recog 2.3.8 → 2.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/identifiers/README.md +9 -0
  8. data/identifiers/hw_device.txt +77 -0
  9. data/identifiers/hw_family.txt +96 -0
  10. data/identifiers/hw_product.txt +328 -0
  11. data/identifiers/os_architecture.txt +6 -6
  12. data/identifiers/os_device.txt +45 -3
  13. data/identifiers/os_family.txt +206 -41
  14. data/identifiers/os_product.txt +238 -17
  15. data/identifiers/service_family.txt +144 -57
  16. data/identifiers/service_product.txt +384 -83
  17. data/identifiers/vendor.txt +553 -68
  18. data/lib/recog/version.rb +1 -1
  19. data/requirements.txt +1 -1
  20. data/xml/apache_modules.xml +292 -5
  21. data/xml/apache_os.xml +41 -2
  22. data/xml/architecture.xml +11 -3
  23. data/xml/dns_versionbind.xml +76 -8
  24. data/xml/favicons.xml +1700 -0
  25. data/xml/ftp_banners.xml +178 -8
  26. data/xml/h323_callresp.xml +112 -12
  27. data/xml/hp_pjl_id.xml +47 -5
  28. data/xml/html_title.xml +1258 -25
  29. data/xml/http_cookies.xml +64 -9
  30. data/xml/http_servers.xml +667 -37
  31. data/xml/http_wwwauth.xml +141 -26
  32. data/xml/imap_banners.xml +19 -13
  33. data/xml/ldap_searchresult.xml +81 -9
  34. data/xml/mdns_device-info_txt.xml +175 -2
  35. data/xml/mdns_workstation_txt.xml +4 -2
  36. data/xml/mysql_banners.xml +134 -7
  37. data/xml/mysql_error.xml +113 -6
  38. data/xml/nntp_banners.xml +10 -2
  39. data/xml/ntp_banners.xml +80 -4
  40. data/xml/operating_system.xml +89 -3
  41. data/xml/pop_banners.xml +30 -31
  42. data/xml/rsh_resp.xml +11 -2
  43. data/xml/rtsp_servers.xml +22 -2
  44. data/xml/sip_banners.xml +35 -4
  45. data/xml/sip_user_agents.xml +29 -2
  46. data/xml/smb_native_lm.xml +10 -2
  47. data/xml/smb_native_os.xml +79 -2
  48. data/xml/smtp_banners.xml +146 -7
  49. data/xml/smtp_debug.xml +6 -4
  50. data/xml/smtp_ehlo.xml +7 -5
  51. data/xml/smtp_expn.xml +13 -4
  52. data/xml/smtp_help.xml +23 -4
  53. data/xml/smtp_mailfrom.xml +5 -2
  54. data/xml/smtp_noop.xml +6 -5
  55. data/xml/smtp_quit.xml +5 -4
  56. data/xml/smtp_rcptto.xml +5 -2
  57. data/xml/smtp_rset.xml +4 -4
  58. data/xml/smtp_turn.xml +4 -4
  59. data/xml/smtp_vrfy.xml +14 -4
  60. data/xml/snmp_sysdescr.xml +731 -24
  61. data/xml/snmp_sysobjid.xml +47 -2
  62. data/xml/ssh_banners.xml +175 -5
  63. data/xml/telnet_banners.xml +266 -15
  64. data/xml/x11_banners.xml +26 -3
  65. data/xml/x509_issuers.xml +30 -6
  66. data/xml/x509_subjects.xml +200 -31
  67. metadata +8 -2
data/xml/ftp_banners.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
3
  <!--
4
4
  FTP greeting messages (part of the banner after the response code) are matched
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
9
  <description>Microsoft FTP Server on Windows NT</description>
9
10
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
20
  <param pos="1" name="host.name"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
24
  <description>Microsoft FTP Server on Windows 2000</description>
23
25
  <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
32
34
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
35
  <param pos="1" name="host.name"/>
34
36
  </fingerprint>
37
+
35
38
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
40
  <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
45
48
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
49
  <param pos="1" name="host.name"/>
47
50
  </fingerprint>
51
+
48
52
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
54
  <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
58
62
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
63
  <param pos="1" name="host.name"/>
60
64
  </fingerprint>
65
+
61
66
  <fingerprint pattern="^Microsoft FTP Service$">
62
67
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
68
  <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
70
75
  <param pos="0" name="os.product" value="Windows"/>
71
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
77
  </fingerprint>
78
+
73
79
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
82
88
  <param pos="1" name="host.name"/>
83
89
  <param pos="2" name="service.version"/>
84
90
  </fingerprint>
91
+
85
92
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
94
101
  <param pos="1" name="host.name"/>
95
102
  <param pos="2" name="service.version"/>
96
103
  </fingerprint>
104
+
97
105
  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
106
  <description>WU-FTPD on various OS</description>
99
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
105
113
  <param pos="1" name="host.name"/>
106
114
  <param pos="2" name="service.version"/>
107
115
  </fingerprint>
116
+
108
117
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
118
  <description>FTPD on Mac OS X Server with a version</description>
110
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.
