recog 2.3.8 → 2.3.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +6 -0
- data/CONTRIBUTING.md +136 -37
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +30 -6
- data/cpe-remap.yaml +18 -2
- data/identifiers/README.md +9 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +6 -6
- data/identifiers/os_device.txt +45 -3
- data/identifiers/os_family.txt +206 -41
- data/identifiers/os_product.txt +238 -17
- data/identifiers/service_family.txt +144 -57
- data/identifiers/service_product.txt +385 -83
- data/identifiers/vendor.txt +554 -68
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +3 -0
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +41 -2
- data/xml/architecture.xml +11 -3
- data/xml/dns_versionbind.xml +191 -15
- data/xml/favicons.xml +1701 -0
- data/xml/ftp_banners.xml +250 -18
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1278 -25
- data/xml/http_cookies.xml +64 -9
- data/xml/http_servers.xml +1013 -96
- data/xml/http_wwwauth.xml +141 -26
- data/xml/imap_banners.xml +62 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +175 -2
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +134 -7
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +80 -4
- data/xml/operating_system.xml +89 -3
- data/xml/pop_banners.xml +87 -33
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +22 -2
- data/xml/sip_banners.xml +35 -4
- data/xml/sip_user_agents.xml +29 -2
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +79 -2
- data/xml/smtp_banners.xml +230 -9
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +733 -25
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +182 -8
- data/xml/telnet_banners.xml +493 -22
- data/xml/x11_banners.xml +26 -3
- data/xml/x509_issuers.xml +30 -6
- data/xml/x509_subjects.xml +200 -31
- metadata +8 -2
data/xml/smtp_banners.xml
CHANGED
@@ -1,9 +1,8 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="smtp.banner" protocol="smtp" database_type="service" preference="0.20">
|
3
3
|
<!--
|
4
4
|
SMTP greeting lines (part of the banner after the response code) are matched
|
5
5
|
against these patterns (1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
This is always done in addition to the patterns in other smtp_*.xml files.
|
8
7
|
These XML files are used in this order:
|
9
8
|
smtp_banners.xml
|
@@ -16,13 +15,12 @@
|
|
16
15
|
smtp_turn.xml
|
17
16
|
smtp_rset.xml
|
18
17
|
smtp_quit.xml
|
19
|
-
|
20
18
|
The system or service fingerprint with the highest certainty overwrites the others.
|
21
|
-
|
22
19
|
'preference' notes: This value has been impacted by the poor quality of the 'Cisco PIX' match.
|
23
20
|
Additionally, the 'preference' value for the other databases mentioned above has been set so
|
24
21
|
as to implement their preference as described.
|
25
22
|
-->
|
23
|
+
|
26
24
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
|
27
25
|
<description>IMail - EVAL version</description>
|
28
26
|
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
@@ -34,6 +32,7 @@
|
|
34
32
|
<param pos="1" name="host.name"/>
|
35
33
|
<param pos="0" name="imail.eval" value="yes"/>
|
36
34
|
</fingerprint>
|
35
|
+
|
37
36
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
|
38
37
|
<description>IMail - non-EVAL version</description>
|
39
38
|
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
@@ -44,6 +43,7 @@
|
|
44
43
|
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:{service.version}"/>
|
45
44
|
<param pos="1" name="host.name"/>
|
46
45
|
</fingerprint>
|
46
|
+
|
47
47
|
<fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
|
48
48
|
<description>IMail - non-EVAL version, NT-ESMTP at end</description>
|
49
49
|
<example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
@@ -54,6 +54,7 @@
|
|
54
54
|
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:{service.version}"/>
|
55
55
|
<param pos="1" name="host.name"/>
|
56
56
|
</fingerprint>
|
57
|
+
|
57
58
|
<fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
|
58
59
|
<description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
|
59
60
|
<example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
|
@@ -64,6 +65,7 @@
|
|
64
65
|
<param pos="0" name="service.cpe23" value="cpe:/a:analogx:proxy:{service.version}"/>
|
65
66
|
<param pos="1" name="host.name"/>
|
66
67
|
</fingerprint>
|
68
|
+
|
67
69
|
<fingerprint pattern="^ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
68
70
|
<description>ArGoSoft Mail Server</description>
|
69
71
|
<example service.version="1.4.0.7">ArGoSoft Mail Server, Version 1.4 (1.4.0.7)</example>
|
@@ -76,6 +78,7 @@
|
|
76
78
|
<param pos="0" name="service.product" value="Mail Server"/>
|
77
79
|
<param pos="1" name="service.version"/>
|
78
80
|
</fingerprint>
|
81
|
+
|
79
82
|
<fingerprint pattern="^^(?:(\S+) +)?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
80
83
|
<description>ArGoSoft Mail Server - freeware version</description>
|
81
84
|
<example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
@@ -90,6 +93,7 @@
|
|
90
93
|
<param pos="2" name="service.version"/>
|
91
94
|
<param pos="1" name="host.name"/>
|
92
95
|
</fingerprint>
|
96
|
+
|
93
97
|
<fingerprint pattern="^(?:(\S+) +)?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
94
98
|
<description>ArGoSoft Mail Server - Pro version</description>
|
95
99
|
<example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
|
@@ -105,6 +109,7 @@
|
|
105
109
|
<param pos="1" name="host.name"/>
|
106
110
|
<param pos="2" name="service.version"/>
|
107
111
|
</fingerprint>
|
112
|
+
|
108
113
|
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
|
109
114
|
<description>AppleShare IP Mail Server</description>
|
110
115
|
<example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
@@ -115,6 +120,7 @@
|
|
115
120
|
<param pos="1" name="host.name"/>
|
116
121
|
<param pos="2" name="service.version"/>
|
117
122
|
</fingerprint>
|
123
|
+
|
118
124
|
<fingerprint pattern="^CheckPoint FireWall-1 secure E?SMTP server *$">
|
119
125
|
<description>CheckPoint FireWall-1</description>
|
120
126
|
<example>CheckPoint FireWall-1 secure SMTP server</example>
|
@@ -124,6 +130,7 @@
|
|
124
130
|
<param pos="0" name="service.product" value="Firewall-1"/>
|
125
131
|
<param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
|
126
132
|
</fingerprint>
|
133
|
+
|
127
134
|
<fingerprint pattern="^SMTP/cmap ready_+$">
|
128
135
|
<description>Cisco Pix v4.x</description>
|
129
136
|
<example>SMTP/cmap ready________________________________________________________________________</example>
|
@@ -133,6 +140,7 @@
|
|
133
140
|
<param pos="0" name="os.version" value="4"/>
|
134
141
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:4"/>
|
135
142
|
</fingerprint>
|
143
|
+
|
136
144
|
<fingerprint pattern="CCProxy (\S+) SMTP Service Ready(?:\(Unregistered\))?$">
|
137
145
|
<description>Youngzsoft CCProxy SMTP</description>
|
138
146
|
<example service.version="7.3">CCProxy 7.3 SMTP Service Ready(Unregistered)</example>
|
@@ -141,16 +149,16 @@
|
|
141
149
|
<param pos="0" name="service.product" value="CCProxy"/>
|
142
150
|
<param pos="1" name="service.version"/>
|
143
151
|
</fingerprint>
|
152
|
+
|
144
153
|
<!--
|
145
154
|
Cisco PIX sits between an internal SMTP server and the rest of the world.
|
146
|
-
|
147
155
|
Its MailGuard feature strips all information out of the 220 header except for the ' ' (space), '2' (digit two),
|
148
156
|
and '0' (digit zero) characters, replacing them with asterisks. While this effectively
|
149
157
|
hides the back-end SMTP server, it does tell us that they are running Cisco PIX firewall
|
150
158
|
(at least for SMTP, and possibly other services as well).
|
151
|
-
|
152
159
|
Search Cisco's documentation for "fixup protocol SMTP" for more information.
