recog 2.3.8 → 2.3.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
@@ -1,9 +1,8 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="smtp.banner" protocol="smtp" database_type="service" preference="0.20">
3
3
  <!--
4
4
  SMTP greeting lines (part of the banner after the response code) are matched
5
5
  against these patterns (1 line at a time) to fingerprint SMTP servers.
6
-
7
6
  This is always done in addition to the patterns in other smtp_*.xml files.
8
7
  These XML files are used in this order:
9
8
  smtp_banners.xml
@@ -16,13 +15,12 @@
16
15
  smtp_turn.xml
17
16
  smtp_rset.xml
18
17
  smtp_quit.xml
19
-
20
18
  The system or service fingerprint with the highest certainty overwrites the others.
21
-
22
19
  'preference' notes: This value has been impacted by the poor quality of the 'Cisco PIX' match.
23
20
  Additionally, the 'preference' value for the other databases mentioned above has been set so
24
21
  as to implement their preference as described.
25
22
  -->
23
+
26
24
  <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
27
25
  <description>IMail - EVAL version</description>
28
26
  <example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
@@ -34,6 +32,7 @@
34
32
  <param pos="1" name="host.name"/>
35
33
  <param pos="0" name="imail.eval" value="yes"/>
36
34
  </fingerprint>
35
+
37
36
  <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
38
37
  <description>IMail - non-EVAL version</description>
39
38
  <example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
@@ -44,6 +43,7 @@
44
43
  <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:{service.version}"/>
45
44
  <param pos="1" name="host.name"/>
46
45
  </fingerprint>
46
+
47
47
  <fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
48
48
  <description>IMail - non-EVAL version, NT-ESMTP at end</description>
49
49
  <example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
@@ -54,6 +54,7 @@
54
54
  <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:{service.version}"/>
55
55
  <param pos="1" name="host.name"/>
56
56
  </fingerprint>
57
+
57
58
  <fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
58
59
  <description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
59
60
  <example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
@@ -64,6 +65,7 @@
64
65
  <param pos="0" name="service.cpe23" value="cpe:/a:analogx:proxy:{service.version}"/>
65
66
  <param pos="1" name="host.name"/>
66
67
  </fingerprint>
68
+
67
69
  <fingerprint pattern="^ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
68
70
  <description>ArGoSoft Mail Server</description>
69
71
  <example service.version="1.4.0.7">ArGoSoft Mail Server, Version 1.4 (1.4.0.7)</example>
@@ -76,6 +78,7 @@
76
78
  <param pos="0" name="service.product" value="Mail Server"/>
77
79
  <param pos="1" name="service.version"/>
78
80
  </fingerprint>
81
+
79
82
  <fingerprint pattern="^^(?:(\S+) +)?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
80
83
  <description>ArGoSoft Mail Server - freeware version</description>
81
84
  <example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
@@ -90,6 +93,7 @@
90
93
  <param pos="2" name="service.version"/>
91
94
  <param pos="1" name="host.name"/>
92
95
  </fingerprint>
96
+
93
97
  <fingerprint pattern="^(?:(\S+) +)?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
94
98
  <description>ArGoSoft Mail Server - Pro version</description>
95
99
  <example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
@@ -105,6 +109,7 @@
105
109
  <param pos="1" name="host.name"/>
106
110
  <param pos="2" name="service.version"/>
107
111
  </fingerprint>
112
+
108
113
  <fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
109
114
  <description>AppleShare IP Mail Server</description>
110
115
  <example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
@@ -115,6 +120,7 @@
115
120
  <param pos="1" name="host.name"/>
116
121
  <param pos="2" name="service.version"/>
117
122
  </fingerprint>
123
+
118
124
  <fingerprint pattern="^CheckPoint FireWall-1 secure E?SMTP server *$">
119
125
  <description>CheckPoint FireWall-1</description>
120
126
  <example>CheckPoint FireWall-1 secure SMTP server</example>
@@ -124,6 +130,7 @@
124
130
  <param pos="0" name="service.product" value="Firewall-1"/>
125
131
  <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
126
132
  </fingerprint>
133
+
127
134
  <fingerprint pattern="^SMTP/cmap ready_+$">
128
135
  <description>Cisco Pix v4.x</description>
129
136
  <example>SMTP/cmap ready________________________________________________________________________</example>
@@ -133,6 +140,7 @@
133
140
  <param pos="0" name="os.version" value="4"/>
134
141
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:4"/>
135
142
  </fingerprint>
143
+
136
144
  <fingerprint pattern="CCProxy (\S+) SMTP Service Ready(?:\(Unregistered\))?$">
137
145
  <description>Youngzsoft CCProxy SMTP</description>
138
146
  <example service.version="7.3">CCProxy 7.3 SMTP Service Ready(Unregistered)</example>
@@ -141,16 +149,16 @@
141
149
  <param pos="0" name="service.product" value="CCProxy"/>
142
150
  <param pos="1" name="service.version"/>
143
151
  </fingerprint>
152
+
144
153
  <!--
145
154
  Cisco PIX sits between an internal SMTP server and the rest of the world.
146
-
147
155
  Its MailGuard feature strips all information out of the 220 header except for the ' ' (space), '2' (digit two),
148
156
  and '0' (digit zero) characters, replacing them with asterisks. While this effectively
149
157
  hides the back-end SMTP server, it does tell us that they are running Cisco PIX firewall
150
158
  (at least for SMTP, and possibly other services as well).
151
-
152
159
  Search Cisco's documentation for "fixup protocol SMTP" for more information.