119
128
  <param pos="2" name="os.version"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
130
  </fingerprint>
131
+
122
132
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
133
  <description>FTPD on Mac OS X Server without a version</description>
124
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
132
142
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
143
  <param pos="1" name="host.name"/>
134
144
  </fingerprint>
145
+
135
146
  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
147
  <description>Simple tnftpd banner with a version</description>
137
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
139
150
  <param pos="2" name="service.version"/>
140
151
  <param pos="1" name="host.name"/>
141
152
  </fingerprint>
153
+
142
154
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
155
  <description>SunOS/Solaris</description>
144
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
149
161
  <param pos="2" name="os.version"/>
150
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
163
  </fingerprint>
164
+
152
165
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
166
  <description>SunOS/Solaris 5.7-5.10</description>
154
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
160
173
  <param pos="2" name="os.version"/>
161
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
165
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
170
184
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
185
  <param pos="1" name="host.name"/>
172
186
  </fingerprint>
187
+
173
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
189
  <description>ProFTPD on Debian Linux</description>
175
190
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
184
199
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
200
  <param pos="2" name="host.name"/>
186
201
  </fingerprint>
202
+
187
203
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
204
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
205
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
197
213
  <param pos="2" name="os.product"/>
198
214
  <param pos="3" name="host.name"/>
199
215
  </fingerprint>
216
+
200
217
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
218
  <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
219
  <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
210
227
  <param pos="0" name="hw.product" value="ReadyNAS"/>
211
228
  <param pos="2" name="host.ip"/>
212
229
  </fingerprint>
230
+
213
231
  <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
232
  <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
233
  <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
222
240
  <param pos="0" name="hw.product" value="ReadyNAS"/>
223
241
  <param pos="1" name="host.name"/>
224
242
  </fingerprint>
243
+
225
244
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
245
  <description>ProFTPD on a wired Linksys device</description>
227
246
  <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
234
253
  <param pos="2" name="os.product"/>
235
254
  <param pos="3" name="host.name"/>
236
255
  </fingerprint>
256
+
237
257
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
258
  <description>ProFTPD with version info but no obvious OS info</description>
239
259
  <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
247
267
  <param pos="2" name="proftpd.server.name"/>
248
268
  <param pos="3" name="host.name"/>
249
269
  </fingerprint>
270
+
250
271
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
272
  <description>ProFTPD with only version info</description>
252
273
  <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
256
277
  <param pos="1" name="service.version"/>
257
278
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
279
  </fingerprint>
280
+
259
281
  <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
282
  <description>ProFTPD with no version info</description>
261
283
  <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
265
287
  <param pos="0" name="service.product" value="ProFTPD"/>
266
288
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
289
  </fingerprint>
290
+
268
291
  <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
292
  <description>ProFTPD with no version info, parenthetical form</description>
270
293
  <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
277
300
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
301
  <param pos="1" name="host.ip"/>
279
302
  </fingerprint>
303
+
280
304
  <fingerprint pattern="^ProFTPD Server$">
281
305
  <description>ProFTPD with no version info, short form</description>
282
306
  <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
285
309
  <param pos="0" name="service.product" value="ProFTPD"/>
286
310
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
311
  </fingerprint>
312
+
288
313
  <fingerprint pattern="^ProFTPD\s*$">
289
314
  <description>ProFTPD with no version info, super short form</description>
290
315
  <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
294
319
  <param pos="0" name="service.product" value="ProFTPD"/>
295
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
321
  </fingerprint>
322
+
297
323
  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
324
  <description>ProFTPD no valid servers configured</description>
299
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
304
330
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
331
  <param pos="1" name="host.name"/>
306
332
  </fingerprint>
333
+
307
334
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
335
  <description>ProFTPD with version info - truncated</description>
309
336
  <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
316
343
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
344
  <param pos="2" name="proftpd.server.name"/>
318
345
  </fingerprint>
346
+
319
347
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
348
  <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
349
  <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -326,6 +354,7 @@ example.com FTP server (Version: Mac OS X Server) ready.