|
153
160
|
-->
|
161
|
+
|
154
162
|
<fingerprint pattern="^[\*20 ]+$">
|
155
163
|
<description>Cisco PIX firewall MailGuard banner stripping</description>
|
156
164
|
<example os.product="PIX">***************************</example>
|
@@ -159,6 +167,7 @@
|
|
159
167
|
<param pos="0" name="os.product" value="PIX"/>
|
160
168
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
161
169
|
</fingerprint>
|
170
|
+
|
162
171
|
<fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
|
163
172
|
<description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
|
164
173
|
<param pos="0" name="service.vendor" value="Critical Path"/>
|
@@ -170,6 +179,7 @@
|
|
170
179
|
<param pos="4" name="service.version.version.version"/>
|
171
180
|
<param pos="5" name="service.version.version.version.version"/>
|
172
181
|
</fingerprint>
|
182
|
+
|
173
183
|
<fingerprint pattern="^CSM Internet Mail Scanner SMTP-Gateway ready?\. *$">
|
174
184
|
<description>CSM Internet Mail Scanner SMTP Proxy</description>
|
175
185
|
<example>CSM Internet Mail Scanner SMTP-Gateway ready.</example>
|
@@ -178,6 +188,7 @@
|
|
178
188
|
<param pos="0" name="service.family" value="Internet Mail Scanner"/>
|
179
189
|
<param pos="0" name="service.product" value="Internet Mail Scanner"/>
|
180
190
|
</fingerprint>
|
191
|
+
|
181
192
|
<fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
|
182
193
|
<description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
|
183
194
|
<example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
|
@@ -187,6 +198,7 @@
|
|
187
198
|
<param pos="1" name="host.name"/>
|
188
199
|
<param pos="2" name="service.version"/>
|
189
200
|
</fingerprint>
|
201
|
+
|
190
202
|
<fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
|
191
203
|
<description>Eudora Internet Mail Server</description>
|
192
204
|
<example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
|
@@ -201,6 +213,7 @@
|
|
201
213
|
<param pos="1" name="host.name"/>
|
202
214
|
<param pos="2" name="service.version"/>
|
203
215
|
</fingerprint>
|
216
|
+
|
204
217
|
<fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
|
205
218
|
<description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
206
219
|
<example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
|
@@ -215,6 +228,7 @@
|
|
215
228
|
<param pos="0" name="os.product" value="Windows"/>
|
216
229
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
217
230
|
</fingerprint>
|
231
|
+
|
218
232
|
<fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
|
219
233
|
<description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
220
234
|
<example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
|
@@ -229,6 +243,7 @@
|
|
229
243
|
<param pos="0" name="os.product" value="Windows"/>
|
230
244
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
231
245
|
</fingerprint>
|
246
|
+
|
232
247
|
<fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
|
233
248
|
<description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
234
249
|
<example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
@@ -242,6 +257,7 @@
|
|
242
257
|
<param pos="0" name="os.product" value="Windows"/>
|
243
258
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
244
259
|
</fingerprint>
|
260
|
+
|
245
261
|
<fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
|
246
262
|
<description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
|
247
263
|
<example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
@@ -258,6 +274,7 @@
|
|
258
274
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
259
275
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
260
276
|
</fingerprint>
|
277
|
+
|
261
278
|
<fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
|
262
279
|
<description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
|
263
280
|
<example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
@@ -274,6 +291,7 @@
|
|
274
291
|
<param pos="0" name="os.product" value="Windows Server 2019"/>
|
275
292
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
|
276
293
|
</fingerprint>
|
294
|
+
|
277
295
|
<fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
|
278
296
|
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
|
279
297
|
<example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
|
@@ -290,6 +308,7 @@
|
|
290
308
|
<param pos="0" name="os.product" value="Windows"/>
|
291
309
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
292
310
|
</fingerprint>
|
311
|
+
|
293
312
|
<fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
|
294
313
|
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
|
295
314
|
<example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
|
@@ -310,6 +329,7 @@
|
|
310
329
|
<param pos="0" name="os.product" value="Windows"/>
|
311
330
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
312
331
|
</fingerprint>
|
332
|
+
|
313
333
|
<fingerprint pattern="^ESMTP Exim$">
|
314
334
|
<description>Exim - without version string or hostname</description>
|
315
335
|
<example>ESMTP Exim</example>
|
@@ -318,6 +338,7 @@
|
|
318
338
|
<param pos="0" name="service.product" value="exim"/>
|
319
339
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
320
340
|
</fingerprint>
|
341
|
+
|
321
342
|
<fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP \(?(?i:Exim) +(\d+\.[\d_.bRC-]+)\)?(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
|
322
343
|
<description>Exim - with version string and optional timestamp</description>
|
323
344
|
<example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
|
@@ -339,6 +360,7 @@
|
|
339
360
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
|
340
361
|
<param pos="3" name="system.time"/>
|
341
362
|
</fingerprint>
|
363
|
+
|
342
364
|
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
343
365
|
<description>Exim - with digit only version string and optional timestamp</description>
|
344
366
|
<example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
@@ -351,6 +373,7 @@
|
|
351
373
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
|
352
374
|
<param pos="3" name="system.time"/>
|
353
375
|
</fingerprint>
|
376
|
+
|
354
377
|
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
355
378
|
<description>Exim - with version string and optional timestamp (Ubuntu)</description>
|
356
379
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
@@ -367,6 +390,7 @@
|
|
367
390
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
|
368
391
|
<param pos="3" name="system.time"/>
|
369
392
|
</fingerprint>
|
393
|
+
|
370
394
|
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
371
395
|
<description>Exim - without version string and with optional timestamp</description>
|
372
396
|
<example host.name="foo.bar">foo.bar ESMTP Exim</example>
|
@@ -380,6 +404,7 @@
|
|
380
404
|
<param pos="1" name="host.name"/>
|
381
405
|
<param pos="2" name="system.time"/>
|
382
406
|
</fingerprint>
|
407
|
+
|
383
408
|
<fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
384
409
|
<description>Exim - without hostname</description>
|
385
410
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
|
@@ -393,6 +418,7 @@
|
|
393
418
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:{service.version}"/>
|
394
419
|
<param pos="2" name="system.time"/>
|
395
420
|
</fingerprint>
|
421
|
+
|
396
422
|
<fingerprint pattern="^ ?([^, ]+) Exim ESMTP Service ready$">
|
397
423
|
<description>Exim - with hostname </description>
|
398
424
|
<example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
|
@@ -402,6 +428,7 @@
|
|
402
428
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
403
429
|
<param pos="1" name="host.name"/>
|
404
430
|
</fingerprint>
|
431
|
+
|
405
432
|
<fingerprint pattern="^([^ ]+) FTGate server ready .*$">
|
406
433
|
<description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
|
407
434
|
<example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
|
@@ -410,6 +437,7 @@
|
|
410
437
|
<param pos="0" name="service.product" value="FTGate"/>
|
411
438
|
<param pos="1" name="host.name"/>
|
412
439
|
</fingerprint>
|
440
|
+
|
413
441
|
<fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
|
414
442
|
<description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
|
415
443
|
<example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
|
@@ -418,6 +446,7 @@
|
|
418
446
|
<param pos="0" name="service.product" value="FWTK"/>
|
419
447
|
<param pos="1" name="host.name"/>
|
420
448
|
</fingerprint>
|
449
|
+
|
421
450
|
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
422
451
|
<description>Novell GroupWise Internet Agent - versions 5 and higher</description>
|
423
452
|
<example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
@@ -428,6 +457,7 @@
|
|
428
457
|
<param pos="2" name="service.version"/>
|
429
458
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
430
459
|
</fingerprint>
|
460
|
+
|
431
461
|
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
|
432
462
|
<description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
|
433
463
|
<example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
@@ -439,6 +469,7 @@
|
|
439
469
|
<param pos="2" name="service.version"/>
|
440
470
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
441
471
|
</fingerprint>
|
472
|
+
|
442
473
|
<fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
443
474
|
<description>Novell GroupWise - versions below 5</description>
|
444
475
|
<example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
|
@@ -450,6 +481,7 @@
|
|
450
481
|
<param pos="3" name="service.version.version"/>
|
451
482
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
452
483
|
</fingerprint>
|
484
|
+
|
453
485
|
<fingerprint pattern="^([^ ]+) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
