recog 2.3.8 → 2.3.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/cpe-remap.yaml +18 -2
  8. data/identifiers/README.md +9 -0
  9. data/identifiers/hw_device.txt +77 -0
  10. data/identifiers/hw_family.txt +96 -0
  11. data/identifiers/hw_product.txt +328 -0
  12. data/identifiers/os_architecture.txt +6 -6
  13. data/identifiers/os_device.txt +45 -3
  14. data/identifiers/os_family.txt +206 -41
  15. data/identifiers/os_product.txt +238 -17
  16. data/identifiers/service_family.txt +144 -57
  17. data/identifiers/service_product.txt +385 -83
  18. data/identifiers/vendor.txt +554 -68
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +3 -0
  22. data/xml/apache_modules.xml +292 -5
  23. data/xml/apache_os.xml +41 -2
  24. data/xml/architecture.xml +11 -3
  25. data/xml/dns_versionbind.xml +191 -15
  26. data/xml/favicons.xml +1701 -0
  27. data/xml/ftp_banners.xml +250 -18
  28. data/xml/h323_callresp.xml +112 -12
  29. data/xml/hp_pjl_id.xml +47 -5
  30. data/xml/html_title.xml +1278 -25
  31. data/xml/http_cookies.xml +64 -9
  32. data/xml/http_servers.xml +1013 -96
  33. data/xml/http_wwwauth.xml +141 -26
  34. data/xml/imap_banners.xml +62 -13
  35. data/xml/ldap_searchresult.xml +81 -9
  36. data/xml/mdns_device-info_txt.xml +175 -2
  37. data/xml/mdns_workstation_txt.xml +4 -2
  38. data/xml/mysql_banners.xml +134 -7
  39. data/xml/mysql_error.xml +113 -6
  40. data/xml/nntp_banners.xml +10 -2
  41. data/xml/ntp_banners.xml +80 -4
  42. data/xml/operating_system.xml +89 -3
  43. data/xml/pop_banners.xml +87 -33
  44. data/xml/rsh_resp.xml +11 -2
  45. data/xml/rtsp_servers.xml +22 -2
  46. data/xml/sip_banners.xml +35 -4
  47. data/xml/sip_user_agents.xml +29 -2
  48. data/xml/smb_native_lm.xml +10 -2
  49. data/xml/smb_native_os.xml +79 -2
  50. data/xml/smtp_banners.xml +230 -9
  51. data/xml/smtp_debug.xml +6 -4
  52. data/xml/smtp_ehlo.xml +7 -5
  53. data/xml/smtp_expn.xml +13 -4
  54. data/xml/smtp_help.xml +23 -4
  55. data/xml/smtp_mailfrom.xml +5 -2
  56. data/xml/smtp_noop.xml +6 -5
  57. data/xml/smtp_quit.xml +5 -4
  58. data/xml/smtp_rcptto.xml +5 -2
  59. data/xml/smtp_rset.xml +4 -4
  60. data/xml/smtp_turn.xml +4 -4
  61. data/xml/smtp_vrfy.xml +14 -4
  62. data/xml/snmp_sysdescr.xml +733 -25
  63. data/xml/snmp_sysobjid.xml +47 -2
  64. data/xml/ssh_banners.xml +182 -8
  65. data/xml/telnet_banners.xml +493 -22
  66. data/xml/x11_banners.xml +26 -3
  67. data/xml/x509_issuers.xml +30 -6
  68. data/xml/x509_subjects.xml +200 -31
  69. metadata +8 -2
@@ -1,53 +1,63 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="telnet" database_type="service" preference=".80">
3
3
  <!--
4
4
  TELNET banners with CR/LF/whitespace trimmed from either end.
5
5
  Examples with CR, LF, etc must be base64 encoded in order to past tests.
6
6
  Please follow the style established below.
7
7
  -->
8
+
8
9
  <!--
9
10
  The following 'assert nothing' block is intended to handle banners so simple
10
11
  that they cannot be attributed to a product or vendor. They are at the
11
12
  beginning of the file as a performance tweak given how frequenty they occur.
12
-
13
13
  NOTE:
14
14
  Due to the multi-line nature of TELNET banners the regex are leveraging \A
15
15
  instead of ^ to prevent matching in the beginning of a 'line' (^) instead of
16
16
  at the beginning of the string (\A). This has been verified to work with
17
17
  Ruby, Python, Java, and Golang.
18
18
  -->
19
+
19
20
  <fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
20
21
  <description>bare 'login:' -- assert nothing.</description>
21
22
  <example>login:</example>
22
23
  </fingerprint>
24
+
23
25
  <fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
24
26
  <description>bare 'Username:' -- assert nothing.</description>
25
27
  <example>Username:</example>
26
28
  <example>User:</example>
27
29
  </fingerprint>
30
+
28
31
  <fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
29
32
  <description>bare 'Password:' -- assert nothing.</description>
30
33
  <example>Password:</example>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
33
37
  <description>bare 'Account:' -- assert nothing.</description>
34
38
  <example>Account:</example>
35
39
  </fingerprint>
40
+
36
41
  <fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
37
42
  <description>bare 'Connection refused' -- assert nothing.</description>
38
43
  <example>Connection refused</example>
39
44
  </fingerprint>
45
+
40
46
  <!-- end of assert nothing block -->
47
+
41
48
  <fingerprint pattern="^(?:\r|\n)*User Access Verification(?:\r|\n)+(?:Username|Password):\s*$">
42
49
  <description>Cisco switch or router - user access variant</description>
43
50
  <!-- User Access Verification\r\n\r\nUsername: -->
51
+
44
52
  <example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClVzZXJuYW1lOgo=</example>
45
53
  <!-- User Access Verification\r\n\r\nPassword: -->
54
+
46
55
  <example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClBhc3N3b3JkOgo=</example>
47
56
  <param pos="0" name="service.vendor" value="Cisco"/>
48
57
  <param pos="0" name="os.vendor" value="Cisco"/>
49
58
  <param pos="0" name="hw.vendor" value="Cisco"/>
50
59
  </fingerprint>
60
+
51
61
  <fingerprint pattern="^(?:\r|\n)*Password required, but none set(?:\r|\n)*$">
52
62
  <description>Cisco switch or router - password not set variant</description>
53
63
  <example>Password required, but none set</example>
@@ -55,16 +65,24 @@
55
65
  <param pos="0" name="os.vendor" value="Cisco"/>
56
66
  <param pos="0" name="hw.vendor" value="Cisco"/>
57
67
  </fingerprint>
58
- <fingerprint pattern="^(?:\r|\n)*MikroTik v([\w.]+)(?: \(\w+\))?(?:\r|\n)+Login:\s*$">
68
+
69
+ <fingerprint pattern="^(?:\r|\n)*MikroTik v([\w.]+)(?: \([\w-]+\))?(?:\r|\n)+Login:\s*$">
59
70
  <description>MikroTik RouterOS</description>
60
71
  <!-- MikroTik v5.2\r\nLogin: -->
72
+
61
73
  <example _encoding="base64" os.version="5.2">TWlrcm9UaWsgdjUuMg0KTG9naW46Cg==</example>
62
74
  <!-- MikroTik v6.42.3 (stable)\r\nLogin: -->
75
+
63
76
  <example _encoding="base64" os.version="6.42.3">TWlrcm9UaWsgdjYuNDIuMyAoc3RhYmxlKQ0KTG9naW46Cg==</example>
64
77
  <!-- MikroTik v6.40.8 (bugfix)\r\nLogin: -->
78
+
65
79
  <example _encoding="base64" os.version="6.40.8">TWlrcm9UaWsgdjYuNDAuOCAoYnVnZml4KQ0KTG9naW46Cg==</example>
66
80
  <!-- MikroTik v6.36rc12 (testing)\r\nLogin: -->
81
+
67
82
  <example _encoding="base64" os.version="6.36rc12">TWlrcm9UaWsgdjYuMzZyYzEyICh0ZXN0aW5nKQ0KTG9naW46Cg==</example>
83
+ <!-- MikroTik v6.42.9 (long-term)\r\nLogin: -->
84
+
85
+ <example _encoding="base64" os.version="6.42.9">TWlrcm9UaWsgdjYuNDIuOSAobG9uZy10ZXJtKQ0KTG9naW46Cg==</example>
68
86
  <param pos="0" name="os.vendor" value="MikroTik"/>
69
87
  <param pos="0" name="os.device" value="Router"/>
70
88
  <param pos="0" name="os.product" value="RouterOS"/>
@@ -73,13 +91,17 @@
73
91
  <param pos="0" name="hw.vendor" value="MikroTik"/>
74
92
  <param pos="0" name="hw.device" value="Router"/>
75
93
  </fingerprint>
94
+
76
95
  <fingerprint pattern="^(?:\r|\n)?ZXHN (\w+)(?: V([\d.]+))?(?:\r|\n)*Login:\s*$">
77
96
  <description>ZTE ZXHN router</description>
78
97
  <!-- ZXHN H108N\r\nLogin: -->
98
+
79
99
  <example _encoding="base64" hw.product="H108N">WlhITiBIMTA4Tg0KTG9naW46Cg==</example>
80
100
  <!-- ZXHN H298A V1.1\r\nLogin: -->
101
+
81
102
  <example _encoding="base64" hw.product="H298A" hw.version="1.1">WlhITiBIMjk4QSBWMS4xDQpMb2dpbjoK</example>
82
103
  <!-- ZXHN H367N\r\n\rLogin: -->
104
+
83
105
  <example _encoding="base64" hw.product="H367N">WlhITiBIMzY3Tg0KDUxvZ2luOgo=</example>
84
106
  <param pos="0" name="hw.vendor" value="ZTE"/>
85
107
  <param pos="0" name="hw.device" value="Router"/>
@@ -87,24 +109,30 @@
87
109
  <param pos="1" name="hw.product"/>
88
110
  <param pos="2" name="hw.version"/>
89
111
  </fingerprint>
112
+
90
113
  <fingerprint pattern="^(F6\d+\w?)\r\n\rLogin:\s*$">
91
114
  <description>ZTE F6xx series GPON router</description>
92
115
  <!-- F668\r\n\rLogin: -->
116
+
93
117
  <example _encoding="base64" hw.product="F668">RjY2OA0KDUxvZ2luOgo=</example>
94
118
  <!-- F612W\r\n\rLogin: -->
119
+
95
120
  <example _encoding="base64" hw.product="F612W">RjYxMlcNCg1Mb2dpbjoK</example>
96
121
  <param pos="0" name="hw.vendor" value="ZTE"/>
97
122
  <param pos="0" name="hw.device" value="Router"/>
98
123
  <param pos="1" name="hw.product"/>
99
124
  </fingerprint>
125
+
100
126
  <fingerprint pattern="^(?:\r|\n)*DD-WRT v([\d.]+)(?:-(\w+))? ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+ \(SVN revision: ([:\w]+)\)(?:\r|\n)+.* login:\s*$">
101
127
  <description>DD-WRT - 24 family</description>
102
128
  <!-- DD-WRT v24-sp2 mini (c) 2013 NewMedia-NET GmbH\r\nRelease: 05/27/13 (SVN revision: 21676)\r\n\r\nDD-WRT login: -->
129
+
103
130
  <example _encoding="base64" os.version="24" os.version.version="sp2" os.edition="mini" os.build="21676">
104
131
  REQtV1JUIHYyNC1zcDIgbWluaSAoYykgMjAxMyBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZ
105
132
  TogMDUvMjcvMTMgKFNWTiByZXZpc2lvbjogMjE2NzYpDQoNCkRELVdSVCBsb2dpbjoK
106
133
  </example>
107
134
  <!-- DD-WRT v24 micro (c) 2010 NewMedia-NET GmbH\r\nRelease: 08/07/10 (SVN revision: 14896)\r\n\r\nProliant DL980R07 X6550 8-core 4P SAS login: -->
135
+
108
136
  <example _encoding="base64" os.version="24" os.edition="micro" os.build="14896">
109
137
  REQtV1JUIHYyNCBtaWNybyAoYykgMjAxMCBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZTogM
110
138
  DgvMDcvMTAgKFNWTiByZXZpc2lvbjogMTQ4OTYpDQoNClByb2xpYW50IERMOTgwUjA3IFg2NT
@@ -120,9 +148,11 @@
120
148
  <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
121
149
  <param pos="0" name="hw.device" value="Router"/>
122
150
  </fingerprint>
151
+
123
152
  <fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+.* login:\s*$">
124
153
  <description>DD-WRT - 3.0 family</description>
125
154
  <!-- DD-WRT v3.0-r34886M std (c) 2018 NewMedia-NET GmbH\r\nRelease: 02/10/18\r\n\r\nwibrate login: -->
155
+
126
156
  <example _encoding="base64" os.version="3.0" os.version.version="r34886M" os.edition="std" os.build="34886M">
127
157
  REQtV1JUIHYzLjAtcjM0ODg2TSBzdGQgKGMpIDIwMTggTmV3TWVkaWEtTkVUIEdtYkgNClJlb
128
158
  GVhc2U6IDAyLzEwLzE4DQoNCndpYnJhdGUgbG9naW46Cg==
@@ -137,33 +167,62 @@
137
167
  <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
138
168
  <param pos="0" name="hw.device" value="Router"/>
139
169
  </fingerprint>
170
+
171
+ <fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+Board: (\S+) ([^\n\r]+)(?:\r|\n)+.* login:\s*$">
172
+ <description>DD-WRT - 3.0 family - with hardward product</description>
173
+ <!-- DD-WRT v3.0-r40559 std (c) 2019 NewMedia-NET GmbH\r\nRelease: 08/06/19\r\nBoard: Linksys WRT3200ACM\r\n\r\nDD-WRT login: -->
174
+
175
+ <example _encoding="base64" os.version="3.0" os.version.version="r40559" os.edition="std" os.build="40559" hw.vendor="Linksys" hw.product="WRT3200ACM">
176
+ REQtV1JUIHYzLjAtcjQwNTU5IHN0ZCAoYykgMjAxOSBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZ
177
+ WFzZTogMDgvMDYvMTkNCkJvYXJkOiBMaW5rc3lzIFdSVDMyMDBBQ00NCg0KREQtV1JUIGxvZ2
178
+ luOgo=
179
+ </example>
180
+ <param pos="0" name="os.vendor" value="DD-WRT"/>
181
+ <param pos="0" name="os.product" value="DD-WRT"/>
182
+ <param pos="0" name="os.device" value="Router"/>
183
+ <param pos="1" name="os.version"/>
184
+ <param pos="2" name="os.version.version"/>
185
+ <param pos="3" name="os.build"/>
186
+ <param pos="4" name="os.edition"/>
187
+ <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
188
+ <param pos="5" name="hw.vendor"/>
189
+ <param pos="6" name="hw.product"/>
190
+ <param pos="0" name="hw.device" value="Router"/>
191
+ </fingerprint>
192
+
140
193
  <fingerprint pattern="^(TD-\w+) [\d.]+ DSL Modem Router(?:\r|\n)+Authorization failed after trying \d+ times!!!\.(?:\r|\n)+Please login after \d+ seconds!\s*$">
141
194
  <description>TP-LINK TD Family DSL Modem/Router</description>
142
195
  <!-- TD-W8960N 5.0 DSL Modem Router\r\nAuthorization failed after trying 5 times!!!.\r\nPlease login after 416 seconds! -->
196
+
143
197
  <example _encoding="base64" hw.product="TD-W8960N">
144
198
  VEQtVzg5NjBOIDUuMCBEU0wgTW9kZW0gUm91dGVyDQpBdXRob3JpemF0aW9uIGZhaWxlZCBhZ
145
199
  nRlciB0cnlpbmcgNSB0aW1lcyEhIS4NClBsZWFzZSBsb2dpbiBhZnRlciA0MTYgc2Vjb25kcy
146
200
  E=
147
201
  </example>
148
- <param pos="0" name="hw.vendor" value="TP-Link"/>
202
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
149
203
  <param pos="1" name="hw.product"/>
150
204
  <param pos="0" name="hw.device" value="Router"/>
151
205
  </fingerprint>
206
+
152
207
  <fingerprint pattern="^(?:\r|\n)*ZyXEL login:$">
153
208
  <description>ZyXEL simple</description>
154
209
  <example>ZyXEL login:</example>
155
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
210
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
156
211
  </fingerprint>
212
+
157
213
  <fingerprint pattern="^ZyXEL \w?DSL Router\r\nLogin:$">
158
214
  <description>ZyXEL Router - simple</description>
159
215
  <!-- ZyXEL VDSL Router\r\nLogin: -->
216
+
160
217
  <example _encoding="base64">WnlYRUwgVkRTTCBSb3V0ZXINCkxvZ2luOgo=</example>
161
