recog 2.3.8 → 2.3.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +6 -0
- data/CONTRIBUTING.md +136 -37
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +30 -6
- data/cpe-remap.yaml +18 -2
- data/identifiers/README.md +9 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +6 -6
- data/identifiers/os_device.txt +45 -3
- data/identifiers/os_family.txt +206 -41
- data/identifiers/os_product.txt +238 -17
- data/identifiers/service_family.txt +144 -57
- data/identifiers/service_product.txt +385 -83
- data/identifiers/vendor.txt +554 -68
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +3 -0
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +41 -2
- data/xml/architecture.xml +11 -3
- data/xml/dns_versionbind.xml +191 -15
- data/xml/favicons.xml +1701 -0
- data/xml/ftp_banners.xml +250 -18
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1278 -25
- data/xml/http_cookies.xml +64 -9
- data/xml/http_servers.xml +1013 -96
- data/xml/http_wwwauth.xml +141 -26
- data/xml/imap_banners.xml +62 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +175 -2
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +134 -7
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +80 -4
- data/xml/operating_system.xml +89 -3
- data/xml/pop_banners.xml +87 -33
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +22 -2
- data/xml/sip_banners.xml +35 -4
- data/xml/sip_user_agents.xml +29 -2
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +79 -2
- data/xml/smtp_banners.xml +230 -9
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +733 -25
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +182 -8
- data/xml/telnet_banners.xml +493 -22
- data/xml/x11_banners.xml +26 -3
- data/xml/x509_issuers.xml +30 -6
- data/xml/x509_subjects.xml +200 -31
- metadata +8 -2
data/xml/telnet_banners.xml
CHANGED
@@ -1,53 +1,63 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="telnet" database_type="service" preference=".80">
|
3
3
|
<!--
|
4
4
|
TELNET banners with CR/LF/whitespace trimmed from either end.
|
5
5
|
Examples with CR, LF, etc must be base64 encoded in order to past tests.
|
6
6
|
Please follow the style established below.
|
7
7
|
-->
|
8
|
+
|
8
9
|
<!--
|
9
10
|
The following 'assert nothing' block is intended to handle banners so simple
|
10
11
|
that they cannot be attributed to a product or vendor. They are at the
|
11
12
|
beginning of the file as a performance tweak given how frequenty they occur.
|
12
|
-
|
13
13
|
NOTE:
|
14
14
|
Due to the multi-line nature of TELNET banners the regex are leveraging \A
|
15
15
|
instead of ^ to prevent matching in the beginning of a 'line' (^) instead of
|
16
16
|
at the beginning of the string (\A). This has been verified to work with
|
17
17
|
Ruby, Python, Java, and Golang.
|
18
18
|
-->
|
19
|
+
|
19
20
|
<fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
|
20
21
|
<description>bare 'login:' -- assert nothing.</description>
|
21
22
|
<example>login:</example>
|
22
23
|
</fingerprint>
|
24
|
+
|
23
25
|
<fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
|
24
26
|
<description>bare 'Username:' -- assert nothing.</description>
|
25
27
|
<example>Username:</example>
|
26
28
|
<example>User:</example>
|
27
29
|
</fingerprint>
|
30
|
+
|
28
31
|
<fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
|
29
32
|
<description>bare 'Password:' -- assert nothing.</description>
|
30
33
|
<example>Password:</example>
|
31
34
|
</fingerprint>
|
35
|
+
|
32
36
|
<fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
|
33
37
|
<description>bare 'Account:' -- assert nothing.</description>
|
34
38
|
<example>Account:</example>
|
35
39
|
</fingerprint>
|
40
|
+
|
36
41
|
<fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
|
37
42
|
<description>bare 'Connection refused' -- assert nothing.</description>
|
38
43
|
<example>Connection refused</example>
|
39
44
|
</fingerprint>
|
45
|
+
|
40
46
|
<!-- end of assert nothing block -->
|
47
|
+
|
41
48
|
<fingerprint pattern="^(?:\r|\n)*User Access Verification(?:\r|\n)+(?:Username|Password):\s*$">
|
42
49
|
<description>Cisco switch or router - user access variant</description>
|
43
50
|
<!-- User Access Verification\r\n\r\nUsername: -->
|
51
|
+
|
44
52
|
<example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClVzZXJuYW1lOgo=</example>
|
45
53
|
<!-- User Access Verification\r\n\r\nPassword: -->
|
54
|
+
|
46
55
|
<example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClBhc3N3b3JkOgo=</example>
|
47
56
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
48
57
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
49
58
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
50
59
|
</fingerprint>
|
60
|
+
|
51
61
|
<fingerprint pattern="^(?:\r|\n)*Password required, but none set(?:\r|\n)*$">
|
52
62
|
<description>Cisco switch or router - password not set variant</description>
|
53
63
|
<example>Password required, but none set</example>
|
@@ -55,16 +65,24 @@
|
|
55
65
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
56
66
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
57
67
|
</fingerprint>
|
58
|
-
|
68
|
+
|
69
|
+
<fingerprint pattern="^(?:\r|\n)*MikroTik v([\w.]+)(?: \([\w-]+\))?(?:\r|\n)+Login:\s*$">
|
59
70
|
<description>MikroTik RouterOS</description>
|
60
71
|
<!-- MikroTik v5.2\r\nLogin: -->
|
72
|
+
|
61
73
|
<example _encoding="base64" os.version="5.2">TWlrcm9UaWsgdjUuMg0KTG9naW46Cg==</example>
|
62
74
|
<!-- MikroTik v6.42.3 (stable)\r\nLogin: -->
|
75
|
+
|
63
76
|
<example _encoding="base64" os.version="6.42.3">TWlrcm9UaWsgdjYuNDIuMyAoc3RhYmxlKQ0KTG9naW46Cg==</example>
|
64
77
|
<!-- MikroTik v6.40.8 (bugfix)\r\nLogin: -->
|
78
|
+
|
65
79
|
<example _encoding="base64" os.version="6.40.8">TWlrcm9UaWsgdjYuNDAuOCAoYnVnZml4KQ0KTG9naW46Cg==</example>
|
66
80
|
<!-- MikroTik v6.36rc12 (testing)\r\nLogin: -->
|
81
|
+
|
67
82
|
<example _encoding="base64" os.version="6.36rc12">TWlrcm9UaWsgdjYuMzZyYzEyICh0ZXN0aW5nKQ0KTG9naW46Cg==</example>
|
83
|
+
<!-- MikroTik v6.42.9 (long-term)\r\nLogin: -->
|
84
|
+
|
85
|
+
<example _encoding="base64" os.version="6.42.9">TWlrcm9UaWsgdjYuNDIuOSAobG9uZy10ZXJtKQ0KTG9naW46Cg==</example>
|
68
86
|
<param pos="0" name="os.vendor" value="MikroTik"/>
|
69
87
|
<param pos="0" name="os.device" value="Router"/>
|
70
88
|
<param pos="0" name="os.product" value="RouterOS"/>
|
@@ -73,13 +91,17 @@
|
|
73
91
|
<param pos="0" name="hw.vendor" value="MikroTik"/>
|
74
92
|
<param pos="0" name="hw.device" value="Router"/>
|
75
93
|
</fingerprint>
|
94
|
+
|
76
95
|
<fingerprint pattern="^(?:\r|\n)?ZXHN (\w+)(?: V([\d.]+))?(?:\r|\n)*Login:\s*$">
|
77
96
|
<description>ZTE ZXHN router</description>
|
78
97
|
<!-- ZXHN H108N\r\nLogin: -->
|
98
|
+
|
79
99
|
<example _encoding="base64" hw.product="H108N">WlhITiBIMTA4Tg0KTG9naW46Cg==</example>
|
80
100
|
<!-- ZXHN H298A V1.1\r\nLogin: -->
|
101
|
+
|
81
102
|
<example _encoding="base64" hw.product="H298A" hw.version="1.1">WlhITiBIMjk4QSBWMS4xDQpMb2dpbjoK</example>
|
82
103
|
<!-- ZXHN H367N\r\n\rLogin: -->
|
104
|
+
|
83
105
|
<example _encoding="base64" hw.product="H367N">WlhITiBIMzY3Tg0KDUxvZ2luOgo=</example>
|
84
106
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
85
107
|
<param pos="0" name="hw.device" value="Router"/>
|
@@ -87,24 +109,30 @@
|
|
87
109
|
<param pos="1" name="hw.product"/>
|
88
110
|
<param pos="2" name="hw.version"/>
|
89
111
|
</fingerprint>
|
112
|
+
|
90
113
|
<fingerprint pattern="^(F6\d+\w?)\r\n\rLogin:\s*$">
|
91
114
|
<description>ZTE F6xx series GPON router</description>
|
92
115
|
<!-- F668\r\n\rLogin: -->
|
116
|
+
|
93
117
|
<example _encoding="base64" hw.product="F668">RjY2OA0KDUxvZ2luOgo=</example>
|
94
118
|
<!-- F612W\r\n\rLogin: -->
|
119
|
+
|
95
120
|
<example _encoding="base64" hw.product="F612W">RjYxMlcNCg1Mb2dpbjoK</example>
|
96
121
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
97
122
|
<param pos="0" name="hw.device" value="Router"/>
|
98
123
|
<param pos="1" name="hw.product"/>
|
99
124
|
</fingerprint>
|
125
|
+
|
100
126
|
<fingerprint pattern="^(?:\r|\n)*DD-WRT v([\d.]+)(?:-(\w+))? ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+ \(SVN revision: ([:\w]+)\)(?:\r|\n)+.* login:\s*$">
|
101
127
|
<description>DD-WRT - 24 family</description>
|
102
128
|
<!-- DD-WRT v24-sp2 mini (c) 2013 NewMedia-NET GmbH\r\nRelease: 05/27/13 (SVN revision: 21676)\r\n\r\nDD-WRT login: -->
|
129
|
+
|
103
130
|
<example _encoding="base64" os.version="24" os.version.version="sp2" os.edition="mini" os.build="21676">
|
104
131
|
REQtV1JUIHYyNC1zcDIgbWluaSAoYykgMjAxMyBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZ
|
105
132
|
TogMDUvMjcvMTMgKFNWTiByZXZpc2lvbjogMjE2NzYpDQoNCkRELVdSVCBsb2dpbjoK
|
106
133
|
</example>
|
107
134
|
<!-- DD-WRT v24 micro (c) 2010 NewMedia-NET GmbH\r\nRelease: 08/07/10 (SVN revision: 14896)\r\n\r\nProliant DL980R07 X6550 8-core 4P SAS login: -->
|
135
|
+
|
108
136
|
<example _encoding="base64" os.version="24" os.edition="micro" os.build="14896">
|
109
137
|
REQtV1JUIHYyNCBtaWNybyAoYykgMjAxMCBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZTogM
|
110
138
|
DgvMDcvMTAgKFNWTiByZXZpc2lvbjogMTQ4OTYpDQoNClByb2xpYW50IERMOTgwUjA3IFg2NT
|
@@ -120,9 +148,11 @@
|
|
120
148
|
<param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
|
121
149
|
<param pos="0" name="hw.device" value="Router"/>
|
122
150
|
</fingerprint>
|
151
|
+
|
123
152
|
<fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+.* login:\s*$">
|
124
153
|
<description>DD-WRT - 3.0 family</description>
|
125
154
|
<!-- DD-WRT v3.0-r34886M std (c) 2018 NewMedia-NET GmbH\r\nRelease: 02/10/18\r\n\r\nwibrate login: -->
|
155
|
+
|
126
156
|
<example _encoding="base64" os.version="3.0" os.version.version="r34886M" os.edition="std" os.build="34886M">
|
127
157
|
REQtV1JUIHYzLjAtcjM0ODg2TSBzdGQgKGMpIDIwMTggTmV3TWVkaWEtTkVUIEdtYkgNClJlb
|
128
158
|
GVhc2U6IDAyLzEwLzE4DQoNCndpYnJhdGUgbG9naW46Cg==
|
@@ -137,33 +167,62 @@
|
|
137
167
|
<param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
|
138
168
|
<param pos="0" name="hw.device" value="Router"/>
|
139
169
|
</fingerprint>
|
170
|
+
|
171
|
+
<fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+Board: (\S+) ([^\n\r]+)(?:\r|\n)+.* login:\s*$">
|
172
|
+
<description>DD-WRT - 3.0 family - with hardward product</description>
|
173
|
+
<!-- DD-WRT v3.0-r40559 std (c) 2019 NewMedia-NET GmbH\r\nRelease: 08/06/19\r\nBoard: Linksys WRT3200ACM\r\n\r\nDD-WRT login: -->
|
174
|
+
|
175
|
+
<example _encoding="base64" os.version="3.0" os.version.version="r40559" os.edition="std" os.build="40559" hw.vendor="Linksys" hw.product="WRT3200ACM">
|
176
|
+
REQtV1JUIHYzLjAtcjQwNTU5IHN0ZCAoYykgMjAxOSBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZ
|
177
|
+
WFzZTogMDgvMDYvMTkNCkJvYXJkOiBMaW5rc3lzIFdSVDMyMDBBQ00NCg0KREQtV1JUIGxvZ2
|
178
|
+
luOgo=
|
179
|
+
</example>
|
180
|
+
<param pos="0" name="os.vendor" value="DD-WRT"/>
|
181
|
+
<param pos="0" name="os.product" value="DD-WRT"/>
|
182
|
+
<param pos="0" name="os.device" value="Router"/>
|
183
|
+
<param pos="1" name="os.version"/>
|
184
|
+
<param pos="2" name="os.version.version"/>
|
185
|
+
<param pos="3" name="os.build"/>
|
186
|
+
<param pos="4" name="os.edition"/>
|
187
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
|
188
|
+
<param pos="5" name="hw.vendor"/>
|
189
|
+
<param pos="6" name="hw.product"/>
|
190
|
+
<param pos="0" name="hw.device" value="Router"/>
|
191
|
+
</fingerprint>
|
192
|
+
|
140
193
|
<fingerprint pattern="^(TD-\w+) [\d.]+ DSL Modem Router(?:\r|\n)+Authorization failed after trying \d+ times!!!\.(?:\r|\n)+Please login after \d+ seconds!\s*$">
|
141
194
|
<description>TP-LINK TD Family DSL Modem/Router</description>
|
142
195
|
<!-- TD-W8960N 5.0 DSL Modem Router\r\nAuthorization failed after trying 5 times!!!.\r\nPlease login after 416 seconds! -->
|
196
|
+
|
143
197
|
<example _encoding="base64" hw.product="TD-W8960N">
|
144
198
|
VEQtVzg5NjBOIDUuMCBEU0wgTW9kZW0gUm91dGVyDQpBdXRob3JpemF0aW9uIGZhaWxlZCBhZ
|
145
199
|
nRlciB0cnlpbmcgNSB0aW1lcyEhIS4NClBsZWFzZSBsb2dpbiBhZnRlciA0MTYgc2Vjb25kcy
|
146
200
|
E=
|
147
201
|
</example>
|
148
|
-
<param pos="0" name="hw.vendor" value="TP-
|
202
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
149
203
|
<param pos="1" name="hw.product"/>
|
150
204
|
<param pos="0" name="hw.device" value="Router"/>
|
151
205
|
</fingerprint>
|
206
|
+
|
152
207
|
<fingerprint pattern="^(?:\r|\n)*ZyXEL login:$">
|
153
208
|
<description>ZyXEL simple</description>
|
154
209
|
<example>ZyXEL login:</example>
|
155
|
-
<param pos="0" name="hw.vendor" value="
|
210
|
+
<param pos="0" name="hw.vendor" value="Zyxel"/>
|
156
211
|
</fingerprint>
|
212
|
+
|
157
213
|
<fingerprint pattern="^ZyXEL \w?DSL Router\r\nLogin:$">
|
158
214
|
<description>ZyXEL Router - simple</description>
|
159
215
|
<!-- ZyXEL VDSL Router\r\nLogin: -->
|
216
|
+
|
160
217
|
<example _encoding="base64">WnlYRUwgVkRTTCBSb3V0ZXINCkxvZ2luOgo=</example>
|
161
|
-
<param pos="0" name="hw.vendor" value="
|
218
|
+
<param pos="0" name="hw.vendor" value="Zyxel"/>
|
162
219
|
<param pos="0" name="hw.device" value="Router"/>
|
163
220
|
</fingerprint>
|
221
|
+
|
164
222
|
<fingerprint pattern="^Debian GNU\/Linux 9(?:\r|\n)+([\w.-]+) login:\s*$">
|
165
223
|
<description>Debian 9.0 (stretch)</description>
|
166
224
|
<!-- Debian GNU/Linux 9\r\nserver-01.2 login: -->
|
225
|
+
|
167
226
|
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA5DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
168
227
|