|
454
486
|
<description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
|
455
487
|
<example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
|
@@ -463,6 +495,7 @@
|
|
463
495
|
<param pos="2" name="service.version"/>
|
464
496
|
<param pos="3" name="system.time"/>
|
465
497
|
</fingerprint>
|
498
|
+
|
466
499
|
<fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
|
467
500
|
<description>
|
468
501
|
Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
|
@@ -475,6 +508,7 @@
|
|
475
508
|
<param pos="0" name="service.product" value="IntraStore"/>
|
476
509
|
<param pos="1" name="host.name"/>
|
477
510
|
</fingerprint>
|
511
|
+
|
478
512
|
<fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
|
479
513
|
<description>JAMES SMTP Server</description>
|
480
514
|
<example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
|
@@ -486,6 +520,7 @@
|
|
486
520
|
<param pos="3" name="system.time"/>
|
487
521
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
488
522
|
</fingerprint>
|
523
|
+
|
489
524
|
<fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: ([\d.]+)$">
|
490
525
|
<description>MailEnable - Simple</description>
|
491
526
|
<example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
|
@@ -500,7 +535,9 @@
|
|
500
535
|
<param pos="2" name="service.version"/>
|
501
536
|
<param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:{service.version}"/>
|
502
537
|
</fingerprint>
|
538
|
+
|
503
539
|
<!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
|
540
|
+
|
504
541
|
<fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
|
505
542
|
<description>MailEnable - Complex</description>
|
506
543
|
<example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
|
@@ -520,6 +557,7 @@
|
|
520
557
|
<param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:{service.version}"/>
|
521
558
|
<param pos="3" name="system.time"/>
|
522
559
|
</fingerprint>
|
560
|
+
|
523
561
|
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
524
562
|
<description>Mail Max</description>
|
525
563
|
<example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
|
@@ -532,6 +570,7 @@
|
|
532
570
|
<param pos="2" name="service.version"/>
|
533
571
|
<param pos="3" name="system.time"/>
|
534
572
|
</fingerprint>
|
573
|
+
|
535
574
|
<fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
536
575
|
<description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
|
537
576
|
<example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
|
@@ -542,6 +581,7 @@
|
|
542
581
|
<param pos="1" name="host.name"/>
|
543
582
|
<param pos="2" name="service.version"/>
|
544
583
|
</fingerprint>
|
584
|
+
|
545
585
|
<fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
|
546
586
|
<description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
|
547
587
|
<example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
|
@@ -550,6 +590,7 @@
|
|
550
590
|
<param pos="0" name="service.product" value="MailSite"/>
|
551
591
|
<param pos="1" name="host.name"/>
|
552
592
|
</fingerprint>
|
593
|
+
|
553
594
|
<fingerprint pattern="^ ?MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
554
595
|
<description>Rockliffe MailSite - without hostname (http://www.rockliffe.com)</description>
|
555
596
|
<example service.version="10.2.0.0"> MailSite ESMTP Receiver Version 10.2.0.0 Ready</example>
|
@@ -558,6 +599,7 @@
|
|
558
599
|
<param pos="0" name="service.product" value="MailSite"/>
|
559
600
|
<param pos="1" name="service.version"/>
|
560
601
|
</fingerprint>
|
602
|
+
|
561
603
|
<fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
|
562
604
|
<description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
|
563
605
|
<example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
|
@@ -567,6 +609,7 @@
|
|
567
609
|
<param pos="1" name="host.name"/>
|
568
610
|
<param pos="2" name="service.version"/>
|
569
611
|
</fingerprint>
|
612
|
+
|
570
613
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
571
614
|
<description>MDaemon mail server - with timestamp, unregistered</description>
|
572
615
|
<example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
@@ -585,6 +628,7 @@
|
|
585
628
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
586
629
|
<param pos="3" name="system.time"/>
|
587
630
|
</fingerprint>
|
631
|
+
|
588
632
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
589
633
|
<description>MDaemon mail server - with timestamp</description>
|
590
634
|
<example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
@@ -602,6 +646,7 @@
|
|
602
646
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
603
647
|
<param pos="3" name="system.time"/>
|
604
648
|
</fingerprint>
|
649
|
+
|
605
650
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
606
651
|
<description>MDaemon mail server - without timestamp</description>
|
607
652
|
<example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
@@ -617,6 +662,7 @@
|
|
617
662
|
<param pos="2" name="service.version"/>
|
618
663
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
619
664
|
</fingerprint>
|
665
|
+
|
620
666
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
|
621
667
|
<description>MDaemon mail server - with version revision</description>
|
622
668
|
<example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
@@ -635,6 +681,7 @@
|
|
635
681
|
<param pos="3" name="service.version.version"/>
|
636
682
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
637
683
|
</fingerprint>
|
684
|
+
|
638
685
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
|
639
686
|
<description>MDaemon mail server - with service pack</description>
|
640
687
|
<example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
|
@@ -653,6 +700,7 @@
|
|
653
700
|
<param pos="4" name="service.version.version.version"/>
|
654
701
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
655
702
|
</fingerprint>
|
703
|
+
|
656
704
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
657
705
|
<description>MDaemon mail server</description>
|
658
706
|
<example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
|
@@ -671,7 +719,9 @@
|
|
671
719
|
<param pos="5" name="service.version.version.version.version"/>
|
672
720
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
673
721
|
</fingerprint>
|
722
|
+
|
674
723
|
<!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
|
724
|
+
|
675
725
|
<fingerprint pattern="^([^ ]+) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
676
726
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
677
727
|
<example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
@@ -685,6 +735,7 @@
|
|
685
735
|
<param pos="2" name="service.version"/>
|
686
736
|
<param pos="3" name="system.time"/>
|
687
737
|
</fingerprint>
|
738
|
+
|
688
739
|
<fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
|
689
740
|
<description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
|
690
741
|
<example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
|
@@ -698,6 +749,7 @@
|
|
698
749
|
<param pos="4" name="mercur.os.info"/>
|
699
750
|
<param pos="5" name="system.time"/>
|
700
751
|
</fingerprint>
|
752
|
+
|
701
753
|
<fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
|
702
754
|
<description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
|
703
755
|
<example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
@@ -710,6 +762,7 @@
|
|
710
762
|
<param pos="1" name="host.name"/>
|
711
763
|
<param pos="2" name="service.version"/>
|
712
764
|
</fingerprint>
|
765
|
+
|
713
766
|
<fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
|
714
767
|
<description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
|
715
768
|
<example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
@@ -723,6 +776,7 @@
|
|
723
776
|
<param pos="1" name="host.name"/>
|
724
777
|
<param pos="2" name="service.version"/>
|
725
778
|
</fingerprint>
|
779
|
+
|
726
780
|
<fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
|
727
781
|
<description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
|
728
782
|
<example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
|
@@ -734,6 +788,7 @@
|
|
734
788
|
<param pos="2" name="service.version"/>
|
735
789
|
<param pos="3" name="system.time"/>
|
736
790
|
</fingerprint>
|
791
|
+
|
737
792
|
<fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
|
738
793
|
<description>Netscape Messaging Server - with patch number</description>
|
739
794
|
<example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
|
@@ -745,6 +800,7 @@
|
|
745
800
|
<param pos="3" name="service.version.version"/>
|
746
801
|
<param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
|
747
802
|
</fingerprint>
|
803
|
+
|
748
804
|
<fingerprint pattern="^([^ ]+) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
749
805
|
<description>Netscape Messaging Server - w/o patch number</description>
|
750
806
|
<example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
|
@@ -757,6 +813,7 @@
|
|
757
813
|
<param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
|
758
814
|
<param pos="3" name="system.time"/>
|
759
815
|
</fingerprint>
|
816
|
+
|
760
817
|
<fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
|
761
818
|
<description>Lotus Notes 4 SMTP MTA</description>
|
762
819
|
<example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
|
@@ -766,10 +823,12 @@
|
|
766
823
|
<param pos="0" name="service.version" value="4"/>
|
767
824
|
<param pos="1" name="host.name"/>
|
768
825
|
</fingerprint>
|
826
|
+
|
769
827
|
<!-- Branding is muddy here, IBM bought Lotus in 1995, server product wasn't
|
770
828
|
named Domino until Dec 1996 w/ v 4.5. Seems to have started being
|
771
829
|
called IBM Domino as of v9.0 on product and in banners.