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
218
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
162
219
  <param pos="0" name="hw.device" value="Router"/>
163
220
  </fingerprint>
221
+
164
222
  <fingerprint pattern="^Debian GNU\/Linux 9(?:\r|\n)+([\w.-]+) login:\s*$">
165
223
  <description>Debian 9.0 (stretch)</description>
166
224
  <!-- Debian GNU/Linux 9\r\nserver-01.2 login: -->
225
+
167
226
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA5DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
168
227
  <param pos="0" name="os.vendor" value="Debian"/>
169
228
  <param pos="0" name="os.family" value="Linux"/>
@@ -172,9 +231,11 @@
172
231
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
173
232
  <param pos="1" name="host.name"/>
174
233
  </fingerprint>
234
+
175
235
  <fingerprint pattern="^Debian GNU\/Linux 8(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
176
236
  <description>Debian 8.0 (jessie)</description>
177
237
  <!-- Debian GNU/Linux 8\r\nserver-01.2 login: -->
238
+
178
239
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA4DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
179
240
  <param pos="0" name="os.vendor" value="Debian"/>
180
241
  <param pos="0" name="os.family" value="Linux"/>
@@ -183,9 +244,11 @@
183
244
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
184
245
  <param pos="1" name="host.name"/>
185
246
  </fingerprint>
247
+
186
248
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 7(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
187
249
  <description>Debian 7.0 (wheezy)</description>
188
250
  <!-- Debian GNU/Linux 7\r\nserver-01.2 login: -->
251
+
189
252
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA3DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
190
253
  <param pos="0" name="os.vendor" value="Debian"/>
191
254
  <param pos="0" name="os.family" value="Linux"/>
@@ -194,9 +257,11 @@
194
257
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
195
258
  <param pos="1" name="host.name"/>
196
259
  </fingerprint>
260
+
197
261
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 6(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
198
262
  <description>Debian 6.0 (sqeeze)</description>
199
263
  <!-- Debian GNU/Linux 6.0\r\nserver-01.2 login: -->
264
+
200
265
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA2LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
201
266
  <param pos="0" name="os.vendor" value="Debian"/>
202
267
  <param pos="0" name="os.family" value="Linux"/>
@@ -205,9 +270,11 @@
205
270
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:6.0"/>
206
271
  <param pos="1" name="host.name"/>
207
272
  </fingerprint>
273
+
208
274
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 5(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
209
275
  <description>Debian 5.0 (lenny)</description>
210
276
  <!-- Debian GNU/Linux 5.0\r\nserver-01.2 login: -->
277
+
211
278
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA1LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
212
279
  <param pos="0" name="os.vendor" value="Debian"/>
213
280
  <param pos="0" name="os.family" value="Linux"/>
@@ -216,9 +283,11 @@
216
283
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:5.0"/>
217
284
  <param pos="1" name="host.name"/>
218
285
  </fingerprint>
286
+
219
287
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 4(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
220
288
  <description>Debian 4.0 (etch)</description>
221
289
  <!-- Debian GNU/Linux 4.0\r\nserver-01.2 login: -->
290
+
222
291
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA0LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
223
292
  <param pos="0" name="os.vendor" value="Debian"/>
224
293
  <param pos="0" name="os.family" value="Linux"/>
@@ -227,9 +296,11 @@
227
296
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:4.0"/>
228
297
  <param pos="1" name="host.name"/>
229
298
  </fingerprint>
299
+
230
300
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux (3.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*$">
231
301
  <description>Debian 3.x (woody/sarge)</description>
232
302
  <!-- Debian GNU/Linux 3.1\r\nserver-01.2 login: -->
303
+
233
304
  <example _encoding="base64" os.version="3.1" host.name="server-01.2">
234
305
  RGViaWFuIEdOVS9MaW51eCAzLjENCnNlcnZlci0wMS4yIGxvZ2luOgo=
235
306
  </example>
@@ -240,13 +311,16 @@
240
311
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
241
312
  <param pos="2" name="host.name"/>
242
313
  </fingerprint>
314
+
243
315
  <fingerprint pattern="^(?:\r|\n)*Ubuntu ([\d.]+)(?: LTS)?(?:\r|\n)+([\w.-]+) login:\s*$">
244
316
  <description>Ubuntu - most versions</description>
245
317
  <!-- Ubuntu 16.04.4 LTS\r\nserver-01.2 login: -->
318
+
246
319
  <example _encoding="base64" os.version="16.04.4" host.name="server-01.2">
247
320
  VWJ1bnR1IDE2LjA0LjQgTFRTDQpzZXJ2ZXItMDEuMiBsb2dpbjoK
248
321
  </example>
249
322
  <!-- Ubuntu 17.04\r\nnginx login: -->
323
+
250
324
  <example _encoding="base64" os.version="17.04" host.name="nginx">
251
325
  VWJ1bnR1IDE3LjA0DQpuZ2lueCBsb2dpbjoK
252
326
  </example>
@@ -257,13 +331,16 @@
257
331
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
258
332
  <param pos="2" name="host.name"/>
259
333
  </fingerprint>
334
+
260
335
  <fingerprint pattern="(?:\r|\n)*Debian GNU\/Linux (2.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*">
261
336
  <description>Debian 2.x (hamm/slink/potato)</description>
262
337
  <!-- Debian GNU/Linux 2.2\r\nserver-01.2 login: -->
338
+
263
339
  <example _encoding="base64" os.version="2.2" host.name="server-01.2">
264
340
  RGViaWFuIEdOVS9MaW51eCAyLjINCnNlcnZlci0wMS4yIGxvZ2luOgo=
265
341
  </example>
266
342
  <!-- Debian GNU/Linux 2.2 localhost.localdomain\r\nmoon login: -->
343
+
267
344
  <example _encoding="base64" os.version="2.2" host.name="moon">
268
345
  RGViaWFuIEdOVS9MaW51eCAyLjIgbG9jYWxob3N0LmxvY2FsZG9tYWluDQptb29uIGxvZ2luOgo=
269
346
  </example>
@@ -274,14 +351,17 @@
274
351
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
275
352
  <param pos="2" name="host.name"/>
276
353
  </fingerprint>
354
+
277
355
  <fingerprint pattern="^CentOS release ([\d.]+) \(Final\)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
278
356
  <description>CentOS</description>
279
357
  <!-- CentOS release 5.9 (Final)\r\nKernel 2.6.18-348.6.1.el5 on an i686\r\nlogin: -->
358
+
280
359
  <example _encoding="base64" os.version="5.9" linux.kernel.version="2.6.18-348.6.1.el5" os.arch="i686">
281
360
  Q2VudE9TIHJlbGVhc2UgNS45IChGaW5hbCkNCktlcm5lbCAyLjYuMTgtMzQ4LjYuMS5lbDUgb
282
361
  24gYW4gaTY4Ng0KbG9naW46Cg==
283
362
  </example>
284
363
  <!-- CentOS release 6.10 (Final)\r\nKernel 2.6.32-754.2.1.el6.x86_64 on an x86_64\r\nserver-01.2 login: -->
364
+
285
365
  <example _encoding="base64" os.version="6.10" linux.kernel.version="2.6.32-754.2.1.el6.x86_64" os.arch="x86_64" host.name="server-01.2">
286
366
  Q2VudE9TIHJlbGVhc2UgNi4xMCAoRmluYWwpDQpLZXJuZWwgMi42LjMyLTc1NC4yLjEuZWw2L
287
367
  ng4Nl82NCBvbiBhbiB4ODZfNjQNCnNlcnZlci0wMS4yIGxvZ2luOgo=
@@ -295,6 +375,7 @@
295
375
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
296
376
  <param pos="4" name="host.name"/>
297
377
  </fingerprint>
378
+
298
379
  <fingerprint pattern="^(?:\r|\n)*(RT-AC\d\d\w) login:\s*$">
299
380
  <description>Asus Wireless Access Point/Router - RT-AC prefix</description>
300
381
  <example hw.product="RT-AC54U">RT-AC54U login:</example>
@@ -305,6 +386,7 @@
305
386
  <param pos="0" name="hw.device" value="WAP"/>
306
387
  <param pos="1" name="hw.product"/>
307
388
  </fingerprint>
389
+
308
390
  <fingerprint pattern="^(?:\r|\n)*(AC\d\d00) login:\s*$">
309
391
  <description>Asus Wireless Access Point/Router - AC prefix</description>
310
392
  <example hw.product="AC1000">AC1000 login:</example>
@@ -315,6 +397,7 @@
315
397
  <param pos="0" name="hw.device" value="WAP"/>
316
398
  <param pos="1" name="hw.product"/>
317
399
  </fingerprint>
400
+
318
401
  <fingerprint pattern="^(?:\r|\n)*(Air5\d+\w{0,2}) login:\s*$">
319
402
  <description>Airties</description>
320
403
  <example hw.product="Air5650">Air5650 login:</example>
@@ -323,9 +406,11 @@
323
406
  <param pos="0" name="hw.device" value="WAP"/>
324
407
  <param pos="1" name="hw.product"/>
325
408
  </fingerprint>
409
+
326
410
  <fingerprint pattern="^Amazon Linux AMI release ([\d.]+)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
327
411
  <description>Amazon Linux AMI</description>
328
412
  <!-- Amazon Linux AMI release 2013.09\r\nKernel 3.4.68-59.97.amzn1.x86_64 on an x86_64\r\nserver-01.2 login: -->
413
+
329
414
  <example _encoding="base64" os.version="2013.09" linux.kernel.version="3.4.68-59.97.amzn1.x86_64" os.arch="x86_64" host.name="server-01.2">
330
415
  QW1hem9uIExpbnV4IEFNSSByZWxlYXNlIDIwMTMuMDkNCktlcm5lbCAzLjQuNjgtNTkuOTcuY
331
416
  W16bjEueDg2XzY0IG9uIGFuIHg4Nl82NA0Kc2VydmVyLTAxLjIgbG9naW46Cg==
@@ -338,9 +423,11 @@
338
423
  <param pos="3" name="os.arch"/>
339
424
  <param pos="4" name="host.name"/>
340
425
  </fingerprint>
426
+
341
427
  <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
342
428
  <description>ALCATEL Service Router running TiMOS</description>
343
429
  <!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
430
+
344
431
  <example _encoding="base64" os.version="12.0.R12" hw.product="SR 7750" os.arch="hops64">
345
432
  VGlNT1MtQy0xMi4wLlIxMiBjcG0vaG9wczY0IEFMQ0FURUwgU1IgNzc1MCBDb3B5cmlnaHQgK
346
433
  GMpIDIwMDAtMjAxNSBBbGNhdGVsLUx1Y2VudC4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQ
@@ -356,16 +443,20 @@
356
443
  <param pos="0" name="hw.device" value="Router"/>
357
444
  <param pos="3" name="hw.product"/>
358
445
  </fingerprint>
446
+
359
447
  <!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
448
+
360
449
  <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
361
450
  <description>Nokia Service Router running TiMOS</description>
362
451
  <!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
452
+
363
453
  <example _encoding="base64" os.version="14.0.R5" os.arch="hops64" hw.product="7750 SR">
364
454
  VGlNT1MtQy0xNC4wLlI1IGNwbS9ob3BzNjQgTm9raWEgNzc1MCBTUiBDb3B5cmlnaHQgKGMpI
365
455
  DIwMDAtMjAxNiBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcmV2aXR5DQpMb2
366
456
  dpbjoK
367
457
  </example>
368
458
  <!-- TiMOS-C-14.0.R10 cpm/hops64 Nokia 7950 XRS Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
459
+
369
460
  <example _encoding="base64" os.version="14.0.R10" os.arch="hops64" hw.product="7950 XRS">
370
461
  VGlNT1MtQy0xNC4wLlIxMCBjcG0vaG9wczY0IE5va2lhIDc5NTAgWFJTIENvcHlyaWdodCAoY
371
462
  ykgMjAwMC0yMDE3IE5va2lhLg0NCkJhbm5lciBTaG9ydGVuZWQgRm9yIA0NCkJyZXZpdHkNCk
@@ -381,15 +472,18 @@
381
472
  <param pos="0" name="hw.device" value="Router"/>
382
473
  <param pos="3" name="hw.product"/>
383
474
  </fingerprint>
475
+
384
476
  <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
385
477
  <description>Nokia Service Access Switch running TiMOS</description>
386
478
  <!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
479
+
387
480
  <example _encoding="base64" os.version="8.0.R12" os.arch="hops" hw.product="SAS-Mxp 22F2C 4SFP+ 7210">
388
481
  VGlNT1MtQi04LjAuUjEyIGJvdGgvaG9wcyBOb2tpYSBTQVMtTXhwIDIyRjJDIDRTRlArIDcyM
389
482
  TAgQ29weXJpZ2h0IChjKSAyMDAwLTIwMTcgTm9raWEuDQ0KQmFubmVyIFNob3J0ZW5lZCBGb3
390
483
  IgDQ0KQnJldml0eQ0KTG9naW46Cg==
391
484
  </example>
392
485
  <!-- TiMOS-B-9.0.R9 both/mpc Nokia SAS-M 24F 2XFP 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
486
+
393
487
  <example _encoding="base64" os.version="9.0.R9" os.arch="mpc" hw.product="SAS-M 24F 2XFP 7210">
394
488
  VGlNT1MtQi05LjAuUjkgYm90aC9tcGMgTm9raWEgU0FTLU0gMjRGIDJYRlAgNzIxMCBDb3B5c
395
489
  mlnaHQgKGMpIDIwMDAtMjAxNyBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcm
@@ -405,14 +499,17 @@
405
499
  <param pos="0" name="hw.device" value="Switch"/>
406
500
  <param pos="3" name="hw.product"/>
407
501
  </fingerprint>
502
+
408
503
  <fingerprint pattern="^(?:\r|\n)*Grandstream (HT[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d-\d\d\d\d(?:\r|\n)+Password:\s*$">
409
504
  <description>Grandstream HandyTone Analog Telephone Adapters</description>
410
505
  <!-- Grandstream HT812 Command Shell Copyright 2006-2017\r\nPassword: -->
506
+
411
507
  <example _encoding="base64" hw.product="HT812">
412
508
  R3JhbmRzdHJlYW0gSFQ4MTIgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAwNi0yMDE3DQpQY
413
509
  XNzd29yZDoK
414
510
  </example>
415
511
  <!-- Grandstream HT-502 V2.0A Command Shell Copyright 2006-2014\r\nPassword: -->
512
+
416
513
  <example _encoding="base64" hw.product="HT-502">
417
514
  R3JhbmRzdHJlYW0gSFQtNTAyICBWMi4wQSBDb21tYW5kIFNoZWxsIENvcHlyaWdodCAyMDA2L
418
515
  TIwMTQNClBhc3N3b3JkOgo=
@@ -422,14 +519,17 @@
422
519
  <param pos="0" name="hw.device" value="VoIP"/>
423
520
  <param pos="1" name="hw.product"/>
424
521
  </fingerprint>
522
+
425
523
  <fingerprint pattern="^(?:\r|\n)*Grandstream (GXW[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d(?:-\d\d\d\d)?(?:\r|\n)+Password:\s*$">
426
524
  <description>Grandstream Analog VoIP Gateways</description>