326
354
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
327
355
  <param pos="2" name="host.name"/>
328
356
  </fingerprint>
357
+
329
358
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
330
359
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
331
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
@@ -335,6 +364,7 @@ more stuff
335
364
  <param pos="0" name="service.product" value="Pure-FTPd"/>
336
365
  <param pos="1" name="service.version"/>
337
366
  </fingerprint>
367
+
338
368
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
339
369
  <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
340
370
  <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -347,6 +377,7 @@ more text
347
377
  <param pos="0" name="service.family" value="Pure-FTPd"/>
348
378
  <param pos="0" name="service.product" value="Pure-FTPd"/>
349
379
  </fingerprint>
380
+
350
381
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
351
382
  <description>Basic Pure-FTPd banner, no version</description>
352
383
  <example>Welcome to Pure-FTPd</example>
@@ -354,6 +385,7 @@ more text
354
385
  <param pos="0" name="service.family" value="Pure-FTPd"/>
355
386
  <param pos="0" name="service.product" value="Pure-FTPd"/>
356
387
  </fingerprint>
388
+
357
389
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
358
390
  <description>Older Pure-FTPd versions</description>
359
391
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
@@ -363,6 +395,7 @@ more text
363
395
  <param pos="0" name="service.product" value="Pure-FTPd"/>
364
396
  <param pos="1" name="service.version"/>
365
397
  </fingerprint>
398
+
366
399
  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
367
400
  <description>Serv-U (only runs on Windows)</description>
368
401
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
@@ -377,6 +410,7 @@ more text
377
410
  <param pos="0" name="os.product" value="Windows"/>
378
411
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
379
412
  </fingerprint>
413
+
380
414
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
381
415
  <description>zftpserver (only runs on Windows)</description>
382
416
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -388,6 +422,7 @@ more text
388
422
  <param pos="0" name="os.product" value="Windows"/>
389
423
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
390
424
  </fingerprint>
425
+
391
426
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
392
427
  <description>vsFTPd (Very Secure FTP Daemon)</description>
393
428
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
@@ -397,6 +432,7 @@ more text
397
432
  <param pos="1" name="service.version"/>
398
433
  <param pos="2" name="host.name"/>
399
434
  </fingerprint>
435
+
400
436
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
401
437
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
402
438
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
@@ -404,6 +440,7 @@ more text
404
440
  <param pos="0" name="service.product" value="vsFTPd"/>
405
441
  <param pos="1" name="service.version"/>
406
442
  </fingerprint>
443
+
407
444
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
408
445
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
409
446
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
@@ -411,6 +448,7 @@ more text
411
448
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
412
449
  <param pos="1" name="service.version"/>
413
450
  </fingerprint>
451
+
414
452
  <fingerprint pattern="^OOPS: .*vsftp.*$">
415
453
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
416
454
  <example>OOPS: vsftpd: root is not mounted.</example>
@@ -418,6 +456,7 @@ more text
418
456
  <param pos="0" name="service.family" value="vsFTPd"/>
419
457
  <param pos="0" name="service.product" value="vsFTPd"/>
420
458
  </fingerprint>
459
+
421
460
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
422
461
  <description>FileZilla FTP Server</description>
423
462
  <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
@@ -428,6 +467,7 @@ more text
428
467
  <param pos="0" name="service.product" value="FileZilla FTP Server"/>
429
468
  <param pos="1" name="service.version"/>
430
469
  </fingerprint>
470
+
431
471
  <fingerprint pattern="^\s*APC FTP server ready\.$">
432
472
  <description>APC device</description>
433
473
  <example>APC FTP server ready.</example>
@@ -438,6 +478,7 @@ more text
438
478
  <param pos="0" name="hw.vendor" value="APC"/>
439
479
  <param pos="0" name="hw.device" value="Power device"/>
440
480
  </fingerprint>
481
+
441
482
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
442
483
  <description>APC power/cooling device</description>
443
484
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -454,6 +495,7 @@ more text
454
495
  <param pos="0" name="hw.vendor" value="APC"/>
455
496
  <param pos="0" name="hw.device" value="Power device"/>
456
497
  </fingerprint>
498
+
457
499
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
458
500
  <description>EMC Celerra</description>
459
501
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -471,6 +513,7 @@ more text