153
160
  -->
161
+
154
162
  <fingerprint pattern="^[\*20 ]+$">
155
163
  <description>Cisco PIX firewall MailGuard banner stripping</description>
156
164
  <example os.product="PIX">***************************</example>
@@ -159,6 +167,7 @@
159
167
  <param pos="0" name="os.product" value="PIX"/>
160
168
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
161
169
  </fingerprint>
170
+
162
171
  <fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
163
172
  <description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
164
173
  <param pos="0" name="service.vendor" value="Critical Path"/>
@@ -170,6 +179,7 @@
170
179
  <param pos="4" name="service.version.version.version"/>
171
180
  <param pos="5" name="service.version.version.version.version"/>
172
181
  </fingerprint>
182
+
173
183
  <fingerprint pattern="^CSM Internet Mail Scanner SMTP-Gateway ready?\. *$">
174
184
  <description>CSM Internet Mail Scanner SMTP Proxy</description>
175
185
  <example>CSM Internet Mail Scanner SMTP-Gateway ready.</example>
@@ -178,6 +188,7 @@
178
188
  <param pos="0" name="service.family" value="Internet Mail Scanner"/>
179
189
  <param pos="0" name="service.product" value="Internet Mail Scanner"/>
180
190
  </fingerprint>
191
+
181
192
  <fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
182
193
  <description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
183
194
  <example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
@@ -187,6 +198,7 @@
187
198
  <param pos="1" name="host.name"/>
188
199
  <param pos="2" name="service.version"/>
189
200
  </fingerprint>
201
+
190
202
  <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
191
203
  <description>Eudora Internet Mail Server</description>
192
204
  <example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
@@ -201,6 +213,7 @@
201
213
  <param pos="1" name="host.name"/>
202
214
  <param pos="2" name="service.version"/>
203
215
  </fingerprint>
216
+
204
217
  <fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
205
218
  <description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
206
219
  <example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
@@ -215,6 +228,7 @@
215
228
  <param pos="0" name="os.product" value="Windows"/>
216
229
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
217
230
  </fingerprint>
231
+
218
232
  <fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
219
233
  <description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
220
234
  <example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
@@ -229,6 +243,7 @@
229
243
  <param pos="0" name="os.product" value="Windows"/>
230
244
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
231
245
  </fingerprint>
246
+
232
247
  <fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
233
248
  <description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
234
249
  <example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
@@ -242,6 +257,7 @@
242
257
  <param pos="0" name="os.product" value="Windows"/>
243
258
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
244
259
  </fingerprint>
260
+
245
261
  <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
246
262
  <description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
247
263
  <example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
@@ -258,6 +274,7 @@
258
274
  <param pos="0" name="os.product" value="Windows Server 2016"/>
259
275
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
260
276
  </fingerprint>
277
+
261
278
  <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
262
279
  <description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
263
280
  <example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
@@ -274,6 +291,7 @@
274
291
  <param pos="0" name="os.product" value="Windows Server 2019"/>
275
292
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
276
293
  </fingerprint>
294
+
277
295
  <fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
278
296
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
279
297
  <example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
@@ -290,6 +308,7 @@
290
308
  <param pos="0" name="os.product" value="Windows"/>
291
309
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
292
310
  </fingerprint>
311
+
293
312
  <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
294
313
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
295
314
  <example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
@@ -310,6 +329,7 @@
310
329
  <param pos="0" name="os.product" value="Windows"/>
311
330
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
312
331
  </fingerprint>
332
+
313
333
  <fingerprint pattern="^ESMTP Exim$">
314
334
  <description>Exim - without version string or hostname</description>
315
335
  <example>ESMTP Exim</example>
@@ -318,6 +338,7 @@
318
338
  <param pos="0" name="service.product" value="exim"/>
319
339
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
320
340
  </fingerprint>
341
+
321
342
  <fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP \(?(?i:Exim) +(\d+\.[\d_.bRC-]+)\)?(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
322
343
  <description>Exim - with version string and optional timestamp</description>
323
344
  <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
@@ -339,6 +360,7 @@
339
360
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
340
361
  <param pos="3" name="system.time"/>
341
362
  </fingerprint>
363
+
342
364
  <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
343
365
  <description>Exim - with digit only version string and optional timestamp</description>
344
366
  <example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
@@ -351,6 +373,7 @@
351
373
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
352
374
  <param pos="3" name="system.time"/>
353
375
  </fingerprint>
376
+
354
377
  <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
355
378
  <description>Exim - with version string and optional timestamp (Ubuntu)</description>
356
379
  <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
@@ -367,6 +390,7 @@
367
390
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
368
391
  <param pos="3" name="system.time"/>
369
392
  </fingerprint>
393
+
370
394
  <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
371
395
  <description>Exim - without version string and with optional timestamp</description>
372
396
  <example host.name="foo.bar">foo.bar ESMTP Exim</example>
@@ -380,6 +404,7 @@
380
404
  <param pos="1" name="host.name"/>
381
405
  <param pos="2" name="system.time"/>
382
406
  </fingerprint>
407
+
383
408
  <fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
384
409
  <description>Exim - without hostname</description>
385
410
  <example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
@@ -393,6 +418,7 @@
393
418
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
394
419
  <param pos="2" name="system.time"/>
395
420
  </fingerprint>
421
+
396
422
  <fingerprint pattern="^ ?([^, ]+) Exim ESMTP Service ready$">
397
423
  <description>Exim - with hostname </description>
398
424
  <example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
@@ -402,6 +428,7 @@
402
428
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
403
429
  <param pos="1" name="host.name"/>
404
430
  </fingerprint>
431
+
405
432
  <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
406
433
  <description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
407
434
  <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
@@ -410,6 +437,7 @@
410
437
  <param pos="0" name="service.product" value="FTGate"/>
411
438
  <param pos="1" name="host.name"/>
412
439
  </fingerprint>
440
+
413
441
  <fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
414
442
  <description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
415
443
  <example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
@@ -418,6 +446,7 @@
418
446
  <param pos="0" name="service.product" value="FWTK"/>
419
447
  <param pos="1" name="host.name"/>
420
448
  </fingerprint>
449
+
421
450
  <fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
422
451
  <description>Novell GroupWise Internet Agent - versions 5 and higher</description>
423
452
  <example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
@@ -428,6 +457,7 @@
428
457
  <param pos="2" name="service.version"/>
429
458
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
430
459
  </fingerprint>
460
+
431
461
  <fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
432
462
  <description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
433
463
  <example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
@@ -439,6 +469,7 @@
439
469
  <param pos="2" name="service.version"/>
440
470
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
441
471
  </fingerprint>
472
+
442
473
  <fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
443
474
  <description>Novell GroupWise - versions below 5</description>
444
475
  <example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
@@ -450,6 +481,7 @@
450
481
  <param pos="3" name="service.version.version"/>
451
482
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
452
483
  </fingerprint>
484
+
453
485
  <fingerprint pattern="^([^ ]+) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