427
525
  <!-- Grandstream GXW-4008 V1.5A Command Shell Copyright 2006-2015\r\nPassword: -->
526
+
428
527
  <example _encoding="base64" hw.product="GXW-4008">
429
528
  R3JhbmRzdHJlYW0gR1hXLTQwMDggIFYxLjVBIENvbW1hbmQgU2hlbGwgQ29weXJpZ2h0IDIwM
430
529
  DYtMjAxNQ0KUGFzc3dvcmQ6Cg==
431
530
  </example>
432
531
  <!-- Grandstream GXW4216 V2.3B Command Shell Copyright 2015\r\nPassword: -->
532
+
433
533
  <example _encoding="base64" hw.product="GXW4216">
434
534
  R3JhbmRzdHJlYW0gR1hXNDIxNiAgVjIuM0IgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAxN
435
535
  Q0KUGFzc3dvcmQ6Cg==
@@ -439,9 +539,11 @@
439
539
  <param pos="0" name="hw.device" value="VoIP"/>
440
540
  <param pos="1" name="hw.product"/>
441
541
  </fingerprint>
542
+
442
543
  <fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
443
544
  <description>Grandstream IP Cameras</description>
444
545
  <!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
546
+
445
547
  <example _encoding="base64" hw.product="GXV3674_FHD_VF">
446
548
  R3JhbmRzdHJlYW0gR1hWMzY3NF9GSERfVkYgICAgU2hlbGwgQ29tbWFuZC5Db3B5aWdodCAyM
447
549
  DExLTIwMTQNClVzZXJuYW1lOgo=
@@ -451,14 +553,17 @@
451
553
  <param pos="0" name="hw.device" value="Web cam"/>
452
554
  <param pos="1" name="hw.product"/>
453
555
  </fingerprint>
556
+
454
557
  <fingerprint pattern="^(?:\r|\n)*Welcome to Polycom RMX\s*(\w+) \(COP\) Console Utility(?:\r|\n)+Copyright \(C\) \d\d\d\d-\d\d\d\d POLYCOM(?:\r|\n)+Password:\s*$">
455
558
  <description>Polycom Real Time Media Conferencing</description>
456
559
  <!-- Welcome to Polycom RMX 500 (COP) Console Utility\r\n\rCopyright (C) 2008-2010 POLYCOM\r\n\r\r\n\rPassword: -->
560
+
457
561
  <example _encoding="base64" hw.product="500">
458
562
  V2VsY29tZSB0byBQb2x5Y29tIFJNWCA1MDAgKENPUCkgQ29uc29sZSBVdGlsaXR5DQoNQ29we
459
563
  XJpZ2h0IChDKSAyMDA4LTIwMTAgUE9MWUNPTQ0KDQ0KDVBhc3N3b3JkOgo=
460
564
  </example>
461
565
  <!-- Welcome to Polycom RMX 1000C (COP) Console Utility\r\n\rCopyright (C) 2008-2012 POLYCOM\r\n\r\r\n\rPassword: -->
566
+
462
567
  <example _encoding="base64" hw.product="1000C">
463
568
  V2VsY29tZSB0byBQb2x5Y29tIFJNWCAxMDAwQyAoQ09QKSBDb25zb2xlIFV0aWxpdHkNCg1Db
464
569
  3B5cmlnaHQgKEMpIDIwMDgtMjAxMiBQT0xZQ09NDQoNDQoNUGFzc3dvcmQ6Cg==
@@ -468,9 +573,11 @@
468
573
  <param pos="0" name="hw.device" value="Video Conferencing"/>
469
574
  <param pos="1" name="hw.product"/>
470
575
  </fingerprint>
576
+
471
577
  <fingerprint pattern="^(?:\r|\n)*Hi, my name is :\s+[\w.\s-]+(?:\r|\n)+Here is what I know about myself:(?:\r|\n)+Model:\s+VSX (\w+)(?:\r|\n)+Serial Number:\s+(\w+)(?:\r|\n)+Software Version:\s+Release ([\d.-]+)\s">
472
578
  <description>Polycom Video Conferencing - VSX Family</description>
473
579
  <!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
580
+
474
581
  <example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
475
582
  SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
476
583
  3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
@@ -485,9 +592,11 @@
485
592
  <param pos="2" name="host.id"/>
486
593
  <param pos="3" name="os.version"/>
487
594
  </fingerprint>
595
+
488
596
  <fingerprint pattern="Polycom Command Shell(?:\r|\n)+XCOM host:\s+localhost port: \d+">
489
597
  <description>Polycom Diagnotic Service</description>
490
598
  <!-- Polycom Command Shell\r\r\nXCOM host: localhost port: 4121\r\r\nTTY name: /dev/pts/0\r\r\nSession type: telnet\r\r\nNCF\r\nNCF\r\n2018-08-15 18:03:10 DEBUG -->
599
+
491
600
  <example _encoding="base64">
492
601
  UG9seWNvbSBDb21tYW5kIFNoZWxsDQ0KWENPTSBob3N0OiAgICBsb2NhbGhvc3QgcG9ydDogN
493
602
  DEyMQ0NClRUWSBuYW1lOiAgICAgL2Rldi9wdHMvMA0NClNlc3Npb24gdHlwZTogdGVsbmV0DQ
@@ -496,9 +605,11 @@
496
605
  <param pos="0" name="hw.vendor" value="Polycom"/>
497
606
  <param pos="0" name="hw.device" value="Video Conferencing"/>
498
607
  </fingerprint>
608
+
499
609
  <fingerprint pattern="^Welcome to the Windows CE Telnet Service on (WEBBOX[\w.-]+)(?:\r|\n)+login:\s*$">
500
610
  <description>Sunny WebBox Windows CE</description>
501
611
  <!-- Welcome to the Windows CE Telnet Service on WEBBOX150000000\r\n\r\nlogin: -->
612
+
502
613
  <example _encoding="base64" host.name="WEBBOX150000000">
503
614
  V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBXRUJCT1gxNTAwM
504
615
  DAwMDANCg0KbG9naW46Cg==
@@ -513,9 +624,11 @@
513
624
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
514
625
  <param pos="1" name="host.name"/>
515
626
  </fingerprint>
627
+
516
628
  <fingerprint pattern="^Welcome to the Windows CE Telnet Service on ([\w.-]+)(?:\r|\n)+login:\s*$">
517
629
  <description>Windows CE</description>
518
630
  <!-- Welcome to the Windows CE Telnet Service on MY-CE-DEVICE\r\n\r\nlogin: -->
631
+
519
632
  <example _encoding="base64" host.name="MY-CE-DEVICE">
520
633
  V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBNWS1DRS1ERVZJQ
521
634
  0UNCg0KbG9naW46Cg==
@@ -526,15 +639,18 @@
526
639
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
527
640
  <param pos="1" name="host.name"/>
528
641
  </fingerprint>
642
+
529
643
  <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
530
644
  <description>HP Printer - Jet Direct</description>
531
645
  <!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
646
+
532
647
  <example _encoding="base64">
533
648
  SFAgSmV0RGlyZWN0DQpQYXNzd29yZCBpcyBub3Qgc2V0DQoNClBsZWFzZSB0eXBlICJtZW51I
534
649
  iBmb3IgdGhlIE1FTlUgc3lzdGVtLCANCm9yICI/IiBmb3IgaGVscCwgb3IgIi8iIGZvciBjdX
535
650
  JyZW50IHNldHRpbmdzLg0KPgo=
536
651
  </example>
537
652
  <!-- HP JetDirect\r\n\r\nEnter username: -->
653
+
538
654
  <example _encoding="base64">SFAgSmV0RGlyZWN0DQoNCkVudGVyIHVzZXJuYW1lOgo=</example>
539
655
  <param pos="0" name="service.vendor" value="HP"/>
540
656
  <param pos="0" name="service.product" value="JetDirect"/>
@@ -548,16 +664,20 @@
548
664
  <param pos="0" name="hw.product" value="JetDirect"/>
549
665
  <param pos="0" name="hw.device" value="Printer"/>
550
666
  </fingerprint>
667
+
551
668
  <fingerprint pattern="^(?:\r|\n)*%connection closed by remote host!(?:\x00)?$">
552
669
  <description>HP switch blocking connection using network ACL</description>
553
670
  <!-- %connection closed by remote host! -->
671
+
554
672
  <example _encoding="base64">JWNvbm5lY3Rpb24gY2xvc2VkIGJ5IHJlbW90ZSBob3N0IQ==</example>
555
673
  <param pos="0" name="hw.vendor" value="HP"/>
556
674
  <param pos="0" name="hw.device" value="Switch"/>
557
675
  </fingerprint>
676
+
558
677
  <fingerprint pattern="^(?:\r|\n)*Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin:$">
559
678
  <description>Huawei HG series Home Gateway routers</description>
560
679
  <!-- Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin: -->
680
+
561
681
  <example _encoding="base64">
562
682
  V2VsY29tZSBWaXNpdGluZyBIdWF3ZWkgSG9tZSBHYXRld2F5DQpDb3B5cmlnaHQgYnkgSHVhd
563
683
  2VpIFRlY2hub2xvZ2llcyBDby4sIEx0ZC4NCg0KTG9naW46Cg==
@@ -565,9 +685,11 @@
565
685
  <param pos="0" name="hw.vendor" value="Huawei"/>
566
686
  <param pos="0" name="hw.device" value="Router"/>
567
687
  </fingerprint>
688
+
568
689
  <fingerprint pattern="^(?:\r|\n)*Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.(?:(?:\r|\n)+Login authentication)?(?:\r|\n)+Username:$">
569
690
  <description>Huawei Router</description>
570
691
  <!-- Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.\r\n\r\nLogin authentication\r\n\r\n\r\nUsername: -->
692
+
571
693
  <example _encoding="base64">
572
694
  V2FybmluZzogVGVsbmV0IGlzIG5vdCBhIHNlY3VyZSBwcm90b2NvbCwgYW5kIGl0IGlzIHJlY
573
695
  29tbWVuZGVkIHRvIHVzZSBTdGVsbmV0Lg0KDQpMb2dpbiBhdXRoZW50aWNhdGlvbg0KDQoNCl
@@ -576,10 +698,13 @@
576
698
  <param pos="0" name="hw.vendor" value="Huawei"/>
577
699
  <param pos="0" name="hw.device" value="Router"/>
578
700
  </fingerprint>
701
+
579
702
  <fingerprint pattern="^(?:\r|\n)*(?:% Password expiration warning.\r\n)?-+\r\nCisco Configuration Professional \(Cisco CP\) is installed on this device. \r\nThis feature requires the one-time use of the username">
580
703
  <description>Cisco router - Cisco Configuration Pro variant</description>
581
704
  <!-- There are are roughly 69 dash characters before the CRLF in the banner below but can't be included in XML comments. -->
705
+
582
706
  <!-- \r\nCisco Configuration Professional (Cisco CP) is installed on this device. \r\nThis feature requires the one-time use of the username -->
707
+
583
708
  <example _encoding="base64">
584
709
  LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
585
710
  S0tLS0tLS0tLS0tLS0tLS0NCkNpc2NvIENvbmZpZ3VyYXRpb24gUHJvZmVzc2lvbmFsIChDaX
@@ -595,10 +720,13 @@
595
720
  <param pos="0" name="hw.vendor" value="Cisco"/>
596
721
  <param pos="0" name="hw.device" value="Router"/>
597
722
  </fingerprint>
723
+
598
724
  <fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
599
725
  <description>Cisco Catalyst 1900</description>
600
726
  <!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
727
+
601
728
  <!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
729
+
602
730
  <example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
603
731
  Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
604
732
  3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
@@ -618,15 +746,18 @@
618
746
  <param pos="2" name="hw.model"/>
619
747
  <param pos="3" name="host.id"/>
620
748
  </fingerprint>
749
+
621
750
  <fingerprint pattern="^192.0.0.64 login:\s*$">
622
751
  <description>Hikvision cameras and NVRs (multiple)</description>
623
752
  <example>192.0.0.64 login:</example>
624
753
  <param pos="0" name="os.vendor" value="Hikvision"/>
625
754
  <param pos="0" name="hw.vendor" value="Hikvision"/>
626
755
  </fingerprint>
756
+
627
757
  <fingerprint pattern="^Remote Management Console\r\nlogin:\s*$">
628
758
  <description>Juniper Netscreen</description>
629
759
  <!-- Remote Management Console\r\nlogin: -->
760
+
630
761
  <example _encoding="base64">UmVtb3RlIE1hbmFnZW1lbnQgQ29uc29sZQ0KbG9naW46Cg==</example>
631
762
  <param pos="0" name="os.vendor" value="Juniper"/>
632
763
  <param pos="0" name="os.device" value="Firewall"/>
@@ -637,6 +768,7 @@
637
768
  <param pos="0" name="hw.device" value="Firewall"/>
638
769
  <param pos="0" name="hw.product" value="NetScreen"/>
639
770
  </fingerprint>
771
+
640
772
  <fingerprint pattern="^(?:\r|\n)*(FGT\w{13}) login:\s*$">
641
773
  <description>Fortinet FortiGate - w/ autogenerated hostname</description>
642
774
  <example host.name="FGT60C3G13001111">FGT60C3G13001111 login:</example>
@@ -650,6 +782,7 @@
650
782
  <param pos="0" name="hw.device" value="Firewall"/>
651
783
  <param pos="1" name="host.name"/>
652
784
  </fingerprint>
785
+
653
786
  <fingerprint pattern="^(?:\r|\n)*KWS-1043N login:\s*$">
654
787
  <description>Clipcomm KWS router</description>
655
788
  <example hw.product="KWS-1043N">KWS-1043N login:</example>
@@ -657,6 +790,7 @@
657
790
  <param pos="0" name="hw.device" value="Router"/>
658
791
  <param pos="0" name="hw.product" value="KWS-1043N"/>
659
792
  </fingerprint>
793
+
660
794
  <fingerprint pattern="^(?:\r|\n)*(SMCD3\w+-\w\w\w) login:\s*$">
661
795
  <description>SMC Cable Modem</description>
662
796
  <example hw.product="SMCD3GN2-BIZ">SMCD3GN2-BIZ login:</example>
@@ -664,6 +798,7 @@
664
798
  <param pos="0" name="hw.device" value="Cable Modem"/>
665
799
  <param pos="1" name="hw.product"/>
666
800
  </fingerprint>
801
+
667
802
  <fingerprint pattern="^(?:\r|\n)*ADB-4820CD login:\s*$">
668
803
  <description>ADB ADB-4820CD DVR</description>
669
804
  <example>ADB-4820CD login:</example>
@@ -671,6 +806,7 @@
671
806
  <param pos="0" name="hw.device" value="DVR"/>
672
807
  <param pos="0" name="hw.product" value="ADB-4820CD"/>
673
808
  </fingerprint>
809
+
674
810
  <fingerprint pattern="^(?:\r|\n)*IMDVRS login:\s*$">
675
811
  <description>Rifatron IMDVRS DVR</description>
676
812
  <example>IMDVRS login:</example>
@@ -678,41 +814,51 @@
678
814
  <param pos="0" name="hw.family" value="IMDVR"/>
679
815
  <param pos="0" name="hw.device" value="DVR"/>
680
816
  </fingerprint>
817
+
681
818
  <fingerprint pattern="^(?:\r|\n)*Ruijie login:\s*$">
682
819
  <description>Ruijie device (likely router/switch)</description>
683
820
  <example>Ruijie login:</example>
684
821
  <param pos="0" name="hw.vendor" value="Ruijie"/>
685
822
  </fingerprint>
823
+
686
824
  <fingerprint pattern="^Welcome to Microsoft Telnet Service \r\n\n\rlogin:\s*$">
687
825
  <description>Microsoft Windows</description>
688
826
  <!-- Welcome to Microsoft Telnet Service \r\n\n\rlogin: -->
827
+
689
828
  <example _encoding="base64">V2VsY29tZSB0byBNaWNyb3NvZnQgVGVsbmV0IFNlcnZpY2UgDQoKDWxvZ2luOgo=</example>
690
829
  <param pos="0" name="os.vendor" value="Microsoft"/>
691
830
  <param pos="0" name="os.family" value="Windows"/>
692
831
  <param pos="0" name="os.product" value="Windows"/>
693
832
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
694
833
  </fingerprint>
834
+
695
835
  <!-- The following fingerprints are for generic Broadcom hardware where the
696
836
  vendor has left the default banner in place. These could be rebadged by
697
837
  ZTE, CenturyLink, Sky, Huawei, etc.