<param pos="0" name="os.vendor" value="Debian"/>
|
169
228
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -172,9 +231,11 @@
|
|
172
231
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
|
173
232
|
<param pos="1" name="host.name"/>
|
174
233
|
</fingerprint>
|
234
|
+
|
175
235
|
<fingerprint pattern="^Debian GNU\/Linux 8(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
176
236
|
<description>Debian 8.0 (jessie)</description>
|
177
237
|
<!-- Debian GNU/Linux 8\r\nserver-01.2 login: -->
|
238
|
+
|
178
239
|
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA4DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
179
240
|
<param pos="0" name="os.vendor" value="Debian"/>
|
180
241
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -183,9 +244,11 @@
|
|
183
244
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
|
184
245
|
<param pos="1" name="host.name"/>
|
185
246
|
</fingerprint>
|
247
|
+
|
186
248
|
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 7(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
187
249
|
<description>Debian 7.0 (wheezy)</description>
|
188
250
|
<!-- Debian GNU/Linux 7\r\nserver-01.2 login: -->
|
251
|
+
|
189
252
|
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA3DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
190
253
|
<param pos="0" name="os.vendor" value="Debian"/>
|
191
254
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -194,9 +257,11 @@
|
|
194
257
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
|
195
258
|
<param pos="1" name="host.name"/>
|
196
259
|
</fingerprint>
|
260
|
+
|
197
261
|
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 6(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
198
262
|
<description>Debian 6.0 (sqeeze)</description>
|
199
263
|
<!-- Debian GNU/Linux 6.0\r\nserver-01.2 login: -->
|
264
|
+
|
200
265
|
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA2LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
201
266
|
<param pos="0" name="os.vendor" value="Debian"/>
|
202
267
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -205,9 +270,11 @@
|
|
205
270
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:6.0"/>
|
206
271
|
<param pos="1" name="host.name"/>
|
207
272
|
</fingerprint>
|
273
|
+
|
208
274
|
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 5(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
209
275
|
<description>Debian 5.0 (lenny)</description>
|
210
276
|
<!-- Debian GNU/Linux 5.0\r\nserver-01.2 login: -->
|
277
|
+
|
211
278
|
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA1LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
212
279
|
<param pos="0" name="os.vendor" value="Debian"/>
|
213
280
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -216,9 +283,11 @@
|
|
216
283
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:5.0"/>
|
217
284
|
<param pos="1" name="host.name"/>
|
218
285
|
</fingerprint>
|
286
|
+
|
219
287
|
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 4(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
220
288
|
<description>Debian 4.0 (etch)</description>
|
221
289
|
<!-- Debian GNU/Linux 4.0\r\nserver-01.2 login: -->
|
290
|
+
|
222
291
|
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA0LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
223
292
|
<param pos="0" name="os.vendor" value="Debian"/>
|
224
293
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -227,9 +296,11 @@
|
|
227
296
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:4.0"/>
|
228
297
|
<param pos="1" name="host.name"/>
|
229
298
|
</fingerprint>
|
299
|
+
|
230
300
|
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux (3.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
231
301
|
<description>Debian 3.x (woody/sarge)</description>
|
232
302
|
<!-- Debian GNU/Linux 3.1\r\nserver-01.2 login: -->
|
303
|
+
|
233
304
|
<example _encoding="base64" os.version="3.1" host.name="server-01.2">
|
234
305
|
RGViaWFuIEdOVS9MaW51eCAzLjENCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
235
306
|
</example>
|
@@ -240,13 +311,16 @@
|
|
240
311
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
241
312
|
<param pos="2" name="host.name"/>
|
242
313
|
</fingerprint>
|
314
|
+
|
243
315
|
<fingerprint pattern="^(?:\r|\n)*Ubuntu ([\d.]+)(?: LTS)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
244
316
|
<description>Ubuntu - most versions</description>
|
245
317
|
<!-- Ubuntu 16.04.4 LTS\r\nserver-01.2 login: -->
|
318
|
+
|
246
319
|
<example _encoding="base64" os.version="16.04.4" host.name="server-01.2">
|
247
320
|
VWJ1bnR1IDE2LjA0LjQgTFRTDQpzZXJ2ZXItMDEuMiBsb2dpbjoK
|
248
321
|
</example>
|
249
322
|
<!-- Ubuntu 17.04\r\nnginx login: -->
|
323
|
+
|
250
324
|
<example _encoding="base64" os.version="17.04" host.name="nginx">
|
251
325
|
VWJ1bnR1IDE3LjA0DQpuZ2lueCBsb2dpbjoK
|
252
326
|
</example>
|
@@ -257,13 +331,16 @@
|
|
257
331
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
|
258
332
|
<param pos="2" name="host.name"/>
|
259
333
|
</fingerprint>
|
334
|
+
|
260
335
|
<fingerprint pattern="(?:\r|\n)*Debian GNU\/Linux (2.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*">
|
261
336
|
<description>Debian 2.x (hamm/slink/potato)</description>
|
262
337
|
<!-- Debian GNU/Linux 2.2\r\nserver-01.2 login: -->
|
338
|
+
|
263
339
|
<example _encoding="base64" os.version="2.2" host.name="server-01.2">
|
264
340
|
RGViaWFuIEdOVS9MaW51eCAyLjINCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
265
341
|
</example>
|
266
342
|
<!-- Debian GNU/Linux 2.2 localhost.localdomain\r\nmoon login: -->
|
343
|
+
|
267
344
|
<example _encoding="base64" os.version="2.2" host.name="moon">
|
268
345
|
RGViaWFuIEdOVS9MaW51eCAyLjIgbG9jYWxob3N0LmxvY2FsZG9tYWluDQptb29uIGxvZ2luOgo=
|
269
346
|
</example>
|
@@ -274,14 +351,17 @@
|
|
274
351
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
275
352
|
<param pos="2" name="host.name"/>
|
276
353
|
</fingerprint>
|
354
|
+
|
277
355
|
<fingerprint pattern="^CentOS release ([\d.]+) \(Final\)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
|
278
356
|
<description>CentOS</description>
|
279
357
|
<!-- CentOS release 5.9 (Final)\r\nKernel 2.6.18-348.6.1.el5 on an i686\r\nlogin: -->
|
358
|
+
|
280
359
|
<example _encoding="base64" os.version="5.9" linux.kernel.version="2.6.18-348.6.1.el5" os.arch="i686">
|
281
360
|
Q2VudE9TIHJlbGVhc2UgNS45IChGaW5hbCkNCktlcm5lbCAyLjYuMTgtMzQ4LjYuMS5lbDUgb
|
282
361
|
24gYW4gaTY4Ng0KbG9naW46Cg==
|
283
362
|
</example>
|
284
363
|
<!-- CentOS release 6.10 (Final)\r\nKernel 2.6.32-754.2.1.el6.x86_64 on an x86_64\r\nserver-01.2 login: -->
|
364
|
+
|
285
365
|
<example _encoding="base64" os.version="6.10" linux.kernel.version="2.6.32-754.2.1.el6.x86_64" os.arch="x86_64" host.name="server-01.2">
|
286
366
|
Q2VudE9TIHJlbGVhc2UgNi4xMCAoRmluYWwpDQpLZXJuZWwgMi42LjMyLTc1NC4yLjEuZWw2L
|
287
367
|
ng4Nl82NCBvbiBhbiB4ODZfNjQNCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
@@ -295,6 +375,7 @@
|
|
295
375
|
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
|
296
376
|
<param pos="4" name="host.name"/>
|
297
377
|
</fingerprint>
|
378
|
+
|
298
379
|
<fingerprint pattern="^(?:\r|\n)*(RT-AC\d\d\w) login:\s*$">
|
299
380
|
<description>Asus Wireless Access Point/Router - RT-AC prefix</description>
|
300
381
|
<example hw.product="RT-AC54U">RT-AC54U login:</example>
|
@@ -305,6 +386,7 @@
|
|
305
386
|
<param pos="0" name="hw.device" value="WAP"/>
|
306
387
|
<param pos="1" name="hw.product"/>
|
307
388
|
</fingerprint>
|
389
|
+
|
308
390
|
<fingerprint pattern="^(?:\r|\n)*(AC\d\d00) login:\s*$">
|
309
391
|
<description>Asus Wireless Access Point/Router - AC prefix</description>
|
310
392
|
<example hw.product="AC1000">AC1000 login:</example>
|
@@ -315,6 +397,7 @@
|
|
315
397
|
<param pos="0" name="hw.device" value="WAP"/>
|
316
398
|
<param pos="1" name="hw.product"/>
|
317
399
|
</fingerprint>
|
400
|
+
|
318
401
|
<fingerprint pattern="^(?:\r|\n)*(Air5\d+\w{0,2}) login:\s*$">
|
319
402
|
<description>Airties</description>
|
320
403
|
<example hw.product="Air5650">Air5650 login:</example>
|
@@ -323,9 +406,11 @@
|
|
323
406
|
<param pos="0" name="hw.device" value="WAP"/>
|
324
407
|
<param pos="1" name="hw.product"/>
|
325
408
|
</fingerprint>
|
409
|
+
|
326
410
|
<fingerprint pattern="^Amazon Linux AMI release ([\d.]+)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
|
327
411
|
<description>Amazon Linux AMI</description>
|
328
412
|
<!-- Amazon Linux AMI release 2013.09\r\nKernel 3.4.68-59.97.amzn1.x86_64 on an x86_64\r\nserver-01.2 login: -->
|
413
|
+
|
329
414
|
<example _encoding="base64" os.version="2013.09" linux.kernel.version="3.4.68-59.97.amzn1.x86_64" os.arch="x86_64" host.name="server-01.2">
|
330
415
|
QW1hem9uIExpbnV4IEFNSSByZWxlYXNlIDIwMTMuMDkNCktlcm5lbCAzLjQuNjgtNTkuOTcuY
|
331
416
|
W16bjEueDg2XzY0IG9uIGFuIHg4Nl82NA0Kc2VydmVyLTAxLjIgbG9naW46Cg==
|
@@ -338,9 +423,11 @@
|
|
338
423
|
<param pos="3" name="os.arch"/>
|
339
424
|
<param pos="4" name="host.name"/>
|
340
425
|
</fingerprint>
|
426
|
+
|
341
427
|
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
|
342
428
|
<description>ALCATEL Service Router running TiMOS</description>
|
343
429
|
<!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
430
|
+
|
344
431
|
<example _encoding="base64" os.version="12.0.R12" hw.product="SR 7750" os.arch="hops64">
|
345
432
|
VGlNT1MtQy0xMi4wLlIxMiBjcG0vaG9wczY0IEFMQ0FURUwgU1IgNzc1MCBDb3B5cmlnaHQgK
|
346
433
|
GMpIDIwMDAtMjAxNSBBbGNhdGVsLUx1Y2VudC4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQ
|
@@ -356,16 +443,20 @@
|
|
356
443
|
<param pos="0" name="hw.device" value="Router"/>
|
357
444
|
<param pos="3" name="hw.product"/>
|
358
445
|
</fingerprint>
|
446
|
+
|
359
447
|
<!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
|
448
|
+
|
360
449
|
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
|
361
450
|
<description>Nokia Service Router running TiMOS</description>
|
362
451
|
<!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
452
|
+
|
363
453
|
<example _encoding="base64" os.version="14.0.R5" os.arch="hops64" hw.product="7750 SR">
|
364
454
|
VGlNT1MtQy0xNC4wLlI1IGNwbS9ob3BzNjQgTm9raWEgNzc1MCBTUiBDb3B5cmlnaHQgKGMpI
|
365
455
|
DIwMDAtMjAxNiBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcmV2aXR5DQpMb2
|
366
456
|
dpbjoK
|
367
457
|
</example>
|
368
458
|
<!-- TiMOS-C-14.0.R10 cpm/hops64 Nokia 7950 XRS Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
459
|
+
|
369
460
|
<example _encoding="base64" os.version="14.0.R10" os.arch="hops64" hw.product="7950 XRS">
|
370
461
|
VGlNT1MtQy0xNC4wLlIxMCBjcG0vaG9wczY0IE5va2lhIDc5NTAgWFJTIENvcHlyaWdodCAoY
|
371
462
|
ykgMjAwMC0yMDE3IE5va2lhLg0NCkJhbm5lciBTaG9ydGVuZWQgRm9yIA0NCkJyZXZpdHkNCk
|
@@ -381,15 +472,18 @@
|
|
381
472
|
<param pos="0" name="hw.device" value="Router"/>
|
382
473
|
<param pos="3" name="hw.product"/>
|
383
474
|
</fingerprint>
|
475
|
+
|
384
476
|
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
|
385
477
|
<description>Nokia Service Access Switch running TiMOS</description>
|
386
478
|
<!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
479
|
+
|
387
480
|
<example _encoding="base64" os.version="8.0.R12" os.arch="hops" hw.product="SAS-Mxp 22F2C 4SFP+ 7210">
|
388
481
|
VGlNT1MtQi04LjAuUjEyIGJvdGgvaG9wcyBOb2tpYSBTQVMtTXhwIDIyRjJDIDRTRlArIDcyM
|
389
482
|
TAgQ29weXJpZ2h0IChjKSAyMDAwLTIwMTcgTm9raWEuDQ0KQmFubmVyIFNob3J0ZW5lZCBGb3
|
390
483
|
IgDQ0KQnJldml0eQ0KTG9naW46Cg==
|
391
484
|
</example>
|
392
485
|
<!-- TiMOS-B-9.0.R9 both/mpc Nokia SAS-M 24F 2XFP 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
486
|
+
|
393
487
|
<example _encoding="base64" os.version="9.0.R9" os.arch="mpc" hw.product="SAS-M 24F 2XFP 7210">
|
394
488
|
VGlNT1MtQi05LjAuUjkgYm90aC9tcGMgTm9raWEgU0FTLU0gMjRGIDJYRlAgNzIxMCBDb3B5c
|
395
489
|
mlnaHQgKGMpIDIwMDAtMjAxNyBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcm
|
@@ -405,14 +499,17 @@
|
|
405
499
|
<param pos="0" name="hw.device" value="Switch"/>
|
406
500
|
<param pos="3" name="hw.product"/>
|
407
501
|
</fingerprint>
|
502
|
+
|
408
503
|
<fingerprint pattern="^(?:\r|\n)*Grandstream (HT[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d-\d\d\d\d(?:\r|\n)+Password:\s*$">
|
409
504
|
<description>Grandstream HandyTone Analog Telephone Adapters</description>
|
410
505
|
<!-- Grandstream HT812 Command Shell Copyright 2006-2017\r\nPassword: -->
|
506
|
+
|
411
507
|
<example _encoding="base64" hw.product="HT812">
|
412
508
|
R3JhbmRzdHJlYW0gSFQ4MTIgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAwNi0yMDE3DQpQY
|
413
509
|
XNzd29yZDoK
|
414
510
|
</example>
|
415
511
|
<!-- Grandstream HT-502 V2.0A Command Shell Copyright 2006-2014\r\nPassword: -->
|
512
|
+
|
416
513
|
<example _encoding="base64" hw.product="HT-502">
|
417
514
|
R3JhbmRzdHJlYW0gSFQtNTAyICBWMi4wQSBDb21tYW5kIFNoZWxsIENvcHlyaWdodCAyMDA2L
|
418
515
|
TIwMTQNClBhc3N3b3JkOgo=
|
@@ -422,14 +519,17 @@
|
|
422
519
|
<param pos="0" name="hw.device" value="VoIP"/>
|
423
520
|
<param pos="1" name="hw.product"/>
|
424
521
|
</fingerprint>
|
522
|
+
|
425
523
|
<fingerprint pattern="^(?:\r|\n)*Grandstream (GXW[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d(?:-\d\d\d\d)?(?:\r|\n)+Password:\s*$">
|
426
524
|
<description>Grandstream Analog VoIP Gateways</description>
|
427
525
|
<!-- Grandstream GXW-4008 V1.5A Command Shell Copyright 2006-2015\r\nPassword: -->
|
526
|
+
|
428
527
|
<example _encoding="base64" hw.product="GXW-4008">
|
429
528
|
R3JhbmRzdHJlYW0gR1hXLTQwMDggIFYxLjVBIENvbW1hbmQgU2hlbGwgQ29weXJpZ2h0IDIwM