454
486
  <description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
455
487
  <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
@@ -463,6 +495,7 @@
463
495
  <param pos="2" name="service.version"/>
464
496
  <param pos="3" name="system.time"/>
465
497
  </fingerprint>
498
+
466
499
  <fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
467
500
  <description>
468
501
  Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
@@ -475,6 +508,7 @@
475
508
  <param pos="0" name="service.product" value="IntraStore"/>
476
509
  <param pos="1" name="host.name"/>
477
510
  </fingerprint>
511
+
478
512
  <fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
479
513
  <description>JAMES SMTP Server</description>
480
514
  <example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
@@ -486,6 +520,7 @@
486
520
  <param pos="3" name="system.time"/>
487
521
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
488
522
  </fingerprint>
523
+
489
524
  <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: ([\d.]+)$">
490
525
  <description>MailEnable - Simple</description>
491
526
  <example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
@@ -500,7 +535,9 @@
500
535
  <param pos="2" name="service.version"/>
501
536
  <param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:{service.version}"/>
502
537
  </fingerprint>
538
+
503
539
  <!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
540
+
504
541
  <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
505
542
  <description>MailEnable - Complex</description>
506
543
  <example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
@@ -520,6 +557,7 @@
520
557
  <param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:{service.version}"/>
521
558
  <param pos="3" name="system.time"/>
522
559
  </fingerprint>
560
+
523
561
  <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
524
562
  <description>Mail Max</description>
525
563
  <example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
@@ -532,6 +570,7 @@
532
570
  <param pos="2" name="service.version"/>
533
571
  <param pos="3" name="system.time"/>
534
572
  </fingerprint>
573
+
535
574
  <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
536
575
  <description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
537
576
  <example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
@@ -542,6 +581,7 @@
542
581
  <param pos="1" name="host.name"/>
543
582
  <param pos="2" name="service.version"/>
544
583
  </fingerprint>
584
+
545
585
  <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
546
586
  <description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
547
587
  <example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
@@ -550,6 +590,7 @@
550
590
  <param pos="0" name="service.product" value="MailSite"/>
551
591
  <param pos="1" name="host.name"/>
552
592
  </fingerprint>
593
+
553
594
  <fingerprint pattern="^ ?MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
554
595
  <description>Rockliffe MailSite - without hostname (http://www.rockliffe.com)</description>
555
596
  <example service.version="10.2.0.0"> MailSite ESMTP Receiver Version 10.2.0.0 Ready</example>
@@ -558,6 +599,7 @@
558
599
  <param pos="0" name="service.product" value="MailSite"/>
559
600
  <param pos="1" name="service.version"/>
560
601
  </fingerprint>
602
+
561
603
  <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
562
604
  <description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
563
605
  <example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
@@ -567,6 +609,7 @@
567
609
  <param pos="1" name="host.name"/>
568
610
  <param pos="2" name="service.version"/>
569
611
  </fingerprint>
612
+
570
613
  <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
571
614
  <description>MDaemon mail server - with timestamp, unregistered</description>
572
615
  <example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
@@ -585,6 +628,7 @@
585
628
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
586
629
  <param pos="3" name="system.time"/>
587
630
  </fingerprint>
631
+
588
632
  <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
589
633
  <description>MDaemon mail server - with timestamp</description>
590
634
  <example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
@@ -602,6 +646,7 @@
602
646
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
603
647
  <param pos="3" name="system.time"/>
604
648
  </fingerprint>
649
+
605
650
  <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
606
651
  <description>MDaemon mail server - without timestamp</description>
607
652
  <example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
@@ -617,6 +662,7 @@
617
662
  <param pos="2" name="service.version"/>
618
663
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
619
664
  </fingerprint>
665
+
620
666
  <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
621
667
  <description>MDaemon mail server - with version revision</description>
622
668
  <example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
@@ -635,6 +681,7 @@
635
681
  <param pos="3" name="service.version.version"/>
636
682
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
637
683
  </fingerprint>
684
+
638
685
  <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
639
686
  <description>MDaemon mail server - with service pack</description>
640
687
  <example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
@@ -653,6 +700,7 @@
653
700
  <param pos="4" name="service.version.version.version"/>
654
701
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
655
702
  </fingerprint>
703
+
656
704
  <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
657
705
  <description>MDaemon mail server</description>
658
706
  <example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
@@ -671,7 +719,9 @@
671
719
  <param pos="5" name="service.version.version.version.version"/>
672
720
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
673
721
  </fingerprint>
722
+
674
723
  <!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
724
+
675
725
  <fingerprint pattern="^([^ ]+) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
676
726
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
677
727
  <example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
@@ -685,6 +735,7 @@
685
735
  <param pos="2" name="service.version"/>
686
736
  <param pos="3" name="system.time"/>
687
737
  </fingerprint>
738
+
688
739
  <fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
689
740
  <description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
690
741
  <example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
@@ -698,6 +749,7 @@
698
749
  <param pos="4" name="mercur.os.info"/>
699
750
  <param pos="5" name="system.time"/>
700
751
  </fingerprint>
752
+
701
753
  <fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
702
754
  <description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
703
755
  <example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
@@ -710,6 +762,7 @@
710
762
  <param pos="1" name="host.name"/>
711
763
  <param pos="2" name="service.version"/>
712
764
  </fingerprint>
765
+
713
766
  <fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
714
767
  <description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
715
768
  <example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
@@ -723,6 +776,7 @@
723
776
  <param pos="1" name="host.name"/>
724
777
  <param pos="2" name="service.version"/>
725
778
  </fingerprint>
779
+
726
780
  <fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
727
781
  <description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
728
782
  <example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
@@ -734,6 +788,7 @@
734
788
  <param pos="2" name="service.version"/>
735
789
  <param pos="3" name="system.time"/>
736
790
  </fingerprint>
791
+
737
792
  <fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
738
793
  <description>Netscape Messaging Server - with patch number</description>
739
794
  <example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
@@ -745,6 +800,7 @@
745
800
  <param pos="3" name="service.version.version"/>
746
801
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
747
802
  </fingerprint>
803
+
748
804
  <fingerprint pattern="^([^ ]+) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
749
805
  <description>Netscape Messaging Server - w/o patch number</description>
750
806
  <example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
@@ -757,6 +813,7 @@
757
813
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
758
814
  <param pos="3" name="system.time"/>
759
815
  </fingerprint>
816
+
760
817
  <fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
761
818
  <description>Lotus Notes 4 SMTP MTA</description>
762
819
  <example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
@@ -766,10 +823,12 @@
766
823
  <param pos="0" name="service.version" value="4"/>
767
824
  <param pos="1" name="host.name"/>
768
825
  </fingerprint>
826
+
769
827
  <!-- Branding is muddy here, IBM bought Lotus in 1995, server product wasn't
770
828
  named Domino until Dec 1996 w/ v 4.5. Seems to have started being
771
829
  called IBM Domino as of v9.0 on product and in banners.
772
830
  -->
831
+
773
832