698
838
  -->
839
+
699
840
  <fingerprint pattern="^(BCM\d+) (?:Broadband|ADSL|xDSL|DSL) Router\r\nLogin:\s*">
700
841
  <description>OEM'd Broadcom Router</description>
701
842
  <!-- BCM963268 Broadband Router\r\nLogin: -->
843
+
702
844
  <example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINCkxvZ2luOgo=</example>
703
845
  <param pos="0" name="hw.device" value="Router"/>
704
846
  <param pos="1" name="hw.product"/>
705
847
  </fingerprint>
848
+
706
849
  <fingerprint pattern="^(BCM\d+) Broadband Router\r\nTelnet is Disabled in WAN Side$">
707
850
  <description>OEM'd Broadcom Router - telnet disabled on WAN side</description>
708
851
  <!-- BCM963268 Broadband Router\r\nTelnet is Disabled in WAN Side -->
852
+
709
853
  <example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINClRlbG5ldCBpcyBEaXNhYmxlZCBpbiBXQU4gU2lkZQo=</example>
710
854
  <param pos="0" name="hw.device" value="Router"/>
711
855
  <param pos="1" name="hw.product"/>
712
856
  </fingerprint>
857
+
713
858
  <fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
714
859
  <description>OEM'd Broadcom Router - input validation code</description>
715
860
  <!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
861
+
716
862
  <example _encoding="base64" hw.product="BCM96318">
717
863
  QkNNOTYzMTggQnJvYWRiYW5kIFJvdXRlcg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09P
718
864
  T09PT09PT09PT09PT09PT09PT09PT09PQ0KICAgICogKiAgICAgICAgICogKiAqICogICAgIC
@@ -728,9 +874,11 @@
728
874
  <param pos="0" name="hw.device" value="Router"/>
729
875
  <param pos="1" name="hw.product"/>
730
876
  </fingerprint>
877
+
731
878
  <fingerprint pattern="^(BCM\d+) Broadband Router\r\nMaximum number of incorrect account entries exceeded.">
732
879
  <description>OEM'd Broadcom Router - Max incorrect tries - variant 1</description>
733
880
  <!-- BCM96328 Broadband Router\r\nMaximum number of incorrect account entries exceeded. -->
881
+
734
882
  <example _encoding="base64" hw.product="BCM96328">
735
883
  QkNNOTYzMjggQnJvYWRiYW5kIFJvdXRlcg0KTWF4aW11bSBudW1iZXIgb2YgaW5jb3JyZWN0I
736
884
  GFjY291bnQgZW50cmllcyBleGNlZWRlZC4K
@@ -738,9 +886,11 @@
738
886
  <param pos="0" name="hw.device" value="Router"/>
739
887
  <param pos="1" name="hw.product"/>
740
888
  </fingerprint>
889
+
741
890
  <fingerprint pattern="^(BCM\d+) Broadband Router\r\nSorry, you need to wait for \d+ second before next login attempt.(?:\r|\n)*">
742
891
  <description>OEM'd Broadcom Router - Max incorrect tries - variant 2</description>
743
892
  <!-- BCM96816 Broadband Router\r\nSorry, you need to wait for 119 second before next login attempt. -->
893
+
744
894
  <example _encoding="base64" hw.product="BCM96816">
745
895
  QkNNOTY4MTYgQnJvYWRiYW5kIFJvdXRlcg0KU29ycnksIHlvdSBuZWVkIHRvIHdhaXQgZm9yI
746
896
  DExOSBzZWNvbmQgYmVmb3JlIG5leHQgbG9naW4gYXR0ZW1wdC4K
@@ -748,10 +898,13 @@
748
898
  <param pos="0" name="hw.device" value="Router"/>
749
899
  <param pos="1" name="hw.product"/>
750
900
  </fingerprint>
901
+
751
902
  <!-- Moxa Industrial Solutions-->
903
+
752
904
  <fingerprint pattern="^(?:\r|\n)*NPort (NP6[\w-]+)(?:\r|\n|\x00)+Console terminal type">
753
905
  <description>Moxa NPort Terminal Server - 6xxx Series</description>
754
906
  <!-- NPort NP6610-32\r\u0000\nConsole terminal type (1: ansi/vt100, 2: vt52) : 1 -->
907
+
755
908
  <example _encoding="base64" hw.product="NP6610-32">
756
909
  TlBvcnQgTlA2NjEwLTMyDQAKQ29uc29sZSB0ZXJtaW5hbCB0eXBlICgxOiBhbnNpL3Z0MTAwLC
757
910
  AyOiB2dDUyKSA6IDE=
@@ -761,9 +914,11 @@
761
914
  <param pos="0" name="hw.device" value="Device Server"/>
762
915
  <param pos="1" name="hw.product"/>
763
916
  </fingerprint>
917
+
764
918
  <fingerprint pattern="^Model name\s+: NPort (IA-\d+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+System uptime">
765
919
  <description>Moxa NPort Device Server - IA Series</description>
766
920
  <!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
921
+
767
922
  <example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
768
923
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
769
924
  DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
@@ -776,13 +931,17 @@
776
931
  <param pos="1" name="hw.product"/>
777
932
  <param pos="2" name="host.mac"/>
778
933
  <param pos="3" name="host.id"/>
934
+ <param pos="0" name="os.vendor" value="Moxa"/>
779
935
  <param pos="4" name="os.version"/>
780
936
  <param pos="5" name="os.version.version"/>
781
937
  </fingerprint>
938
+
782
939
  <fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
783
940
  <description>Moxa NPort Device Server - 5xxx Series</description>
784
941
  <!-- Some versions of the banner below have a line full of dashes which cannot be included in the example comment -->
942
+
785
943
  <!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
944
+
786
945
  <example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
787
946
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
788
947
  iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
@@ -795,12 +954,28 @@
795
954
  <param pos="1" name="hw.product"/>
796
955
  <param pos="2" name="host.mac"/>
797
956
  <param pos="3" name="host.id"/>
957
+ <param pos="0" name="os.vendor" value="Moxa"/>
798
958
  <param pos="4" name="os.version"/>
799
959
  <param pos="5" name="os.version.version"/>
800
960
  </fingerprint>
961
+
962
+ <fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+Please keyin your username:">
963
+ <description>Moxa NPort Device Server - 5xxx Series - Model only</description>
964
+ <!-- Model name : NPort 5110A\r\n\r\nPlease keyin your username: -->
965
+
966
+ <example _encoding="base64" hw.product="5110A">TW9kZWwgbmFtZSAgICAgICA6IE5Q
967
+ b3J0IDUxMTBBDQoNClBsZWFzZSBrZXlpbiB5b3VyIHVzZXJuYW1lOgo=
968
+ </example>
969
+ <param pos="0" name="hw.vendor" value="Moxa"/>
970
+ <param pos="0" name="hw.family" value="NPort"/>
971
+ <param pos="0" name="hw.device" value="Device Server"/>
972
+ <param pos="1" name="hw.product"/>
973
+ </fingerprint>
974
+
801
975
  <fingerprint pattern="^Model name\s+: MGate (MB3[\w-]+)(?:\r|\n|\x00|)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
802
976
  <description>Moxa MGate Modbus Gateway</description>
803
977
  <!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
978
+
804
979
  <example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
805
980
  TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
806
981
  Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
@@ -813,45 +988,110 @@
813
988
  <param pos="1" name="hw.product"/>
814
989
  <param pos="2" name="host.mac"/>
815
990
  <param pos="3" name="host.id"/>
991
+ <param pos="0" name="os.vendor" value="Moxa"/>
816
992
  <param pos="4" name="os.version"/>
817
993
  <param pos="5" name="os.version.version"/>
818
994
  </fingerprint>
819
- <fingerprint pattern="^Model name\s+: (NE[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
995
+
996
+ <fingerprint pattern="^Model name\s+: (NE[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+)(?: Build (\d+)(?:\r|\n|\x00)+)?">
820
997
  <description>Moxa NE Series Embedded device server</description>
821
998
  <!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
999
+
822
1000
  <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
823
1001
  TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
824
1002
  kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
825
1003
  9uIDogNC4xIEJ1aWxkIDA3MDYxNTE3DQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
826
1004
  </example>
1005
+ <!-- Model name : NE-4110S\r\nMAC address : 00:90:E8:AA:AA:AA\r\nSerial No : 000\r\nFirmware version : 1.5.2\r\n\r\nPlease keyin your password: -->
1006
+
1007
+ <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="000" os.version="1.5.2">
1008
+ TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQpNQUMgYWRkcmVzcyAgICAgIDogMDA6OTA6RTg6QUE6QUE6QUENClNlcmlhbCBObyAgICAgICAgOiAwMDANCkZpcm13YXJlIHZlcnNpb24gOiAxLjUuMg0KDQpQbGVhc2Uga2V5aW4geW91ciBwYXNzd29yZDoK
1009
+ </example>
827
1010
  <param pos="0" name="hw.vendor" value="Moxa"/>
828
1011
  <param pos="0" name="hw.family" value="NE"/>
829
1012
  <param pos="0" name="hw.device" value="Device Server"/>
830
1013
  <param pos="1" name="hw.product"/>
831
1014
  <param pos="2" name="host.mac"/>
832
1015
  <param pos="3" name="host.id"/>
1016
+ <param pos="0" name="os.vendor" value="Moxa"/>
833
1017
  <param pos="4" name="os.version"/>
834
1018
  <param pos="5" name="os.version.version"/>
835
1019
  </fingerprint>
1020
+
1021
+ <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:-_\&amp;]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
1022
+ <description>Moxa MiiNePort Series Embedded device server</description>
1023
+ <!-- Model name : MiiNePort E2\r\nSerial No. : 9999\r\nDevice name : MiiNePort_E2_4064\r\nFirmware version : 1.3.36 Build 15031615\r\nEthernet MAC address: 00:90:E8:5A:92:FF\r\n\r\nPlease keyin your password: -->
1024
+
1025
+ <example _encoding="base64" hw.product="MiiNePort E2" host.mac="00:90:E8:5A:92:FF" host.id="9999" os.version="1.3.36" os.version.version="15031615">
1026
+ TW9kZWwgbmFtZSAgICAgICAgICA6IE1paU5lUG9ydCBFMg0KU2VyaWFsIE5vLiAgICAgICAgI
1027
+ CA6IDk5OTkNCkRldmljZSBuYW1lICAgICAgICAgOiBNaWlOZVBvcnRfRTJfNDA2NA0KRmlybX
1028
+ dhcmUgdmVyc2lvbiAgICA6IDEuMy4zNiBCdWlsZCAxNTAzMTYxNQ0KRXRoZXJuZXQgTUFDIGF
1029
+ kZHJlc3M6IDAwOjkwOkU4OjVBOjkyOkZGDQoNClBsZWFzZSBrZXlpbiB5b3VyIHBhc3N3b3Jk
1030
+ Ogo=
1031
+ </example>
1032
+ <param pos="0" name="hw.vendor" value="Moxa"/>
1033
+ <param pos="0" name="hw.family" value="MiiNePort"/>
1034
+ <param pos="0" name="hw.device" value="Device Server"/>
1035
+ <param pos="1" name="hw.product"/>
1036
+ <param pos="2" name="host.id"/>
1037
+ <param pos="0" name="os.vendor" value="Moxa"/>
1038
+ <param pos="3" name="os.version"/>
1039
+ <param pos="4" name="os.version.version"/>
1040
+ <param pos="5" name="host.mac"/>
1041
+ </fingerprint>
1042
+
1043
+ <!-- The following is very specific in order to express CPE values -->
1044
+
1045
+ <fingerprint pattern="^EDR-G903 login:">
1046
+ <description>Moxa EDR Secure Routers - EDR-G903</description>
1047
+ <example>EDR-G903 login:</example>
1048
+ <param pos="0" name="hw.vendor" value="Moxa"/>
1049
+ <param pos="0" name="hw.family" value="EDR"/>
1050
+ <param pos="0" name="hw.device" value="Router"/>
1051
+ <param pos="0" name="hw.product" value="EDR-G903"/>
1052
+ <param pos="0" name="hw.cpe23" value="cpe:/h:moxa:edr-g903:-"/>
1053
+ <param pos="0" name="os.vendor" value="Moxa"/>
1054
+ <param pos="0" name="os.family" value="EDR"/>
1055
+ <param pos="0" name="os.device" value="Router"/>
1056
+ <param pos="0" name="os.product" value="EDR G903 Firmware"/>
1057
+ <param pos="0" name="os.cpe23" value="cpe:/o:moxa:edr_g903_firmware:-"/>
1058
+ </fingerprint>
1059
+
1060
+ <fingerprint pattern="^EDR-G902 login:">
1061
+ <description>Moxa EDR Secure Routers - EDR-G902</description>
1062
+ <example>EDR-G902 login:</example>
1063
+ <param pos="0" name="hw.vendor" value="Moxa"/>
1064
+ <param pos="0" name="hw.family" value="EDR"/>
1065
+ <param pos="0" name="hw.device" value="Router"/>
1066
+ <param pos="0" name="hw.product" value="EDR-G902"/>
1067
+ <param pos="0" name="os.vendor" value="Moxa"/>
1068
+ <param pos="0" name="os.family" value="EDR"/>
1069
+ <param pos="0" name="os.device" value="Router"/>
1070
+ <param pos="0" name="os.product" value="EDR G902 Firmware"/>