|
772
830
|
-->
|
831
|
+
|
773
832
|
<fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
|
774
833
|
<description>Lotus Domino SMTP MTA</description>
|
775
834
|
<example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
|
@@ -790,6 +849,7 @@
|
|
790
849
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
|
791
850
|
<param pos="3" name="system.time"/>
|
792
851
|
</fingerprint>
|
852
|
+
|
793
853
|
<fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
|
794
854
|
<description>IBM Domino SMTP MTA</description>
|
795
855
|
<example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
|
@@ -801,8 +861,10 @@
|
|
801
861
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
802
862
|
<param pos="1" name="host.name"/>
|
803
863
|
<param pos="2" name="service.version"/>
|
864
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
|
804
865
|
<param pos="3" name="system.time"/>
|
805
866
|
</fingerprint>
|
867
|
+
|
806
868
|
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
|
807
869
|
<description>Lotus Domino (some early build)</description>
|
808
870
|
<example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
|
@@ -814,6 +876,7 @@
|
|
814
876
|
<param pos="2" name="notes.build.version"/>
|
815
877
|
<param pos="3" name="system.time"/>
|
816
878
|
</fingerprint>
|
879
|
+
|
817
880
|
<fingerprint pattern="^Lotus Notes ESMTP Server X[^ ]+\.[^ ]+ on (.+) ready at (.+)\. *$">
|
818
881
|
<description>Lotus Notes 4.x with SMTP MTA add-on</description>
|
819
882
|
<example host.name="FooBar R45 Server/Foo Bar/US" system.time="Fri, 15 Feb 2002 09:46:19 -0800">Lotus Notes ESMTP Server X1.0 on FooBar R45 Server/Foo Bar/US ready at Fri, 15 Feb 2002 09:46:19 -0800.</example>
|
@@ -824,6 +887,7 @@
|
|
824
887
|
<param pos="1" name="host.name"/>
|
825
888
|
<param pos="2" name="system.time"/>
|
826
889
|
</fingerprint>
|
890
|
+
|
827
891
|
<fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
|
828
892
|
<description>NTMail (http://www.gordano.com)</description>
|
829
893
|
<example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
|
@@ -834,6 +898,7 @@
|
|
834
898
|
<param pos="2" name="service.version"/>
|
835
899
|
<param pos="3" name="ntmail.id"/>
|
836
900
|
</fingerprint>
|
901
|
+
|
837
902
|
<fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
|
838
903
|
<description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
|
839
904
|
<example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
|
@@ -846,6 +911,7 @@
|
|
846
911
|
<param pos="3" name="ntmail.id"/>
|
847
912
|
<param pos="4" name="system.time"/>
|
848
913
|
</fingerprint>
|
914
|
+
|
849
915
|
<fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
|
850
916
|
<description>Some unknown mail server on OpenVMS</description>
|
851
917
|
<example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
|
@@ -860,6 +926,7 @@
|
|
860
926
|
<param pos="3" name="os.arch"/>
|
861
927
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
|
862
928
|
</fingerprint>
|
929
|
+
|
863
930
|
<fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
|
864
931
|
<description>A.K.I PMail</description>
|
865
932
|
<example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
|
@@ -871,95 +938,126 @@
|
|
871
938
|
<param pos="2" name="service.version"/>
|
872
939
|
<param pos="3" name="system.time"/>
|
873
940
|
</fingerprint>
|
941
|
+
|
874
942
|
<fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
|
875
943
|
<description>Postfix - version + build, followed by os</description>
|
944
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
876
945
|
<param pos="0" name="service.family" value="Postfix"/>
|
877
946
|
<param pos="0" name="service.product" value="Postfix"/>
|
878
947
|
<param pos="1" name="host.name"/>
|
879
948
|
<param pos="2" name="service.version"/>
|
880
949
|
<param pos="3" name="service.version.version"/>
|
950
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
881
951
|
<param pos="4" name="postfix.os.info"/>
|
882
952
|
</fingerprint>
|
953
|
+
|
883
954
|
<fingerprint pattern="^([^ ]+) ESMTP Postfix \(?([\d.]+)\)?$">
|
884
955
|
<description>Postfix - Std semantic versioning, w/ optional parens</description>
|
885
956
|
<example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
|
886
957
|
<example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
|
958
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
887
959
|
<param pos="0" name="service.family" value="Postfix"/>
|
888
960
|
<param pos="0" name="service.product" value="Postfix"/>
|
889
961
|
<param pos="1" name="host.name"/>
|
890
962
|
<param pos="2" name="service.version"/>
|
963
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
891
964
|
</fingerprint>
|
965
|
+
|
892
966
|
<fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
|
893
967
|
<description>Postfix - version + build</description>
|
894
968
|
<example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
|
969
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
895
970
|
<param pos="0" name="service.family" value="Postfix"/>
|
896
971
|
<param pos="0" name="service.product" value="Postfix"/>
|
897
972
|
<param pos="1" name="host.name"/>
|
898
973
|
<param pos="2" name="service.version"/>
|
899
974
|
<param pos="3" name="service.version.version"/>
|
975
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
900
976
|
</fingerprint>
|
977
|
+
|
901
978
|
<fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
|
902
979
|
<description>Postfix - Ubuntu</description>
|
903
980
|
<example>foo.bar ESMTP Postfix (Ubuntu)</example>
|
981
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
904
982
|
<param pos="0" name="service.family" value="Postfix"/>
|
905
983
|
<param pos="0" name="service.product" value="Postfix"/>
|
984
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
906
985
|
<param pos="1" name="host.name"/>
|
907
986
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
908
987
|
<param pos="0" name="os.family" value="Linux"/>
|
909
988
|
<param pos="0" name="os.product" value="Linux"/>
|
910
989
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
911
990
|
</fingerprint>
|
991
|
+
|
912
992
|
<fingerprint pattern="^([^ ]+)(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
|
913
993
|
<description>Postfix - Ubuntu, Mail-in-a-Box package</description>
|
914
994
|
<example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
915
995
|
<example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
996
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
916
997
|
<param pos="0" name="service.family" value="Postfix"/>
|
917
998
|
<param pos="0" name="service.product" value="Postfix"/>
|
999
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
918
1000
|
<param pos="1" name="host.name"/>
|
919
1001
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
920
1002
|
<param pos="0" name="os.family" value="Linux"/>
|
921
1003
|
<param pos="0" name="os.product" value="Linux"/>
|
922
1004
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
923
1005
|
</fingerprint>
|
1006
|
+
|
924
1007
|
<fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
|
925
1008
|
<description>Postfix - Debian</description>
|
926
1009
|
<example>foo.bar ESMTP Postfix (Debian/GNU)</example>
|
1010
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
927
1011
|
<param pos="0" name="service.family" value="Postfix"/>
|
928
1012
|
<param pos="0" name="service.product" value="Postfix"/>
|
1013
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
929
1014
|
<param pos="1" name="host.name"/>
|
930
1015
|
<param pos="0" name="os.vendor" value="Debian"/>
|
931
1016
|
<param pos="0" name="os.family" value="Linux"/>
|
932
1017
|
<param pos="0" name="os.product" value="Linux"/>
|
933
1018
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
934
1019
|
</fingerprint>
|
1020
|
+
|
935
1021
|
<fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
|
936
1022
|
<description>Postfix - generic banner with amusing comments in parentheses</description>
|
937
1023
|
<example>foo.bar ESMTP Postfix (lol)</example>
|
1024
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
938
1025
|
<param pos="0" name="service.family" value="Postfix"/>
|
939
1026
|
<param pos="0" name="service.product" value="Postfix"/>
|
1027
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
940
1028
|
<param pos="1" name="host.name"/>
|
941
1029
|
</fingerprint>
|
1030
|
+
|
942
1031
|
<fingerprint pattern="^(?i)([^ ]+) +E?SMTP.* Postfix *$">
|
943
1032
|
<description>Postfix - generic banner</description>
|
944
1033
|
<example>foo.bar ESMTP Postfix</example>
|
945
1034
|
<example>foo.bar SMTP Postfix</example>
|
1035
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
946
1036
|
<param pos="0" name="service.family" value="Postfix"/>
|
947
1037
|
<param pos="0" name="service.product" value="Postfix"/>
|
1038
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
948
1039
|
<param pos="1" name="host.name"/>
|
949
1040
|
</fingerprint>
|
1041
|
+
|
950
1042
|
<fingerprint pattern="^ *ESMTP Postfix$">
|
951
1043
|
<description>Postfix - banner without hostname or version</description>
|
952
1044
|
<example>ESMTP Postfix</example>
|
1045
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
953
1046
|
<param pos="0" name="service.family" value="Postfix"/>
|
954
1047
|
<param pos="0" name="service.product" value="Postfix"/>
|
1048
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
955
1049
|
</fingerprint>
|
1050
|
+
|
956
1051
|
<fingerprint pattern="^(?i)([^ ]+) POSTFIX$">
|
957
1052
|
<description>Postfix - generic w/o ESMTP</description>
|
958
1053
|