  <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
774
833
  <description>Lotus Domino SMTP MTA</description>
775
834
  <example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
@@ -790,6 +849,7 @@
790
849
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
791
850
  <param pos="3" name="system.time"/>
792
851
  </fingerprint>
852
+
793
853
  <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
794
854
  <description>IBM Domino SMTP MTA</description>
795
855
  <example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
@@ -801,8 +861,10 @@
801
861
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
802
862
  <param pos="1" name="host.name"/>
803
863
  <param pos="2" name="service.version"/>
864
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
804
865
  <param pos="3" name="system.time"/>
805
866
  </fingerprint>
867
+
806
868
  <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
807
869
  <description>Lotus Domino (some early build)</description>
808
870
  <example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
@@ -814,6 +876,7 @@
814
876
  <param pos="2" name="notes.build.version"/>
815
877
  <param pos="3" name="system.time"/>
816
878
  </fingerprint>
879
+
817
880
  <fingerprint pattern="^Lotus Notes ESMTP Server X[^ ]+\.[^ ]+ on (.+) ready at (.+)\. *$">
818
881
  <description>Lotus Notes 4.x with SMTP MTA add-on</description>
819
882
  <example host.name="FooBar R45 Server/Foo Bar/US" system.time="Fri, 15 Feb 2002 09:46:19 -0800">Lotus Notes ESMTP Server X1.0 on FooBar R45 Server/Foo Bar/US ready at Fri, 15 Feb 2002 09:46:19 -0800.</example>
@@ -824,6 +887,7 @@
824
887
  <param pos="1" name="host.name"/>
825
888
  <param pos="2" name="system.time"/>
826
889
  </fingerprint>
890
+
827
891
  <fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
828
892
  <description>NTMail (http://www.gordano.com)</description>
829
893
  <example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
@@ -834,6 +898,7 @@
834
898
  <param pos="2" name="service.version"/>
835
899
  <param pos="3" name="ntmail.id"/>
836
900
  </fingerprint>
901
+
837
902
  <fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
838
903
  <description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
839
904
  <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
@@ -846,6 +911,7 @@
846
911
  <param pos="3" name="ntmail.id"/>
847
912
  <param pos="4" name="system.time"/>
848
913
  </fingerprint>
914
+
849
915
  <fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
850
916
  <description>Some unknown mail server on OpenVMS</description>
851
917
  <example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
@@ -860,6 +926,7 @@
860
926
  <param pos="3" name="os.arch"/>
861
927
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
862
928
  </fingerprint>
929
+
863
930
  <fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
864
931
  <description>A.K.I PMail</description>
865
932
  <example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
@@ -871,95 +938,126 @@
871
938
  <param pos="2" name="service.version"/>
872
939
  <param pos="3" name="system.time"/>
873
940
  </fingerprint>
941
+
874
942
  <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
875
943
  <description>Postfix - version + build, followed by os</description>
944
+ <param pos="0" name="service.vendor" value="Postfix"/>
876
945
  <param pos="0" name="service.family" value="Postfix"/>
877
946
  <param pos="0" name="service.product" value="Postfix"/>
878
947
  <param pos="1" name="host.name"/>
879
948
  <param pos="2" name="service.version"/>
880
949
  <param pos="3" name="service.version.version"/>
950
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
881
951
  <param pos="4" name="postfix.os.info"/>
882
952
  </fingerprint>
953
+
883
954
  <fingerprint pattern="^([^ ]+) ESMTP Postfix \(?([\d.]+)\)?$">
884
955
  <description>Postfix - Std semantic versioning, w/ optional parens</description>
885
956
  <example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
886
957
  <example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
958
+ <param pos="0" name="service.vendor" value="Postfix"/>
887
959
  <param pos="0" name="service.family" value="Postfix"/>
888
960
  <param pos="0" name="service.product" value="Postfix"/>
889
961
  <param pos="1" name="host.name"/>
890
962
  <param pos="2" name="service.version"/>
963
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
891
964
  </fingerprint>
965
+
892
966
  <fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
893
967
  <description>Postfix - version + build</description>
894
968
  <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
969
+ <param pos="0" name="service.vendor" value="Postfix"/>
895
970
  <param pos="0" name="service.family" value="Postfix"/>
896
971
  <param pos="0" name="service.product" value="Postfix"/>
897
972
  <param pos="1" name="host.name"/>
898
973
  <param pos="2" name="service.version"/>
899
974
  <param pos="3" name="service.version.version"/>
975
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
900
976
  </fingerprint>
977
+
901
978
  <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
902
979
  <description>Postfix - Ubuntu</description>
903
980
  <example>foo.bar ESMTP Postfix (Ubuntu)</example>
981
+ <param pos="0" name="service.vendor" value="Postfix"/>
904
982
  <param pos="0" name="service.family" value="Postfix"/>
905
983
  <param pos="0" name="service.product" value="Postfix"/>
984
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
906
985
  <param pos="1" name="host.name"/>
907
986
  <param pos="0" name="os.vendor" value="Ubuntu"/>
908
987
  <param pos="0" name="os.family" value="Linux"/>
909
988
  <param pos="0" name="os.product" value="Linux"/>
910
989
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
911
990
  </fingerprint>
991
+
912
992
  <fingerprint pattern="^([^ ]+)(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
913
993
  <description>Postfix - Ubuntu, Mail-in-a-Box package</description>
914
994
  <example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
915
995
  <example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
996
+ <param pos="0" name="service.vendor" value="Postfix"/>
916
997
  <param pos="0" name="service.family" value="Postfix"/>
917
998
  <param pos="0" name="service.product" value="Postfix"/>
999
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
918
1000
  <param pos="1" name="host.name"/>
919
1001
  <param pos="0" name="os.vendor" value="Ubuntu"/>
920
1002
  <param pos="0" name="os.family" value="Linux"/>
921
1003
  <param pos="0" name="os.product" value="Linux"/>
922
1004
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
923
1005
  </fingerprint>
1006
+
924
1007
  <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
925
1008
  <description>Postfix - Debian</description>
926
1009
  <example>foo.bar ESMTP Postfix (Debian/GNU)</example>
1010
+ <param pos="0" name="service.vendor" value="Postfix"/>
927
1011
  <param pos="0" name="service.family" value="Postfix"/>
928
1012
  <param pos="0" name="service.product" value="Postfix"/>
1013
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
929
1014
  <param pos="1" name="host.name"/>
930
1015
  <param pos="0" name="os.vendor" value="Debian"/>
931
1016
  <param pos="0" name="os.family" value="Linux"/>
932
1017
  <param pos="0" name="os.product" value="Linux"/>
933
1018
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
934
1019
  </fingerprint>
1020
+
935
1021
  <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
936
1022
  <description>Postfix - generic banner with amusing comments in parentheses</description>
937
1023
  <example>foo.bar ESMTP Postfix (lol)</example>
1024
+ <param pos="0" name="service.vendor" value="Postfix"/>
938
1025
  <param pos="0" name="service.family" value="Postfix"/>
939
1026
  <param pos="0" name="service.product" value="Postfix"/>
1027
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
940
1028
  <param pos="1" name="host.name"/>
941
1029
  </fingerprint>
1030
+
942
1031
  <fingerprint pattern="^(?i)([^ ]+) +E?SMTP.* Postfix *$">
943
1032
  <description>Postfix - generic banner</description>
944
1033
  <example>foo.bar ESMTP Postfix</example>
945
1034
  <example>foo.bar SMTP Postfix</example>
1035
+ <param pos="0" name="service.vendor" value="Postfix"/>
946
1036
  <param pos="0" name="service.family" value="Postfix"/>
947
1037
  <param pos="0" name="service.product" value="Postfix"/>
1038
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
948
1039
  <param pos="1" name="host.name"/>
949
1040
  </fingerprint>
1041
+
950
1042
  <fingerprint pattern="^ *ESMTP Postfix$">
951
1043
  <description>Postfix - banner without hostname or version</description>
952
1044
  <example>ESMTP Postfix</example>
1045
+ <param pos="0" name="service.vendor" value="Postfix"/>
953
1046
  <param pos="0" name="service.family" value="Postfix"/>
954
1047
  <param pos="0" name="service.product" value="Postfix"/>
1048
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
955
1049
  </fingerprint>
1050
+
956
1051
  <fingerprint pattern="^(?i)([^ ]+) POSTFIX$">
957
1052
  <description>Postfix - generic w/o ESMTP</description>
958
1053
  <example host.name="foo.bar">foo.bar Postfix</example>
1054
+ <param pos="0" name="service.vendor" value="Postfix"/>
959