1071
+ </fingerprint>
1072
+
836
1073
  <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*.*$">
837
1074
  <description>RedHat general purpose linux</description>
838
1075
  <!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
1076
+
839
1077
  <example _encoding="base64" os.version="9 (Shrike)">
840
1078
  UmVkIEhhdCBMaW51eCByZWxlYXNlIDkgKFNocmlrZSlcbktlcm5lbCAyLjQuMjAtOCBvbiBhbiBpNjg2XG5sb2dpbjo=
841
1079
  </example>
842
- <param pos="0" name="os.vendor" value="RedHat"/>
1080
+ <param pos="0" name="os.vendor" value="Red Hat"/>
843
1081
  <param pos="0" name="os.family" value="Linux"/>
844
1082
  <param pos="0" name="os.device" value="Linux"/>
845
1083
  <param pos="1" name="os.version"/>
846
1084
  </fingerprint>
1085
+
847
1086
  <fingerprint pattern="^(?m)Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
848
1087
  <description>RedHat Enterprise Linux ES</description>
849
1088
  <!-- Red Hat Enterprise Linux ES release 3 (Taroon Update 9\nKernel 2.4.21-47.EL on an x86_64\nlogin: -->
1089
+
850
1090
  <example _encoding="base64" os.version="3" linux.kernel.version="2.4.21-47.EL" os.arch="x86_64">
851
1091
  UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IEVTIHJlbGVhc2UgMyAoVGFyb29uIFVwZGF0ZSA5KQpLZXJuZWwgMi40LjIxLTQ3Lk
852
1092
  VMIG9uIGFuIHg4Nl82NApsb2dpbjo=
853
1093
  </example>
854
- <param pos="0" name="os.vendor" value="RedHat"/>
1094
+ <param pos="0" name="os.vendor" value="Red Hat"/>
855
1095
  <param pos="0" name="os.family" value="Linux"/>
856
1096
  <param pos="0" name="os.product" value="Linux"/>
857
1097
  <param pos="1" name="os.version"/>
@@ -859,41 +1099,47 @@
859
1099
  <param pos="3" name="os.arch"/>
860
1100
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
861
1101
  </fingerprint>
1102
+
862
1103
  <fingerprint pattern="^(?m)Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
863
1104
  <description>RedHat Enterprise Linux AS</description>
864
1105
  <!-- Red Hat Enterprise Linux AS release 5.8 (Tikanga)\nKernel 2.6.18-308.11.1.el5 on an x86_64\nlogin: -->
1106
+
865
1107
  <example _encoding="base64" os.version="5.8" linux.kernel.version="2.6.18-308.11.1.el5" os.arch="x86_64">
866
1108
  UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IEFTIHJlbGVhc2UgNS44IChUaWthbmdhKQpLZXJuZWwgM
867
1109
  i42LjE4LTMwOC4xMS4xLmVsNSBvbiBhbiB4ODZfNjQKbG9naW46
868
1110
  </example>
869
- <param pos="0" name="os.vendor" value="RedHat"/>
1111
+ <param pos="0" name="os.vendor" value="Red Hat"/>
870
1112
  <param pos="0" name="os.family" value="Linux"/>
871
1113
  <param pos="0" name="os.product" value="RedHat Enterprise AS"/>
872
1114
  <param pos="1" name="os.version"/>
873
1115
  <param pos="2" name="linux.kernel.version"/>
874
1116
  <param pos="3" name="os.arch"/>
875
1117
  </fingerprint>
1118
+
876
1119
  <fingerprint pattern="^(?m)Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
877
1120
  <description>RedHat Enterprise Linux WS</description>
878
1121
  <!--Red Hat Enterprise Linux WS release 2.1 (Tampa) \nKernel 2.4.9-e.40smp on an i686 \nlogin: -->
1122
+
879
1123
  <example _encoding="base64" os.version="2.1" linux.kernel.version="2.4.9-e.40smp" os.arch="i686">
880
1124
  UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IFdTIHJlbGVhc2UgMi4xIChUYW1wY
881
1125
  SkgCktlcm5lbCAyLjQuOS1lLjQwc21wIG9uIGFuIGk2ODYgCmxvZ2luOiA=
882
1126
  </example>
883
- <param pos="0" name="os.vendor" value="RedHat"/>
1127
+ <param pos="0" name="os.vendor" value="Red Hat"/>
884
1128
  <param pos="0" name="os.family" value="Linux"/>
885
1129
  <param pos="0" name="os.product" value="RedHat Enterprise WS"/>
886
1130
  <param pos="1" name="os.version"/>
887
1131
  <param pos="2" name="linux.kernel.version"/>
888
1132
  <param pos="3" name="os.arch"/>
889
1133
  </fingerprint>
1134
+
890
1135
  <fingerprint pattern="^(?m)Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
891
1136
  <description>Fedora Core Release</description>
892
1137
  <!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
1138
+
893
1139
  <example _encoding="base64" os.version="1" linux.kernel.version="2.4.20-13.9ensim-3.5.0-13" os.arch="i686">
894
1140
  RmVkb3JhIENvcmUgcmVsZWFzZSAxIChZYXJyb3cpCktlcm5lbCAyLjQuMjAtMTMuOWVuc2ltLTMuNS4wLTEzIG9uIGFuIGk2ODYKbG9naW46
895
1141
  </example>
896
- <param pos="0" name="os.vendor" value="Redhat"/>
1142
+ <param pos="0" name="os.vendor" value="Red Hat"/>
897
1143
  <param pos="0" name="os.family" value="Linux"/>
898
1144
  <param pos="0" name="os.product" value="Fedora"/>
899
1145
  <param pos="1" name="os.version"/>
@@ -901,9 +1147,11 @@
901
1147
  <param pos="3" name="os.arch"/>
902
1148
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
903
1149
  </fingerprint>
1150
+
904
1151
  <fingerprint pattern="^(?m)Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
905
1152
  <description>SuSE Linux</description>
906
1153
  <!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
1154
+
907
1155
  <example _encoding="base64" os.version="7.0" os.arch="i386" linux.kernel.version="2.2.16-RAID (0). 2VG029037">
908
1156
  V2VsY29tZSB0byBTdVNFIExpbnV4IDcuMCAoaTM4NikgLSBLZXJuZWwgMi4yLjE2LVJBSUQgKDApLiAyVkcwMjkwMzcgCgpsb2dpbjo=
909
1157
  </example>
@@ -915,9 +1163,11 @@
915
1163
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:{os.version}"/>
916
1164
  <param pos="3" name="linux.kernel.version"/>
917
1165
  </fingerprint>
1166
+
918
1167
  <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+).*">
919
1168
  <description>Turbolinux ApplianceServer</description>
920
1169
  <!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
1170
+
921
1171
  <example _encoding="base64" os.version="4.0">
922
1172
  VHVyYm9saW51eCBBcHBsaWFuY2VTZXJ2ZXIgNC4wIChBdGxhczIpIExpbnV4IDIuNi4zMi00MzEuMjMuMy5lbDYueDg
923
1173
  2XzY0IG9uIGEgeDg2XzY0IChzZW55bzE5MXg4OS5kaWdpdGFsaW5rLm5lLmpwKSBUVFk6IDEyOjE1IG9uIFR1ZXNkYX
@@ -928,9 +1178,11 @@
928
1178
  <param pos="0" name="os.product" value="Linux"/>
929
1179
  <param pos="1" name="os.version"/>
930
1180
  </fingerprint>
1181
+
931
1182
  <fingerprint pattern="^UnixWare ([^ ]+).*$">
932
1183
  <description>UnixWare</description>
933
1184
  <!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
1185
+
934
1186
  <example _encoding="base64" os.version="2.1.3">
935
1187
  VW5peFdhcmUgMi4xLjMgKHByb2ZpbCkgKHB0cy8zKQoKCgpsb2dpbjog
936
1188
  </example>
@@ -940,9 +1192,11 @@
940
1192
  <param pos="0" name="os.product" value="UnixWare"/>
941
1193
  <param pos="1" name="os.version"/>
942
1194
  </fingerprint>
1195
+
943
1196
  <fingerprint pattern="^Telnet Server Build (5.*)">
944
1197
  <description>Windows 2000</description>
945
1198
  <!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
1199
+
946
1200
  <example _encoding="base64" os.version="5.00.99034.1">
947
1201
  TWljcm9zb2Z0IChSKSBXaW5kb3dzIE5UIChUTSkgVmVyc2lvbiA0LjAwIChCdWlsZCAxMzgxKQpXZWxj
948
1202
  b21lIHRvIE1pY3Jvc29mdCBUZWxuZXQgU2VydmljZSAKVGVsbmV0IFNlcnZlciBCdWlsZCA1LjAwLjk5MDM0LjEKCmxvZ2luOiA=
@@ -953,9 +1207,11 @@
953
1207
  <param pos="1" name="os.version"/>
954
1208
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
955
1209
  </fingerprint>
1210
+
956
1211
  <fingerprint pattern="^Welcome. Type return, enter password at # prompt">
957
1212
  <description>Brother Printer</description>
958
1213
  <!-- Welcome. Type return, enter password at # prompt -->
1214
+
959
1215
  <example _encoding="base64">
960
1216
  V2VsY29tZS4gVHlwZSByZXR1cm4sIGVudGVyIHBhc3N3b3JkIGF0ICMgcHJvbXB0Cg==
961
1217
  </example>
@@ -964,9 +1220,11 @@
964
1220
  <param pos="0" name="os.device" value="Printer"/>
965
1221
  <param pos="0" name="os.product" value="Brother Printer"/>
966
1222
  </fingerprint>
1223
+
967
1224
  <fingerprint pattern="^(.*) Copyright by ARESCOM">
968
1225
  <description>Arescom System</description>
969
1226
  <!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
1227
+
970
1228
  <example _encoding="base64" os.model="NDS1260HE-TLI">
971
1229
  TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
972
1230
  </example>
@@ -974,30 +1232,36 @@
974
1232
  <param pos="0" name="os.device" value="WAP"/>
975
1233
  <param pos="1" name="os.model"/>
976
1234
  </fingerprint>
1235
+
977
1236
  <fingerprint pattern="^Welcome to ViewStation">
978
1237
  <description>Polycom ViewStation Video Vonference System</description>
979
1238
  <!-- Welcome to ViewStation\nPassword: -->
1239
+
980
1240
  <example _encoding="base64">
981
1241
  V2VsY29tZSB0byBWaWV3U3RhdGlvbgoKUGFzc3dvcmQ6
982
1242
  </example>
983
1243
  <param pos="0" name="os.vendor" value="Polycom"/>
984
1244
  <param pos="0" name="os.device" value="ViewStation"/>
985
1245
  </fingerprint>
1246
+
986
1247
  <fingerprint pattern="^FlowPoint\/(.*) SDSL \[ATM\] Router .*v(.*) Ready">
987
1248
  <!--FlowPoint/2200 SDSL [ATM] Router fp2200-12 v3.0.2 Ready\nLogin: -->
1249
+
988
1250
  <description>FlowPoint 2200 DSL router</description>
989
1251
  <example _encoding="base64" hw.model="2200" os.version="3.0.2">
990
1252
  Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
991
1253
  </example>
992
- <param pos="0" name="os.vendor" value="Flowpoint"/>
1254
+ <param pos="0" name="os.vendor" value="FlowPoint"/>
993
1255
  <param pos="0" name="hw.device" value="Broadband router"/>
994
1256
  <param pos="0" name="hw.product" value="DSL Router"/>
995
1257
  <param pos="1" name="hw.model"/>
996
1258
  <param pos="2" name="os.version"/>
997
1259
  </fingerprint>
1260
+
998
1261
  <fingerprint pattern="^GlobespanVirata Inc\., Software Release (.*)">
999
1262
  <description>GlobespanVirata broadband router</description>
1000
1263
  <!--GlobespanVirata Inc., Software Release 2.1.040407a3_u_e_A\nCopyright (c) 2001-2003 by GlobespanVirata, Inc.\n\nlogin: -->
1264
+
1001
1265
  <example _encoding="base64" os.version="2.1.040407a3_u_e_A">
1002
1266
  R2xvYmVzcGFuVmlyYXRhIEluYy4sIFNvZnR3YXJlIFJlbGVhc2UgMi4xLjA0MDQwN2EzX3VfZV9BCgpDb3B5cmlnaHQgKG
1003
1267
  MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
@@ -1006,14 +1270,17 @@
1006
1270
  <param pos="0" name="hw.device" value="Broadband router"/>
1007
1271
  <param pos="1" name="os.version"/>
1008
1272
  </fingerprint>
1273
+
1009
1274
  <fingerprint pattern="^VxWorks login:">
1010
1275
  <description>VxWorks embedded device</description>
1011
1276
  <example>VxWorks login: </example>
1012
1277
  <param pos="0" name="os.family" value="VxWorks"/>
1013
1278
  </fingerprint>
1279
+
1014
1280
  <fingerprint pattern=".*Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*).*">
1015
1281
  <description>Nortel Passport</description>
1016
1282
  <!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
1283
+
1017
1284
  <example _encoding="base64" os.product="8010" os.version="3.5.0.0">
1018
1285
  KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqXG5cblxuKiBDb3B5cmlnaHQgKG
1019
1286
  MpIDIwMDMgTm9ydGVsIE5ldHdvcmtzLCBJbmMuICAqXG5cblxuKiBBbGwgUmlnaHRzIFJlc2VydmVkICAgICAg
@@ -1026,9 +1293,11 @@
1026
1293
  <param pos="1" name="os.product"/>
1027
1294
  <param pos="2" name="os.version"/>
1028
1295
  </fingerprint>
1296
+
1029
1297
  <fingerprint pattern="^IPSO.* \((.*)\) \(tty.*\)">
1030
1298
  <description>Checkpoint Firewall-1 running on a Nokia IPSO appliance</description>
1031
1299
  <!-- IPSO/i386 (BJ-IDC-FW2) (ttyp7)\n\n\nThis system is for authorized use only.\n\n\n\n\n\n\nlogin: -->
1300
+
1032
1301
  <example _encoding="base64" host.name="BJ-IDC-FW2">
1033
1302