<example host.name="foo.bar">foo.bar Postfix</example>
|
1054
|
+
<param pos="0" name="service.vendor" value="Postfix"/>
|
959
1055
|
<param pos="0" name="service.family" value="Postfix"/>
|
960
1056
|
<param pos="0" name="service.product" value="Postfix"/>
|
1057
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
961
1058
|
<param pos="1" name="host.name"/>
|
962
1059
|
</fingerprint>
|
1060
|
+
|
963
1061
|
<fingerprint pattern="^([^ ]+) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
|
964
1062
|
<description>Post.Office</description>
|
965
1063
|
<example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
|
@@ -973,12 +1071,14 @@
|
|
973
1071
|
<param pos="4" name="postoffice.id"/>
|
974
1072
|
<param pos="5" name="system.time"/>
|
975
1073
|
</fingerprint>
|
1074
|
+
|
976
1075
|
<fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
|
977
1076
|
<description>Raptor Firewall (low confidence)</description>
|
978
1077
|
<example host.name="foo.bar">foo.bar Generic SMTP handler</example>
|
979
1078
|
<param pos="0" name="service.product" value="raptor"/>
|
980
1079
|
<param pos="1" name="host.name"/>
|
981
1080
|
</fingerprint>
|
1081
|
+
|
982
1082
|
<fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
|
983
1083
|
<description>SAP SMTP Server</description>
|
984
1084
|
<example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
|
@@ -987,15 +1087,20 @@
|
|
987
1087
|
<param pos="2" name="service.version"/>
|
988
1088
|
<param pos="1" name="host.name"/>
|
989
1089
|
</fingerprint>
|
1090
|
+
|
990
1091
|
<fingerprint pattern="^Sendmail ESMTP ready$">
|
991
1092
|
<description>Sendmail - short banner w/o hostname, version, platform, or date.</description>
|
992
1093
|
<example>Sendmail ESMTP ready</example>
|
1094
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
993
1095
|
<param pos="0" name="service.family" value="Sendmail"/>
|
994
1096
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1097
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
|
995
1098
|
</fingerprint>
|
1099
|
+
|
996
1100
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
|
997
1101
|
<description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
|
998
1102
|
<example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
1103
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
999
1104
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1000
1105
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1001
1106
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1005,13 +1110,16 @@
|
|
1005
1110
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1006
1111
|
<param pos="1" name="host.name"/>
|
1007
1112
|
<param pos="2" name="service.version"/>
|
1113
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1008
1114
|
<param pos="3" name="sendmail.hpux.phne.version"/>
|
1009
1115
|
<param pos="4" name="sendmail.config.version"/>
|
1010
1116
|
<param pos="5" name="system.time"/>
|
1011
1117
|
</fingerprint>
|
1118
|
+
|
1012
1119
|
<fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
|
1013
1120
|
<description>Sendmail - HP-UX</description>
|
1014
1121
|
<example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
1122
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1015
1123
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1016
1124
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1017
1125
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1022,11 +1130,14 @@
|
|
1022
1130
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
|
1023
1131
|
<param pos="1" name="host.name"/>
|
1024
1132
|
<param pos="2" name="service.version"/>
|
1133
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1025
1134
|
<param pos="4" name="system.time"/>
|
1026
1135
|
</fingerprint>
|
1136
|
+
|
1027
1137
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
|
1028
1138
|
<description>Sendmail - Unixware</description>
|
1029
1139
|
<example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
1140
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1030
1141
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1031
1142
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1032
1143
|
<param pos="0" name="os.vendor" value="SCO"/>
|
@@ -1035,12 +1146,15 @@
|
|
1035
1146
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1036
1147
|
<param pos="1" name="host.name"/>
|
1037
1148
|
<param pos="2" name="service.version"/>
|
1149
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1038
1150
|
<param pos="3" name="os.version"/>
|
1039
1151
|
<param pos="4" name="system.time"/>
|
1040
1152
|
</fingerprint>
|
1153
|
+
|
1041
1154
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
|
1042
1155
|
<description>Sendmail - AIX (UCB variant)</description>
|
1043
1156
|
<example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1157
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1044
1158
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1045
1159
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1046
1160
|
<param pos="0" name="os.vendor" value="IBM"/>
|
@@ -1051,11 +1165,14 @@
|
|
1051
1165
|
<param pos="2" name="os.version"/>
|
1052
1166
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
|
1053
1167
|
<param pos="3" name="service.version"/>
|
1168
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1054
1169
|
<param pos="4" name="system.time"/>
|
1055
1170
|
</fingerprint>
|
1171
|
+
|
1056
1172
|
<fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
|
1057
1173
|
<description>Sendmail - AIX (UCB/ready at variant)</description>
|
1058
1174
|
<example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
1175
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1059
1176
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1060
1177
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1061
1178
|
<param pos="0" name="os.vendor" value="IBM"/>
|
@@ -1066,13 +1183,16 @@
|
|
1066
1183
|
<param pos="2" name="os.version"/>
|
1067
1184
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
|
1068
1185
|
<param pos="3" name="service.version"/>
|
1186
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1069
1187
|
<param pos="4" name="sendmail.config.version"/>
|
1070
1188
|
<param pos="5" name="system.time"/>
|
1071
1189
|
</fingerprint>
|
1190
|
+
|
1072
1191
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
|
1073
1192
|
<description>Sendmail - AIX</description>
|
1074
1193
|
<example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1075
1194
|
<example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
1195
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1076
1196
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1077
1197
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1078
1198
|
<param pos="0" name="os.vendor" value="IBM"/>
|
@@ -1083,12 +1203,15 @@
|
|
1083
1203
|
<param pos="2" name="os.version"/>
|
1084
1204
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
|
1085
1205
|
<param pos="3" name="service.version"/>
|
1206
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1086
1207
|
<param pos="4" name="sendmail.config.version"/>
|
1087
1208
|
<param pos="5" name="system.time"/>
|
1088
1209
|
</fingerprint>
|
1210
|
+
|
1089
1211
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
|
1090
1212
|
<description>Sendmail - SuSE Linux</description>
|
1091
1213
|
<example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
1214
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1092
1215
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1093
1216
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1094
1217
|
<param pos="0" name="os.vendor" value="SuSE"/>
|
@@ -1098,13 +1221,16 @@
|
|
1098
1221
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1099
1222
|
<param pos="1" name="host.name"/>
|
1100
1223
|
<param pos="2" name="service.version"/>
|
1224
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1101
1225
|
<param pos="3" name="sendmail.config.version"/>
|
1102
1226
|
<param pos="4" name="sendmail.vendor.version"/>
|
1103
1227
|
<param pos="5" name="system.time"/>
|
1104
1228
|
</fingerprint>
|
1229
|
+
|
1105
1230
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
|
1106
1231
|
<description>Sendmail - Solaris with date (no time offeset variant)</description>
|
1107
1232
|
<example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
1233
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1108
1234
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1109
1235
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1110
1236
|
<param pos="0" name="os.vendor" value="Sun"/>
|
@@ -1114,12 +1240,15 @@
|
|
1114
1240
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
|
1115
1241
|
<param pos="1" name="host.name"/>
|
1116
1242
|
<param pos="2" name="service.version"/>
|
1243
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1117
1244
|
<param pos="3" name="sendmail.config.version"/>
|
1118
1245
|
<param pos="4" name="system.time"/>
|
1119
1246
|
</fingerprint>
|
1247
|
+
|
1120
1248
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
|
1121
1249
|
<description>Sendmail - Solaris with date (ready variant)</description>
|
1122
1250
|
<example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
1251
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1123
1252
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1124
1253
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1125
1254
|
<param pos="0" name="os.vendor" value="Sun"/>
|
@@ -1129,13 +1258,16 @@
|
|
1129
1258
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1130
1259
|
<param pos="1" name="host.name"/>
|
1131