|
430
529
|
DYtMjAxNQ0KUGFzc3dvcmQ6Cg==
|
431
530
|
</example>
|
432
531
|
<!-- Grandstream GXW4216 V2.3B Command Shell Copyright 2015\r\nPassword: -->
|
532
|
+
|
433
533
|
<example _encoding="base64" hw.product="GXW4216">
|
434
534
|
R3JhbmRzdHJlYW0gR1hXNDIxNiAgVjIuM0IgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAxN
|
435
535
|
Q0KUGFzc3dvcmQ6Cg==
|
@@ -439,9 +539,11 @@
|
|
439
539
|
<param pos="0" name="hw.device" value="VoIP"/>
|
440
540
|
<param pos="1" name="hw.product"/>
|
441
541
|
</fingerprint>
|
542
|
+
|
442
543
|
<fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
|
443
544
|
<description>Grandstream IP Cameras</description>
|
444
545
|
<!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
|
546
|
+
|
445
547
|
<example _encoding="base64" hw.product="GXV3674_FHD_VF">
|
446
548
|
R3JhbmRzdHJlYW0gR1hWMzY3NF9GSERfVkYgICAgU2hlbGwgQ29tbWFuZC5Db3B5aWdodCAyM
|
447
549
|
DExLTIwMTQNClVzZXJuYW1lOgo=
|
@@ -451,14 +553,17 @@
|
|
451
553
|
<param pos="0" name="hw.device" value="Web cam"/>
|
452
554
|
<param pos="1" name="hw.product"/>
|
453
555
|
</fingerprint>
|
556
|
+
|
454
557
|
<fingerprint pattern="^(?:\r|\n)*Welcome to Polycom RMX\s*(\w+) \(COP\) Console Utility(?:\r|\n)+Copyright \(C\) \d\d\d\d-\d\d\d\d POLYCOM(?:\r|\n)+Password:\s*$">
|
455
558
|
<description>Polycom Real Time Media Conferencing</description>
|
456
559
|
<!-- Welcome to Polycom RMX 500 (COP) Console Utility\r\n\rCopyright (C) 2008-2010 POLYCOM\r\n\r\r\n\rPassword: -->
|
560
|
+
|
457
561
|
<example _encoding="base64" hw.product="500">
|
458
562
|
V2VsY29tZSB0byBQb2x5Y29tIFJNWCA1MDAgKENPUCkgQ29uc29sZSBVdGlsaXR5DQoNQ29we
|
459
563
|
XJpZ2h0IChDKSAyMDA4LTIwMTAgUE9MWUNPTQ0KDQ0KDVBhc3N3b3JkOgo=
|
460
564
|
</example>
|
461
565
|
<!-- Welcome to Polycom RMX 1000C (COP) Console Utility\r\n\rCopyright (C) 2008-2012 POLYCOM\r\n\r\r\n\rPassword: -->
|
566
|
+
|
462
567
|
<example _encoding="base64" hw.product="1000C">
|
463
568
|
V2VsY29tZSB0byBQb2x5Y29tIFJNWCAxMDAwQyAoQ09QKSBDb25zb2xlIFV0aWxpdHkNCg1Db
|
464
569
|
3B5cmlnaHQgKEMpIDIwMDgtMjAxMiBQT0xZQ09NDQoNDQoNUGFzc3dvcmQ6Cg==
|
@@ -468,9 +573,11 @@
|
|
468
573
|
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
469
574
|
<param pos="1" name="hw.product"/>
|
470
575
|
</fingerprint>
|
576
|
+
|
471
577
|
<fingerprint pattern="^(?:\r|\n)*Hi, my name is :\s+[\w.\s-]+(?:\r|\n)+Here is what I know about myself:(?:\r|\n)+Model:\s+VSX (\w+)(?:\r|\n)+Serial Number:\s+(\w+)(?:\r|\n)+Software Version:\s+Release ([\d.-]+)\s">
|
472
578
|
<description>Polycom Video Conferencing - VSX Family</description>
|
473
579
|
<!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
|
580
|
+
|
474
581
|
<example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
|
475
582
|
SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
|
476
583
|
3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
|
@@ -485,9 +592,11 @@
|
|
485
592
|
<param pos="2" name="host.id"/>
|
486
593
|
<param pos="3" name="os.version"/>
|
487
594
|
</fingerprint>
|
595
|
+
|
488
596
|
<fingerprint pattern="Polycom Command Shell(?:\r|\n)+XCOM host:\s+localhost port: \d+">
|
489
597
|
<description>Polycom Diagnotic Service</description>
|
490
598
|
<!-- Polycom Command Shell\r\r\nXCOM host: localhost port: 4121\r\r\nTTY name: /dev/pts/0\r\r\nSession type: telnet\r\r\nNCF\r\nNCF\r\n2018-08-15 18:03:10 DEBUG -->
|
599
|
+
|
491
600
|
<example _encoding="base64">
|
492
601
|
UG9seWNvbSBDb21tYW5kIFNoZWxsDQ0KWENPTSBob3N0OiAgICBsb2NhbGhvc3QgcG9ydDogN
|
493
602
|
DEyMQ0NClRUWSBuYW1lOiAgICAgL2Rldi9wdHMvMA0NClNlc3Npb24gdHlwZTogdGVsbmV0DQ
|
@@ -496,9 +605,11 @@
|
|
496
605
|
<param pos="0" name="hw.vendor" value="Polycom"/>
|
497
606
|
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
498
607
|
</fingerprint>
|
608
|
+
|
499
609
|
<fingerprint pattern="^Welcome to the Windows CE Telnet Service on (WEBBOX[\w.-]+)(?:\r|\n)+login:\s*$">
|
500
610
|
<description>Sunny WebBox Windows CE</description>
|
501
611
|
<!-- Welcome to the Windows CE Telnet Service on WEBBOX150000000\r\n\r\nlogin: -->
|
612
|
+
|
502
613
|
<example _encoding="base64" host.name="WEBBOX150000000">
|
503
614
|
V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBXRUJCT1gxNTAwM
|
504
615
|
DAwMDANCg0KbG9naW46Cg==
|
@@ -513,9 +624,11 @@
|
|
513
624
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
|
514
625
|
<param pos="1" name="host.name"/>
|
515
626
|
</fingerprint>
|
627
|
+
|
516
628
|
<fingerprint pattern="^Welcome to the Windows CE Telnet Service on ([\w.-]+)(?:\r|\n)+login:\s*$">
|
517
629
|
<description>Windows CE</description>
|
518
630
|
<!-- Welcome to the Windows CE Telnet Service on MY-CE-DEVICE\r\n\r\nlogin: -->
|
631
|
+
|
519
632
|
<example _encoding="base64" host.name="MY-CE-DEVICE">
|
520
633
|
V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBNWS1DRS1ERVZJQ
|
521
634
|
0UNCg0KbG9naW46Cg==
|
@@ -526,15 +639,18 @@
|
|
526
639
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
|
527
640
|
<param pos="1" name="host.name"/>
|
528
641
|
</fingerprint>
|
642
|
+
|
529
643
|
<fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
|
530
644
|
<description>HP Printer - Jet Direct</description>
|
531
645
|
<!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
|
646
|
+
|
532
647
|
<example _encoding="base64">
|
533
648
|
SFAgSmV0RGlyZWN0DQpQYXNzd29yZCBpcyBub3Qgc2V0DQoNClBsZWFzZSB0eXBlICJtZW51I
|
534
649
|
iBmb3IgdGhlIE1FTlUgc3lzdGVtLCANCm9yICI/IiBmb3IgaGVscCwgb3IgIi8iIGZvciBjdX
|
535
650
|
JyZW50IHNldHRpbmdzLg0KPgo=
|
536
651
|
</example>
|
537
652
|
<!-- HP JetDirect\r\n\r\nEnter username: -->
|
653
|
+
|
538
654
|
<example _encoding="base64">SFAgSmV0RGlyZWN0DQoNCkVudGVyIHVzZXJuYW1lOgo=</example>
|
539
655
|
<param pos="0" name="service.vendor" value="HP"/>
|
540
656
|
<param pos="0" name="service.product" value="JetDirect"/>
|
@@ -548,16 +664,20 @@
|
|
548
664
|
<param pos="0" name="hw.product" value="JetDirect"/>
|
549
665
|
<param pos="0" name="hw.device" value="Printer"/>
|
550
666
|
</fingerprint>
|
667
|
+
|
551
668
|
<fingerprint pattern="^(?:\r|\n)*%connection closed by remote host!(?:\x00)?$">
|
552
669
|
<description>HP switch blocking connection using network ACL</description>
|
553
670
|
<!-- %connection closed by remote host! -->
|
671
|
+
|
554
672
|
<example _encoding="base64">JWNvbm5lY3Rpb24gY2xvc2VkIGJ5IHJlbW90ZSBob3N0IQ==</example>
|
555
673
|
<param pos="0" name="hw.vendor" value="HP"/>
|
556
674
|
<param pos="0" name="hw.device" value="Switch"/>
|
557
675
|
</fingerprint>
|
676
|
+
|
558
677
|
<fingerprint pattern="^(?:\r|\n)*Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin:$">
|
559
678
|
<description>Huawei HG series Home Gateway routers</description>
|
560
679
|
<!-- Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin: -->
|
680
|
+
|
561
681
|
<example _encoding="base64">
|
562
682
|
V2VsY29tZSBWaXNpdGluZyBIdWF3ZWkgSG9tZSBHYXRld2F5DQpDb3B5cmlnaHQgYnkgSHVhd
|
563
683
|
2VpIFRlY2hub2xvZ2llcyBDby4sIEx0ZC4NCg0KTG9naW46Cg==
|
@@ -565,9 +685,11 @@
|
|
565
685
|
<param pos="0" name="hw.vendor" value="Huawei"/>
|
566
686
|
<param pos="0" name="hw.device" value="Router"/>
|
567
687
|
</fingerprint>
|
688
|
+
|
568
689
|
<fingerprint pattern="^(?:\r|\n)*Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.(?:(?:\r|\n)+Login authentication)?(?:\r|\n)+Username:$">
|
569
690
|
<description>Huawei Router</description>
|
570
691
|
<!-- Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.\r\n\r\nLogin authentication\r\n\r\n\r\nUsername: -->
|
692
|
+
|
571
693
|
<example _encoding="base64">
|
572
694
|
V2FybmluZzogVGVsbmV0IGlzIG5vdCBhIHNlY3VyZSBwcm90b2NvbCwgYW5kIGl0IGlzIHJlY
|
573
695
|
29tbWVuZGVkIHRvIHVzZSBTdGVsbmV0Lg0KDQpMb2dpbiBhdXRoZW50aWNhdGlvbg0KDQoNCl
|
@@ -576,10 +698,13 @@
|
|
576
698
|
<param pos="0" name="hw.vendor" value="Huawei"/>
|
577
699
|
<param pos="0" name="hw.device" value="Router"/>
|
578
700
|
</fingerprint>
|
701
|
+
|
579
702
|
<fingerprint pattern="^(?:\r|\n)*(?:% Password expiration warning.\r\n)?-+\r\nCisco Configuration Professional \(Cisco CP\) is installed on this device. \r\nThis feature requires the one-time use of the username">
|
580
703
|
<description>Cisco router - Cisco Configuration Pro variant</description>
|
581
704
|
<!-- There are are roughly 69 dash characters before the CRLF in the banner below but can't be included in XML comments. -->
|
705
|
+
|
582
706
|
<!-- \r\nCisco Configuration Professional (Cisco CP) is installed on this device. \r\nThis feature requires the one-time use of the username -->
|
707
|
+
|
583
708
|
<example _encoding="base64">
|
584
709
|
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
|
585
710
|
S0tLS0tLS0tLS0tLS0tLS0NCkNpc2NvIENvbmZpZ3VyYXRpb24gUHJvZmVzc2lvbmFsIChDaX
|
@@ -595,10 +720,13 @@
|
|
595
720
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
596
721
|
<param pos="0" name="hw.device" value="Router"/>
|
597
722
|
</fingerprint>
|
723
|
+
|
598
724
|
<fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
|
599
725
|
<description>Cisco Catalyst 1900</description>
|
600
726
|
<!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
|
727
|
+
|
601
728
|
<!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
|
729
|
+
|
602
730
|
<example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
|
603
731
|
Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
|
604
732
|
3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
|
@@ -618,15 +746,18 @@
|
|
618
746
|
<param pos="2" name="hw.model"/>
|
619
747
|
<param pos="3" name="host.id"/>
|
620
748
|
</fingerprint>
|
749
|
+
|
621
750
|
<fingerprint pattern="^192.0.0.64 login:\s*$">
|
622
751
|
<description>Hikvision cameras and NVRs (multiple)</description>
|
623
752
|
<example>192.0.0.64 login:</example>
|
624
753
|
<param pos="0" name="os.vendor" value="Hikvision"/>
|
625
754
|
<param pos="0" name="hw.vendor" value="Hikvision"/>
|
626
755
|
</fingerprint>
|
756
|
+
|
627
757
|
<fingerprint pattern="^Remote Management Console\r\nlogin:\s*$">
|
628
758
|
<description>Juniper Netscreen</description>
|
629
759
|
<!-- Remote Management Console\r\nlogin: -->
|
760
|
+
|
630
761
|
<example _encoding="base64">UmVtb3RlIE1hbmFnZW1lbnQgQ29uc29sZQ0KbG9naW46Cg==</example>
|
631
762
|
<param pos="0" name="os.vendor" value="Juniper"/>
|
632
763
|
<param pos="0" name="os.device" value="Firewall"/>
|
@@ -637,6 +768,7 @@
|
|
637
768
|
<param pos="0" name="hw.device" value="Firewall"/>
|
638
769
|
<param pos="0" name="hw.product" value="NetScreen"/>
|
639
770
|
</fingerprint>
|
771
|
+
|
640
772
|
<fingerprint pattern="^(?:\r|\n)*(FGT\w{13}) login:\s*$">
|
641
773
|
<description>Fortinet FortiGate - w/ autogenerated hostname</description>
|
642
774
|
<example host.name="FGT60C3G13001111">FGT60C3G13001111 login:</example>
|
@@ -650,6 +782,7 @@
|
|
650
782
|
<param pos="0" name="hw.device" value="Firewall"/>
|
651
783
|
<param pos="1" name="host.name"/>
|
652
784
|
</fingerprint>
|
785
|
+
|
653
786
|
<fingerprint pattern="^(?:\r|\n)*KWS-1043N login:\s*$">
|
654
787
|
<description>Clipcomm KWS router</description>
|
655
788
|
<example hw.product="KWS-1043N">KWS-1043N login:</example>
|
@@ -657,6 +790,7 @@
|
|
657
790
|
<param pos="0" name="hw.device" value="Router"/>
|
658
791
|
<param pos="0" name="hw.product" value="KWS-1043N"/>
|
659
792
|
</fingerprint>
|
793
|
+
|
660
794
|
<fingerprint pattern="^(?:\r|\n)*(SMCD3\w+-\w\w\w) login:\s*$">
|
661
795
|
<description>SMC Cable Modem</description>
|
662
796
|
<example hw.product="SMCD3GN2-BIZ">SMCD3GN2-BIZ login:</example>
|
@@ -664,6 +798,7 @@
|
|
664
798
|
<param pos="0" name="hw.device" value="Cable Modem"/>
|
665
799
|
<param pos="1" name="hw.product"/>
|
666
800
|
</fingerprint>
|
801
|
+
|
667
802
|
<fingerprint pattern="^(?:\r|\n)*ADB-4820CD login:\s*$">
|
668
803
|
<description>ADB ADB-4820CD DVR</description>
|
669
804
|
<example>ADB-4820CD login:</example>
|
@@ -671,6 +806,7 @@
|
|
671
806
|
<param pos="0" name="hw.device" value="DVR"/>
|
672
807
|
<param pos="0" name="hw.product" value="ADB-4820CD"/>
|
673
808
|
</fingerprint>
|
809
|
+
|
674
810
|
<fingerprint pattern="^(?:\r|\n)*IMDVRS login:\s*$">
|
675
811
|
<description>Rifatron IMDVRS DVR</description>
|
676
812
|
<example>IMDVRS login:</example>
|
@@ -678,41 +814,51 @@
|
|
678
814
|
<param pos="0" name="hw.family" value="IMDVR"/>
|
679
815
|
<param pos="0" name="hw.device" value="DVR"/>
|
680
816
|
</fingerprint>
|
817
|
+
|
681
818
|
<fingerprint pattern="^(?:\r|\n)*Ruijie login:\s*$">
|
682
819
|
<description>Ruijie device (likely router/switch)</description>
|
683
820
|
<example>Ruijie login:</example>
|
684
821
|
<param pos="0" name="hw.vendor" value="Ruijie"/>
|
685
822
|
</fingerprint>
|
823
|
+
|
686
824
|
<fingerprint pattern="^Welcome to Microsoft Telnet Service \r\n\n\rlogin:\s*$">
|
687
825
|
<description>Microsoft Windows</description>
|
688
826
|
<!-- Welcome to Microsoft Telnet Service \r\n\n\rlogin: -->
|
827
|
+
|
689
828
|
<example _encoding="base64">V2VsY29tZSB0byBNaWNyb3NvZnQgVGVsbmV0IFNlcnZpY2UgDQoKDWxvZ2luOgo=</example>
|
690
829
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
691
830
|
<param pos="0" name="os.family" value="Windows"/>
|
692
831
|
<param pos="0" name="os.product" value="Windows"/>
|
693
832
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
694
833
|
</fingerprint>
|
834
|
+
|
695
835
|
<!-- The following fingerprints are for generic Broadcom hardware where the
|
696
836
|
vendor has left the default banner in place. These could be rebadged by
|
697
837
|
ZTE, CenturyLink, Sky, Huawei, etc.