1055
  <param pos="0" name="service.family" value="Postfix"/>
960
1056
  <param pos="0" name="service.product" value="Postfix"/>
1057
+ <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
961
1058
  <param pos="1" name="host.name"/>
962
1059
  </fingerprint>
1060
+
963
1061
  <fingerprint pattern="^([^ ]+) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
964
1062
  <description>Post.Office</description>
965
1063
  <example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
@@ -973,12 +1071,14 @@
973
1071
  <param pos="4" name="postoffice.id"/>
974
1072
  <param pos="5" name="system.time"/>
975
1073
  </fingerprint>
1074
+
976
1075
  <fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
977
1076
  <description>Raptor Firewall (low confidence)</description>
978
1077
  <example host.name="foo.bar">foo.bar Generic SMTP handler</example>
979
1078
  <param pos="0" name="service.product" value="raptor"/>
980
1079
  <param pos="1" name="host.name"/>
981
1080
  </fingerprint>
1081
+
982
1082
  <fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
983
1083
  <description>SAP SMTP Server</description>
984
1084
  <example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
@@ -987,15 +1087,20 @@
987
1087
  <param pos="2" name="service.version"/>
988
1088
  <param pos="1" name="host.name"/>
989
1089
  </fingerprint>
1090
+
990
1091
  <fingerprint pattern="^Sendmail ESMTP ready$">
991
1092
  <description>Sendmail - short banner w/o hostname, version, platform, or date.</description>
992
1093
  <example>Sendmail ESMTP ready</example>
1094
+ <param pos="0" name="service.vendor" value="Sendmail"/>
993
1095
  <param pos="0" name="service.family" value="Sendmail"/>
994
1096
  <param pos="0" name="service.product" value="Sendmail"/>
1097
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
995
1098
  </fingerprint>
1099
+
996
1100
  <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
997
1101
  <description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
998
1102
  <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1103
+ <param pos="0" name="service.vendor" value="Sendmail"/>
999
1104
  <param pos="0" name="service.family" value="Sendmail"/>
1000
1105
  <param pos="0" name="service.product" value="Sendmail"/>
1001
1106
  <param pos="0" name="os.vendor" value="HP"/>
@@ -1005,13 +1110,16 @@
1005
1110
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1006
1111
  <param pos="1" name="host.name"/>
1007
1112
  <param pos="2" name="service.version"/>
1113
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1008
1114
  <param pos="3" name="sendmail.hpux.phne.version"/>
1009
1115
  <param pos="4" name="sendmail.config.version"/>
1010
1116
  <param pos="5" name="system.time"/>
1011
1117
  </fingerprint>
1118
+
1012
1119
  <fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1013
1120
  <description>Sendmail - HP-UX</description>
1014
1121
  <example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1122
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1015
1123
  <param pos="0" name="service.family" value="Sendmail"/>
1016
1124
  <param pos="0" name="service.product" value="Sendmail"/>
1017
1125
  <param pos="0" name="os.vendor" value="HP"/>
@@ -1022,11 +1130,14 @@
1022
1130
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
1023
1131
  <param pos="1" name="host.name"/>
1024
1132
  <param pos="2" name="service.version"/>
1133
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1025
1134
  <param pos="4" name="system.time"/>
1026
1135
  </fingerprint>
1136
+
1027
1137
  <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1028
1138
  <description>Sendmail - Unixware</description>
1029
1139
  <example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1140
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1030
1141
  <param pos="0" name="service.family" value="Sendmail"/>
1031
1142
  <param pos="0" name="service.product" value="Sendmail"/>
1032
1143
  <param pos="0" name="os.vendor" value="SCO"/>
@@ -1035,12 +1146,15 @@
1035
1146
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1036
1147
  <param pos="1" name="host.name"/>
1037
1148
  <param pos="2" name="service.version"/>
1149
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1038
1150
  <param pos="3" name="os.version"/>
1039
1151
  <param pos="4" name="system.time"/>
1040
1152
  </fingerprint>
1153
+
1041
1154
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1042
1155
  <description>Sendmail - AIX (UCB variant)</description>
1043
1156
  <example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1157
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1044
1158
  <param pos="0" name="service.family" value="Sendmail"/>
1045
1159
  <param pos="0" name="service.product" value="Sendmail"/>
1046
1160
  <param pos="0" name="os.vendor" value="IBM"/>
@@ -1051,11 +1165,14 @@
1051
1165
  <param pos="2" name="os.version"/>
1052
1166
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1053
1167
  <param pos="3" name="service.version"/>
1168
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1054
1169
  <param pos="4" name="system.time"/>
1055
1170
  </fingerprint>
1171
+
1056
1172
  <fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1057
1173
  <description>Sendmail - AIX (UCB/ready at variant)</description>
1058
1174
  <example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1175
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1059
1176
  <param pos="0" name="service.family" value="Sendmail"/>
1060
1177
  <param pos="0" name="service.product" value="Sendmail"/>
1061
1178
  <param pos="0" name="os.vendor" value="IBM"/>
@@ -1066,13 +1183,16 @@
1066
1183
  <param pos="2" name="os.version"/>
1067
1184
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1068
1185
  <param pos="3" name="service.version"/>
1186
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1069
1187
  <param pos="4" name="sendmail.config.version"/>
1070
1188
  <param pos="5" name="system.time"/>
1071
1189
  </fingerprint>
1190
+
1072
1191
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1073
1192
  <description>Sendmail - AIX</description>
1074
1193
  <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1075
1194
  <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
1195
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1076
1196
  <param pos="0" name="service.family" value="Sendmail"/>
1077
1197
  <param pos="0" name="service.product" value="Sendmail"/>
1078
1198
  <param pos="0" name="os.vendor" value="IBM"/>
@@ -1083,12 +1203,15 @@
1083
1203
  <param pos="2" name="os.version"/>
1084
1204
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1085
1205
  <param pos="3" name="service.version"/>
1206
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1086
1207
  <param pos="4" name="sendmail.config.version"/>
1087
1208
  <param pos="5" name="system.time"/>
1088
1209
  </fingerprint>
1210
+
1089
1211
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1090
1212
  <description>Sendmail - SuSE Linux</description>
1091
1213
  <example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1214
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1092
1215
  <param pos="0" name="service.family" value="Sendmail"/>
1093
1216
  <param pos="0" name="service.product" value="Sendmail"/>
1094
1217
  <param pos="0" name="os.vendor" value="SuSE"/>
@@ -1098,13 +1221,16 @@
1098
1221
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1099
1222
  <param pos="1" name="host.name"/>
1100
1223
  <param pos="2" name="service.version"/>
1224
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1101
1225
  <param pos="3" name="sendmail.config.version"/>
1102
1226
  <param pos="4" name="sendmail.vendor.version"/>
1103
1227
  <param pos="5" name="system.time"/>
1104
1228
  </fingerprint>
1229
+
1105
1230
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1106
1231
  <description>Sendmail - Solaris with date (no time offeset variant)</description>
1107
1232
  <example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1233
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1108
1234
  <param pos="0" name="service.family" value="Sendmail"/>
1109
1235
  <param pos="0" name="service.product" value="Sendmail"/>
1110
1236
  <param pos="0" name="os.vendor" value="Sun"/>
@@ -1114,12 +1240,15 @@
1114
1240
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
1115
1241
  <param pos="1" name="host.name"/>
1116
1242
  <param pos="2" name="service.version"/>
1243
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1117
1244
  <param pos="3" name="sendmail.config.version"/>
1118
1245
  <param pos="4" name="system.time"/>
1119
1246
  </fingerprint>
1247
+
1120
1248
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1121
1249
  <description>Sendmail - Solaris with date (ready variant)</description>
1122
1250
  <example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1251
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1123
1252
  <param pos="0" name="service.family" value="Sendmail"/>
1124
1253
  <param pos="0" name="service.product" value="Sendmail"/>
1125
1254
  <param pos="0" name="os.vendor" value="Sun"/>
@@ -1129,13 +1258,16 @@
1129
1258
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1130
1259
  <param pos="1" name="host.name"/>
1131
1260
  <param pos="2" name="service.version"/>