1260
|
<param pos="2" name="service.version"/>
|
1261
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1132
1262
|
<param pos="3" name="sendmail.config.version"/>
|
1133
1263
|
<param pos="4" name="system.time"/>
|
1134
1264
|
</fingerprint>
|
1265
|
+
|
1135
1266
|
<fingerprint pattern="^([^ ]+) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
1136
1267
|
<description>Sendmail - Debian</description>
|
1137
1268
|
<example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
1138
1269
|
<example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
1270
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1139
1271
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1140
1272
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1141
1273
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1145,14 +1277,17 @@
|
|
1145
1277
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1146
1278
|
<param pos="1" name="host.name"/>
|
1147
1279
|
<param pos="2" name="service.version"/>
|
1280
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1148
1281
|
<param pos="3" name="sendmail.config.version"/>
|
1149
1282
|
<param pos="4" name="sendmail.vendor.version"/>
|
1150
1283
|
<param pos="5" name="system.time"/>
|
1151
1284
|
</fingerprint>
|
1285
|
+
|
1152
1286
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
|
1153
1287
|
<description>Sendmail - Debian 7.x (wheezy)</description>
|
1154
1288
|
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1155
1289
|
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1290
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1156
1291
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1157
1292
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1158
1293
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1163,12 +1298,15 @@
|
|
1163
1298
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1164
1299
|
<param pos="1" name="host.name"/>
|
1165
1300
|
<param pos="2" name="service.version"/>
|
1301
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1166
1302
|
<param pos="3" name="sendmail.config.version"/>
|
1167
1303
|
<param pos="4" name="system.time"/>
|
1168
1304
|
</fingerprint>
|
1305
|
+
|
1169
1306
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
|
1170
1307
|
<description>Sendmail - Debian 8.x (jessie)</description>
|
1171
1308
|
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1309
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1172
1310
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1173
1311
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1174
1312
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1179,12 +1317,15 @@
|
|
1179
1317
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1180
1318
|
<param pos="1" name="host.name"/>
|
1181
1319
|
<param pos="2" name="service.version"/>
|
1320
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1182
1321
|
<param pos="3" name="sendmail.config.version"/>
|
1183
1322
|
<param pos="4" name="system.time"/>
|
1184
1323
|
</fingerprint>
|
1324
|
+
|
1185
1325
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
|
1186
1326
|
<description>Sendmail - Debian 5.x (lenny)</description>
|
1187
1327
|
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1328
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1188
1329
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1189
1330
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1190
1331
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1195,12 +1336,15 @@
|
|
1195
1336
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1196
1337
|
<param pos="1" name="host.name"/>
|
1197
1338
|
<param pos="2" name="service.version"/>
|
1339
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1198
1340
|
<param pos="3" name="sendmail.config.version"/>
|
1199
1341
|
<param pos="4" name="system.time"/>
|
1200
1342
|
</fingerprint>
|
1343
|
+
|
1201
1344
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
|
1202
1345
|
<description>Sendmail - Debian 4.x (etch)</description>
|
1203
1346
|
<example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1347
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1204
1348
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1205
1349
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1206
1350
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1211,12 +1355,15 @@
|
|
1211
1355
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1212
1356
|
<param pos="1" name="host.name"/>
|
1213
1357
|
<param pos="2" name="service.version"/>
|
1358
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1214
1359
|
<param pos="3" name="sendmail.config.version"/>
|
1215
1360
|
<param pos="4" name="system.time"/>
|
1216
1361
|
</fingerprint>
|
1362
|
+
|
1217
1363
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
|
1218
1364
|
<description>Sendmail - Debian 3.1 (sarge)</description>
|
1219
1365
|
<example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1366
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1220
1367
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1221
1368
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1222
1369
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1227,14 +1374,17 @@
|
|
1227
1374
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1228
1375
|
<param pos="1" name="host.name"/>
|
1229
1376
|
<param pos="2" name="service.version"/>
|
1377
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1230
1378
|
<param pos="3" name="sendmail.config.version"/>
|
1231
1379
|
<param pos="4" name="system.time"/>
|
1232
1380
|
</fingerprint>
|
1381
|
+
|
1233
1382
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
|
1234
1383
|
<description>Sendmail - Debian patch only</description>
|
1235
1384
|
<example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1236
1385
|
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1237
1386
|
<example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1387
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1238
1388
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1239
1389
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1240
1390
|
<param pos="0" name="os.vendor" value="Debian"/>
|
@@ -1244,13 +1394,16 @@
|
|
1244
1394
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1245
1395
|
<param pos="1" name="host.name"/>
|
1246
1396
|
<param pos="2" name="service.version"/>
|
1397
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1247
1398
|
<param pos="3" name="sendmail.config.version"/>
|
1248
1399
|
<param pos="4" name="system.time"/>
|
1249
1400
|
</fingerprint>
|
1401
|
+
|
1250
1402
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
|
1251
1403
|
<description>Sendmail - Ubuntu</description>
|
1252
1404
|
<example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1253
1405
|
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1406
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1254
1407
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1255
1408
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1256
1409
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
@@ -1260,11 +1413,14 @@
|
|
1260
1413
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1261
1414
|
<param pos="1" name="host.name"/>
|
1262
1415
|
<param pos="2" name="service.version"/>
|
1416
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1263
1417
|
<param pos="3" name="system.time"/>
|
1264
1418
|
</fingerprint>
|
1419
|
+
|
1265
1420
|
<fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
|
1266
1421
|
<description>Sendmail - Solaris (SMI variant)</description>
|
1267
1422
|
<example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
1423
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1268
1424
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1269
1425
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1270
1426
|
<param pos="0" name="os.vendor" value="Sun"/>
|
@@ -1274,12 +1430,15 @@
|
|
1274
1430
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1275
1431
|
<param pos="1" name="host.name"/>
|
1276
1432
|
<param pos="2" name="service.version"/>
|
1433
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1277
1434
|
<param pos="3" name="sendmail.config.version"/>
|
1278
1435
|
<param pos="4" name="system.time"/>
|
1279
1436
|
</fingerprint>
|
1437
|
+
|
1280
1438
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
|
1281
1439
|
<description>Sendmail - unknown platform (linuxconf variant)</description>
|
1282
1440
|
<example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
1441
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1283
1442
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1284
1443
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1285
1444
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -1287,9 +1446,11 @@
|
|
1287
1446
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1288
1447
|
<param pos="1" name="host.name"/>
|
1289
1448
|
<param pos="2" name="service.version"/>
|
1449
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1290
1450
|
<param pos="3" name="sendmail.config.version"/>
|
1291
1451
|
<param pos="4" name="system.time"/>
|
1292
1452
|
</fingerprint>
|
1453
|
+
|
1293
1454
|
<fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
|
1294
1455
|
<description>Sendmail - MetaInfo</description>
|
1295
1456
|
<example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
@@ -1308,6 +1469,7 @@
|
|
1308
1469
|
<param pos="5" name="sendmail.config.version"/>
|
1309
1470
|
<param pos="6" name="system.time"/>
|
1310
1471
|
</fingerprint>
|
1472
|
+
|
1311
1473
|