|
698
838
|
-->
|
839
|
+
|
699
840
|
<fingerprint pattern="^(BCM\d+) (?:Broadband|ADSL|xDSL|DSL) Router\r\nLogin:\s*">
|
700
841
|
<description>OEM'd Broadcom Router</description>
|
701
842
|
<!-- BCM963268 Broadband Router\r\nLogin: -->
|
843
|
+
|
702
844
|
<example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINCkxvZ2luOgo=</example>
|
703
845
|
<param pos="0" name="hw.device" value="Router"/>
|
704
846
|
<param pos="1" name="hw.product"/>
|
705
847
|
</fingerprint>
|
848
|
+
|
706
849
|
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nTelnet is Disabled in WAN Side$">
|
707
850
|
<description>OEM'd Broadcom Router - telnet disabled on WAN side</description>
|
708
851
|
<!-- BCM963268 Broadband Router\r\nTelnet is Disabled in WAN Side -->
|
852
|
+
|
709
853
|
<example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINClRlbG5ldCBpcyBEaXNhYmxlZCBpbiBXQU4gU2lkZQo=</example>
|
710
854
|
<param pos="0" name="hw.device" value="Router"/>
|
711
855
|
<param pos="1" name="hw.product"/>
|
712
856
|
</fingerprint>
|
857
|
+
|
713
858
|
<fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
|
714
859
|
<description>OEM'd Broadcom Router - input validation code</description>
|
715
860
|
<!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
|
861
|
+
|
716
862
|
<example _encoding="base64" hw.product="BCM96318">
|
717
863
|
QkNNOTYzMTggQnJvYWRiYW5kIFJvdXRlcg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09P
|
718
864
|
T09PT09PT09PT09PT09PT09PT09PT09PQ0KICAgICogKiAgICAgICAgICogKiAqICogICAgIC
|
@@ -728,9 +874,11 @@
|
|
728
874
|
<param pos="0" name="hw.device" value="Router"/>
|
729
875
|
<param pos="1" name="hw.product"/>
|
730
876
|
</fingerprint>
|
877
|
+
|
731
878
|
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nMaximum number of incorrect account entries exceeded.">
|
732
879
|
<description>OEM'd Broadcom Router - Max incorrect tries - variant 1</description>
|
733
880
|
<!-- BCM96328 Broadband Router\r\nMaximum number of incorrect account entries exceeded. -->
|
881
|
+
|
734
882
|
<example _encoding="base64" hw.product="BCM96328">
|
735
883
|
QkNNOTYzMjggQnJvYWRiYW5kIFJvdXRlcg0KTWF4aW11bSBudW1iZXIgb2YgaW5jb3JyZWN0I
|
736
884
|
GFjY291bnQgZW50cmllcyBleGNlZWRlZC4K
|
@@ -738,9 +886,11 @@
|
|
738
886
|
<param pos="0" name="hw.device" value="Router"/>
|
739
887
|
<param pos="1" name="hw.product"/>
|
740
888
|
</fingerprint>
|
889
|
+
|
741
890
|
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nSorry, you need to wait for \d+ second before next login attempt.(?:\r|\n)*">
|
742
891
|
<description>OEM'd Broadcom Router - Max incorrect tries - variant 2</description>
|
743
892
|
<!-- BCM96816 Broadband Router\r\nSorry, you need to wait for 119 second before next login attempt. -->
|
893
|
+
|
744
894
|
<example _encoding="base64" hw.product="BCM96816">
|
745
895
|
QkNNOTY4MTYgQnJvYWRiYW5kIFJvdXRlcg0KU29ycnksIHlvdSBuZWVkIHRvIHdhaXQgZm9yI
|
746
896
|
DExOSBzZWNvbmQgYmVmb3JlIG5leHQgbG9naW4gYXR0ZW1wdC4K
|
@@ -748,10 +898,13 @@
|
|
748
898
|
<param pos="0" name="hw.device" value="Router"/>
|
749
899
|
<param pos="1" name="hw.product"/>
|
750
900
|
</fingerprint>
|
901
|
+
|
751
902
|
<!-- Moxa Industrial Solutions-->
|
903
|
+
|
752
904
|
<fingerprint pattern="^(?:\r|\n)*NPort (NP6[\w-]+)(?:\r|\n|\x00)+Console terminal type">
|
753
905
|
<description>Moxa NPort Terminal Server - 6xxx Series</description>
|
754
906
|
<!-- NPort NP6610-32\r\u0000\nConsole terminal type (1: ansi/vt100, 2: vt52) : 1 -->
|
907
|
+
|
755
908
|
<example _encoding="base64" hw.product="NP6610-32">
|
756
909
|
TlBvcnQgTlA2NjEwLTMyDQAKQ29uc29sZSB0ZXJtaW5hbCB0eXBlICgxOiBhbnNpL3Z0MTAwLC
|
757
910
|
AyOiB2dDUyKSA6IDE=
|
@@ -761,9 +914,11 @@
|
|
761
914
|
<param pos="0" name="hw.device" value="Device Server"/>
|
762
915
|
<param pos="1" name="hw.product"/>
|
763
916
|
</fingerprint>
|
917
|
+
|
764
918
|
<fingerprint pattern="^Model name\s+: NPort (IA-\d+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+System uptime">
|
765
919
|
<description>Moxa NPort Device Server - IA Series</description>
|
766
920
|
<!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
921
|
+
|
767
922
|
<example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
|
768
923
|
TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
|
769
924
|
DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
|
@@ -776,13 +931,17 @@
|
|
776
931
|
<param pos="1" name="hw.product"/>
|
777
932
|
<param pos="2" name="host.mac"/>
|
778
933
|
<param pos="3" name="host.id"/>
|
934
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
779
935
|
<param pos="4" name="os.version"/>
|
780
936
|
<param pos="5" name="os.version.version"/>
|
781
937
|
</fingerprint>
|
938
|
+
|
782
939
|
<fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
783
940
|
<description>Moxa NPort Device Server - 5xxx Series</description>
|
784
941
|
<!-- Some versions of the banner below have a line full of dashes which cannot be included in the example comment -->
|
942
|
+
|
785
943
|
<!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
944
|
+
|
786
945
|
<example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
|
787
946
|
TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
|
788
947
|
iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
|
@@ -795,12 +954,28 @@
|
|
795
954
|
<param pos="1" name="hw.product"/>
|
796
955
|
<param pos="2" name="host.mac"/>
|
797
956
|
<param pos="3" name="host.id"/>
|
957
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
798
958
|
<param pos="4" name="os.version"/>
|
799
959
|
<param pos="5" name="os.version.version"/>
|
800
960
|
</fingerprint>
|
961
|
+
|
962
|
+
<fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+Please keyin your username:">
|
963
|
+
<description>Moxa NPort Device Server - 5xxx Series - Model only</description>
|
964
|
+
<!-- Model name : NPort 5110A\r\n\r\nPlease keyin your username: -->
|
965
|
+
|
966
|
+
<example _encoding="base64" hw.product="5110A">TW9kZWwgbmFtZSAgICAgICA6IE5Q
|
967
|
+
b3J0IDUxMTBBDQoNClBsZWFzZSBrZXlpbiB5b3VyIHVzZXJuYW1lOgo=
|
968
|
+
</example>
|
969
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
970
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
971
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
972
|
+
<param pos="1" name="hw.product"/>
|
973
|
+
</fingerprint>
|
974
|
+
|
801
975
|
<fingerprint pattern="^Model name\s+: MGate (MB3[\w-]+)(?:\r|\n|\x00|)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
802
976
|
<description>Moxa MGate Modbus Gateway</description>
|
803
977
|
<!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
978
|
+
|
804
979
|
<example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
|
805
980
|
TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
|
806
981
|
Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
|
@@ -813,45 +988,110 @@
|
|
813
988
|
<param pos="1" name="hw.product"/>
|
814
989
|
<param pos="2" name="host.mac"/>
|
815
990
|
<param pos="3" name="host.id"/>
|
991
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
816
992
|
<param pos="4" name="os.version"/>
|
817
993
|
<param pos="5" name="os.version.version"/>
|
818
994
|
</fingerprint>
|
819
|
-
|
995
|
+
|
996
|
+
<fingerprint pattern="^Model name\s+: (NE[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+)(?: Build (\d+)(?:\r|\n|\x00)+)?">
|
820
997
|
<description>Moxa NE Series Embedded device server</description>
|
821
998
|
<!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
999
|
+
|
822
1000
|
<example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
|
823
1001
|
TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
|
824
1002
|
kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
|
825
1003
|
9uIDogNC4xIEJ1aWxkIDA3MDYxNTE3DQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
|
826
1004
|
</example>
|
1005
|
+
<!-- Model name : NE-4110S\r\nMAC address : 00:90:E8:AA:AA:AA\r\nSerial No : 000\r\nFirmware version : 1.5.2\r\n\r\nPlease keyin your password: -->
|
1006
|
+
|
1007
|
+
<example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="000" os.version="1.5.2">
|
1008
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQpNQUMgYWRkcmVzcyAgICAgIDogMDA6OTA6RTg6QUE6QUE6QUENClNlcmlhbCBObyAgICAgICAgOiAwMDANCkZpcm13YXJlIHZlcnNpb24gOiAxLjUuMg0KDQpQbGVhc2Uga2V5aW4geW91ciBwYXNzd29yZDoK
|
1009
|
+
</example>
|
827
1010
|
<param pos="0" name="hw.vendor" value="Moxa"/>
|
828
1011
|
<param pos="0" name="hw.family" value="NE"/>
|
829
1012
|
<param pos="0" name="hw.device" value="Device Server"/>
|
830
1013
|
<param pos="1" name="hw.product"/>
|
831
1014
|
<param pos="2" name="host.mac"/>
|
832
1015
|
<param pos="3" name="host.id"/>
|
1016
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
833
1017
|
<param pos="4" name="os.version"/>
|
834
1018
|
<param pos="5" name="os.version.version"/>
|
835
1019
|
</fingerprint>
|
1020
|
+
|
1021
|
+
<fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:-_\&]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
|
1022
|
+
<description>Moxa MiiNePort Series Embedded device server</description>
|
1023
|
+
<!-- Model name : MiiNePort E2\r\nSerial No. : 9999\r\nDevice name : MiiNePort_E2_4064\r\nFirmware version : 1.3.36 Build 15031615\r\nEthernet MAC address: 00:90:E8:5A:92:FF\r\n\r\nPlease keyin your password: -->
|
1024
|
+
|
1025
|
+
<example _encoding="base64" hw.product="MiiNePort E2" host.mac="00:90:E8:5A:92:FF" host.id="9999" os.version="1.3.36" os.version.version="15031615">
|
1026
|
+
TW9kZWwgbmFtZSAgICAgICAgICA6IE1paU5lUG9ydCBFMg0KU2VyaWFsIE5vLiAgICAgICAgI
|
1027
|
+
CA6IDk5OTkNCkRldmljZSBuYW1lICAgICAgICAgOiBNaWlOZVBvcnRfRTJfNDA2NA0KRmlybX
|
1028
|
+
dhcmUgdmVyc2lvbiAgICA6IDEuMy4zNiBCdWlsZCAxNTAzMTYxNQ0KRXRoZXJuZXQgTUFDIGF
|
1029
|
+
kZHJlc3M6IDAwOjkwOkU4OjVBOjkyOkZGDQoNClBsZWFzZSBrZXlpbiB5b3VyIHBhc3N3b3Jk
|
1030
|
+
Ogo=
|
1031
|
+
</example>
|
1032
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
1033
|
+
<param pos="0" name="hw.family" value="MiiNePort"/>
|
1034
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
1035
|
+
<param pos="1" name="hw.product"/>
|
1036
|
+
<param pos="2" name="host.id"/>
|
1037
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
1038
|
+
<param pos="3" name="os.version"/>
|
1039
|
+
<param pos="4" name="os.version.version"/>
|
1040
|
+
<param pos="5" name="host.mac"/>
|
1041
|
+
</fingerprint>
|
1042
|
+
|
1043
|
+
<!-- The following is very specific in order to express CPE values -->
|
1044
|
+
|
1045
|
+
<fingerprint pattern="^EDR-G903 login:">
|
1046
|
+
<description>Moxa EDR Secure Routers - EDR-G903</description>
|
1047
|
+
<example>EDR-G903 login:</example>
|
1048
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
1049
|
+
<param pos="0" name="hw.family" value="EDR"/>
|
1050
|
+
<param pos="0" name="hw.device" value="Router"/>
|
1051
|
+
<param pos="0" name="hw.product" value="EDR-G903"/>
|
1052
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:moxa:edr-g903:-"/>
|
1053
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
1054
|
+
<param pos="0" name="os.family" value="EDR"/>
|
1055
|
+
<param pos="0" name="os.device" value="Router"/>
|
1056
|
+
<param pos="0" name="os.product" value="EDR G903 Firmware"/>
|
1057
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:moxa:edr_g903_firmware:-"/>
|
1058
|
+
</fingerprint>
|
1059
|
+
|
1060
|
+
<fingerprint pattern="^EDR-G902 login:">
|
1061
|
+
<description>Moxa EDR Secure Routers - EDR-G902</description>
|
1062
|
+
<example>EDR-G902 login:</example>
|
1063
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
1064
|
+
<param pos="0" name="hw.family" value="EDR"/>
|
1065
|
+
<param pos="0" name="hw.device" value="Router"/>
|
1066
|
+
<param pos="0" name="hw.product" value="EDR-G902"/>
|
1067
|
+
<param pos="0" name="os.vendor" value="Moxa"/>
|
1068
|
+
<param pos="0" name="os.family" value="EDR"/>
|
1069
|
+
<param pos="0" name="os.device" value="Router"/>
|
1070
|
+