471
513
  <param pos="0" name="hw.device" value="Storage"/>
472
514
  <param pos="0" name="hw.product" value="Celerra"/>
473
515
  </fingerprint>
516
+
474
517
  <fingerprint pattern="^JD FTP Server Ready.*$">
475
518
  <description>HP JetDirect printer</description>
476
519
  <example>JD FTP Server Ready</example>
@@ -487,6 +530,7 @@ more text
487
530
  <param pos="0" name="hw.family" value="JetDirect"/>
488
531
  <param pos="0" name="hw.product" value="JetDirect"/>
489
532
  </fingerprint>
533
+
490
534
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
491
535
  <description>Check Point FireWall-1</description>
492
536
  <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -504,6 +548,7 @@ more text
504
548
  <param pos="0" name="hw.family" value="Firewall-1"/>
505
549
  <param pos="1" name="host.name"/>
506
550
  </fingerprint>
551
+
507
552
  <fingerprint pattern="^Blue Coat FTP Service$">
508
553
  <description>Blue Coat security appliances</description>
509
554
  <example>Blue Coat FTP Service</example>
@@ -512,11 +557,13 @@ more text
512
557
  <param pos="0" name="os.vendor" value="Blue Coat"/>
513
558
  <param pos="0" name="os.device" value="Web proxy"/>
514
559
  </fingerprint>
560
+
515
561
  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
516
562
  <description>Nepenthes honeypot</description>
517
563
  <param pos="0" name="service.family" value="Nepenthes"/>
518
564
  <param pos="0" name="service.product" value="Nepenthes"/>
519
565
  </fingerprint>
566
+
520
567
  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
521
568
  <description>IBM z/OS FTP Service</description>
522
569
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -529,6 +576,7 @@ more text
529
576
  <param pos="1" name="os.version"/>
530
577
  <param pos="2" name="host.name"/>
531
578
  </fingerprint>
579
+
532
580
  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
533
581
  <description>IBM 4690 FTP Service</description>
534
582
  <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -539,6 +587,7 @@ more text
539
587
  <param pos="0" name="os.family" value="4690"/>
540
588
  <param pos="0" name="os.device" value="Point of sale"/>
541
589
  </fingerprint>
590
+
542
591
  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
543
592
  <description>NcFTPd Server
544
593
  http://www.ncftp.com/ncftpd/</description>
@@ -547,6 +596,7 @@ more text
547
596
  <param pos="0" name="service.product" value="NcFTPd Server"/>
548
597
  <param pos="1" name="host.name"/>
549
598
  </fingerprint>
599
+
550
600
  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
551
601
  <description>D-Link DCS-2100 wireless internet camera</description>
552
602
  <example>hostname DCS-2100 FTP server ready.</example>
@@ -555,6 +605,7 @@ more text
555
605
  <param pos="0" name="os.device" value="Web cam"/>
556
606
  <param pos="1" name="host.name"/>
557
607
  </fingerprint>
608
+
558
609
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
559
610
  <description>Raptor firewall</description>
560
611
  <example>Secure Gateway FTP server ready.</example>
@@ -563,6 +614,7 @@ more text
563
614
  <param pos="0" name="os.product" value="Raptor"/>
564
615
  <param pos="0" name="os.device" value="Firewall"/>
565
616
  </fingerprint>
617
+
566
618
  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
567
619
  <description>Sun StorEdge disk array</description>
568
620
  <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -571,6 +623,7 @@ more text
571
623
  <param pos="1" name="os.product"/>
572
624
  <param pos="0" name="os.device" value="Storage"/>
573
625
  </fingerprint>
626
+
574
627
  <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
575
628
  <description>Axis Network Camera</description>
576
629
  <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -587,27 +640,43 @@ more text
587
640
  <param pos="0" name="os.family" value="Linux"/>
588
641
  <param pos="0" name="os.device" value="Web cam"/>
589
642
  </fingerprint>
590
- <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
591
- <description>Axis Audio/Video encoders/servers</description>
643
+
644
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
645
+ <description>Axis Video encoders/servers</description>
592
646
  <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
593
647
  <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
594
648
  <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
595
649
  <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
596
650
  <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
597
651
  <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
652
+ <param pos="0" name="hw.vendor" value="Axis"/>
653
+ <param pos="1" name="hw.product"/>
654
+ <param pos="2" name="hw.version"/>
655
+ <param pos="0" name="hw.device" value="Video Encoder"/>
656
+ <param pos="0" name="os.vendor" value="AXIS"/>
657
+ <param pos="0" name="os.family" value="Linux"/>
658
+ </fingerprint>
659
+
660
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
661
