
+
86
99
  <fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
87
100
  <description>Huawei Home Gateway</description>
88
101
  <example>Huawei-HomeGateway/V100R001</example>
@@ -90,6 +103,7 @@
90
103
  <param pos="0" name="hw.device" value="Broadband router"/>
91
104
  <param pos="0" name="hw.product" value="Home Gateway"/>
92
105
  </fingerprint>
106
+
93
107
  <fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
94
108
  <description>Huawei EchoLife Home Gateway</description>
95
109
  <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
@@ -98,6 +112,7 @@
98
112
  <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
99
113
  <param pos="1" name="hw.model"/>
100
114
  </fingerprint>
115
+
101
116
  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
102
117
  <description>Huawei Softswitch</description>
103
118
  <example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
@@ -106,6 +121,7 @@
106
121
  <param pos="0" name="hw.product" value="Softswitch"/>
107
122
  <param pos="1" name="hw.model"/>
108
123
  </fingerprint>
124
+
109
125
  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
110
126
  <description>Mitel SIP Phones</description>
111
127
  <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
@@ -115,6 +131,7 @@
115
131
  <param pos="2" name="hw.version"/>
116
132
  <param pos="3" name="host.mac"/>
117
133
  </fingerprint>
134
+
118
135
  <fingerprint pattern="^Mitel Border GW/(\S+)$">
119
136
  <description>Mitel SIP Gateway</description>
120
137
  <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
@@ -123,6 +140,7 @@
123
140
  <param pos="0" name="hw.product" value="Border GW"/>
124
141
  <param pos="1" name="hw.version"/>
125
142
  </fingerprint>
143
+
126
144
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
127
145
  <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
128
146
  <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
@@ -138,6 +156,7 @@
138
156
  <param pos="3" name="hw.version"/>
139
157
  <param pos="4" name="host.mac"/>
140
158
  </fingerprint>
159
+
141
160
  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
142
161
  <description>Polycom RealPresence Trio Phones</description>
143
162
  <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
@@ -151,6 +170,7 @@
151
170
  <param pos="2" name="hw.version"/>
152
171
  <param pos="3" name="host.mac"/>
153
172
  </fingerprint>
173
+
154
174
  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
155
175
  <description>Polycom HDX Video Conferencing</description>
156
176
  <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
@@ -164,6 +184,7 @@
164
184
  <param pos="1" name="hw.model"/>
165
185
  <param pos="2" name="hw.version"/>
166
186
  </fingerprint>
187
+
167
188
  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
168
189
  <description>Polycom RealPresence Group Video Conferencing</description>
169
190
  <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
@@ -174,6 +195,7 @@
174
195
  <param pos="1" name="hw.model"/>
175
196
  <param pos="2" name="hw.version"/>
176
197
  </fingerprint>
198
+
177
199
  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
178
200
  <description>Nero SIPPS IP Phone</description>
179
201
  <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
@@ -183,6 +205,7 @@
183
205
  <param pos="0" name="service.product" value="SIPPS IP Phone"/>
184
206
  <param pos="1" name="service.version"/>
185
207
  </fingerprint>
208
+
186
209
  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
187
210
  <description>ShoreTel VoIP Switch</description>
188
211
  <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
@@ -191,6 +214,7 @@
191
214
  <param pos="0" name="hw.device" value="VoIP Switch"/>
192
215
  <param pos="1" name="hw.version"/>
193
216
  </fingerprint>
217
+
194
218
  <fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
195
219
  <description>Crestron Mercury</description>
196
220
  <example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
@@ -202,6 +226,7 @@
202
226
  <param pos="0" name="os.device" value="Video Conferencing"/>
203
227
  <param pos="1" name="host.mac"/>
204
228
  </fingerprint>
229
+
205
230
  <fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
206
231
  <description>Konftel IP Phone</description>
207
232
  <example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
@@ -210,6 +235,7 @@
210
235
  <param pos="1" name="hw.version"/>
211
236
  <param pos="2" name="host.mac"/>
212
237
  </fingerprint>
238
+
213
239
  <fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
214
240
  <description>Sangoma IP Phone</description>
215
241
  <example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
@@ -218,4 +244,5 @@
218
244
  <param pos="2" name="hw.version"/>
219
245
  <param pos="1" name="hw.product"/>
220
246
  </fingerprint>
221
- </fingerprints>
247
+
248
+ </fingerprints>
data/xml/smb_native_lm.xml CHANGED
@@ -1,10 +1,12 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
5
5
  negotations
6
6
  -->
7
+
7
8
  <!-- Mac OS X -->
9
+
8
10
  <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
9
11
  <description>Samba on OS X 10.6</description>
10
12
  <example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
@@ -18,6 +20,7 @@
18
20
  <param pos="1" name="service.version"/>
19
21
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
20
22
  </fingerprint>
23
+
21
24
  <fingerprint pattern="^Samba (3\.0\.25b-apple)$">
22
25
  <description>Samba on OS X 10.5</description>
23
26
  <example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
@@ -31,7 +34,9 @@
31
34
  <param pos="1" name="service.version"/>
32
35
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
33
36
  </fingerprint>
37
+
34
38
  <!-- TODO: Detect vendor, distribution, and package versions -->
39
+
35
40
  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
36
41
  <description>Samba</description>
37
42
  <example>Samba 3.0.24</example>
@@ -45,11 +50,13 @@
45
50
  <param pos="1" name="service.version"/>
46
51
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
47
52
  </fingerprint>
53
+
48
54
  <fingerprint pattern="^Netreon LANMAN 1.0$">
49
55
  <description>Netreon SAN software</description>
50
56
  <example>Netreon LANMAN 1.0</example>
51
57
  <param pos="0" name="service.vendor" value="Netreon"/>
52
58
  </fingerprint>
59
+
53
60
  <fingerprint pattern="(?i)^MikrotikSMB$">
54
61
  <description>Mikrotik</description>
55
62
  <example>MikrotikSMB</example>
@@ -59,4 +66,5 @@
59
66
  <param pos="0" name="os.product" value="RouterOS"/>
60
67
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
61
68
  </fingerprint>
62
- </fingerprints>
69
+
70
+ </fingerprints>