<param pos="0" name="os.product" value="EDR G902 Firmware"/>
|
1071
|
+
</fingerprint>
|
1072
|
+
|
836
1073
|
<fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*.*$">
|
837
1074
|
<description>RedHat general purpose linux</description>
|
838
1075
|
<!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
|
1076
|
+
|
839
1077
|
<example _encoding="base64" os.version="9 (Shrike)">
|
840
1078
|
UmVkIEhhdCBMaW51eCByZWxlYXNlIDkgKFNocmlrZSlcbktlcm5lbCAyLjQuMjAtOCBvbiBhbiBpNjg2XG5sb2dpbjo=
|
841
1079
|
</example>
|
842
|
-
<param pos="0" name="os.vendor" value="
|
1080
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
843
1081
|
<param pos="0" name="os.family" value="Linux"/>
|
844
1082
|
<param pos="0" name="os.device" value="Linux"/>
|
845
1083
|
<param pos="1" name="os.version"/>
|
846
1084
|
</fingerprint>
|
1085
|
+
|
847
1086
|
<fingerprint pattern="^(?m)Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
|
848
1087
|
<description>RedHat Enterprise Linux ES</description>
|
849
1088
|
<!-- Red Hat Enterprise Linux ES release 3 (Taroon Update 9\nKernel 2.4.21-47.EL on an x86_64\nlogin: -->
|
1089
|
+
|
850
1090
|
<example _encoding="base64" os.version="3" linux.kernel.version="2.4.21-47.EL" os.arch="x86_64">
|
851
1091
|
UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IEVTIHJlbGVhc2UgMyAoVGFyb29uIFVwZGF0ZSA5KQpLZXJuZWwgMi40LjIxLTQ3Lk
|
852
1092
|
VMIG9uIGFuIHg4Nl82NApsb2dpbjo=
|
853
1093
|
</example>
|
854
|
-
<param pos="0" name="os.vendor" value="
|
1094
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
855
1095
|
<param pos="0" name="os.family" value="Linux"/>
|
856
1096
|
<param pos="0" name="os.product" value="Linux"/>
|
857
1097
|
<param pos="1" name="os.version"/>
|
@@ -859,41 +1099,47 @@
|
|
859
1099
|
<param pos="3" name="os.arch"/>
|
860
1100
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
|
861
1101
|
</fingerprint>
|
1102
|
+
|
862
1103
|
<fingerprint pattern="^(?m)Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
|
863
1104
|
<description>RedHat Enterprise Linux AS</description>
|
864
1105
|
<!-- Red Hat Enterprise Linux AS release 5.8 (Tikanga)\nKernel 2.6.18-308.11.1.el5 on an x86_64\nlogin: -->
|
1106
|
+
|
865
1107
|
<example _encoding="base64" os.version="5.8" linux.kernel.version="2.6.18-308.11.1.el5" os.arch="x86_64">
|
866
1108
|
UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IEFTIHJlbGVhc2UgNS44IChUaWthbmdhKQpLZXJuZWwgM
|
867
1109
|
i42LjE4LTMwOC4xMS4xLmVsNSBvbiBhbiB4ODZfNjQKbG9naW46
|
868
1110
|
</example>
|
869
|
-
<param pos="0" name="os.vendor" value="
|
1111
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
870
1112
|
<param pos="0" name="os.family" value="Linux"/>
|
871
1113
|
<param pos="0" name="os.product" value="RedHat Enterprise AS"/>
|
872
1114
|
<param pos="1" name="os.version"/>
|
873
1115
|
<param pos="2" name="linux.kernel.version"/>
|
874
1116
|
<param pos="3" name="os.arch"/>
|
875
1117
|
</fingerprint>
|
1118
|
+
|
876
1119
|
<fingerprint pattern="^(?m)Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
|
877
1120
|
<description>RedHat Enterprise Linux WS</description>
|
878
1121
|
<!--Red Hat Enterprise Linux WS release 2.1 (Tampa) \nKernel 2.4.9-e.40smp on an i686 \nlogin: -->
|
1122
|
+
|
879
1123
|
<example _encoding="base64" os.version="2.1" linux.kernel.version="2.4.9-e.40smp" os.arch="i686">
|
880
1124
|
UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IFdTIHJlbGVhc2UgMi4xIChUYW1wY
|
881
1125
|
SkgCktlcm5lbCAyLjQuOS1lLjQwc21wIG9uIGFuIGk2ODYgCmxvZ2luOiA=
|
882
1126
|
</example>
|
883
|
-
<param pos="0" name="os.vendor" value="
|
1127
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
884
1128
|
<param pos="0" name="os.family" value="Linux"/>
|
885
1129
|
<param pos="0" name="os.product" value="RedHat Enterprise WS"/>
|
886
1130
|
<param pos="1" name="os.version"/>
|
887
1131
|
<param pos="2" name="linux.kernel.version"/>
|
888
1132
|
<param pos="3" name="os.arch"/>
|
889
1133
|
</fingerprint>
|
1134
|
+
|
890
1135
|
<fingerprint pattern="^(?m)Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
|
891
1136
|
<description>Fedora Core Release</description>
|
892
1137
|
<!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
|
1138
|
+
|
893
1139
|
<example _encoding="base64" os.version="1" linux.kernel.version="2.4.20-13.9ensim-3.5.0-13" os.arch="i686">
|
894
1140
|
RmVkb3JhIENvcmUgcmVsZWFzZSAxIChZYXJyb3cpCktlcm5lbCAyLjQuMjAtMTMuOWVuc2ltLTMuNS4wLTEzIG9uIGFuIGk2ODYKbG9naW46
|
895
1141
|
</example>
|
896
|
-
<param pos="0" name="os.vendor" value="
|
1142
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
897
1143
|
<param pos="0" name="os.family" value="Linux"/>
|
898
1144
|
<param pos="0" name="os.product" value="Fedora"/>
|
899
1145
|
<param pos="1" name="os.version"/>
|
@@ -901,9 +1147,11 @@
|
|
901
1147
|
<param pos="3" name="os.arch"/>
|
902
1148
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
|
903
1149
|
</fingerprint>
|
1150
|
+
|
904
1151
|
<fingerprint pattern="^(?m)Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
|
905
1152
|
<description>SuSE Linux</description>
|
906
1153
|
<!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
|
1154
|
+
|
907
1155
|
<example _encoding="base64" os.version="7.0" os.arch="i386" linux.kernel.version="2.2.16-RAID (0). 2VG029037">
|
908
1156
|
V2VsY29tZSB0byBTdVNFIExpbnV4IDcuMCAoaTM4NikgLSBLZXJuZWwgMi4yLjE2LVJBSUQgKDApLiAyVkcwMjkwMzcgCgpsb2dpbjo=
|
909
1157
|
</example>
|
@@ -915,9 +1163,11 @@
|
|
915
1163
|
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:{os.version}"/>
|
916
1164
|
<param pos="3" name="linux.kernel.version"/>
|
917
1165
|
</fingerprint>
|
1166
|
+
|
918
1167
|
<fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+).*">
|
919
1168
|
<description>Turbolinux ApplianceServer</description>
|
920
1169
|
<!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
|
1170
|
+
|
921
1171
|
<example _encoding="base64" os.version="4.0">
|
922
1172
|
VHVyYm9saW51eCBBcHBsaWFuY2VTZXJ2ZXIgNC4wIChBdGxhczIpIExpbnV4IDIuNi4zMi00MzEuMjMuMy5lbDYueDg
|
923
1173
|
2XzY0IG9uIGEgeDg2XzY0IChzZW55bzE5MXg4OS5kaWdpdGFsaW5rLm5lLmpwKSBUVFk6IDEyOjE1IG9uIFR1ZXNkYX
|
@@ -928,9 +1178,11 @@
|
|
928
1178
|
<param pos="0" name="os.product" value="Linux"/>
|
929
1179
|
<param pos="1" name="os.version"/>
|
930
1180
|
</fingerprint>
|
1181
|
+
|
931
1182
|
<fingerprint pattern="^UnixWare ([^ ]+).*$">
|
932
1183
|
<description>UnixWare</description>
|
933
1184
|
<!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
|
1185
|
+
|
934
1186
|
<example _encoding="base64" os.version="2.1.3">
|
935
1187
|
VW5peFdhcmUgMi4xLjMgKHByb2ZpbCkgKHB0cy8zKQoKCgpsb2dpbjog
|
936
1188
|
</example>
|
@@ -940,9 +1192,11 @@
|
|
940
1192
|
<param pos="0" name="os.product" value="UnixWare"/>
|
941
1193
|
<param pos="1" name="os.version"/>
|
942
1194
|
</fingerprint>
|
1195
|
+
|
943
1196
|
<fingerprint pattern="^Telnet Server Build (5.*)">
|
944
1197
|
<description>Windows 2000</description>
|
945
1198
|
<!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
|
1199
|
+
|
946
1200
|
<example _encoding="base64" os.version="5.00.99034.1">
|
947
1201
|
TWljcm9zb2Z0IChSKSBXaW5kb3dzIE5UIChUTSkgVmVyc2lvbiA0LjAwIChCdWlsZCAxMzgxKQpXZWxj
|
948
1202
|
b21lIHRvIE1pY3Jvc29mdCBUZWxuZXQgU2VydmljZSAKVGVsbmV0IFNlcnZlciBCdWlsZCA1LjAwLjk5MDM0LjEKCmxvZ2luOiA=
|
@@ -953,9 +1207,11 @@
|
|
953
1207
|
<param pos="1" name="os.version"/>
|
954
1208
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
|
955
1209
|
</fingerprint>
|
1210
|
+
|
956
1211
|
<fingerprint pattern="^Welcome. Type return, enter password at # prompt">
|
957
1212
|
<description>Brother Printer</description>
|
958
1213
|
<!-- Welcome. Type return, enter password at # prompt -->
|
1214
|
+
|
959
1215
|
<example _encoding="base64">
|
960
1216
|
V2VsY29tZS4gVHlwZSByZXR1cm4sIGVudGVyIHBhc3N3b3JkIGF0ICMgcHJvbXB0Cg==
|
961
1217
|
</example>
|
@@ -964,9 +1220,11 @@
|
|
964
1220
|
<param pos="0" name="os.device" value="Printer"/>
|
965
1221
|
<param pos="0" name="os.product" value="Brother Printer"/>
|
966
1222
|
</fingerprint>
|
1223
|
+
|
967
1224
|
<fingerprint pattern="^(.*) Copyright by ARESCOM">
|
968
1225
|
<description>Arescom System</description>
|
969
1226
|
<!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
|
1227
|
+
|
970
1228
|
<example _encoding="base64" os.model="NDS1260HE-TLI">
|
971
1229
|
TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
|
972
1230
|
</example>
|
@@ -974,30 +1232,36 @@
|
|
974
1232
|
<param pos="0" name="os.device" value="WAP"/>
|
975
1233
|
<param pos="1" name="os.model"/>
|
976
1234
|
</fingerprint>
|
1235
|
+
|
977
1236
|
<fingerprint pattern="^Welcome to ViewStation">
|
978
1237
|
<description>Polycom ViewStation Video Vonference System</description>
|
979
1238
|
<!-- Welcome to ViewStation\nPassword: -->
|
1239
|
+
|
980
1240
|
<example _encoding="base64">
|
981
1241
|
V2VsY29tZSB0byBWaWV3U3RhdGlvbgoKUGFzc3dvcmQ6
|
982
1242
|
</example>
|
983
1243
|
<param pos="0" name="os.vendor" value="Polycom"/>
|
984
1244
|
<param pos="0" name="os.device" value="ViewStation"/>
|
985
1245
|
</fingerprint>
|
1246
|
+
|
986
1247
|
<fingerprint pattern="^FlowPoint\/(.*) SDSL \[ATM\] Router .*v(.*) Ready">
|
987
1248
|
<!--FlowPoint/2200 SDSL [ATM] Router fp2200-12 v3.0.2 Ready\nLogin: -->
|
1249
|
+
|
988
1250
|
<description>FlowPoint 2200 DSL router</description>
|
989
1251
|
<example _encoding="base64" hw.model="2200" os.version="3.0.2">
|
990
1252
|
Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
|
991
1253
|
</example>
|
992
|
-
<param pos="0" name="os.vendor" value="
|
1254
|
+
<param pos="0" name="os.vendor" value="FlowPoint"/>
|
993
1255
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
994
1256
|
<param pos="0" name="hw.product" value="DSL Router"/>
|
995
1257
|
<param pos="1" name="hw.model"/>
|
996
1258
|
<param pos="2" name="os.version"/>
|
997
1259
|
</fingerprint>
|
1260
|
+
|
998
1261
|
<fingerprint pattern="^GlobespanVirata Inc\., Software Release (.*)">
|
999
1262
|
<description>GlobespanVirata broadband router</description>
|
1000
1263
|
<!--GlobespanVirata Inc., Software Release 2.1.040407a3_u_e_A\nCopyright (c) 2001-2003 by GlobespanVirata, Inc.\n\nlogin: -->
|
1264
|
+
|
1001
1265
|
<example _encoding="base64" os.version="2.1.040407a3_u_e_A">
|
1002
1266
|
R2xvYmVzcGFuVmlyYXRhIEluYy4sIFNvZnR3YXJlIFJlbGVhc2UgMi4xLjA0MDQwN2EzX3VfZV9BCgpDb3B5cmlnaHQgKG
|
1003
1267
|
MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
|
@@ -1006,14 +1270,17 @@
|
|
1006
1270
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
1007
1271
|
<param pos="1" name="os.version"/>
|
1008
1272
|
</fingerprint>
|
1273
|
+
|
1009
1274
|
<fingerprint pattern="^VxWorks login:">
|
1010
1275
|
<description>VxWorks embedded device</description>
|
1011
1276
|
<example>VxWorks login: </example>
|
1012
1277
|
<param pos="0" name="os.family" value="VxWorks"/>
|
1013
1278
|
</fingerprint>
|
1279
|
+
|
1014
1280
|
<fingerprint pattern=".*Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*).*">
|
1015
1281
|
<description>Nortel Passport</description>
|
1016
1282
|
<!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
|
1283
|
+
|
1017
1284
|
<example _encoding="base64" os.product="8010" os.version="3.5.0.0">
|
1018
1285
|
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqXG5cblxuKiBDb3B5cmlnaHQgKG
|
1019
1286
|
MpIDIwMDMgTm9ydGVsIE5ldHdvcmtzLCBJbmMuICAqXG5cblxuKiBBbGwgUmlnaHRzIFJlc2VydmVkICAgICAg
|
@@ -1026,9 +1293,11 @@
|
|
1026
1293
|
<param pos="1" name="os.product"/>
|
1027
1294
|
<param pos="2" name="os.version"/>
|
1028
1295
|
</fingerprint>
|
1296
|
+
|
1029
1297
|
<fingerprint pattern="^IPSO.* \((.*)\) \(tty.*\)">
|
1030
1298
|
<description>Checkpoint Firewall-1 running on a Nokia IPSO appliance</description>
|
1031
1299
|
<!-- IPSO/i386 (BJ-IDC-FW2) (ttyp7)\n\n\nThis system is for authorized use only.\n\n\n\n\n\n\nlogin: -->
|
1300
|
+
|
1032
1301
|
<example _encoding="base64" host.name="BJ-IDC-FW2">
|
1033
1302
|