+ <description>Axis Audio encoders/servers</description>
598
662
  <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
599
663
  <param pos="0" name="hw.vendor" value="Axis"/>
600
664
  <param pos="1" name="hw.product"/>
601
665
  <param pos="2" name="hw.version"/>
666
+ <param pos="0" name="hw.device" value="Audio Encoder"/>
667
+ <param pos="0" name="os.vendor" value="AXIS"/>
668
+ <param pos="0" name="os.family" value="Linux"/>
602
669
  </fingerprint>
670
+
603
671
  <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
604
672
  <description>Axis Door Controllers</description>
605
673
  <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
606
674
  <param pos="0" name="hw.vendor" value="Axis"/>
607
- <param pos="0" name="hw.device" value="Access Controller"/>
675
+ <param pos="0" name="hw.device" value="Access Control"/>
608
676
  <param pos="1" name="hw.product"/>
609
677
  <param pos="2" name="hw.version"/>
610
678
  </fingerprint>
679
+
611
680
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
612
681
  <description>Axis print servers</description>
613
682
  <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -618,6 +687,7 @@ more text
618
687
  <param pos="1" name="hw.product"/>
619
688
  <param pos="2" name="hw.version"/>
620
689
  </fingerprint>
690
+
621
691
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
622
692
  <description>Ricoh Aficio multifunction device</description>
623
693
  <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -633,6 +703,7 @@ more text
633
703
  <param pos="1" name="os.product"/>
634
704
  <param pos="2" name="os.version"/>
635
705
  </fingerprint>
706
+
636
707
  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
637
708
  <description>Ricoh NRG multifunction device</description>
638
709
  <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -651,6 +722,7 @@ more text
651
722
  <param pos="0" name="hw.device" value="Multifunction Device"/>
652
723
  <param pos="1" name="hw.product"/>
653
724
  </fingerprint>
725
+
654
726
  <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
655
727
  <description>Xerox WorkCentre</description>
656
728
  <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -665,6 +737,7 @@ more text
665
737
  <param pos="0" name="hw.device" value="Printer"/>
666
738
  <param pos="1" name="hw.product"/>
667
739
  </fingerprint>
740
+
668
741
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
669
742
  <description>Xerox Phaser Laser Printer</description>
670
743
  <example>Xerox Phaser 6130N</example>
@@ -678,6 +751,7 @@ more text
678
751
  <param pos="0" name="hw.device" value="Printer"/>
679
752
  <param pos="1" name="hw.product"/>
680
753
  </fingerprint>
754
+
681
755
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
682
756
  <description>Xerox Wide Format Series of Printers</description>
683
757
  <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -690,6 +764,7 @@ more text
690
764
  <param pos="0" name="hw.device" value="Printer"/>
691
765
  <param pos="1" name="hw.product"/>
692
766
  </fingerprint>
767
+
693
768
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
694
769
  <description>FUJI XEROX DocuPrint Series of Printers</description>
695
770
  <example>FUJI XEROX DocuPrint 3055</example>
@@ -700,6 +775,7 @@ more text
700
775
  <param pos="0" name="os.device" value="Printer"/>
701
776
  <param pos="1" name="os.product"/>
702
777
  </fingerprint>
778
+
703
779
  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
704
780
  <description>Lexmark printer with MAC address</description>
705
781
  <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -711,6 +787,7 @@ more text
711
787
  <param pos="0" name="hw.device" value="Printer"/>
712
788
  <param pos="2" name="hw.product"/>
713
789
  </fingerprint>
790
+
714
791
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
715
792
  <description>Lexmark printer with OS version</description>
716
793
  <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -721,6 +798,7 @@ more text
721
798
  <param pos="0" name="hw.device" value="Printer"/>
722
799
  <param pos="1" name="hw.product"/>
723
800
  </fingerprint>
801
+
724
802
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
725
803
  <description>Lexmark printer</description>
726
804
  <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -730,6 +808,7 @@ more text
730
808
  <param pos="0" name="hw.device" value="Printer"/>
731
809
  <param pos="1" name="hw.product"/>
732
810
  </fingerprint>
811
+
733
812
  <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
734
813
  <description>Kyocera Multifunction Device</description>
735
814
  <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
@@ -739,6 +818,7 @@ more text
739
818
  <param pos="0" name="hw.device" value="Multifunction Device"/>
740
819
  <param pos="1" name="hw.product"/>
741
820
  </fingerprint>
821
+
742
822
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
743
823
  <description>VxWorks with version information</description>
744
824
  <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -750,6 +830,7 @@ more text