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
1312
1474
|
<description>Sendmail - optional timezone and timestamp, w/o OS</description>
|
1313
1475
|
<example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
|
@@ -1316,53 +1478,68 @@
|
|
1316
1478
|
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1317
1479
|
<example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
1318
1480
|
<example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
1481
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1319
1482
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1320
1483
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1321
1484
|
<param pos="1" name="host.name"/>
|
1322
1485
|
<param pos="2" name="service.version"/>
|
1486
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1323
1487
|
<param pos="3" name="sendmail.config.version"/>
|
1324
1488
|
<param pos="4" name="system.time"/>
|
1325
1489
|
</fingerprint>
|
1490
|
+
|
1326
1491
|
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
|
1327
1492
|
<description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
|
1328
1493
|
<example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
|
1494
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1329
1495
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1330
1496
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
|
1331
1497
|
<param pos="1" name="host.name"/>
|
1332
1498
|
<param pos="2" name="service.version"/>
|
1499
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1333
1500
|
<param pos="3" name="sendmail.config.version"/>
|
1334
1501
|
<param pos="4" name="system.time"/>
|
1335
1502
|
</fingerprint>
|
1503
|
+
|
1336
1504
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
|
1337
1505
|
<description>Sendmail - with version and date (optional timezone), w/o config version</description>
|
1338
1506
|
<example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
|
1507
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1339
1508
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1340
1509
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1341
1510
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1342
1511
|
<param pos="1" name="host.name"/>
|
1343
1512
|
<param pos="2" name="service.version"/>
|
1513
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1344
1514
|
<param pos="3" name="system.time"/>
|
1345
1515
|
</fingerprint>
|
1516
|
+
|
1346
1517
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
1347
1518
|
<description>Sendmail - revision variant 1</description>
|
1348
1519
|
<example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
1520
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1349
1521
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1350
1522
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1351
1523
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1352
1524
|
<param pos="1" name="host.name"/>
|
1353
1525
|
<param pos="2" name="service.version"/>
|
1526
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1354
1527
|
<param pos="3" name="system.time"/>
|
1355
1528
|
</fingerprint>
|
1529
|
+
|
1356
1530
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
1357
1531
|
<description>Sendmail - revision variant 2</description>
|
1358
1532
|
<example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
1533
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1359
1534
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1360
1535
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1361
1536
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1362
1537
|
<param pos="1" name="host.name"/>
|
1363
1538
|
<param pos="2" name="service.version"/>
|
1539
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1364
1540
|
<param pos="3" name="system.time"/>
|
1365
1541
|
</fingerprint>
|
1542
|
+
|
1366
1543
|
<fingerprint pattern="^(?i)([^ ]+) +(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
1367
1544
|
<description>Sendmail - with date, w/o version or platform, optional status string.</description>
|
1368
1545
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
@@ -1374,50 +1551,66 @@
|
|
1374
1551
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
|
1375
1552
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
|
1376
1553
|
<example host.name="foo.bar">foo.bar Sendmail ready. </example>
|
1554
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1377
1555
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1378
1556
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1557
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
|
1379
1558
|
<param pos="1" name="host.name"/>
|
1380
1559
|
<param pos="2" name="system.time"/>
|
1381
1560
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1382
1561
|
</fingerprint>
|
1562
|
+
|
1383
1563
|
<fingerprint pattern="^ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
|
1384
1564
|
<description>Sendmail - with version and date, w/o hostname or platform (semicolon variant)</description>
|
1385
1565
|
<example service.version="8.13.1" sendmail.config.version="8.13.1" system.time="Thu, 30 Nov 2017 01:58:22 -0700">ESMTP Sendmail 8.13.1/8.13.1; Thu, 30 Nov 2017 01:58:22 -0700</example>
|
1566
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1386
1567
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1387
1568
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1388
1569
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1389
1570
|
<param pos="1" name="service.version"/>
|
1571
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1390
1572
|
<param pos="2" name="sendmail.config.version"/>
|
1391
1573
|
<param pos="3" name="system.time"/>
|
1392
1574
|
</fingerprint>
|
1575
|
+
|
1393
1576
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
|
1394
1577
|
<description>Sendmail - unknown (date in version string variant)</description>
|
1395
1578
|
<example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
1579
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1396
1580
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1397
1581
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1398
1582
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
1399
1583
|
<param pos="1" name="host.name"/>
|
1400
1584
|
<param pos="2" name="service.version"/>
|
1585
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1401
1586
|
<param pos="3" name="system.time"/>
|
1402
1587
|
</fingerprint>
|
1588
|
+
|
1403
1589
|
<!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
|
1590
|
+
|
1404
1591
|
<fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
|
1405
1592
|
<description>Sendmail - unknown platform, variant 1</description>
|
1593
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1406
1594
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1407
1595
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1408
1596
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
|
1409
1597
|
<param pos="1" name="host.name"/>
|
1410
1598
|
<param pos="2" name="service.version"/>
|
1599
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1411
1600
|
<param pos="3" name="system.time"/>
|
1412
1601
|
</fingerprint>
|
1602
|
+
|
1413
1603
|
<fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
|
1414
1604
|
<description>Sendmail - basic with version and date</description>
|
1605
|
+
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1415
1606
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1416
1607
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1417
1608
|
<param pos="1" name="service.version"/>
|
1609
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
|
1418
1610
|
<param pos="2" name="sendmail.config.version"/>
|
1419
1611
|
<param pos="3" name="host.name"/>
|
1420
1612
|
</fingerprint>
|
1613
|
+
|
1421
1614
|
<fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
|
1422
1615
|
<description>Sun Internet Mail Server</description>
|
1423
1616
|
<example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
|
@@ -1431,6 +1624,7 @@
|
|
1431
1624
|
<param pos="1" name="host.name"/>
|
1432
1625
|
<param pos="2" name="service.version"/>
|
1433
1626
|
</fingerprint>
|
1627
|
+
|
1434
1628
|
<fingerprint pattern="^(?:2.0.0 )?([^ ]+) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
1435
1629
|
<description>Ecelerity</description>
|
1436
1630
|
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
|
@@ -1446,6 +1640,7 @@
|
|
1446
1640
|
<param pos="3" name="service.component.version"/>
|
1447
1641
|
<param pos="4" name="system.time"/>
|
1448
1642
|
</fingerprint>
|
1643
|
+
|
1449
1644
|
<fingerprint pattern="^(?i)([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
|
1450
1645
|
<description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
|
1451
1646
|
<example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
@@ -1457,6 +1652,7 @@
|
|
1457
1652
|
<param pos="1" name="host.name"/>
|
1458
1653
|
<param pos="2" name="service.version"/>
|
1459
1654
|
</fingerprint>
|
1655
|
+
|
1460
1656
|
<fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
|
1461
1657
|
<description>Symantec Mail Security for SMTP</description>
|
1462
1658
|
<example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
|
@@ -1464,6 +1660,7 @@
|
|
1464
1660
|
<param pos="0" name="service.product" value="Symantec Mail Security for SMTP"/>
|
1465
1661
|
<param pos="1" name="host.name"/>
|
1466
1662
|
</fingerprint>
|
1663
|
+
|
1467
1664
|
<fingerprint pattern="^([^ ]+) ESMTP Symantec Messaging Gateway$">
|
1468
1665
|
<description>Symantec Mail Gateway</description>
|
1469
1666
|
<example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