SVBTTy9pMzg2IChCSi1JREMtRlcyKSAodHR5cDcpCgoKClRoaXMgc3lzdGVtIGlzIGZvciBhdXRob3Jpem
|
1034
1303
|
VkIHVzZSBvbmx5LgoKCgoKCgoKbG9naW46IA==
|
@@ -1039,10 +1308,13 @@
|
|
1039
1308
|
<param pos="0" name="os.product" value="IPSO"/>
|
1040
1309
|
<param pos="1" name="host.name"/>
|
1041
1310
|
</fingerprint>
|
1311
|
+
|
1042
1312
|
<fingerprint pattern="Tasman Networks Inc.*Telnet Login">
|
1043
1313
|
<description>Tasman Networks Login</description>
|
1044
1314
|
<!-- #\n# Tasman Networks Inc. Telnet Login\n#Escape character is '^]'\n\n\n\nlogin: -->
|
1315
|
+
|
1045
1316
|
<!-- Dashes removed from example banner due to xml issue -->
|
1317
|
+
|
1046
1318
|
<example _encoding="base64" os.vendor="Tasman Networks">
|
1047
1319
|
Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0
|
1048
1320
|
tLS0tLS0tCiMgVGFzbWFuIE5ldHdvcmtzIEluYy4gVGVsbmV0IExvZ2luCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS
|
@@ -1053,9 +1325,11 @@
|
|
1053
1325
|
<param pos="0" name="os.device" value="Router"/>
|
1054
1326
|
<param pos="0" name="os.product" value="Tasman Networks router"/>
|
1055
1327
|
</fingerprint>
|
1328
|
+
|
1056
1329
|
<fingerprint pattern="Pragma Systems">
|
1057
1330
|
<description>MS Windows running Pragma TelnetD server</description>
|
1058
1331
|
<!-- Welcome to Gemadept Logistics RF Server\n(C) Copyright 1994-2012 Pragma Systems, Inc.\nlogin name: -->
|
1332
|
+
|
1059
1333
|
<example _encoding="base64">
|
1060
1334
|
V2VsY29tZSB0byBHZW1hZGVwdCBMb2dpc3RpY3MgUkYgU2VydmVyCihDKSBDb3B5cmlnaHQgMTk5NC0yMDEyIFB
|
1061
1335
|
yYWdtYSBTeXN0ZW1zLCBJbmMuCgpsb2dpbiBuYW1lOiA=
|
@@ -1065,9 +1339,11 @@
|
|
1065
1339
|
<param pos="0" name="os.product" value="Windows"/>
|
1066
1340
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1067
1341
|
</fingerprint>
|
1342
|
+
|
1068
1343
|
<fingerprint pattern="^Application Required. No Installation Default">
|
1069
1344
|
<description>probably IBM AS/400 running TN3270 or 5250 emulation server</description>
|
1070
1345
|
<!-- Application Required. No Installation Default\nEnter Application Name: -->
|
1346
|
+
|
1071
1347
|
<example _encoding="base64">
|
1072
1348
|
QXBwbGljYXRpb24gUmVxdWlyZWQuIE5vIEluc3RhbGxhdGlvbiBEZWZhdWx0ICAgICAgICA
|
1073
1349
|
gICAgICAgICAgICAgICAgICAgICAgICAgIApFbnRlciBBcHBsaWNhdGlvbiBOYW1lOg==
|
@@ -1077,9 +1353,11 @@
|
|
1077
1353
|
<param pos="0" name="os.product" value="OS/400"/>
|
1078
1354
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
|
1079
1355
|
</fingerprint>
|
1356
|
+
|
1080
1357
|
<fingerprint pattern="^This copy of the Ataman TCP Remote Logon Services">
|
1081
1358
|
<description>Windows NT/2k/2k3 running Ataman telnet server</description>
|
1082
1359
|
<!-- This copy of the Ataman TCP Remote Logon Services is registered as licensed to:\nECI2/DDMS\nAccount Name: -->
|
1360
|
+
|
1083
1361
|
<example _encoding="base64">
|
1084
1362
|
VGhpcyBjb3B5IG9mIHRoZSBBdGFtYW4gVENQIFJlbW90ZSBMb2dvbiBTZXJ2aWNlcyBpcyByZWdpc3RlcmVkIG
|
1085
1363
|
FzIGxpY2Vuc2VkIHRvOgoJRUNJMi9ERE1TCgpBY2NvdW50IE5hbWU6IA==
|
@@ -1089,9 +1367,11 @@
|
|
1089
1367
|
<param pos="0" name="os.product" value="Windows"/>
|
1090
1368
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1091
1369
|
</fingerprint>
|
1370
|
+
|
1092
1371
|
<fingerprint pattern="Cobalt Linux release\W(.*)\W\(.*">
|
1093
1372
|
<description>Cobalt Linux</description>
|
1094
1373
|
<!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
|
1374
|
+
|
1095
1375
|
<example _encoding="base64" os.version="6.0">
|
1096
1376
|
Q29iYWx0IExpbnV4IHJlbGVhc2UgNi4wIChTaGlua2Fuc2VuKQpLZXJuZWwgMi4yLjE2QzM3X0lJSSBvbiBhbiBpNTg2CmxvZ2luOiA=
|
1097
1377
|
</example>
|
@@ -1100,9 +1380,11 @@
|
|
1100
1380
|
<param pos="0" name="os.product" value="Linux"/>
|
1101
1381
|
<param pos="1" name="os.version"/>
|
1102
1382
|
</fingerprint>
|
1383
|
+
|
1103
1384
|
<fingerprint pattern="^Check Point FireWall-1 authenticated Telnet server running on (.*)">
|
1104
1385
|
<description>Check Point Firewall-1</description>
|
1105
1386
|
<!-- Check Point FireWall-1 authenticated Telnet server running on gaatdrf2\nUser: -->
|
1387
|
+
|
1106
1388
|
<example _encoding="base64" host.name="gaatdrf2">
|
1107
1389
|
Q2hlY2sgUG9pbnQgRmlyZVdhbGwtMSBhdXRoZW50aWNhdGVkIFRlbG5ldCBzZXJ2ZXIgcnVubmluZyBvbiBnYWF0ZHJmMgoKVXNlcjog
|
1108
1390
|
</example>
|
@@ -1112,9 +1394,11 @@
|
|
1112
1394
|
<param pos="0" name="os.product" value="Checkpoint FW1"/>
|
1113
1395
|
<param pos="1" name="host.name"/>
|
1114
1396
|
</fingerprint>
|
1397
|
+
|
1115
1398
|
<fingerprint pattern="^Raptor Firewall">
|
1116
1399
|
<description>Raptor Firewall</description>
|
1117
1400
|
<!-- Raptor Firewall Secure Gateway.\nHostname: -->
|
1401
|
+
|
1118
1402
|
<example _encoding="base64">
|
1119
1403
|
UmFwdG9yIEZpcmV3YWxsIFNlY3VyZSBHYXRld2F5LgoKSG9zdG5hbWU6IA==
|
1120
1404
|
</example>
|
@@ -1123,9 +1407,11 @@
|
|
1123
1407
|
<param pos="0" name="os.device" value="Firewall"/>
|
1124
1408
|
<param pos="0" name="os.product" value="Raptor"/>
|
1125
1409
|
</fingerprint>
|
1410
|
+
|
1126
1411
|
<fingerprint pattern="UNIX\(r\) System V Release (\d*.\d*)">
|
1127
1412
|
<description>SunOS (Solaris)</description>
|
1128
1413
|
<!-- Raptor Firewall Secure Gateway.\nHostname: -->
|
1414
|
+
|
1129
1415
|
<example _encoding="base64" os.version="4.0">
|
1130
1416
|
VU5JWChyKSBTeXN0ZW0gViBSZWxlYXNlIDQuMCAoVGhlLVNlcnZlcikKCgoKbG9naW46IA==
|
1131
1417
|
</example>
|
@@ -1135,9 +1421,11 @@
|
|
1135
1421
|
<param pos="1" name="os.version"/>
|
1136
1422
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
1137
1423
|
</fingerprint>
|
1424
|
+
|
1138
1425
|
<fingerprint pattern="Solaris (.*)">
|
1139
1426
|
<description>Solaris</description>
|
1140
1427
|
<!-- Seattle Community Network Sun Solaris 1.1.1.B\nPlease login as 'visitor' if you are a visitorn\n\nSunOS UNIX (scn)\n\n\nlogin:-->
|
1428
|
+
|
1141
1429
|
<example _encoding="base64" os.version="1.1.1.B">
|
1142
1430
|
U2VhdHRsZSBDb21tdW5pdHkgTmV0d29yayBTdW4gU29sYXJpcyAxLjEuMS5CClBsZWFzZSBsb2dpbiBhcyAndml
|
1143
1431
|
zaXRvcicgaWYgeW91IGFyZSBhIHZpc2l0b3IKCgpTdW5PUyBVTklYIChzY24pCgoKCmxvZ2luOg==
|
@@ -1148,9 +1436,11 @@
|
|
1148
1436
|
<param pos="1" name="os.version"/>
|
1149
1437
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
1150
1438
|
</fingerprint>
|
1439
|
+
|
1151
1440
|
<fingerprint pattern="^Digital UNIX \(([^)]+).*">
|
1152
1441
|
<description>Digital Unix</description>
|
1153
1442
|
<!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
|
1443
|
+
|
1154
1444
|
<example _encoding="base64" host.name="journal">
|
1155
1445
|
RGlnaXRhbCBVTklYIChqb3VybmFsKSAodHR5cDIpCgoKCmxvZ2luOiA=
|
1156
1446
|
</example>
|
@@ -1159,9 +1449,11 @@
|
|
1159
1449
|
<param pos="0" name="os.product" value="Digital Unix"/>
|
1160
1450
|
<param pos="1" name="host.name"/>
|
1161
1451
|
</fingerprint>
|
1452
|
+
|
1162
1453
|
<fingerprint pattern="^(?m)Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
|
1163
1454
|
<description>Compaq Tru64 UNIX V</description>
|
1164
1455
|
<!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
|
1456
|
+
|
1165
1457
|
<example _encoding="base64" os.version="5.1B" os.rev="2650">
|
1166
1458
|
Q29tcGFxIFRydTY0IFVOSVggVjUuMUIgKFJldi4gMjY1MCkgKGRvY2FscGhhKSAocHRzLzExKQoKCgoKCmxvZ2luOg==
|
1167
1459
|
</example>
|
@@ -1172,10 +1464,12 @@
|
|
1172
1464
|
<param pos="2" name="os.rev"/>
|
1173
1465
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
|
1174
1466
|
</fingerprint>
|
1467
|
+
|
1175
1468
|
<fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\)).*$">
|
1176
1469
|
<description>System HP-UX</description>
|
1177
1470
|
<!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
|
1178
|
-
|
1471
|
+
|
1472
|
+
<example _encoding="base64" host.name="ctout" os.version="11.11" hw.series="9000/800" hw.model="(tc)" hw.version="U">
|
1179
1473
|
SFAtVVggY3RvdXQgQi4xMS4xMSBVIDkwMDAvODAwICh0YykKCmxvZ2luOiA=
|
1180
1474
|
</example>
|
1181
1475
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1188,18 +1482,22 @@
|
|
1188
1482
|
<param pos="4" name="hw.series"/>
|
1189
1483
|
<param pos="5" name="hw.model"/>
|
1190
1484
|
</fingerprint>
|
1485
|
+
|
1191
1486
|
<fingerprint pattern="^Data ONTAP">
|
1192
1487
|
<description>A NetApp apliance</description>
|
1193
1488
|
<!-- Data ONTAP (s500.)\nlogin: -->
|
1489
|
+
|
1194
1490
|
<example _encoding="base64">RGF0YSBPTlRBUCAoczUwMC4pCmxvZ2luOiA=</example>
|
1195
1491
|
<param pos="0" name="os.vendor" value="NetApp"/>
|
1196
1492
|
<param pos="0" name="os.family" value="Data ONTAP"/>
|
1197
1493
|
<param pos="0" name="os.product" value="Data ONTAP"/>
|
1198
1494
|
<param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
|
1199
1495
|
</fingerprint>
|
1496
|
+
|
1200
1497
|
<fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
|
1201
1498
|
<description>OpenVMS</description>
|
1202
1499
|
<!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
|
1500
|
+
|
1203
1501
|
<example _encoding="base64" os.version="8.4">
|
1204
1502
|
IFdlbGNvbWUgdG8gT3BlblZNUyAoVE0pIEFscGhhIE9wZXJhdGluZyBTeXN0Z
|
1205
1503
|
W0sIFZlcnNpb24gVjguNCAgICAgLSBOT1Q3MAoKClVzZXJuYW1lOiA=
|
@@ -1209,9 +1507,11 @@
|
|
1209
1507
|
<param pos="0" name="os.product" value="VMS"/>
|
1210
1508
|
<param pos="1" name="os.version"/>
|
1211
1509
|
</fingerprint>
|
1510
|
+
|
1212
1511
|
<fingerprint pattern="^(?m)SCO OpenServer\(TM\) Release ([^ ]+).*$">
|
1213
1512
|
<description>SCO OpenServer</description>
|
1214
1513
|
<!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
|
1514
|
+
|
1215
1515
|
<example _encoding="base64" os.version="5">
|
1216
1516
|
U0NPIE9wZW5TZXJ2ZXIoVE0pIFJlbGVhc2UgNSAoYm9tZGlhLmNvLnphKSAodHR5cDYpCgpsb2dpbjo=
|
1217
1517
|
</example>
|
@@ -1220,9 +1520,11 @@
|
|
1220
1520
|
<param pos="0" name="os.product" value="OpenServer"/>
|
1221
1521
|
<param pos="1" name="os.version"/>
|
1222
1522
|
</fingerprint>
|
1523
|
+
|
1223
1524
|
<fingerprint pattern="^% Username: timeout expired!">
|
1224
1525
|
<description>Some kind of Cisco device</description>
|
1225
1526
|
<!-- % Username: timeout expired!-->
|
1527
|
+
|
1226
1528
|
<example _encoding="base64">
|
1227
1529
|
JSBVc2VybmFtZTogIHRpbWVvdXQgZXhwaXJlZCE=
|
1228
1530
|
</example>
|
@@ -1231,6 +1533,7 @@
|
|
1231
1533
|
<param pos="0" name="os.product" value="IOS"/>
|
1232
1534
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
|
1233
1535
|
</fingerprint>
|
1536
|
+
|
1234
1537
|
<fingerprint pattern="^Welcome to MKS Telnet Server Version">
|
1235
1538
|
<description>Windows running MKS Telnet Server</description>
|
1236
1539
|
<example _encoding="base64">
|
@@ -1241,15 +1544,18 @@
|
|
1241
1544
|
<param pos="0" name="os.product" value="Windows"/>
|
1242
1545
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1243
1546
|
</fingerprint>
|
1547
|
+
|
1244
1548
|
<fingerprint pattern="^Sorry, this system is engaged\.">
|
1245
1549
|
<description>an embedded print server</description>
|
1246
1550
|
<example>Sorry, this system is engaged.</example>
|
1247
1551
|
<param pos="0" name="os.vendor" value="Epson"/>
|
1248
1552
|
<param pos="0" name="os.device" value="Printer"/>
|
1249
1553
|
</fingerprint>
|
1554
|
+
|
1250
1555
|
<fingerprint pattern="^TELNET session now in ESTABLISHED state">
|
1251
1556
|
<description>an Allied Telesyn router</description>
|
1252
1557
|
<!-- TELNET session now in ESTABLISHED state\n\nGEO-003 login: -->
|
1558
|
+
|
1253
1559
|
<example _encoding="base64">
|
1254
1560
|
VEVMTkVUIHNlc3Npb24gbm93IGluIEVTVEFCTElTSEVEIHN0YXRlCgpHRU8tMDAzIGxvZ2luOiA=
|
1255
1561
|
</example>
|
@@ -1257,9 +1563,11 @@
|
|
1257
1563
|
<param pos="0" name="os.device" value="Router"/>
|
1258
1564
|
<param pos="0" name="os.product" value="Allied Telesyn router"/>
|
1259
1565
|
</fingerprint>
|
1566
|
+
|
1260
1567
|
<fingerprint pattern="^CONEXANT SYSTEMS.*ACCESS RUNNER ADSL">
|
1261
1568
|
<description>a Conexant ADSL router</description>
|
1262
1569
|
<!-- CONEXANT SYSTEMS, INC. ACCESS RUNNER ADSL CONSOLE PORT>>>LOGON PASSWORD>3.27****** -->