750
830
  <param pos="1" name="os.version"/>
751
831
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
752
832
  </fingerprint>
833
+
753
834
  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
754
835
  <description>VxWorks without version information</description>
755
836
  <example>Tornado-vxWorks FTP server ready</example>
@@ -757,6 +838,7 @@ more text
757
838
  <param pos="0" name="os.product" value="VxWorks"/>
758
839
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
759
840
  </fingerprint>
841
+
760
842
  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
761
843
  <description>VxWorks 6 with version information</description>
762
844
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -766,6 +848,7 @@ more text
766
848
  <param pos="1" name="os.version"/>
767
849
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
768
850
  </fingerprint>
851
+
769
852
  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
770
853
  <description>VxWorks on Tenor MultiPath with version information</description>
771
854
  <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
@@ -774,6 +857,7 @@ more text
774
857
  <param pos="1" name="os.version"/>
775
858
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
776
859
  </fingerprint>
860
+
777
861
  <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
778
862
  <description>VxWorks with Secure NetLinx</description>
779
863
  <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
@@ -782,6 +866,7 @@ more text
782
866
  <param pos="1" name="os.version"/>
783
867
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
784
868
  </fingerprint>
869
+
785
870
  <fingerprint pattern="^ADC iScale$">
786
871
  <description>ADC iScale</description>
787
872
  <example>ADC iScale</example>
@@ -790,6 +875,7 @@ more text
790
875
  <param pos="0" name="os.vendor" value="ADC"/>
791
876
  <param pos="0" name="os.product" value="iScale"/>
792
877
  </fingerprint>
878
+
793
879
  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
794
880
  <description>Taskalfa Series of Printers</description>
795
881
  <example>TASKalfa 300ci FTP server</example>
@@ -803,6 +889,7 @@ more text
803
889
  <param pos="0" name="hw.device" value="Multifunction Device"/>
804
890
  <param pos="1" name="hw.product"/>
805
891
  </fingerprint>
892
+
806
893
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
807
894
  <description>SAVIN Printer FTP Server</description>
808
895
  <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -823,6 +910,7 @@ more text
823
910
  <param pos="0" name="hw.device" value="Printer"/>
824
911
  <param pos="1" name="hw.product"/>
825
912
  </fingerprint>
913
+
826
914
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
827
915
  <description>OCE IM series Printer</description>
828
916
  <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -833,6 +921,7 @@ more text
833
921
  <param pos="1" name="os.product"/>
834
922
  <param pos="2" name="os.version"/>
835
923
  </fingerprint>
924
+
836
925
  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
837
926
  <description>OCE Printer</description>
838
927
  <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -842,6 +931,7 @@ more text
842
931
  <param pos="1" name="os.product"/>
843
932
  <param pos="2" name="os.version"/>
844
933
  </fingerprint>
934
+
845
935
  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
846
936
  <description>MPI Technologies Linkcom Express FTP Server with os version</description>
847
937
  <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -851,6 +941,7 @@ more text
851
941
  <param pos="1" name="hw.product"/>
852
942
  <param pos="2" name="os.version"/>
853
943
  </fingerprint>
944
+
854
945
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
855
946
  <description>MPI Technologies Linkcom Express FTP Server</description>
856
947
  <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -859,6 +950,7 @@ more text
859
950
  <param pos="0" name="hw.device" value="Print server"/>
860
951
  <param pos="1" name="hw.product"/>
861
952
  </fingerprint>
953
+
862
954
  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
863
955
  <description>IBM Infoprint FTP</description>
864
956
  <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -871,6 +963,7 @@ more text
871
963
  <param pos="1" name="os.product"/>
872
964
  <param pos="2" name="os.version"/>
873
965
  </fingerprint>
966
+
874
967
  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
875
968
  <description>Gestetner Printer FTP</description>
876
969
  <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -883,6 +976,7 @@ more text
883
976
  <param pos="1" name="os.product"/>
884
977
  <param pos="2" name="os.version"/>
885
978
  </fingerprint>
979
+
886
980
  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
887
981
  <description>Gestetner Printer FTP - short banner</description>
888
982
  <example>Gestetner MPC2500</example>
@@ -890,6 +984,7 @@ more text
890
984
  <param pos="0" name="os.device" value="Multifunction Device"/>
891
985
  <param pos="1" name="os.product"/>