1261
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1132
1262
  <param pos="3" name="sendmail.config.version"/>
1133
1263
  <param pos="4" name="system.time"/>
1134
1264
  </fingerprint>
1265
+
1135
1266
  <fingerprint pattern="^([^ ]+) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1136
1267
  <description>Sendmail - Debian</description>
1137
1268
  <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1138
1269
  <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
1270
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1139
1271
  <param pos="0" name="service.family" value="Sendmail"/>
1140
1272
  <param pos="0" name="service.product" value="Sendmail"/>
1141
1273
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1145,14 +1277,17 @@
1145
1277
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1146
1278
  <param pos="1" name="host.name"/>
1147
1279
  <param pos="2" name="service.version"/>
1280
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1148
1281
  <param pos="3" name="sendmail.config.version"/>
1149
1282
  <param pos="4" name="sendmail.vendor.version"/>
1150
1283
  <param pos="5" name="system.time"/>
1151
1284
  </fingerprint>
1285
+
1152
1286
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
1153
1287
  <description>Sendmail - Debian 7.x (wheezy)</description>
1154
1288
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1155
1289
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1290
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1156
1291
  <param pos="0" name="service.family" value="Sendmail"/>
1157
1292
  <param pos="0" name="service.product" value="Sendmail"/>
1158
1293
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1163,12 +1298,15 @@
1163
1298
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1164
1299
  <param pos="1" name="host.name"/>
1165
1300
  <param pos="2" name="service.version"/>
1301
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1166
1302
  <param pos="3" name="sendmail.config.version"/>
1167
1303
  <param pos="4" name="system.time"/>
1168
1304
  </fingerprint>
1305
+
1169
1306
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
1170
1307
  <description>Sendmail - Debian 8.x (jessie)</description>
1171
1308
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1309
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1172
1310
  <param pos="0" name="service.family" value="Sendmail"/>
1173
1311
  <param pos="0" name="service.product" value="Sendmail"/>
1174
1312
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1179,12 +1317,15 @@
1179
1317
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1180
1318
  <param pos="1" name="host.name"/>
1181
1319
  <param pos="2" name="service.version"/>
1320
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1182
1321
  <param pos="3" name="sendmail.config.version"/>
1183
1322
  <param pos="4" name="system.time"/>
1184
1323
  </fingerprint>
1324
+
1185
1325
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
1186
1326
  <description>Sendmail - Debian 5.x (lenny)</description>
1187
1327
  <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1328
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1188
1329
  <param pos="0" name="service.family" value="Sendmail"/>
1189
1330
  <param pos="0" name="service.product" value="Sendmail"/>
1190
1331
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1195,12 +1336,15 @@
1195
1336
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1196
1337
  <param pos="1" name="host.name"/>
1197
1338
  <param pos="2" name="service.version"/>
1339
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1198
1340
  <param pos="3" name="sendmail.config.version"/>
1199
1341
  <param pos="4" name="system.time"/>
1200
1342
  </fingerprint>
1343
+
1201
1344
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
1202
1345
  <description>Sendmail - Debian 4.x (etch)</description>
1203
1346
  <example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1347
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1204
1348
  <param pos="0" name="service.family" value="Sendmail"/>
1205
1349
  <param pos="0" name="service.product" value="Sendmail"/>
1206
1350
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1211,12 +1355,15 @@
1211
1355
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1212
1356
  <param pos="1" name="host.name"/>
1213
1357
  <param pos="2" name="service.version"/>
1358
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1214
1359
  <param pos="3" name="sendmail.config.version"/>
1215
1360
  <param pos="4" name="system.time"/>
1216
1361
  </fingerprint>
1362
+
1217
1363
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
1218
1364
  <description>Sendmail - Debian 3.1 (sarge)</description>
1219
1365
  <example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1366
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1220
1367
  <param pos="0" name="service.family" value="Sendmail"/>
1221
1368
  <param pos="0" name="service.product" value="Sendmail"/>
1222
1369
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1227,14 +1374,17 @@
1227
1374
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1228
1375
  <param pos="1" name="host.name"/>
1229
1376
  <param pos="2" name="service.version"/>
1377
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1230
1378
  <param pos="3" name="sendmail.config.version"/>
1231
1379
  <param pos="4" name="system.time"/>
1232
1380
  </fingerprint>
1381
+
1233
1382
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
1234
1383
  <description>Sendmail - Debian patch only</description>
1235
1384
  <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1236
1385
  <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1237
1386
  <example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1387
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1238
1388
  <param pos="0" name="service.family" value="Sendmail"/>
1239
1389
  <param pos="0" name="service.product" value="Sendmail"/>
1240
1390
  <param pos="0" name="os.vendor" value="Debian"/>
@@ -1244,13 +1394,16 @@
1244
1394
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1245
1395
  <param pos="1" name="host.name"/>
1246
1396
  <param pos="2" name="service.version"/>
1397
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1247
1398
  <param pos="3" name="sendmail.config.version"/>
1248
1399
  <param pos="4" name="system.time"/>
1249
1400
  </fingerprint>
1401
+
1250
1402
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
1251
1403
  <description>Sendmail - Ubuntu</description>
1252
1404
  <example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1253
1405
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1406
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1254
1407
  <param pos="0" name="service.family" value="Sendmail"/>
1255
1408
  <param pos="0" name="service.product" value="Sendmail"/>
1256
1409
  <param pos="0" name="os.vendor" value="Ubuntu"/>
@@ -1260,11 +1413,14 @@
1260
1413
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1261
1414
  <param pos="1" name="host.name"/>
1262
1415
  <param pos="2" name="service.version"/>
1416
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1263
1417
  <param pos="3" name="system.time"/>
1264
1418
  </fingerprint>
1419
+
1265
1420
  <fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1266
1421
  <description>Sendmail - Solaris (SMI variant)</description>
1267
1422
  <example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1423
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1268
1424
  <param pos="0" name="service.family" value="Sendmail"/>
1269
1425
  <param pos="0" name="service.product" value="Sendmail"/>
1270
1426
  <param pos="0" name="os.vendor" value="Sun"/>
@@ -1274,12 +1430,15 @@
1274
1430
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1275
1431
  <param pos="1" name="host.name"/>
1276
1432
  <param pos="2" name="service.version"/>
1433
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1277
1434
  <param pos="3" name="sendmail.config.version"/>
1278
1435
  <param pos="4" name="system.time"/>
1279
1436
  </fingerprint>
1437
+
1280
1438
  <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1281
1439
  <description>Sendmail - unknown platform (linuxconf variant)</description>
1282
1440
  <example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1441
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1283
1442
  <param pos="0" name="service.family" value="Sendmail"/>
1284
1443
  <param pos="0" name="service.product" value="Sendmail"/>
1285
1444
  <param pos="0" name="os.family" value="Linux"/>
@@ -1287,9 +1446,11 @@
1287
1446
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1288
1447
  <param pos="1" name="host.name"/>
1289
1448
  <param pos="2" name="service.version"/>
1449
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1290
1450
  <param pos="3" name="sendmail.config.version"/>
1291
1451
  <param pos="4" name="system.time"/>
1292
1452
  </fingerprint>
1453
+
1293
1454
  <fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1294
1455
  <description>Sendmail - MetaInfo</description>
1295
1456
  <example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
@@ -1308,6 +1469,7 @@
1308
1469
  <param pos="5" name="sendmail.config.version"/>
1309
1470
  <param pos="6" name="system.time"/>