|
@@ -1471,7 +1668,9 @@
|
|
1471
1668
|
<param pos="0" name="service.product" value="Symantec Messaging Gateway"/>
|
1472
1669
|
<param pos="1" name="host.name"/>
|
1473
1670
|
</fingerprint>
|
1671
|
+
|
1474
1672
|
<!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
|
1673
|
+
|
1475
1674
|
<fingerprint pattern="^(?i)([^ ]+) ESMTP SonicWALL \(([\d.]+)\)$">
|
1476
1675
|
<description>SonicWall Email Security</description>
|
1477
1676
|
<example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
|
@@ -1482,6 +1681,7 @@
|
|
1482
1681
|
<param pos="1" name="host.name"/>
|
1483
1682
|
<param pos="2" name="service.version"/>
|
1484
1683
|
</fingerprint>
|
1684
|
+
|
1485
1685
|
<fingerprint pattern="^([^ ]+) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
|
1486
1686
|
<description>PowerMTA</description>
|
1487
1687
|
<example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
|
@@ -1491,6 +1691,7 @@
|
|
1491
1691
|
<param pos="1" name="host.name"/>
|
1492
1692
|
<param pos="2" name="service.version"/>
|
1493
1693
|
</fingerprint>
|
1694
|
+
|
1494
1695
|
<fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
|
1495
1696
|
<description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
|
1496
1697
|
<example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
|
@@ -1500,6 +1701,7 @@
|
|
1500
1701
|
<param pos="1" name="host.name"/>
|
1501
1702
|
<param pos="2" name="service.version"/>
|
1502
1703
|
</fingerprint>
|
1704
|
+
|
1503
1705
|
<fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
|
1504
1706
|
<description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
|
1505
1707
|
<example>foo.bar VPOP3 ESMTP Server Ready</example>
|
@@ -1510,6 +1712,7 @@
|
|
1510
1712
|
<param pos="0" name="service.product" value="VPOP3"/>
|
1511
1713
|
<param pos="1" name="host.name"/>
|
1512
1714
|
</fingerprint>
|
1715
|
+
|
1513
1716
|
<fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) (:?[^ ]+)? ?Network Associates.*Ready at (.+) *$">
|
1514
1717
|
<description>McAfee WebShield</description>
|
1515
1718
|
<example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
@@ -1524,6 +1727,7 @@
|
|
1524
1727
|
<param pos="0" name="service.cpe23" value="cpe:/a:mcafee:webshield:{service.version}"/>
|
1525
1728
|
<param pos="4" name="system.time"/>
|
1526
1729
|
</fingerprint>
|
1730
|
+
|
1527
1731
|
<fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
|
1528
1732
|
<description>McAfee Webshield ASaP (bundled hardware / software)</description>
|
1529
1733
|
<example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
|
@@ -1539,6 +1743,7 @@
|
|
1539
1743
|
<param pos="0" name="service.cpe23" value="cpe:/a:mcafee:webshield:{service.version}"/>
|
1540
1744
|
<param pos="3" name="system.time"/>
|
1541
1745
|
</fingerprint>
|
1746
|
+
|
1542
1747
|
<fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
|
1543
1748
|
<description>McAfee VirusScreen</description>
|
1544
1749
|
<example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
|
@@ -1554,6 +1759,7 @@
|
|
1554
1759
|
<param pos="0" name="service.cpe23" value="cpe:/a:mcafee:webshield:{service.version}"/>
|
1555
1760
|
<param pos="3" name="system.time"/>
|
1556
1761
|
</fingerprint>
|
1762
|
+
|
1557
1763
|
<fingerprint pattern="^([^ ]+) ESMTP Lyris ListManager service ready$">
|
1558
1764
|
<description>Lyris ListManager</description>
|
1559
1765
|
<example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
|
@@ -1562,6 +1768,7 @@
|
|
1562
1768
|
<param pos="0" name="service.product" value="ListManager"/>
|
1563
1769
|
<param pos="1" name="host.name"/>
|
1564
1770
|
</fingerprint>
|
1771
|
+
|
1565
1772
|
<fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
|
1566
1773
|
<description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
|
1567
1774
|
<example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
|
@@ -1570,6 +1777,7 @@
|
|
1570
1777
|
<param pos="1" name="host.name"/>
|
1571
1778
|
<param pos="2" name="service.version"/>
|
1572
1779
|
</fingerprint>
|
1780
|
+
|
1573
1781
|
<fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
|
1574
1782
|
<description>WinRoute Pro w/o hostname</description>
|
1575
1783
|
<example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
|
@@ -1579,6 +1787,7 @@
|
|
1579
1787
|
<param pos="1" name="service.version"/>
|
1580
1788
|
<param pos="2" name="system.time"/>
|
1581
1789
|
</fingerprint>
|
1790
|
+
|
1582
1791
|
<fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
|
1583
1792
|
<description>ZMailer http://www.zmailer.org/technical.html</description>
|
1584
1793
|
<example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
|
@@ -1591,6 +1800,7 @@
|
|
1591
1800
|
<param pos="3" name="service.version.version"/>
|
1592
1801
|
<param pos="4" name="system.time"/>
|
1593
1802
|
</fingerprint>
|
1803
|
+
|
1594
1804
|
<fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
|
1595
1805
|
<description>ZMailer server that supports IDENT</description>
|
1596
1806
|
<example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
|
@@ -1604,6 +1814,7 @@
|
|
1604
1814
|
<param pos="3" name="service.version.version"/>
|
1605
1815
|
<param pos="4" name="system.time"/>
|
1606
1816
|
</fingerprint>
|
1817
|
+
|
1607
1818
|
<fingerprint pattern="^([^ ]+) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
|
1608
1819
|
<description>Kerio Connect ESMTP</description>
|
1609
1820
|
<example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
|
@@ -1615,17 +1826,20 @@
|
|
1615
1826
|
<param pos="2" name="service.version"/>
|
1616
1827
|
<param pos="3" name="service.version.version"/>
|
1617
1828
|
</fingerprint>
|
1829
|
+
|
1618
1830
|
<fingerprint pattern="^([^ ]+) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
|
1619
1831
|
<description>Communigate Pro</description>
|
1620
1832
|
<example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
|
1621
1833
|
<example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
|
1622
1834
|
<example host.name="foo.bar" service.version="4.3.12">foo.bar ESMTP CommuniGate Pro 4.3.12. It is you again :-(</example>
|
1623
|
-
<param pos="0" name="service.vendor" value="
|
1835
|
+
<param pos="0" name="service.vendor" value="Communigate"/>
|
1624
1836
|
<param pos="0" name="service.family" value="Pro"/>
|
1625
|
-
<param pos="0" name="service.product" value="
|
1837
|
+
<param pos="0" name="service.product" value="Communigate Pro"/>
|
1626
1838
|
<param pos="1" name="host.name"/>
|
1627
1839
|
<param pos="2" name="service.version"/>
|
1840
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
|
1628
1841
|
</fingerprint>
|
1842
|
+
|
1629
1843
|
<fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
|
1630
1844
|
<description>Twisted SMTP server</description>
|
1631
1845
|
<example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
|
@@ -1634,6 +1848,7 @@
|
|
1634
1848
|
<param pos="0" name="service.product" value="ESMTP"/>
|
1635
1849
|
<param pos="1" name="host.name"/>
|
1636
1850
|
</fingerprint>
|
1851
|
+
|
1637
1852
|
<fingerprint pattern="^Cellopoint E-mail Firewall v(\d\.[\d.]+) Build (\d+) ready$">
|
1638
1853
|
<description>Cellopoint E-mail Firewall</description>
|
1639
1854
|
<example service.version="3.9.12" service.version.version="0324">Cellopoint E-mail Firewall v3.9.12 Build 0324 ready</example>
|
@@ -1643,6 +1858,7 @@
|
|
1643
1858
|
<param pos="1" name="service.version"/>
|
1644
1859
|
<param pos="2" name="service.version.version"/>
|
1645
1860
|
</fingerprint>
|
1861
|
+
|
1646
1862
|
<fingerprint pattern="^ESMTP on WinWebMail \[(\d\.[\d.]+)\] ready\. http://www.winwebmail.com$">
|
1647
1863
|
<description>Ma Jian WinWebMail</description>
|
1648
1864
|
<example service.version="3.9.0.7">ESMTP on WinWebMail [3.9.0.7] ready. http://www.winwebmail.com</example>
|
@@ -1651,6 +1867,7 @@
|
|
1651
1867
|
<param pos="0" name="service.product" value="ESMTP"/>
|
1652
1868
|
<param pos="1" name="service.version"/>
|
1653
1869
|
</fingerprint>
|
1870
|
+
|
1654
1871
|
<fingerprint pattern="^([^ ]+) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
|
1655
1872
|
<description>Tobit Software David</description>
|
1656
1873
|
<example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
|
@@ -1660,12 +1877,14 @@
|
|
1660
1877
|
<param pos="1" name="host.name"/>
|
1661
1878
|
<param pos="2" name="service.version"/>
|
1662
1879
|
</fingerprint>
|
1880
|
+
|
1663
1881
|
<fingerprint pattern="^(?i)(\S+) E?SMTP Perl">
|
1664
1882
|
<description>Some simple PERL SMTP server</description>
|
1665
1883
|
<example host.name="foo.bar">foo.bar ESMTP Perl</example>
|
1666
1884
|
<param pos="0" name="service.product" value="Perl"/>
|
1667
1885
|
<param pos="1" name="host.name"/>
|
1668
1886
|
</fingerprint>
|
1887
|
+
|
1669
1888
|
<fingerprint pattern="^(?i)(?:([^ ]+) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
|
1670
1889
|
<description>Non-specific banner with optional hostname</description>
|
1671
1890
|
<example host.name="foo.bar">foo.bar ESMTP</example>
|
@@ -1677,6 +1896,7 @@
|
|
1677
1896
|
<example>ESMTP READY</example>
|
1678
1897
|
<param pos="1" name="host.name"/>
|
1679
1898
|
</fingerprint>
|
1899
|
+
|
1680
1900
|
<fingerprint pattern="^([^ ]+) ESMTP OpenSMTPD$">
|
1681
1901
|
<description>OpenSMPTD</description>
|
1682
1902
|
<example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
|
@@ -1686,4 +1906,5 @@
|
|
1686
1906
|
<param pos="0" name="service.cpe23" value="cpe:/a:openbsd:opensmtpd:-"/>
|
1687
1907
|
<param pos="1" name="host.name"/>
|
1688
1908
|
</fingerprint>
|
1689
|
-
|
1909
|
+
|
1910
|
+
</fingerprints>
|