892
986
  </fingerprint>
987
+
893
988
  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
894
989
  <description>Lexmark Marknet Printers FTP</description>
895
990
  <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -899,6 +994,7 @@ more text
899
994
  <param pos="1" name="os.product"/>
900
995
  <param pos="2" name="os.version"/>
901
996
  </fingerprint>
997
+
902
998
  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
903
999
  <description>Source Technologies ST9600 Series Secure Printer</description>
904
1000
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -911,6 +1007,7 @@ more text
911
1007
  <param pos="2" name="os.product"/>
912
1008
  <param pos="3" name="os.version"/>
913
1009
  </fingerprint>
1010
+
914
1011
  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
915
1012
  <description>Lexmark ProXXX Series of Printers</description>
916
1013
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -923,6 +1020,7 @@ more text
923
1020
  <param pos="0" name="hw.device" value="Printer"/>
924
1021
  <param pos="2" name="hw.product"/>
925
1022
  </fingerprint>
1023
+
926
1024
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
927
1025
  <description>Lexmark Forms Printer</description>
928
1026
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -937,6 +1035,7 @@ more text
937
1035
  <param pos="0" name="hw.device" value="Printer"/>
938
1036
  <param pos="2" name="hw.product"/>
939
1037
  </fingerprint>
1038
+
940
1039
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
941
1040
  <description>Toshiba e-STUDIO Printer with MAC address</description>
942
1041
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -950,6 +1049,7 @@ more text
950
1049
  <param pos="0" name="hw.device" value="Multifunction Device"/>
951
1050
  <param pos="0" name="hw.product" value="e-STUDIO"/>
952
1051
  </fingerprint>
1052
+
953
1053
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
954
1054
  <description>Toshiba e-STUDIO Printer</description>
955
1055
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -961,6 +1061,7 @@ more text
961
1061
  <param pos="0" name="hw.device" value="Multifunction Device"/>
962
1062
  <param pos="0" name="hw.product" value="e-STUDIO"/>
963
1063
  </fingerprint>
1064
+
964
1065
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
965
1066
  <description>Lexmark Optra Printer</description>
966
1067
  <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -975,6 +1076,7 @@ more text
975
1076
  <param pos="0" name="hw.device" value="Printer"/>
976
1077
  <param pos="1" name="hw.product"/>
977
1078
  </fingerprint>
1079
+
978
1080
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
979
1081
  <description>Sharp Printer/Copier/Scanne</description>
980
1082
  <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -996,6 +1098,7 @@ more text
996
1098
  <param pos="0" name="hw.family" value="MX Series"/>
997
1099
  <param pos="1" name="hw.product"/>
998
1100
  </fingerprint>
1101
+
999
1102
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
1000
1103
  <description>Kyocera Printer with version string</description>
1001
1104
  <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -1008,6 +1111,7 @@ more text
1008
1111
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1009
1112
  <param pos="1" name="hw.product"/>
1010
1113
  </fingerprint>
1114
+
1011
1115
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
1012
1116
  <description>Kyocera Printer</description>
1013
1117
  <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1021,6 +1125,7 @@ more text
1021
1125
  <param pos="0" name="hw.family" value="FS"/>
1022
1126
  <param pos="1" name="hw.product"/>
1023
1127
  </fingerprint>
1128
+
1024
1129
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1025
1130
  <description>Extended Systems ExtendNet Print Server</description>
1026
1131
  <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1042,6 +1147,7 @@ more text
1042
1147
  <param pos="0" name="hw.device" value="Print server"/>
1043
1148
  <param pos="1" name="hw.product"/>
1044
1149
  </fingerprint>
1150
+
1045
1151
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1046
1152
  <description>SATO Printer</description>
1047
1153
  <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1052,6 +1158,7 @@ more text
1052
1158
  <param pos="0" name="hw.vendor" value="SATO"/>
1053
1159
  <param pos="0" name="hw.device" value="Printer"/>
1054
1160
  </fingerprint>
1161
+
1055
1162
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1056
1163
  <description>AMTDatasouth Fastmark M5</description>
1057
1164
  <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1069,6 +1176,7 @@ more text
1069
1176
  <param pos="0" name="hw.product" value="Fastmark M5"/>
1070
1177
  <param pos="0" name="hw.device" value="Printer"/>
1071
1178
  </fingerprint>
1179
+
1072
1180
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1073
1181
  <description>EFI FTP Print Server</description>
1074
1182
  <example>EFI FTP Print server ready.</example>
@@ -1078,7 +1186,9 @@ more text