1310
1471
  </fingerprint>
1472
+
1311
1473
  <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1312
1474
  <description>Sendmail - optional timezone and timestamp, w/o OS</description>
1313
1475
  <example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
@@ -1316,53 +1478,68 @@
1316
1478
  <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1317
1479
  <example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
1318
1480
  <example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
1481
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1319
1482
  <param pos="0" name="service.product" value="Sendmail"/>
1320
1483
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1321
1484
  <param pos="1" name="host.name"/>
1322
1485
  <param pos="2" name="service.version"/>
1486
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1323
1487
  <param pos="3" name="sendmail.config.version"/>
1324
1488
  <param pos="4" name="system.time"/>
1325
1489
  </fingerprint>
1490
+
1326
1491
  <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1327
1492
  <description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
1328
1493
  <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
1494
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1329
1495
  <param pos="0" name="service.product" value="Sendmail"/>
1330
1496
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
1331
1497
  <param pos="1" name="host.name"/>
1332
1498
  <param pos="2" name="service.version"/>
1499
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1333
1500
  <param pos="3" name="sendmail.config.version"/>
1334
1501
  <param pos="4" name="system.time"/>
1335
1502
  </fingerprint>
1503
+
1336
1504
  <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1337
1505
  <description>Sendmail - with version and date (optional timezone), w/o config version</description>
1338
1506
  <example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
1507
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1339
1508
  <param pos="0" name="service.family" value="Sendmail"/>
1340
1509
  <param pos="0" name="service.product" value="Sendmail"/>
1341
1510
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1342
1511
  <param pos="1" name="host.name"/>
1343
1512
  <param pos="2" name="service.version"/>
1513
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1344
1514
  <param pos="3" name="system.time"/>
1345
1515
  </fingerprint>
1516
+
1346
1517
  <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1347
1518
  <description>Sendmail - revision variant 1</description>
1348
1519
  <example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1520
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1349
1521
  <param pos="0" name="service.family" value="Sendmail"/>
1350
1522
  <param pos="0" name="service.product" value="Sendmail"/>
1351
1523
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1352
1524
  <param pos="1" name="host.name"/>
1353
1525
  <param pos="2" name="service.version"/>
1526
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1354
1527
  <param pos="3" name="system.time"/>
1355
1528
  </fingerprint>
1529
+
1356
1530
  <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1357
1531
  <description>Sendmail - revision variant 2</description>
1358
1532
  <example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1533
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1359
1534
  <param pos="0" name="service.family" value="Sendmail"/>
1360
1535
  <param pos="0" name="service.product" value="Sendmail"/>
1361
1536
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1362
1537
  <param pos="1" name="host.name"/>
1363
1538
  <param pos="2" name="service.version"/>
1539
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1364
1540
  <param pos="3" name="system.time"/>
1365
1541
  </fingerprint>
1542
+
1366
1543
  <fingerprint pattern="^(?i)([^ ]+) +(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1367
1544
  <description>Sendmail - with date, w/o version or platform, optional status string.</description>
1368
1545
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
@@ -1374,50 +1551,66 @@
1374
1551
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
1375
1552
  <example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
1376
1553
  <example host.name="foo.bar">foo.bar Sendmail ready. </example>
1554
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1377
1555
  <param pos="0" name="service.family" value="Sendmail"/>
1378
1556
  <param pos="0" name="service.product" value="Sendmail"/>
1557
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
1379
1558
  <param pos="1" name="host.name"/>
1380
1559
  <param pos="2" name="system.time"/>
1381
1560
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1382
1561
  </fingerprint>
1562
+
1383
1563
  <fingerprint pattern="^ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
1384
1564
  <description>Sendmail - with version and date, w/o hostname or platform (semicolon variant)</description>
1385
1565
  <example service.version="8.13.1" sendmail.config.version="8.13.1" system.time="Thu, 30 Nov 2017 01:58:22 -0700">ESMTP Sendmail 8.13.1/8.13.1; Thu, 30 Nov 2017 01:58:22 -0700</example>
1566
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1386
1567
  <param pos="0" name="service.family" value="Sendmail"/>
1387
1568
  <param pos="0" name="service.product" value="Sendmail"/>
1388
1569
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1389
1570
  <param pos="1" name="service.version"/>
1571
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1390
1572
  <param pos="2" name="sendmail.config.version"/>
1391
1573
  <param pos="3" name="system.time"/>
1392
1574
  </fingerprint>
1575
+
1393
1576
  <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1394
1577
  <description>Sendmail - unknown (date in version string variant)</description>
1395
1578
  <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1579
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1396
1580
  <param pos="0" name="service.family" value="Sendmail"/>
1397
1581
  <param pos="0" name="service.product" value="Sendmail"/>
1398
1582
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1399
1583
  <param pos="1" name="host.name"/>
1400
1584
  <param pos="2" name="service.version"/>
1585
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1401
1586
  <param pos="3" name="system.time"/>
1402
1587
  </fingerprint>
1588
+
1403
1589
  <!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
1590
+
1404
1591
  <fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
1405
1592
  <description>Sendmail - unknown platform, variant 1</description>
1593
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1406
1594
  <param pos="0" name="service.family" value="Sendmail"/>
1407
1595
  <param pos="0" name="service.product" value="Sendmail"/>
1408
1596
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
1409
1597
  <param pos="1" name="host.name"/>
1410
1598
  <param pos="2" name="service.version"/>
1599
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1411
1600
  <param pos="3" name="system.time"/>
1412
1601
  </fingerprint>
1602
+
1413
1603
  <fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
1414
1604
  <description>Sendmail - basic with version and date</description>
1605
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1415
1606
  <param pos="0" name="service.family" value="Sendmail"/>
1416
1607
  <param pos="0" name="service.product" value="Sendmail"/>
1417
1608
  <param pos="1" name="service.version"/>
1609
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1418
1610
  <param pos="2" name="sendmail.config.version"/>
1419
1611
  <param pos="3" name="host.name"/>
1420
1612
  </fingerprint>
1613
+
1421
1614
  <fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1422
1615
  <description>Sun Internet Mail Server</description>
1423
1616
  <example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
@@ -1431,6 +1624,7 @@
1431
1624
  <param pos="1" name="host.name"/>
1432
1625
  <param pos="2" name="service.version"/>
1433
1626
  </fingerprint>
1627
+
1434
1628
  <fingerprint pattern="^(?:2.0.0 )?([^ ]+) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1435
1629
  <description>Ecelerity</description>
1436
1630
  <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
@@ -1446,6 +1640,7 @@
1446
1640
  <param pos="3" name="service.component.version"/>
1447
1641
  <param pos="4" name="system.time"/>
1448
1642
  </fingerprint>
1643
+
1449
1644
  <fingerprint pattern="^(?i)([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1450
1645
  <description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
1451
1646
  <example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
@@ -1457,6 +1652,7 @@
1457
1652
  <param pos="1" name="host.name"/>
1458
1653
  <param pos="2" name="service.version"/>
1459
1654
  </fingerprint>
1655
+
1460
1656
  <fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
1461
1657
  <description>Symantec Mail Security for SMTP</description>
1462
1658
  <example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
@@ -1464,6 +1660,7 @@
1464
1660
  <param pos="0" name="service.product" value="Symantec Mail Security for SMTP"/>
1465
1661
  <param pos="1" name="host.name"/>
1466
1662
  </fingerprint>
1663
+
1467
1664