|
1570
|
+
|
1263
1571
|
<example _encoding="base64">
|
1264
1572
|
Q09ORVhBTlQgU1lTVEVNUywgSU5DLiBBQ0NFU1MgUlVOTkVSIEFEU0wgQ09OU09MRSBQ
|
1265
1573
|
T1JUPj4+TE9HT04gUEFTU1dPUkQ+My4yNyoqKioqKg==
|
@@ -1268,9 +1576,11 @@
|
|
1268
1576
|
<param pos="0" name="os.device" value="Broadband router"/>
|
1269
1577
|
<param pos="0" name="os.product" value="AccessRunner ADSL router"/>
|
1270
1578
|
</fingerprint>
|
1579
|
+
|
1271
1580
|
<fingerprint pattern="^System administrator is connecting from">
|
1272
1581
|
<description>a DrayTek Vigor SOHO Router</description>
|
1273
1582
|
<!-- System administrator is connecting from 54.39.173.86\n\nReject the connection request !!! -->
|
1583
|
+
|
1274
1584
|
<example _encoding="base64">
|
1275
1585
|
U3lzdGVtIGFkbWluaXN0cmF0b3IgaXMgY29ubmVjdGluZyBmcm9tIDU0LjM5LjE3My44NgoKUmVqZWN0IH
|
1276
1586
|
RoZSBjb25uZWN0aW9uIHJlcXVlc3QgISEh
|
@@ -1279,9 +1589,11 @@
|
|
1279
1589
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
1280
1590
|
<param pos="0" name="hw.product" value="Vigor"/>
|
1281
1591
|
</fingerprint>
|
1592
|
+
|
1282
1593
|
<fingerprint pattern=".*Version\s(\d*.\d*)\/OpenBSD.*">
|
1283
1594
|
<description>OpenBSD</description>
|
1284
1595
|
<!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
|
1596
|
+
|
1285
1597
|
<example _encoding="base64" os.version="6.4">
|
1286
1598
|
MjIwIGtpbGxlcjA5IEZUUCBzZXJ2ZXIgKFZlcnNpb24gNi40L09wZW5CU0QvTGludXgtZnRwZC0wLjE3KSByZWFkeS4K
|
1287
1599
|
</example>
|
@@ -1291,9 +1603,11 @@
|
|
1291
1603
|
<param pos="1" name="os.version"/>
|
1292
1604
|
<param pos="0" name="os.cpe23" value="cpe:/o:openbsd:openbsd:{os.version}"/>
|
1293
1605
|
</fingerprint>
|
1606
|
+
|
1294
1607
|
<fingerprint pattern="^FreeBSD\/([^\\s]+)\s+\(([^\s]+)\)">
|
1295
1608
|
<description>a FreeBSD</description>
|
1296
1609
|
<!-- FreeBSD/amd64 (ms.gymspgs.cz) (pts/0)\n\n\n\nlogin: -->
|
1610
|
+
|
1297
1611
|
<example _encoding="base64" os.arch="amd64" host.name="ms.gymspgs.cz">
|
1298
1612
|
RnJlZUJTRC9hbWQ2NCAobXMuZ3ltc3Bncy5jeikgKHB0cy8wKQoKCgpsb2dpbjo=
|
1299
1613
|
</example>
|
@@ -1304,9 +1618,11 @@
|
|
1304
1618
|
<param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
|
1305
1619
|
<param pos="2" name="host.name"/>
|
1306
1620
|
</fingerprint>
|
1621
|
+
|
1307
1622
|
<fingerprint pattern="^NetBSD">
|
1308
1623
|
<description>NetBSD</description>
|
1309
1624
|
<!-- NetBSD/evbsh3 (Fukuyama.Host_AKS_0555_WL-v2.60d) (ttyp1) -->
|
1625
|
+
|
1310
1626
|
<example _encoding="base64">
|
1311
1627
|
TmV0QlNEL21lc3NpbWlwcyAoKSAodHR5cDMpCgpsb2dpbjog
|
1312
1628
|
</example>
|
@@ -1315,9 +1631,11 @@
|
|
1315
1631
|
<param pos="0" name="os.product" value="NetBSD"/>
|
1316
1632
|
<param pos="0" name="os.cpe23" value="cpe:/o:netbsd:netbsd:-"/>
|
1317
1633
|
</fingerprint>
|
1634
|
+
|
1318
1635
|
<fingerprint pattern="^IRIX\W\((.*)\)">
|
1319
1636
|
<description>SGI IRIX</description>
|
1320
1637
|
<!-- IRIX (artemis.biol.uoa.gr)\n\n\n\nlogin: -->
|
1638
|
+
|
1321
1639
|
<example _encoding="base64" host.name="artemis.biol.uoa.gr">
|
1322
1640
|
SVJJWCAoYXJ0ZW1pcy5iaW9sLnVvYS5ncikKCgoKbG9naW46IA==
|
1323
1641
|
</example>
|
@@ -1327,12 +1645,15 @@
|
|
1327
1645
|
<param pos="0" name="os.cpe23" value="cpe:/o:sgi:irix:-"/>
|
1328
1646
|
<param pos="1" name="host.name"/>
|
1329
1647
|
</fingerprint>
|
1648
|
+
|
1330
1649
|
<fingerprint pattern="(?m)(ES|RS)\s([^\s]+) System Software, Version ([^\s]+).*Riverstone Networks" flags="REG_MULTILINE">
|
1331
1650
|
<description>a Riverstone router</description>
|
1332
1651
|
<!-- Using '+' instead of '-' due to xml issue -->
|
1652
|
+
|
1333
1653
|
<!-- ++++++++++++++++++++++++++++++++++\nES 10170 System Software, Version 9.3.0.4\n
|
1334
1654
|
Riverstone Networks, Inc., Copyright (c) 2000-2003. All rights reserved.\nSystem started on 2018-09-06 15:58:\n
|
1335
1655
|
+++++++++++++++++++++++++++++++++++++++ -->
|
1656
|
+
|
1336
1657
|
<example _encoding="base64" os.product="10170" os.version="9.3.0.4" os.family="ES">
|
1337
1658
|
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
|
1338
1659
|
S0tLS0tLQpFUyAxMDE3MCBTeXN0ZW0gU29mdHdhcmUsIFZlcnNpb24gOS4zLjAuNApSaXZlcnN0b25lIE5ldH
|
@@ -1343,6 +1664,7 @@
|
|
1343
1664
|
<!-- +++++++++++++++++++++++++++++++++++++++\nRS 10170 System Software, Version 9.3.0.5\n
|
1344
1665
|
Riverstone Networks, Inc., Copyright (c) 2000-2003. All rights reserved.\nSystem started on 2018-09-06 15:58:\n
|
1345
1666
|
+++++++++++++++++++++++++++++++++++++++ -->
|
1667
|
+
|
1346
1668
|
<example _encoding="base64" os.product="8000" os.version="9.3.0.5" os.family="RS">
|
1347
1669
|
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
|
1348
1670
|
S0tLS0tLQpSUyA4MDAwIFN5c3RlbSBTb2Z0d2FyZSwgVmVyc2lvbiA5LjMuMC41ClJpdmVyc3RvbmUgTmV0d2
|
@@ -1356,6 +1678,7 @@
|
|
1356
1678
|
<param pos="2" name="os.product"/>
|
1357
1679
|
<param pos="3" name="os.version"/>
|
1358
1680
|
</fingerprint>
|
1681
|
+
|
1359
1682
|
<fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
|
1360
1683
|
<description>HP ProCurve Switch</description>
|
1361
1684
|
<!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
|
@@ -1366,6 +1689,7 @@
|
|
1366
1689
|
Software feature updates\n* New product announcements\n* Special events\n\n\nPlease register your
|
1367
1690
|
products now at: www.ProCurve.com\n==============================================================================\n
|
1368
1691
|
\n\nUsername: -->
|
1692
|
+
|
1369
1693
|
<example _encoding="base64" os.product="J4121A">
|
1370
1694
|
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09P
|
1371
1695
|
T09PT09PT09PT09PT09PT09PT09PT09CkhQIEo0MTIxQSBQcm9DdXJ2ZSBTd2l0Y2ggNDAwME
|
@@ -1389,11 +1713,13 @@
|
|
1389
1713
|
<param pos="0" name="os.device" value="Switch"/>
|
1390
1714
|
<param pos="1" name="os.product"/>
|
1391
1715
|
</fingerprint>
|
1716
|
+
|
1392
1717
|
<fingerprint pattern="^(?m).*ConnectUPS">
|
1393
1718
|
<description>PowerWare ConnectUPS</description>
|
1394
1719
|
<!-- +============================================================================+\n| [ ConnectUPS Web/SNMP
|
1395
1720
|
Card Configuration Utility ] |\n+============================================================================+\n
|
1396
1721
|
\nEnter Password: -->
|
1722
|
+
|
1397
1723
|
<example _encoding="base64">
|
1398
1724
|
Kz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0
|
1399
1725
|
9PT09PT09PT09PT09PT0rCnwgICAgICAgICAgICBbIENvbm5lY3RVUFMgV2ViL1NOTVAgQ2FyZCBDb25maW
|
@@ -1406,9 +1732,11 @@
|
|
1406
1732
|
<param pos="0" name="os.device" value="UPS"/>
|
1407
1733
|
<param pos="0" name="os.product" value="ConnectUPS"/>
|
1408
1734
|
</fingerprint>
|
1735
|
+
|
1409
1736
|
<fingerprint pattern="^Imagistics.*im">
|
1410
1737
|
<description>an Imagistics device</description>
|
1411
1738
|
<!-- Imagistics im3511/im4511 Ver 01.00.20 TELNET server.\nCopyright(c) 2001-2005, silex technology, Inc.\nlogin: -->
|
1739
|
+
|
1412
1740
|
<example _encoding="base64">
|
1413
1741
|
SW1hZ2lzdGljcyBpbTM1MTEvaW00NTExIFZlciAwMS4wMC4yMCBURUxORVQgc2VydmVyLgpDb3B5cmlnaH
|
1414
1742
|
QoYykgMjAwMS0yMDA1LCBzaWxleCB0ZWNobm9sb2d5LCBJbmMuCmxvZ2luOiA=
|
@@ -1418,9 +1746,11 @@
|
|
1418
1746
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
1419
1747
|
<param pos="0" name="os.product" value="im"/>
|
1420
1748
|
</fingerprint>
|
1749
|
+
|
1421
1750
|
<fingerprint pattern="^NRG Maintenance Shell">
|
1422
1751
|
<description>a Ricoh NRG device</description>
|
1423
1752
|
<!-- NRG Maintenance Shell. \nUser access verification.\nlogin: -->
|
1753
|
+
|
1424
1754
|
<example _encoding="base64">
|
1425
1755
|
TlJHIE1haW50ZW5hbmNlIFNoZWxsLiAgIAoKVXNlciBhY2Nlc3MgdmVyaWZpY2F0aW9uLgoKbG9naW46
|
1426
1756
|
</example>
|
@@ -1428,9 +1758,11 @@
|
|
1428
1758
|
<param pos="0" name="os.device" value="Printer"/>
|
1429
1759
|
<param pos="0" name="os.product" value="NRG Printer"/>
|
1430
1760
|
</fingerprint>
|
1761
|
+
|
1431
1762
|
<fingerprint pattern="^SHARP (AR-[^\\s]+) Ver ([^\\s]+) TELNET server">
|
1432
1763
|
<description>SHARP AR Series multifunction device</description>
|
1433
1764
|
<!-- SHARP AR-M351U Ver 01.00.18 TELNET server.\nCopyright(c) 2001-2005, silex technology, Inc.\nlogin: -->
|
1765
|
+
|
1434
1766
|
<example _encoding="base64" os.product="AR-M351U" os.version="01.00.18">
|
1435
1767
|
U0hBUlAgQVItTTM1MVUgVmVyIDAxLjAwLjE4IFRFTE5FVCBzZXJ2ZXIuCkNvcHlyaWdodChjKSAyMDAx
|
1436
1768
|
LTIwMDUsIHNpbGV4IHRlY2hub2xvZ3ksIEluYy4KbG9naW46IA==
|
@@ -1441,10 +1773,12 @@
|
|
1441
1773
|
<param pos="1" name="os.product"/>
|
1442
1774
|
<param pos="2" name="os.version"/>
|
1443
1775
|
</fingerprint>
|
1776
|
+
|
1444
1777
|
<fingerprint pattern="^SHARP (MX-[^\\s]+) Ver ([^\\s]+) TELNET server">
|
1445
1778
|
<description>SHARP MX Series multifunction device</description>
|
1446
1779
|
<!-- SHARP MX-3610N Ver 01.05.00.0o.18 TELNET server.\nCopyright(C) 2005- SHARP CORPORATION\nCopyright(C) 2005-
|
1447
1780
|
silex technology, Inc.\nlogin: -->
|
1781
|
+
|
1448
1782
|
<example _encoding="base64" os.product="MX-3610N" os.version="01.05.00.0o.18">
|
1449
1783
|
U0hBUlAgTVgtMzYxME4gVmVyIDAxLjA1LjAwLjBvLjE4IFRFTE5FVCBzZXJ2ZXIuCkNvcHlyaWdodC
|
1450
1784
|
hDKSAyMDA1LSAgICAgU0hBUlAgQ09SUE9SQVRJT04KQ29weXJpZ2h0KEMpIDIwMDUtICAgICBzaWxl
|
@@ -1456,11 +1790,13 @@
|
|
1456
1790
|
<param pos="1" name="os.product"/>
|
1457
1791
|
<param pos="2" name="os.version"/>
|
1458
1792
|
</fingerprint>
|
1793
|
+
|
1459
1794
|
<fingerprint pattern="^(?m).*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
|
1460
1795
|
<description>System is a Buffalo/MELCO Embedded Print Server</description>
|
1461
1796
|
<!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
|
1462
1797
|
\n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
|
1463
1798
|
Uptime: 0 days, 00: 00: 12\n \nPlease Enter Password:"-->
|
1799
|
+
|
1464
1800
|
<example _encoding="base64" os.version="2.00" host.id="PS-B04E8E" os.model="LPV" os.address="AE 32 EA 21 BB E3">
|
1465
1801
|
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiogV2VsY29tZSB0byBNRUxDTyBQc
|
1466
1802
|
mludCBTZXJ2ZXIgKlxuKiBUZWxuZXQgQ29uc29sZSAqXG4qKioqKioqKioqKioqKioqKioqKioqKi
|
@@ -1477,9 +1813,11 @@
|
|
1477
1813
|
<param pos="3" name="os.version"/>
|
1478
1814
|
<param pos="4" name="os.address"/>
|
1479
1815
|
</fingerprint>
|
1816
|
+
|
1480
1817
|
<fingerprint pattern="^(?m)AIX Version\W(\d).*">
|
1481
1818
|
<description>System is IBM AIX v</description>
|
1482
1819
|
<!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
|
1820
|
+
|
1483
1821
|
<example _encoding="base64" os.version="6">
|
1484
1822
|
QUlYIFZlcnNpb24gNgpDb3B5cmlnaHQgSUJNIENvcnBvcmF0aW9uLCAxOTgyLCAyMDA3Lgpsb2dpbjogCg==
|
1485
1823
|
</example>
|
@@ -1489,9 +1827,11 @@
|
|
1489
1827
|
<param pos="1" name="os.version"/>
|
1490
1828
|
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
|
1491
1829
|
</fingerprint>
|
1830
|
+
|
1492
1831
|
<fingerprint pattern="^(?m)CIMC Debug Firmware Utility Shell\W([^\s]+).*">
|
1493
1832
|
<description>System is Cisco UCS Device</description>
|
1494
1833
|
<!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
|
1834
|
+
|
1495
1835
|
<example _encoding="base64" host.name="fake-ucs-device-3-1-p">
|
1496
1836
|
Q0lNQyBEZWJ1ZyBGaXJtd2FyZSBVdGlsaXR5IFNoZWxsCmZha2UtdWNzLWRldmljZS0zLTEtcCBsb2dpbjogCg==
|
1497
1837
|
</example>
|
@@ -1501,6 +1841,7 @@
|
|
1501
1841
|
<param pos="0" name="os.product" value="UCS Device"/>
|
1502
1842
|
<param pos="1" name="host.name"/>
|
1503
1843
|
</fingerprint>
|
1844
|
+
|
1504
1845
|
<fingerprint pattern="^(?m)HP ProLiant.*v(\d+.\d+)">
|
1505
1846
|
<description>Sytem is HP ProLiant server</description>
|
1506
1847
|
<!-- HP ProLiant BL e-Class Integrated Administrator v2.00
|
@@ -1509,6 +1850,7 @@
|
|
1509
1850
|
authorized user. Any authorized or unauthorized access and use may be moni-
|
1510
1851
|
tored and can result in criminal or civil prosecution under applicable law.