  SVBTTy9pMzg2IChCSi1JREMtRlcyKSAodHR5cDcpCgoKClRoaXMgc3lzdGVtIGlzIGZvciBhdXRob3Jpem
1034
1303
  VkIHVzZSBvbmx5LgoKCgoKCgoKbG9naW46IA==
@@ -1039,10 +1308,13 @@
1039
1308
  <param pos="0" name="os.product" value="IPSO"/>
1040
1309
  <param pos="1" name="host.name"/>
1041
1310
  </fingerprint>
1311
+
1042
1312
  <fingerprint pattern="Tasman Networks Inc.*Telnet Login">
1043
1313
  <description>Tasman Networks Login</description>
1044
1314
  <!-- #\n# Tasman Networks Inc. Telnet Login\n#Escape character is '^]'\n\n\n\nlogin: -->
1315
+
1045
1316
  <!-- Dashes removed from example banner due to xml issue -->
1317
+
1046
1318
  <example _encoding="base64" os.vendor="Tasman Networks">
1047
1319
  Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0
1048
1320
  tLS0tLS0tCiMgVGFzbWFuIE5ldHdvcmtzIEluYy4gVGVsbmV0IExvZ2luCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS
@@ -1053,9 +1325,11 @@
1053
1325
  <param pos="0" name="os.device" value="Router"/>
1054
1326
  <param pos="0" name="os.product" value="Tasman Networks router"/>
1055
1327
  </fingerprint>
1328
+
1056
1329
  <fingerprint pattern="Pragma Systems">
1057
1330
  <description>MS Windows running Pragma TelnetD server</description>
1058
1331
  <!-- Welcome to Gemadept Logistics RF Server\n(C) Copyright 1994-2012 Pragma Systems, Inc.\nlogin name: -->
1332
+
1059
1333
  <example _encoding="base64">
1060
1334
  V2VsY29tZSB0byBHZW1hZGVwdCBMb2dpc3RpY3MgUkYgU2VydmVyCihDKSBDb3B5cmlnaHQgMTk5NC0yMDEyIFB
1061
1335
  yYWdtYSBTeXN0ZW1zLCBJbmMuCgpsb2dpbiBuYW1lOiA=
@@ -1065,9 +1339,11 @@
1065
1339
  <param pos="0" name="os.product" value="Windows"/>
1066
1340
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1067
1341
  </fingerprint>
1342
+
1068
1343
  <fingerprint pattern="^Application Required. No Installation Default">
1069
1344
  <description>probably IBM AS/400 running TN3270 or 5250 emulation server</description>
1070
1345
  <!-- Application Required. No Installation Default\nEnter Application Name: -->
1346
+
1071
1347
  <example _encoding="base64">
1072
1348
  QXBwbGljYXRpb24gUmVxdWlyZWQuIE5vIEluc3RhbGxhdGlvbiBEZWZhdWx0ICAgICAgICA
1073
1349
  gICAgICAgICAgICAgICAgICAgICAgICAgIApFbnRlciBBcHBsaWNhdGlvbiBOYW1lOg==
@@ -1077,9 +1353,11 @@
1077
1353
  <param pos="0" name="os.product" value="OS/400"/>
1078
1354
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1079
1355
  </fingerprint>
1356
+
1080
1357
  <fingerprint pattern="^This copy of the Ataman TCP Remote Logon Services">
1081
1358
  <description>Windows NT/2k/2k3 running Ataman telnet server</description>
1082
1359
  <!-- This copy of the Ataman TCP Remote Logon Services is registered as licensed to:\nECI2/DDMS\nAccount Name: -->
1360
+
1083
1361
  <example _encoding="base64">
1084
1362
  VGhpcyBjb3B5IG9mIHRoZSBBdGFtYW4gVENQIFJlbW90ZSBMb2dvbiBTZXJ2aWNlcyBpcyByZWdpc3RlcmVkIG
1085
1363
  FzIGxpY2Vuc2VkIHRvOgoJRUNJMi9ERE1TCgpBY2NvdW50IE5hbWU6IA==
@@ -1089,9 +1367,11 @@
1089
1367
  <param pos="0" name="os.product" value="Windows"/>
1090
1368
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1091
1369
  </fingerprint>
1370
+
1092
1371
  <fingerprint pattern="Cobalt Linux release\W(.*)\W\(.*">
1093
1372
  <description>Cobalt Linux</description>
1094
1373
  <!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
1374
+
1095
1375
  <example _encoding="base64" os.version="6.0">
1096
1376
  Q29iYWx0IExpbnV4IHJlbGVhc2UgNi4wIChTaGlua2Fuc2VuKQpLZXJuZWwgMi4yLjE2QzM3X0lJSSBvbiBhbiBpNTg2CmxvZ2luOiA=
1097
1377
  </example>
@@ -1100,9 +1380,11 @@
1100
1380
  <param pos="0" name="os.product" value="Linux"/>
1101
1381
  <param pos="1" name="os.version"/>
1102
1382
  </fingerprint>
1383
+
1103
1384
  <fingerprint pattern="^Check Point FireWall-1 authenticated Telnet server running on (.*)">
1104
1385
  <description>Check Point Firewall-1</description>
1105
1386
  <!-- Check Point FireWall-1 authenticated Telnet server running on gaatdrf2\nUser: -->
1387
+
1106
1388
  <example _encoding="base64" host.name="gaatdrf2">
1107
1389
  Q2hlY2sgUG9pbnQgRmlyZVdhbGwtMSBhdXRoZW50aWNhdGVkIFRlbG5ldCBzZXJ2ZXIgcnVubmluZyBvbiBnYWF0ZHJmMgoKVXNlcjog
1108
1390
  </example>
@@ -1112,9 +1394,11 @@
1112
1394
  <param pos="0" name="os.product" value="Checkpoint FW1"/>
1113
1395
  <param pos="1" name="host.name"/>
1114
1396
  </fingerprint>
1397
+
1115
1398
  <fingerprint pattern="^Raptor Firewall">
1116
1399
  <description>Raptor Firewall</description>
1117
1400
  <!-- Raptor Firewall Secure Gateway.\nHostname: -->
1401
+
1118
1402
  <example _encoding="base64">
1119
1403
  UmFwdG9yIEZpcmV3YWxsIFNlY3VyZSBHYXRld2F5LgoKSG9zdG5hbWU6IA==
1120
1404
  </example>
@@ -1123,9 +1407,11 @@
1123
1407
  <param pos="0" name="os.device" value="Firewall"/>
1124
1408
  <param pos="0" name="os.product" value="Raptor"/>
1125
1409
  </fingerprint>
1410
+
1126
1411
  <fingerprint pattern="UNIX\(r\) System V Release (\d*.\d*)">
1127
1412
  <description>SunOS (Solaris)</description>
1128
1413
  <!-- Raptor Firewall Secure Gateway.\nHostname: -->
1414
+
1129
1415
  <example _encoding="base64" os.version="4.0">
1130
1416
  VU5JWChyKSBTeXN0ZW0gViBSZWxlYXNlIDQuMCAoVGhlLVNlcnZlcikKCgoKbG9naW46IA==
1131
1417
  </example>
@@ -1135,9 +1421,11 @@
1135
1421
  <param pos="1" name="os.version"/>
1136
1422
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1137
1423
  </fingerprint>
1424
+
1138
1425
  <fingerprint pattern="Solaris (.*)">
1139
1426
  <description>Solaris</description>
1140
1427
  <!-- Seattle Community Network Sun Solaris 1.1.1.B\nPlease login as 'visitor' if you are a visitorn\n\nSunOS UNIX (scn)\n\n\nlogin:-->
1428
+
1141
1429
  <example _encoding="base64" os.version="1.1.1.B">
1142
1430
  U2VhdHRsZSBDb21tdW5pdHkgTmV0d29yayBTdW4gU29sYXJpcyAxLjEuMS5CClBsZWFzZSBsb2dpbiBhcyAndml
1143
1431
  zaXRvcicgaWYgeW91IGFyZSBhIHZpc2l0b3IKCgpTdW5PUyBVTklYIChzY24pCgoKCmxvZ2luOg==
@@ -1148,9 +1436,11 @@
1148
1436
  <param pos="1" name="os.version"/>
1149
1437
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1150
1438
  </fingerprint>
1439
+
1151
1440
  <fingerprint pattern="^Digital UNIX \(([^)]+).*">
1152
1441
  <description>Digital Unix</description>
1153
1442
  <!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
1443
+
1154
1444
  <example _encoding="base64" host.name="journal">
1155
1445
  RGlnaXRhbCBVTklYIChqb3VybmFsKSAodHR5cDIpCgoKCmxvZ2luOiA=
1156
1446
  </example>
@@ -1159,9 +1449,11 @@
1159
1449
  <param pos="0" name="os.product" value="Digital Unix"/>
1160
1450
  <param pos="1" name="host.name"/>
1161
1451
  </fingerprint>
1452
+
1162
1453
  <fingerprint pattern="^(?m)Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1163
1454
  <description>Compaq Tru64 UNIX V</description>
1164
1455
  <!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
1456
+
1165
1457
  <example _encoding="base64" os.version="5.1B" os.rev="2650">
1166
1458
  Q29tcGFxIFRydTY0IFVOSVggVjUuMUIgKFJldi4gMjY1MCkgKGRvY2FscGhhKSAocHRzLzExKQoKCgoKCmxvZ2luOg==
1167
1459
  </example>
@@ -1172,10 +1464,12 @@
1172
1464
  <param pos="2" name="os.rev"/>
1173
1465
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1174
1466
  </fingerprint>
1467
+
1175
1468
  <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\)).*$">
1176
1469
  <description>System HP-UX</description>
1177
1470
  <!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
1178
- <example _encoding="base64" host.name="ctout" os.version="11.11" hw.series="9000/800" hw.model="(tc)">
1471
+
1472
+ <example _encoding="base64" host.name="ctout" os.version="11.11" hw.series="9000/800" hw.model="(tc)" hw.version="U">
1179
1473
  SFAtVVggY3RvdXQgQi4xMS4xMSBVIDkwMDAvODAwICh0YykKCmxvZ2luOiA=
1180
1474
  </example>
1181
1475
  <param pos="0" name="os.vendor" value="HP"/>
@@ -1188,18 +1482,22 @@
1188
1482
  <param pos="4" name="hw.series"/>
1189
1483
  <param pos="5" name="hw.model"/>
1190
1484
  </fingerprint>
1485
+
1191
1486
  <fingerprint pattern="^Data ONTAP">
1192
1487
  <description>A NetApp apliance</description>
1193
1488
  <!-- Data ONTAP (s500.)\nlogin: -->
1489
+
1194
1490
  <example _encoding="base64">RGF0YSBPTlRBUCAoczUwMC4pCmxvZ2luOiA=</example>
1195
1491
  <param pos="0" name="os.vendor" value="NetApp"/>
1196
1492
  <param pos="0" name="os.family" value="Data ONTAP"/>
1197
1493
  <param pos="0" name="os.product" value="Data ONTAP"/>
1198
1494
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
1199
1495
  </fingerprint>
1496
+
1200
1497
  <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
1201
1498
  <description>OpenVMS</description>
1202
1499
  <!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
1500
+
1203
1501
  <example _encoding="base64" os.version="8.4">
1204
1502
  IFdlbGNvbWUgdG8gT3BlblZNUyAoVE0pIEFscGhhIE9wZXJhdGluZyBTeXN0Z
1205
1503
  W0sIFZlcnNpb24gVjguNCAgICAgLSBOT1Q3MAoKClVzZXJuYW1lOiA=
@@ -1209,9 +1507,11 @@
1209
1507
  <param pos="0" name="os.product" value="VMS"/>
1210
1508
  <param pos="1" name="os.version"/>
1211
1509
  </fingerprint>
1510
+
1212
1511
  <fingerprint pattern="^(?m)SCO OpenServer\(TM\) Release ([^ ]+).*$">
1213
1512
  <description>SCO OpenServer</description>
1214
1513
  <!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
1514
+
1215
1515
  <example _encoding="base64" os.version="5">
1216
1516
  U0NPIE9wZW5TZXJ2ZXIoVE0pIFJlbGVhc2UgNSAoYm9tZGlhLmNvLnphKSAodHR5cDYpCgpsb2dpbjo=
1217
1517
  </example>
@@ -1220,9 +1520,11 @@
1220
1520
  <param pos="0" name="os.product" value="OpenServer"/>
1221
1521
  <param pos="1" name="os.version"/>
1222
1522
  </fingerprint>
1523
+
1223
1524
  <fingerprint pattern="^% Username: timeout expired!">
1224
1525
  <description>Some kind of Cisco device</description>
1225
1526
  <!-- % Username: timeout expired!-->
1527
+
1226
1528
  <example _encoding="base64">
1227
1529
  JSBVc2VybmFtZTogIHRpbWVvdXQgZXhwaXJlZCE=
1228
1530
  </example>
@@ -1231,6 +1533,7 @@
1231
1533
  <param pos="0" name="os.product" value="IOS"/>
1232
1534
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1233
1535
  </fingerprint>
1536
+
1234
1537
  <fingerprint pattern="^Welcome to MKS Telnet Server Version">
1235
1538
  <description>Windows running MKS Telnet Server</description>
1236
1539
  <example _encoding="base64">
@@ -1241,15 +1544,18 @@
1241
1544
  <param pos="0" name="os.product" value="Windows"/>
1242
1545
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1243
1546
  </fingerprint>
1547
+
1244
1548
  <fingerprint pattern="^Sorry, this system is engaged\.">
1245
1549
  <description>an embedded print server</description>
1246
1550
  <example>Sorry, this system is engaged.</example>
1247
1551
  <param pos="0" name="os.vendor" value="Epson"/>
1248
1552
  <param pos="0" name="os.device" value="Printer"/>
1249
1553
  </fingerprint>
1554
+
1250
1555
  <fingerprint pattern="^TELNET session now in ESTABLISHED state">
1251
1556
  <description>an Allied Telesyn router</description>
1252
1557
  <!-- TELNET session now in ESTABLISHED state\n\nGEO-003 login: -->
1558
+
1253
1559
  <example _encoding="base64">
1254
1560
  VEVMTkVUIHNlc3Npb24gbm93IGluIEVTVEFCTElTSEVEIHN0YXRlCgpHRU8tMDAzIGxvZ2luOiA=
1255
1561
  </example>
@@ -1257,9 +1563,11 @@
1257
1563
  <param pos="0" name="os.device" value="Router"/>
1258
1564
  <param pos="0" name="os.product" value="Allied Telesyn router"/>
1259
1565
  </fingerprint>
1566
+
1260
1567
  <fingerprint pattern="^CONEXANT SYSTEMS.*ACCESS RUNNER ADSL">
1261
1568
  <description>a Conexant ADSL router</description>
1262
1569
  <!-- CONEXANT SYSTEMS, INC. ACCESS RUNNER ADSL CONSOLE PORT>>>LOGON PASSWORD>3.27****** -->