  <fingerprint pattern="^([^ ]+) ESMTP Symantec Messaging Gateway$">
1468
1665
  <description>Symantec Mail Gateway</description>
1469
1666
  <example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
@@ -1471,7 +1668,9 @@
1471
1668
  <param pos="0" name="service.product" value="Symantec Messaging Gateway"/>
1472
1669
  <param pos="1" name="host.name"/>
1473
1670
  </fingerprint>
1671
+
1474
1672
  <!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
1673
+
1475
1674
  <fingerprint pattern="^(?i)([^ ]+) ESMTP SonicWALL \(([\d.]+)\)$">
1476
1675
  <description>SonicWall Email Security</description>
1477
1676
  <example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
@@ -1482,6 +1681,7 @@
1482
1681
  <param pos="1" name="host.name"/>
1483
1682
  <param pos="2" name="service.version"/>
1484
1683
  </fingerprint>
1684
+
1485
1685
  <fingerprint pattern="^([^ ]+) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1486
1686
  <description>PowerMTA</description>
1487
1687
  <example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
@@ -1491,6 +1691,7 @@
1491
1691
  <param pos="1" name="host.name"/>
1492
1692
  <param pos="2" name="service.version"/>
1493
1693
  </fingerprint>
1694
+
1494
1695
  <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1495
1696
  <description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
1496
1697
  <example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
@@ -1500,6 +1701,7 @@
1500
1701
  <param pos="1" name="host.name"/>
1501
1702
  <param pos="2" name="service.version"/>
1502
1703
  </fingerprint>
1704
+
1503
1705
  <fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1504
1706
  <description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
1505
1707
  <example>foo.bar VPOP3 ESMTP Server Ready</example>
@@ -1510,6 +1712,7 @@
1510
1712
  <param pos="0" name="service.product" value="VPOP3"/>
1511
1713
  <param pos="1" name="host.name"/>
1512
1714
  </fingerprint>
1715
+
1513
1716
  <fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) (:?[^ ]+)? ?Network Associates.*Ready at (.+) *$">
1514
1717
  <description>McAfee WebShield</description>
1515
1718
  <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
@@ -1524,6 +1727,7 @@
1524
1727
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:webshield:{service.version}"/>
1525
1728
  <param pos="4" name="system.time"/>
1526
1729
  </fingerprint>
1730
+
1527
1731
  <fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1528
1732
  <description>McAfee Webshield ASaP (bundled hardware / software)</description>
1529
1733
  <example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
@@ -1539,6 +1743,7 @@
1539
1743
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:webshield:{service.version}"/>
1540
1744
  <param pos="3" name="system.time"/>
1541
1745
  </fingerprint>
1746
+
1542
1747
  <fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1543
1748
  <description>McAfee VirusScreen</description>
1544
1749
  <example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
@@ -1554,6 +1759,7 @@
1554
1759
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:webshield:{service.version}"/>
1555
1760
  <param pos="3" name="system.time"/>
1556
1761
  </fingerprint>
1762
+
1557
1763
  <fingerprint pattern="^([^ ]+) ESMTP Lyris ListManager service ready$">
1558
1764
  <description>Lyris ListManager</description>
1559
1765
  <example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
@@ -1562,6 +1768,7 @@
1562
1768
  <param pos="0" name="service.product" value="ListManager"/>
1563
1769
  <param pos="1" name="host.name"/>
1564
1770
  </fingerprint>
1771
+
1565
1772
  <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1566
1773
  <description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
1567
1774
  <example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
@@ -1570,6 +1777,7 @@
1570
1777
  <param pos="1" name="host.name"/>
1571
1778
  <param pos="2" name="service.version"/>
1572
1779
  </fingerprint>
1780
+
1573
1781
  <fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
1574
1782
  <description>WinRoute Pro w/o hostname</description>
1575
1783
  <example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
@@ -1579,6 +1787,7 @@
1579
1787
  <param pos="1" name="service.version"/>
1580
1788
  <param pos="2" name="system.time"/>
1581
1789
  </fingerprint>
1790
+
1582
1791
  <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1583
1792
  <description>ZMailer http://www.zmailer.org/technical.html</description>
1584
1793
  <example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
@@ -1591,6 +1800,7 @@
1591
1800
  <param pos="3" name="service.version.version"/>
1592
1801
  <param pos="4" name="system.time"/>
1593
1802
  </fingerprint>
1803
+
1594
1804
  <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1595
1805
  <description>ZMailer server that supports IDENT</description>
1596
1806
  <example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
@@ -1604,6 +1814,7 @@
1604
1814
  <param pos="3" name="service.version.version"/>
1605
1815
  <param pos="4" name="system.time"/>
1606
1816
  </fingerprint>
1817
+
1607
1818
  <fingerprint pattern="^([^ ]+) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1608
1819
  <description>Kerio Connect ESMTP</description>
1609
1820
  <example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
@@ -1615,17 +1826,20 @@
1615
1826
  <param pos="2" name="service.version"/>
1616
1827
  <param pos="3" name="service.version.version"/>
1617
1828
  </fingerprint>
1829
+
1618
1830
  <fingerprint pattern="^([^ ]+) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1619
1831
  <description>Communigate Pro</description>
1620
1832
  <example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
1621
1833
  <example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
1622
1834
  <example host.name="foo.bar" service.version="4.3.12">foo.bar ESMTP CommuniGate Pro 4.3.12. It is you again :-(</example>
1623
- <param pos="0" name="service.vendor" value="Communigater"/>
1835
+ <param pos="0" name="service.vendor" value="Communigate"/>
1624
1836
  <param pos="0" name="service.family" value="Pro"/>
1625
- <param pos="0" name="service.product" value="ESMTP"/>
1837
+ <param pos="0" name="service.product" value="Communigate Pro"/>
1626
1838
  <param pos="1" name="host.name"/>
1627
1839
  <param pos="2" name="service.version"/>
1840
+ <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
1628
1841
  </fingerprint>
1842
+
1629
1843
  <fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
1630
1844
  <description>Twisted SMTP server</description>
1631
1845
  <example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
@@ -1634,6 +1848,7 @@
1634
1848
  <param pos="0" name="service.product" value="ESMTP"/>
1635
1849
  <param pos="1" name="host.name"/>
1636
1850
  </fingerprint>
1851
+
1637
1852
  <fingerprint pattern="^Cellopoint E-mail Firewall v(\d\.[\d.]+) Build (\d+) ready$">
1638
1853
  <description>Cellopoint E-mail Firewall</description>
1639
1854
  <example service.version="3.9.12" service.version.version="0324">Cellopoint E-mail Firewall v3.9.12 Build 0324 ready</example>
@@ -1643,6 +1858,7 @@
1643
1858
  <param pos="1" name="service.version"/>
1644
1859
  <param pos="2" name="service.version.version"/>
1645
1860
  </fingerprint>
1861
+
1646
1862
  <fingerprint pattern="^ESMTP on WinWebMail \[(\d\.[\d.]+)\] ready\. http://www.winwebmail.com$">
1647
1863
  <description>Ma Jian WinWebMail</description>
1648
1864
  <example service.version="3.9.0.7">ESMTP on WinWebMail [3.9.0.7] ready. http://www.winwebmail.com</example>
@@ -1651,6 +1867,7 @@
1651
1867
  <param pos="0" name="service.product" value="ESMTP"/>
1652
1868
  <param pos="1" name="service.version"/>
1653
1869
  </fingerprint>
1870
+
1654
1871
  <fingerprint pattern="^([^ ]+) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1655
1872
  <description>Tobit Software David</description>
1656
1873
  <example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
@@ -1660,12 +1877,14 @@
1660
1877
  <param pos="1" name="host.name"/>
1661
1878
  <param pos="2" name="service.version"/>
1662
1879
  </fingerprint>
1880
+
1663
1881
  <fingerprint pattern="^(?i)(\S+) E?SMTP Perl">
1664
1882
  <description>Some simple PERL SMTP server</description>
1665
1883
  <example host.name="foo.bar">foo.bar ESMTP Perl</example>
1666
1884
  <param pos="0" name="service.product" value="Perl"/>
1667
1885
  <param pos="1" name="host.name"/>
1668
1886
  </fingerprint>
1887
+
1669
1888
  <fingerprint pattern="^(?i)(?:([^ ]+) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1670
1889
  <description>Non-specific banner with optional hostname</description>
1671
1890
  <example host.name="foo.bar">foo.bar ESMTP</example>
@@ -1677,6 +1896,7 @@
1677
1896
  <example>ESMTP READY</example>
1678
1897
  <param pos="1" name="host.name"/>
1679
1898
  </fingerprint>
1899
+
1680
1900
  <fingerprint pattern="^([^ ]+) ESMTP OpenSMTPD$">
1681
1901
  <description>OpenSMPTD</description>
1682
1902
  <example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
@@ -1686,4 +1906,5 @@
1686
1906
  <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:opensmtpd:-"/>
1687
1907
  <param pos="1" name="host.name"/>
1688
1908
  </fingerprint>
1689
- </fingerprints>
1909
+
1910
+ </fingerprints>