|
1511
1852
|
IA-00508BEBAA59 login: -->
|
1853
|
+
|
1512
1854
|
<example _encoding="base64" os.version="2.00">
|
1513
1855
|
SFAgUHJvTGlhbnQgQkwgZS1DbGFzcyBJbnRlZ3JhdGVkIEFkbWluaXN0cmF0b3IgdjIuMDAKICAgICAgI
|
1514
1856
|
CAgQ29weXJpZ2h0IDIwMDUgSGV3bGV0dC1QYWNrYXJkIERldmVsb3BtZW50IEdyb3VwLCBMLlAuCgogIC
|
@@ -1526,11 +1868,12 @@
|
|
1526
1868
|
<param pos="0" name="os.product" value="ProLiant"/>
|
1527
1869
|
<param pos="1" name="os.version"/>
|
1528
1870
|
</fingerprint>
|
1871
|
+
|
1529
1872
|
<fingerprint pattern="^Power Measurement Ltd. Meter ION ([[:alnum:]]+)">
|
1530
1873
|
<!-- Power Measurement Ltd. Meter ION 7330V271 ETH ETH7330V272
|
1531
1874
|
Serial#: PB-0204A058-11
|
1532
|
-
|
1533
1875
|
login: -->
|
1876
|
+
|
1534
1877
|
<description>Power Measurement ION Power Meter</description>
|
1535
1878
|
<example _encoding="base64" hw.vendor="Power Measurement Ltd." hw.family="ION" hw.version="7330V271">
|
1536
1879
|
UG93ZXIgTWVhc3VyZW1lbnQgTHRkLiBNZXRlciBJT04gNzMzMFYyNzEgRVRIIEVUSDczMzBWMjcyCg1TZ
|
@@ -1540,10 +1883,12 @@
|
|
1540
1883
|
<param pos="0" name="hw.family" value="ION"/>
|
1541
1884
|
<param pos="1" name="hw.version"/>
|
1542
1885
|
</fingerprint>
|
1886
|
+
|
1543
1887
|
<fingerprint pattern="^GW25 v([[:digit:]\.]+) - Intelligent Power Meters GPRS Gateway[[:space:]]+Developed by Satelitech">
|
1544
1888
|
<!-- GW25 v1.2.1 - Intelligent Power Meters GPRS Gateway
|
1545
1889
|
Developed by Satelitech S.A for ESG Dilec
|
1546
1890
|
Enter password: -->
|
1891
|
+
|
1547
1892
|
<description>Satelitech Power Meter</description>
|
1548
1893
|
<example _encoding="base64" hw.vendor="Satelitech" hw.family="GW25" hw.version="1.2.1">
|
1549
1894
|
R1cyNSB2MS4yLjEgLSBJbnRlbGxpZ2VudCBQb3dlciBNZXRlcnMgR1BSUyBHYXRld2F5Cg1EZXZlbG9wZ
|
@@ -1553,38 +1898,48 @@
|
|
1553
1898
|
<param pos="0" name="hw.family" value="GW25"/>
|
1554
1899
|
<param pos="1" name="hw.version"/>
|
1555
1900
|
</fingerprint>
|
1556
|
-
<fingerprint pattern="^RDK \(A Yocto Project based Distro\) ([^ ]+) Docsis-Gateway">
|
1557
|
-
<!-- RDK (A Yocto Project based Distro) 2.0 Docsis-Gateway
|
1558
1901
|
|
1559
|
-
|
1902
|
+
<fingerprint pattern="^RDK \(A Yocto Project based Distro\) ([^ ]+) (?:Docsis-Gateway|Business)">
|
1560
1903
|
<description>DOCSIS Cable Modem Running RDK</description>
|
1904
|
+
<!-- RDK (A Yocto Project based Distro) 2.0 Docsis-Gateway
|
1905
|
+
Docsis-Gateway login: -->
|
1906
|
+
|
1907
|
+
<example _encoding="base64" hw.device="DOCSIS Cable Modem" os.vendor="Yocto" os.product="RDK" os.version="2.0">
|
1908
|
+
UkRLIChBIFlvY3RvIFByb2plY3QgYmFzZWQgRGlzdHJvKSAyLjAgRG9jc2lzLUdhdGV3YXkNC
|
1909
|
+
g0NCg1Eb2NzaXMtR2F0ZXdheSBsb2dpbjo=
|
1910
|
+
</example>
|
1911
|
+
<!-- RDK (A Yocto Project based Distro) 2.0 Business\r\n\r\r\n\rBusiness login: -->
|
1912
|
+
|
1561
1913
|
<example _encoding="base64" hw.device="DOCSIS Cable Modem" os.vendor="Yocto" os.product="RDK" os.version="2.0">
|
1562
|
-
|
1563
|
-
|
1914
|
+
UkRLIChBIFlvY3RvIFByb2plY3QgYmFzZWQgRGlzdHJvKSAyLjAgQnVzaW5lc3MNCg0NCg1Cd
|
1915
|
+
XNpbmVzcyBsb2dpbjoK
|
1564
1916
|
</example>
|
1565
1917
|
<param pos="0" name="hw.device" value="DOCSIS Cable Modem"/>
|
1566
1918
|
<param pos="0" name="os.vendor" value="Yocto"/>
|
1567
1919
|
<param pos="0" name="os.product" value="RDK"/>
|
1568
1920
|
<param pos="1" name="os.version"/>
|
1569
1921
|
</fingerprint>
|
1922
|
+
|
1570
1923
|
<fingerprint pattern="^RICOH Maintenance Shell">
|
1571
1924
|
<description>a Ricoh device</description>
|
1572
1925
|
<!-- RICOH Maintenance Shell.
|
1573
1926
|
User access verification.
|
1574
1927
|
login:-->
|
1928
|
+
|
1575
1929
|
<example _encoding="base64">
|
1576
1930
|
UklDT0ggTWFpbnRlbmFuY2UgU2hlbGwuICAgCg1Vc2VyIGFjY2VzcyB2ZXJpZmljYXRpb24uCg1sb2dpbjo=
|
1577
1931
|
</example>
|
1578
1932
|
<param pos="0" name="os.vendor" value="Ricoh"/>
|
1579
1933
|
<param pos="0" name="os.device" value="Printer"/>
|
1580
1934
|
</fingerprint>
|
1935
|
+
|
1581
1936
|
<fingerprint pattern="Precise/RTCS v([\d\.]+) Telnet server">
|
1582
1937
|
<description>Liebert UPS</description>
|
1583
1938
|
<!-- Precise/RTCS v2.90.00 Telnet server
|
1584
1939
|
Service Port Manager Active
|
1585
|
-
|
1586
1940
|
<Esc> Ends Session
|
1587
1941
|
-->
|
1942
|
+
|
1588
1943
|
<example _encoding="base64" os.version="2.90.00">
|
1589
1944
|
UHJlY2lzZS9SVENTIHYyLjkwLjAwIFRlbG5ldCBzZXJ2ZXIKCgpTZXJ2aWNlIFBvcnQgTWFuYWdlciBBY3RpdmUKCjxFc2M+IEVuZHMgU2Vzc2lvbgoKroot
|
1590
1945
|
</example>
|
@@ -1594,4 +1949,120 @@
|
|
1594
1949
|
<param pos="0" name="os.vendor" value="Liebert"/>
|
1595
1950
|
<param pos="1" name="os.version"/>
|
1596
1951
|
</fingerprint>
|
1597
|
-
|
1952
|
+
|
1953
|
+
<fingerprint pattern="^KeeneticOS version ([\w.-]+), copyright">
|
1954
|
+
<description>Keentic KeeneticOS</description>
|
1955
|
+
<!-- KeeneticOS version 3.04.C.6.0-0, copyright (c) 2010-2020 Keenetic Ltd.\r\n\r\nLogin: -->
|
1956
|
+
|
1957
|
+
<example _encoding="base64" os.version="3.04.C.6.0-0">
|
1958
|
+
S2VlbmV0aWNPUyB2ZXJzaW9uIDMuMDQuQy42LjAtMCwgY29weXJpZ2h0IChjKSAyMDEwLTIwM
|
1959
|
+
jAgS2VlbmV0aWMgTHRkLg0KDQpMb2dpbjoK
|
1960
|
+
</example>
|
1961
|
+
<param pos="0" name="hw.device" value="Router"/>
|
1962
|
+
<param pos="0" name="hw.vendor" value="Keenetic"/>
|
1963
|
+
<param pos="0" name="os.device" value="Router"/>
|
1964
|
+
<param pos="0" name="os.vendor" value="Keenetic"/>
|
1965
|
+
<param pos="0" name="os.product" value="KeeneticOS"/>
|
1966
|
+
<param pos="1" name="os.version"/>
|
1967
|
+
</fingerprint>
|
1968
|
+
|
1969
|
+
<fingerprint pattern="^\**(?:\r|\n)+\* Copyright \(c\) \d\d\d\d-\d\d\d\d New H3C Technologies Co., Ltd. All rights reserved.\*(?:\r|\n)+\* Without the owner's prior written consent,\s+\*(?:\r|\n)+\* no decompiling or reverse-engineering shall be allowed.\s+\*(?:\r|\n)+\*+(?:\r|\n)+login:\s*$">
|
1970
|
+
<description>Generic H3C Technologies banner</description>
|
1971
|
+
<!-- ******************************************************************************\r\n* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*\r\n* Without the owner's prior written consent, *\r\n* no decompiling or reverse-engineering shall be allowed. *\r\n******************************************************************************\r\n\r\nlogin: -->
|
1972
|
+
|
1973
|
+
<example _encoding="base64">
|
1974
|
+
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqK
|
1975
|
+
ioqKioqKioqKioqKioqKioqKioqKioqDQoqIENvcHlyaWdodCAoYykgMjAwNC0yMDE3IE5ldy
|
1976
|
+
BIM0MgVGVjaG5vbG9naWVzIENvLiwgTHRkLiBBbGwgcmlnaHRzIHJlc2VydmVkLioNCiogV2l
|
1977
|
+
0aG91dCB0aGUgb3duZXIncyBwcmlvciB3cml0dGVuIGNvbnNlbnQsICAgICAgICAgICAgICAg
|
1978
|
+
ICAgICAgICAgICAgICAgICAgKg0KKiBubyBkZWNvbXBpbGluZyBvciByZXZlcnNlLWVuZ2luZ
|
1979
|
+
WVyaW5nIHNoYWxsIGJlIGFsbG93ZWQuICAgICAgICAgICAgICAgICAgICAqDQoqKioqKioqKi
|
1980
|
+
oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKio
|
1981
|
+
qKioqKioqKioqKioqKioNCg0KbG9naW46Cg==
|
1982
|
+
</example>
|
1983
|
+
<param pos="0" name="hw.vendor" value="H3C"/>
|
1984
|
+
<param pos="0" name="os.vendor" value="H3C"/>
|
1985
|
+
</fingerprint>
|
1986
|
+
|
1987
|
+
<fingerprint pattern="Telnet Administration (?:\r|\n)+ SAP J2EE Engine v([\d.]+)(?:\r|\n)+">
|
1988
|
+
<description>SAP NetWeaver Application Server Java telnet service</description>
|
1989
|
+
<!-- ***********************************************
|
1990
|
+
**********************************************
|
1991
|
+
****###*******####*****#######**************
|
1992
|
+
**##***##****##**##****##****##************
|
1993
|
+
***##*******##****##***##****##**********
|
1994
|
+
*****##*****########***######***********
|
1995
|
+
******##****##****##***##*************
|
1996
|
+
**##***##**##******##**##************
|
1997
|
+
****###****##******##**##**********
|
1998
|
+
**********************************
|
1999
|
+
********************************
|
2000
|
+
Telnet Administration
|
2001
|
+
SAP J2EE Engine v7.00
|
2002
|
+
Login:
|
2003
|
+
-->
|
2004
|
+
|
2005
|
+
<example _encoding="base64" service.version="7.00">
|
2006
|
+
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKi
|
2007
|
+
oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKiojIyMq
|
2008
|
+
KioqKioqIyMjIyoqKioqIyMjIyMjIyoqKioqKioqKioqKioqIAogICAqKiMjKioqIyMqKioqIy
|
2009
|
+
MqKiMjKioqKiMjKioqKiMjKioqKioqKioqKioqIAogICAqKiojIyoqKioqKiojIyoqKiojIyoq
|
2010
|
+
KiMjKioqKiMjKioqKioqKioqKiAKICAgKioqKiojIyoqKioqIyMjIyMjIyMqKiojIyMjIyMqKi
|
2011
|
+
oqKioqKioqKiAKICAgKioqKioqIyMqKioqIyMqKioqIyMqKiojIyoqKioqKioqKioqKiogCiAg
|
2012
|
+
ICoqIyMqKiojIyoqIyMqKioqKiojIyoqIyMqKioqKioqKioqKiogCiAgICoqKiojIyMqKioqIy
|
2013
|
+
MqKioqKiojIyoqIyMqKioqKioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioq
|
2014
|
+
KioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiAKCiAgIFRlbG5ldC
|
2015
|
+
BBZG1pbmlzdHJhdGlvbiAKICAgU0FQIEoyRUUgRW5naW5lIHY3LjAwCgoKCkxvZ2luOgo=
|
2016
|
+
</example>
|
2017
|
+
<param pos="0" name="service.vendor" value="SAP"/>
|
2018
|
+
<param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
|
2019
|
+
<param pos="0" name="service.family" value="NetWeaver"/>
|
2020
|
+
<param pos="1" name="service.version"/>
|
2021
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
|
2022
|
+
<param pos="0" name="service.component.vendor" value="SAP"/>
|
2023
|
+
<param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
|
2024
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
|
2025
|
+
</fingerprint>
|
2026
|
+
|
2027
|
+
<fingerprint pattern="Telnet Administration (?:\r|\n)+ SAP Java EE Application Server v([\d.]+)(?:\r|\n)+">
|
2028
|
+
<description>SAP NetWeaver Application Server Java telnet service - newer variant</description>
|
2029
|
+
<!-- ***********************************************
|
2030
|
+
**********************************************
|
2031
|
+
****###*******####*****#######**************
|
2032
|
+
**##***##****##**##****##****##************
|
2033
|
+
***##*******##****##***##****##**********
|
2034
|
+
*****##*****########***######***********
|
2035
|
+
******##****##****##***##*************
|
2036
|
+
**##***##**##******##**##************
|
2037
|
+
****###****##******##**##**********
|
2038
|
+
**********************************
|
2039
|
+
********************************
|
2040
|
+
Telnet Administration
|
2041
|
+
SAP Java EE Application Server v7.50
|
2042
|
+
User name:
|
2043
|
+
-->
|
2044
|
+
|
2045
|
+
<example _encoding="base64" service.version="7.50">
|
2046
|
+
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKi
|
2047
|
+
oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKiojIyMq
|
2048
|
+
KioqKioqIyMjIyoqKioqIyMjIyMjIyoqKioqKioqKioqKioqIAogICAqKiMjKioqIyMqKioqIy
|
2049
|
+
MqKiMjKioqKiMjKioqKiMjKioqKioqKioqKioqIAogICAqKiojIyoqKioqKiojIyoqKiojIyoq
|
2050
|
+
KiMjKioqKiMjKioqKioqKioqKiAKICAgKioqKiojIyoqKioqIyMjIyMjIyMqKiojIyMjIyMqKi
|
2051
|
+
oqKioqKioqKiAKICAgKioqKioqIyMqKioqIyMqKioqIyMqKiojIyoqKioqKioqKioqKiogCiAg
|
2052
|
+
ICoqIyMqKiojIyoqIyMqKioqKiojIyoqIyMqKioqKioqKioqKiogCiAgICoqKiojIyMqKioqIy
|
2053
|
+
MqKioqKiojIyoqIyMqKioqKioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioq
|
2054
|
+
KioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiAKCiAgIFRlbG5ldC
|
2055
|
+
BBZG1pbmlzdHJhdGlvbiAKICAgU0FQIEphdmEgRUUgQXBwbGljYXRpb24gU2VydmVyIHY3LjUw
|
2056
|
+
CgoKVXNlciBuYW1lOgo=
|
2057
|
+
</example>
|
2058
|
+
<param pos="0" name="service.vendor" value="SAP"/>
|
2059
|
+
<param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
|
2060
|
+
<param pos="0" name="service.family" value="NetWeaver"/>
|
2061
|
+
<param pos="1" name="service.version"/>
|
2062
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
|
2063
|
+
<param pos="0" name="service.component.vendor" value="SAP"/>
|
2064
|
+
<param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
|
2065
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
|
2066
|
+
</fingerprint>
|
2067
|
+
|
2068
|
+
</fingerprints>
|