1570
+
1263
1571
  <example _encoding="base64">
1264
1572
  Q09ORVhBTlQgU1lTVEVNUywgSU5DLiBBQ0NFU1MgUlVOTkVSIEFEU0wgQ09OU09MRSBQ
1265
1573
  T1JUPj4+TE9HT04gUEFTU1dPUkQ+My4yNyoqKioqKg==
@@ -1268,9 +1576,11 @@
1268
1576
  <param pos="0" name="os.device" value="Broadband router"/>
1269
1577
  <param pos="0" name="os.product" value="AccessRunner ADSL router"/>
1270
1578
  </fingerprint>
1579
+
1271
1580
  <fingerprint pattern="^System administrator is connecting from">
1272
1581
  <description>a DrayTek Vigor SOHO Router</description>
1273
1582
  <!-- System administrator is connecting from 54.39.173.86\n\nReject the connection request !!! -->
1583
+
1274
1584
  <example _encoding="base64">
1275
1585
  U3lzdGVtIGFkbWluaXN0cmF0b3IgaXMgY29ubmVjdGluZyBmcm9tIDU0LjM5LjE3My44NgoKUmVqZWN0IH
1276
1586
  RoZSBjb25uZWN0aW9uIHJlcXVlc3QgISEh
@@ -1279,9 +1589,11 @@
1279
1589
  <param pos="0" name="hw.device" value="Broadband router"/>
1280
1590
  <param pos="0" name="hw.product" value="Vigor"/>
1281
1591
  </fingerprint>
1592
+
1282
1593
  <fingerprint pattern=".*Version\s(\d*.\d*)\/OpenBSD.*">
1283
1594
  <description>OpenBSD</description>
1284
1595
  <!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
1596
+
1285
1597
  <example _encoding="base64" os.version="6.4">
1286
1598
  MjIwIGtpbGxlcjA5IEZUUCBzZXJ2ZXIgKFZlcnNpb24gNi40L09wZW5CU0QvTGludXgtZnRwZC0wLjE3KSByZWFkeS4K
1287
1599
  </example>
@@ -1291,9 +1603,11 @@
1291
1603
  <param pos="1" name="os.version"/>
1292
1604
  <param pos="0" name="os.cpe23" value="cpe:/o:openbsd:openbsd:{os.version}"/>
1293
1605
  </fingerprint>
1606
+
1294
1607
  <fingerprint pattern="^FreeBSD\/([^\\s]+)\s+\(([^\s]+)\)">
1295
1608
  <description>a FreeBSD</description>
1296
1609
  <!-- FreeBSD/amd64 (ms.gymspgs.cz) (pts/0)\n\n\n\nlogin: -->
1610
+
1297
1611
  <example _encoding="base64" os.arch="amd64" host.name="ms.gymspgs.cz">
1298
1612
  RnJlZUJTRC9hbWQ2NCAobXMuZ3ltc3Bncy5jeikgKHB0cy8wKQoKCgpsb2dpbjo=
1299
1613
  </example>
@@ -1304,9 +1618,11 @@
1304
1618
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
1305
1619
  <param pos="2" name="host.name"/>
1306
1620
  </fingerprint>
1621
+
1307
1622
  <fingerprint pattern="^NetBSD">
1308
1623
  <description>NetBSD</description>
1309
1624
  <!-- NetBSD/evbsh3 (Fukuyama.Host_AKS_0555_WL-v2.60d) (ttyp1) -->
1625
+
1310
1626
  <example _encoding="base64">
1311
1627
  TmV0QlNEL21lc3NpbWlwcyAoKSAodHR5cDMpCgpsb2dpbjog
1312
1628
  </example>
@@ -1315,9 +1631,11 @@
1315
1631
  <param pos="0" name="os.product" value="NetBSD"/>
1316
1632
  <param pos="0" name="os.cpe23" value="cpe:/o:netbsd:netbsd:-"/>
1317
1633
  </fingerprint>
1634
+
1318
1635
  <fingerprint pattern="^IRIX\W\((.*)\)">
1319
1636
  <description>SGI IRIX</description>
1320
1637
  <!-- IRIX (artemis.biol.uoa.gr)\n\n\n\nlogin: -->
1638
+
1321
1639
  <example _encoding="base64" host.name="artemis.biol.uoa.gr">
1322
1640
  SVJJWCAoYXJ0ZW1pcy5iaW9sLnVvYS5ncikKCgoKbG9naW46IA==
1323
1641
  </example>
@@ -1327,12 +1645,15 @@
1327
1645
  <param pos="0" name="os.cpe23" value="cpe:/o:sgi:irix:-"/>
1328
1646
  <param pos="1" name="host.name"/>
1329
1647
  </fingerprint>
1648
+
1330
1649
  <fingerprint pattern="(?m)(ES|RS)\s([^\s]+) System Software, Version ([^\s]+).*Riverstone Networks" flags="REG_MULTILINE">
1331
1650
  <description>a Riverstone router</description>
1332
1651
  <!-- Using '+' instead of '-' due to xml issue -->
1652
+
1333
1653
  <!-- ++++++++++++++++++++++++++++++++++\nES 10170 System Software, Version 9.3.0.4\n
1334
1654
  Riverstone Networks, Inc., Copyright (c) 2000-2003. All rights reserved.\nSystem started on 2018-09-06 15:58:\n
1335
1655
  +++++++++++++++++++++++++++++++++++++++ -->
1656
+
1336
1657
  <example _encoding="base64" os.product="10170" os.version="9.3.0.4" os.family="ES">
1337
1658
  LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
1338
1659
  S0tLS0tLQpFUyAxMDE3MCBTeXN0ZW0gU29mdHdhcmUsIFZlcnNpb24gOS4zLjAuNApSaXZlcnN0b25lIE5ldH
@@ -1343,6 +1664,7 @@
1343
1664
  <!-- +++++++++++++++++++++++++++++++++++++++\nRS 10170 System Software, Version 9.3.0.5\n
1344
1665
  Riverstone Networks, Inc., Copyright (c) 2000-2003. All rights reserved.\nSystem started on 2018-09-06 15:58:\n
1345
1666
  +++++++++++++++++++++++++++++++++++++++ -->
1667
+
1346
1668
  <example _encoding="base64" os.product="8000" os.version="9.3.0.5" os.family="RS">
1347
1669
  LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
1348
1670
  S0tLS0tLQpSUyA4MDAwIFN5c3RlbSBTb2Z0d2FyZSwgVmVyc2lvbiA5LjMuMC41ClJpdmVyc3RvbmUgTmV0d2
@@ -1356,6 +1678,7 @@
1356
1678
  <param pos="2" name="os.product"/>
1357
1679
  <param pos="3" name="os.version"/>
1358
1680
  </fingerprint>
1681
+
1359
1682
  <fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
1360
1683
  <description>HP ProCurve Switch</description>
1361
1684
  <!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
@@ -1366,6 +1689,7 @@
1366
1689
  Software feature updates\n* New product announcements\n* Special events\n\n\nPlease register your
1367
1690
  products now at: www.ProCurve.com\n==============================================================================\n
1368
1691
  \n\nUsername: -->
1692
+
1369
1693
  <example _encoding="base64" os.product="J4121A">
1370
1694
  PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09P
1371
1695
  T09PT09PT09PT09PT09PT09PT09PT09CkhQIEo0MTIxQSBQcm9DdXJ2ZSBTd2l0Y2ggNDAwME
@@ -1389,11 +1713,13 @@
1389
1713
  <param pos="0" name="os.device" value="Switch"/>
1390
1714
  <param pos="1" name="os.product"/>
1391
1715
  </fingerprint>
1716
+
1392
1717
  <fingerprint pattern="^(?m).*ConnectUPS">
1393
1718
  <description>PowerWare ConnectUPS</description>
1394
1719
  <!-- +============================================================================+\n| [ ConnectUPS Web/SNMP
1395
1720
  Card Configuration Utility ] |\n+============================================================================+\n
1396
1721
  \nEnter Password: -->
1722
+
1397
1723
  <example _encoding="base64">
1398
1724
  Kz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0
1399
1725
  9PT09PT09PT09PT09PT0rCnwgICAgICAgICAgICBbIENvbm5lY3RVUFMgV2ViL1NOTVAgQ2FyZCBDb25maW
@@ -1406,9 +1732,11 @@
1406
1732
  <param pos="0" name="os.device" value="UPS"/>
1407
1733
  <param pos="0" name="os.product" value="ConnectUPS"/>
1408
1734
  </fingerprint>
1735
+
1409
1736
  <fingerprint pattern="^Imagistics.*im">
1410
1737
  <description>an Imagistics device</description>
1411
1738
  <!-- Imagistics im3511/im4511 Ver 01.00.20 TELNET server.\nCopyright(c) 2001-2005, silex technology, Inc.\nlogin: -->
1739
+
1412
1740
  <example _encoding="base64">
1413
1741
  SW1hZ2lzdGljcyBpbTM1MTEvaW00NTExIFZlciAwMS4wMC4yMCBURUxORVQgc2VydmVyLgpDb3B5cmlnaH
1414
1742
  QoYykgMjAwMS0yMDA1LCBzaWxleCB0ZWNobm9sb2d5LCBJbmMuCmxvZ2luOiA=
@@ -1418,9 +1746,11 @@
1418
1746
  <param pos="0" name="os.device" value="Multifunction Device"/>
1419
1747
  <param pos="0" name="os.product" value="im"/>
1420
1748
  </fingerprint>
1749
+
1421
1750
  <fingerprint pattern="^NRG Maintenance Shell">
1422
1751
  <description>a Ricoh NRG device</description>
1423
1752
  <!-- NRG Maintenance Shell. \nUser access verification.\nlogin: -->
1753
+
1424
1754
  <example _encoding="base64">
1425
1755
  TlJHIE1haW50ZW5hbmNlIFNoZWxsLiAgIAoKVXNlciBhY2Nlc3MgdmVyaWZpY2F0aW9uLgoKbG9naW46
1426
1756
  </example>
@@ -1428,9 +1758,11 @@
1428
1758
  <param pos="0" name="os.device" value="Printer"/>
1429
1759
  <param pos="0" name="os.product" value="NRG Printer"/>
1430
1760
  </fingerprint>
1761
+
1431
1762
  <fingerprint pattern="^SHARP (AR-[^\\s]+) Ver ([^\\s]+) TELNET server">
1432
1763
  <description>SHARP AR Series multifunction device</description>
1433
1764
  <!-- SHARP AR-M351U Ver 01.00.18 TELNET server.\nCopyright(c) 2001-2005, silex technology, Inc.\nlogin: -->
1765
+
1434
1766
  <example _encoding="base64" os.product="AR-M351U" os.version="01.00.18">
1435
1767
  U0hBUlAgQVItTTM1MVUgVmVyIDAxLjAwLjE4IFRFTE5FVCBzZXJ2ZXIuCkNvcHlyaWdodChjKSAyMDAx
1436
1768
  LTIwMDUsIHNpbGV4IHRlY2hub2xvZ3ksIEluYy4KbG9naW46IA==
@@ -1441,10 +1773,12 @@
1441
1773
  <param pos="1" name="os.product"/>
1442
1774
  <param pos="2" name="os.version"/>
1443
1775
  </fingerprint>
1776
+
1444
1777
  <fingerprint pattern="^SHARP (MX-[^\\s]+) Ver ([^\\s]+) TELNET server">
1445
1778
  <description>SHARP MX Series multifunction device</description>
1446
1779
  <!-- SHARP MX-3610N Ver 01.05.00.0o.18 TELNET server.\nCopyright(C) 2005- SHARP CORPORATION\nCopyright(C) 2005-
1447
1780
  silex technology, Inc.\nlogin: -->
1781
+
1448
1782
  <example _encoding="base64" os.product="MX-3610N" os.version="01.05.00.0o.18">
1449
1783
  U0hBUlAgTVgtMzYxME4gVmVyIDAxLjA1LjAwLjBvLjE4IFRFTE5FVCBzZXJ2ZXIuCkNvcHlyaWdodC
1450
1784
  hDKSAyMDA1LSAgICAgU0hBUlAgQ09SUE9SQVRJT04KQ29weXJpZ2h0KEMpIDIwMDUtICAgICBzaWxl
@@ -1456,11 +1790,13 @@
1456
1790
  <param pos="1" name="os.product"/>
1457
1791
  <param pos="2" name="os.version"/>
1458
1792
  </fingerprint>
1793
+
1459
1794
  <fingerprint pattern="^(?m).*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1460
1795
  <description>System is a Buffalo/MELCO Embedded Print Server</description>
1461
1796
  <!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
1462
1797
  \n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
1463
1798
  Uptime: 0 days, 00: 00: 12\n \nPlease Enter Password:"-->
1799
+
1464
1800
  <example _encoding="base64" os.version="2.00" host.id="PS-B04E8E" os.model="LPV" os.address="AE 32 EA 21 BB E3">
1465
1801
  KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiogV2VsY29tZSB0byBNRUxDTyBQc
1466
1802
  mludCBTZXJ2ZXIgKlxuKiBUZWxuZXQgQ29uc29sZSAqXG4qKioqKioqKioqKioqKioqKioqKioqKi
@@ -1477,9 +1813,11 @@
1477
1813
  <param pos="3" name="os.version"/>
1478
1814
  <param pos="4" name="os.address"/>
1479
1815
  </fingerprint>
1816
+
1480
1817
  <fingerprint pattern="^(?m)AIX Version\W(\d).*">
1481
1818
  <description>System is IBM AIX v</description>
1482
1819
  <!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
1820
+
1483
1821
  <example _encoding="base64" os.version="6">
1484
1822
  QUlYIFZlcnNpb24gNgpDb3B5cmlnaHQgSUJNIENvcnBvcmF0aW9uLCAxOTgyLCAyMDA3Lgpsb2dpbjogCg==
1485
1823
  </example>
@@ -1489,9 +1827,11 @@
1489
1827
  <param pos="1" name="os.version"/>
1490
1828
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1491
1829
  </fingerprint>
1830
+
1492
1831
  <fingerprint pattern="^(?m)CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1493
1832
  <description>System is Cisco UCS Device</description>
1494
1833
  <!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
1834
+
1495
1835
  <example _encoding="base64" host.name="fake-ucs-device-3-1-p">
1496
1836
  Q0lNQyBEZWJ1ZyBGaXJtd2FyZSBVdGlsaXR5IFNoZWxsCmZha2UtdWNzLWRldmljZS0zLTEtcCBsb2dpbjogCg==
1497
1837
  </example>
@@ -1501,6 +1841,7 @@
1501
1841
  <param pos="0" name="os.product" value="UCS Device"/>
1502
1842
  <param pos="1" name="host.name"/>
1503
1843
  </fingerprint>
1844
+
1504
1845
  <fingerprint pattern="^(?m)HP ProLiant.*v(\d+.\d+)">
1505
1846
  <description>Sytem is HP ProLiant server</description>
1506
1847
  <!-- HP ProLiant BL e-Class Integrated Administrator v2.00
@@ -1509,6 +1850,7 @@
1509
1850
  authorized user. Any authorized or unauthorized access and use may be moni-
1510
1851
  tored and can result in criminal or civil prosecution under applicable law.
1511
1852
  IA-00508BEBAA59 login: -->
1853
+
1512
1854
  <example _encoding="base64" os.version="2.00">
1513
1855
  SFAgUHJvTGlhbnQgQkwgZS1DbGFzcyBJbnRlZ3JhdGVkIEFkbWluaXN0cmF0b3IgdjIuMDAKICAgICAgI
1514
1856
  CAgQ29weXJpZ2h0IDIwMDUgSGV3bGV0dC1QYWNrYXJkIERldmVsb3BtZW50IEdyb3VwLCBMLlAuCgogIC
@@ -1526,11 +1868,12 @@
1526
1868
  <param pos="0" name="os.product" value="ProLiant"/>
1527
1869
  <param pos="1" name="os.version"/>
1528
1870
  </fingerprint>
1871
+
1529
1872
  <fingerprint pattern="^Power Measurement Ltd. Meter ION ([[:alnum:]]+)">
1530
1873
  <!-- Power Measurement Ltd. Meter ION 7330V271 ETH ETH7330V272
1531
1874
  Serial#: PB-0204A058-11
1532
-
1533
1875
  login: -->
1876
+
1534
1877
  <description>Power Measurement ION Power Meter</description>
1535
1878
  <example _encoding="base64" hw.vendor="Power Measurement Ltd." hw.family="ION" hw.version="7330V271">
1536
1879
  UG93ZXIgTWVhc3VyZW1lbnQgTHRkLiBNZXRlciBJT04gNzMzMFYyNzEgRVRIIEVUSDczMzBWMjcyCg1TZ
@@ -1540,10 +1883,12 @@
1540
1883
  <param pos="0" name="hw.family" value="ION"/>
1541
1884
  <param pos="1" name="hw.version"/>
1542
1885
  </fingerprint>
1886
+
1543
1887
  <fingerprint pattern="^GW25 v([[:digit:]\.]+) - Intelligent Power Meters GPRS Gateway[[:space:]]+Developed by Satelitech">
1544
1888
  <!-- GW25 v1.2.1 - Intelligent Power Meters GPRS Gateway
1545
1889
  Developed by Satelitech S.A for ESG Dilec
1546
1890
  Enter password: -->
1891
+
1547
1892
  <description>Satelitech Power Meter</description>
1548
1893
  <example _encoding="base64" hw.vendor="Satelitech" hw.family="GW25" hw.version="1.2.1">
1549
1894
  R1cyNSB2MS4yLjEgLSBJbnRlbGxpZ2VudCBQb3dlciBNZXRlcnMgR1BSUyBHYXRld2F5Cg1EZXZlbG9wZ
@@ -1553,38 +1898,48 @@
1553
1898
  <param pos="0" name="hw.family" value="GW25"/>
1554
1899
  <param pos="1" name="hw.version"/>
1555
1900
  </fingerprint>
1556
- <fingerprint pattern="^RDK \(A Yocto Project based Distro\) ([^ ]+) Docsis-Gateway">
1557
- <!-- RDK (A Yocto Project based Distro) 2.0 Docsis-Gateway
1558
1901
 
1559
- Docsis-Gateway login: -->
1902
+ <fingerprint pattern="^RDK \(A Yocto Project based Distro\) ([^ ]+) (?:Docsis-Gateway|Business)">
1560
1903
  <description>DOCSIS Cable Modem Running RDK</description>
1904
+ <!-- RDK (A Yocto Project based Distro) 2.0 Docsis-Gateway
1905
+ Docsis-Gateway login: -->
1906
+
1907
+ <example _encoding="base64" hw.device="DOCSIS Cable Modem" os.vendor="Yocto" os.product="RDK" os.version="2.0">
1908
+ UkRLIChBIFlvY3RvIFByb2plY3QgYmFzZWQgRGlzdHJvKSAyLjAgRG9jc2lzLUdhdGV3YXkNC
1909
+ g0NCg1Eb2NzaXMtR2F0ZXdheSBsb2dpbjo=
1910
+ </example>
1911
+ <!-- RDK (A Yocto Project based Distro) 2.0 Business\r\n\r\r\n\rBusiness login: -->
1912
+
1561
1913
  <example _encoding="base64" hw.device="DOCSIS Cable Modem" os.vendor="Yocto" os.product="RDK" os.version="2.0">
1562
- UkRLIChBIFlvY3RvIFByb2plY3QgYmFzZWQgRGlzdHJvKSAyLjAgRG9jc2lzLUdhdGV3YXkNCg0NCg1Eb
1563
- 2NzaXMtR2F0ZXdheSBsb2dpbjo=
1914
+ UkRLIChBIFlvY3RvIFByb2plY3QgYmFzZWQgRGlzdHJvKSAyLjAgQnVzaW5lc3MNCg0NCg1Cd
1915
+ XNpbmVzcyBsb2dpbjoK
1564
1916
  </example>
1565
1917
  <param pos="0" name="hw.device" value="DOCSIS Cable Modem"/>
1566
1918
  <param pos="0" name="os.vendor" value="Yocto"/>
1567
1919
  <param pos="0" name="os.product" value="RDK"/>
1568
1920
  <param pos="1" name="os.version"/>
1569
1921
  </fingerprint>
1922
+
1570
1923
  <fingerprint pattern="^RICOH Maintenance Shell">
1571
1924
  <description>a Ricoh device</description>
1572
1925
  <!-- RICOH Maintenance Shell.
1573
1926
  User access verification.
1574
1927
  login:-->
1928
+
1575
1929
  <example _encoding="base64">
1576
1930
  UklDT0ggTWFpbnRlbmFuY2UgU2hlbGwuICAgCg1Vc2VyIGFjY2VzcyB2ZXJpZmljYXRpb24uCg1sb2dpbjo=
1577
1931
  </example>
1578
1932
  <param pos="0" name="os.vendor" value="Ricoh"/>
1579
1933
  <param pos="0" name="os.device" value="Printer"/>
1580
1934
  </fingerprint>
1935
+
1581
1936
  <fingerprint pattern="Precise/RTCS v([\d\.]+) Telnet server">
1582
1937
  <description>Liebert UPS</description>
1583
1938
  <!-- Precise/RTCS v2.90.00 Telnet server
1584
1939
  Service Port Manager Active
1585
-
1586
1940
  <Esc> Ends Session
1587
1941
  -->
1942
+
1588
1943
  <example _encoding="base64" os.version="2.90.00">
1589
1944
  UHJlY2lzZS9SVENTIHYyLjkwLjAwIFRlbG5ldCBzZXJ2ZXIKCgpTZXJ2aWNlIFBvcnQgTWFuYWdlciBBY3RpdmUKCjxFc2M+IEVuZHMgU2Vzc2lvbgoKroot
1590
1945
  </example>
@@ -1594,4 +1949,120 @@
1594
1949
  <param pos="0" name="os.vendor" value="Liebert"/>
1595
1950
  <param pos="1" name="os.version"/>
1596
1951
  </fingerprint>
1597
- </fingerprints>
1952
+
1953
+ <fingerprint pattern="^KeeneticOS version ([\w.-]+), copyright">
1954
+ <description>Keentic KeeneticOS</description>
1955
+ <!-- KeeneticOS version 3.04.C.6.0-0, copyright (c) 2010-2020 Keenetic Ltd.\r\n\r\nLogin: -->
1956
+
1957
+ <example _encoding="base64" os.version="3.04.C.6.0-0">
1958
+ S2VlbmV0aWNPUyB2ZXJzaW9uIDMuMDQuQy42LjAtMCwgY29weXJpZ2h0IChjKSAyMDEwLTIwM
1959
+ jAgS2VlbmV0aWMgTHRkLg0KDQpMb2dpbjoK
1960
+ </example>
1961
+ <param pos="0" name="hw.device" value="Router"/>
1962
+ <param pos="0" name="hw.vendor" value="Keenetic"/>
1963
+ <param pos="0" name="os.device" value="Router"/>
1964
+ <param pos="0" name="os.vendor" value="Keenetic"/>
1965
+ <param pos="0" name="os.product" value="KeeneticOS"/>
1966
+ <param pos="1" name="os.version"/>
1967
+ </fingerprint>
1968
+
1969
+ <fingerprint pattern="^\**(?:\r|\n)+\* Copyright \(c\) \d\d\d\d-\d\d\d\d New H3C Technologies Co., Ltd. All rights reserved.\*(?:\r|\n)+\* Without the owner's prior written consent,\s+\*(?:\r|\n)+\* no decompiling or reverse-engineering shall be allowed.\s+\*(?:\r|\n)+\*+(?:\r|\n)+login:\s*$">
1970
+ <description>Generic H3C Technologies banner</description>
1971
+ <!-- ******************************************************************************\r\n* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*\r\n* Without the owner's prior written consent, *\r\n* no decompiling or reverse-engineering shall be allowed. *\r\n******************************************************************************\r\n\r\nlogin: -->
1972
+
1973
+ <example _encoding="base64">
1974
+ KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqK
1975
+ ioqKioqKioqKioqKioqKioqKioqKioqDQoqIENvcHlyaWdodCAoYykgMjAwNC0yMDE3IE5ldy
1976
+ BIM0MgVGVjaG5vbG9naWVzIENvLiwgTHRkLiBBbGwgcmlnaHRzIHJlc2VydmVkLioNCiogV2l
1977
+ 0aG91dCB0aGUgb3duZXIncyBwcmlvciB3cml0dGVuIGNvbnNlbnQsICAgICAgICAgICAgICAg
1978
+ ICAgICAgICAgICAgICAgICAgKg0KKiBubyBkZWNvbXBpbGluZyBvciByZXZlcnNlLWVuZ2luZ
1979
+ WVyaW5nIHNoYWxsIGJlIGFsbG93ZWQuICAgICAgICAgICAgICAgICAgICAqDQoqKioqKioqKi
1980
+ oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKio
1981
+ qKioqKioqKioqKioqKioNCg0KbG9naW46Cg==
1982
+ </example>
1983
+ <param pos="0" name="hw.vendor" value="H3C"/>
1984
+ <param pos="0" name="os.vendor" value="H3C"/>
1985
+ </fingerprint>
1986
+
1987
+ <fingerprint pattern="Telnet Administration (?:\r|\n)+ SAP J2EE Engine v([\d.]+)(?:\r|\n)+">
1988
+ <description>SAP NetWeaver Application Server Java telnet service</description>
1989
+ <!-- ***********************************************
1990
+ **********************************************
1991
+ ****###*******####*****#######**************
1992
+ **##***##****##**##****##****##************
1993
+ ***##*******##****##***##****##**********
1994
+ *****##*****########***######***********
1995
+ ******##****##****##***##*************
1996
+ **##***##**##******##**##************
1997
+ ****###****##******##**##**********
1998
+ **********************************
1999
+ ********************************
2000
+ Telnet Administration
2001
+ SAP J2EE Engine v7.00
2002
+ Login:
2003
+ -->
2004
+
2005
+ <example _encoding="base64" service.version="7.00">
2006
+ KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKi
2007
+ oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKiojIyMq
2008
+ KioqKioqIyMjIyoqKioqIyMjIyMjIyoqKioqKioqKioqKioqIAogICAqKiMjKioqIyMqKioqIy
2009
+ MqKiMjKioqKiMjKioqKiMjKioqKioqKioqKioqIAogICAqKiojIyoqKioqKiojIyoqKiojIyoq
2010
+ KiMjKioqKiMjKioqKioqKioqKiAKICAgKioqKiojIyoqKioqIyMjIyMjIyMqKiojIyMjIyMqKi
2011
+ oqKioqKioqKiAKICAgKioqKioqIyMqKioqIyMqKioqIyMqKiojIyoqKioqKioqKioqKiogCiAg
2012
+ ICoqIyMqKiojIyoqIyMqKioqKiojIyoqIyMqKioqKioqKioqKiogCiAgICoqKiojIyMqKioqIy
2013
+ MqKioqKiojIyoqIyMqKioqKioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioq
2014
+ KioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiAKCiAgIFRlbG5ldC
2015
+ BBZG1pbmlzdHJhdGlvbiAKICAgU0FQIEoyRUUgRW5naW5lIHY3LjAwCgoKCkxvZ2luOgo=
2016
+ </example>
2017
+ <param pos="0" name="service.vendor" value="SAP"/>
2018
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
2019
+ <param pos="0" name="service.family" value="NetWeaver"/>
2020
+ <param pos="1" name="service.version"/>
2021
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
2022
+ <param pos="0" name="service.component.vendor" value="SAP"/>
2023
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
2024
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
2025
+ </fingerprint>
2026
+
2027
+ <fingerprint pattern="Telnet Administration (?:\r|\n)+ SAP Java EE Application Server v([\d.]+)(?:\r|\n)+">
2028
+ <description>SAP NetWeaver Application Server Java telnet service - newer variant</description>
2029
+ <!-- ***********************************************
2030
+ **********************************************
2031
+ ****###*******####*****#######**************
2032
+ **##***##****##**##****##****##************
2033
+ ***##*******##****##***##****##**********
2034
+ *****##*****########***######***********
2035
+ ******##****##****##***##*************
2036
+ **##***##**##******##**##************
2037
+ ****###****##******##**##**********
2038
+ **********************************
2039
+ ********************************
2040
+ Telnet Administration
2041
+ SAP Java EE Application Server v7.50
2042
+ User name:
2043
+ -->
2044
+
2045
+ <example _encoding="base64" service.version="7.50">
2046
+ KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKi
2047
+ oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiogCiAgICoqKiojIyMq
2048
+ KioqKioqIyMjIyoqKioqIyMjIyMjIyoqKioqKioqKioqKioqIAogICAqKiMjKioqIyMqKioqIy
2049
+ MqKiMjKioqKiMjKioqKiMjKioqKioqKioqKioqIAogICAqKiojIyoqKioqKiojIyoqKiojIyoq
2050
+ KiMjKioqKiMjKioqKioqKioqKiAKICAgKioqKiojIyoqKioqIyMjIyMjIyMqKiojIyMjIyMqKi
2051
+ oqKioqKioqKiAKICAgKioqKioqIyMqKioqIyMqKioqIyMqKiojIyoqKioqKioqKioqKiogCiAg
2052
+ ICoqIyMqKiojIyoqIyMqKioqKiojIyoqIyMqKioqKioqKioqKiogCiAgICoqKiojIyMqKioqIy
2053
+ MqKioqKiojIyoqIyMqKioqKioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioq
2054
+ KioqKioqIAogICAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKiAKCiAgIFRlbG5ldC
2055
+ BBZG1pbmlzdHJhdGlvbiAKICAgU0FQIEphdmEgRUUgQXBwbGljYXRpb24gU2VydmVyIHY3LjUw
2056
+ CgoKVXNlciBuYW1lOgo=
2057
+ </example>
2058
+ <param pos="0" name="service.vendor" value="SAP"/>
2059
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
2060
+ <param pos="0" name="service.family" value="NetWeaver"/>
2061
+ <param pos="1" name="service.version"/>
2062
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
2063
+ <param pos="0" name="service.component.vendor" value="SAP"/>
2064
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
2065
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
2066
+ </fingerprint>
2067
+
2068
+ </fingerprints>