1078
1186
  <param pos="0" name="os.product" value="Fiery Print Server"/>
1079
1187
  <param pos="0" name="os.device" value="Print server"/>
1080
1188
  </fingerprint>
1189
+
1081
1190
  <!-- Conjectured based on known MX FTP fingerprints -->
1191
+
1082
1192
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1083
1193
  <description>Sharp AR Series multifunction device</description>
1084
1194
  <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1092,6 +1202,7 @@ more text
1092
1202
  <param pos="0" name="hw.family" value="AR Series"/>
1093
1203
  <param pos="1" name="hw.product"/>
1094
1204
  </fingerprint>
1205
+
1095
1206
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1096
1207
  <description>Konica Minolta FTP Server - w/o version</description>
1097
1208
  <example>KONICA MINOLTA FTP server ready.</example>
@@ -1104,6 +1215,7 @@ more text
1104
1215
  <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1105
1216
  <param pos="0" name="hw.product" value="Printer"/>
1106
1217
  </fingerprint>
1218
+
1107
1219
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1108
1220
  <description>Konica Minolta FTP Server</description>
1109
1221
  <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1121,6 +1233,7 @@ more text
1121
1233
  <param pos="0" name="service.product" value="KM FTPD"/>
1122
1234
  <param pos="2" name="service.version"/>
1123
1235
  </fingerprint>
1236
+
1124
1237
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1125
1238
  <description>ZebraNet Print Server FTP</description>
1126
1239
  <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1134,6 +1247,7 @@ more text
1134
1247
  <param pos="0" name="hw.device" value="Print server"/>
1135
1248
  <param pos="1" name="hw.product"/>
1136
1249
  </fingerprint>
1250
+
1137
1251
  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1138
1252
  <description>Dell Laser Printer</description>
1139
1253
  <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
@@ -1145,12 +1259,14 @@ more text
1145
1259
  <param pos="2" name="host.mac"/>
1146
1260
  <param pos="3" name="hw.product"/>
1147
1261
  </fingerprint>
1262
+
1148
1263
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1149
1264
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1150
1265
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1151
1266
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1152
1267
  <param pos="1" name="host.name"/>
1153
1268
  </fingerprint>
1269
+
1154
1270
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1155
1271
  <description>Cisco TelePresence</description>
1156
1272
  <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1166,6 +1282,7 @@ more text
1166
1282
  <param pos="2" name="hw.model"/>
1167
1283
  <param pos="3" name="os.version"/>
1168
1284
  </fingerprint>
1285
+
1169
1286
  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1170
1287
  <description>Digital/Compaq/HP Tru64 Unix</description>
1171
1288
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1176,6 +1293,7 @@ more text
1176
1293
  <param pos="2" name="os.version"/>
1177
1294
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1178
1295
  </fingerprint>
1296
+
1179
1297
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1180
1298
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1181
1299
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1185,6 +1303,7 @@ more text
1185
1303
  <param pos="1" name="host.name"/>
1186
1304
  <param pos="2" name="os.version"/>
1187
1305
  </fingerprint>
1306
+
1188
1307
  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1189
1308
  <description>MikroTik</description>
1190
1309
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1194,6 +1313,7 @@ more text
1194
1313
  <param pos="2" name="os.version"/>
1195
1314
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1196
1315
  </fingerprint>
1316
+
1197
1317
  <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1198
1318
  <description>MikroTik w/o hostname</description>
1199
1319
  <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
@@ -1202,6 +1322,7 @@ more text
1202
1322
  <param pos="1" name="os.version"/>
1203
1323
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1204
1324
  </fingerprint>
1325
+
1205
1326
  <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1206
1327
  <description>FTPD on an Asus Wireless Access Point/Router</description>
1207
1328
  <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1213,6 +1334,7 @@ more text
1213
1334
  <param pos="0" name="hw.device" value="WAP"/>
1214
1335
  <param pos="1" name="hw.product"/>
1215
1336
  </fingerprint>
1337
+
1216
1338
  <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1217
1339
  <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1218
1340
  <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1223,6 +1345,7 @@ more text
1223
1345
  <param pos="0" name="hw.device" value="DSL Modem"/>
1224
1346
  <param pos="1" name="hw.product"/>
1225
1347
  </fingerprint>
1348
+
1226
1349
  <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1227
1350
  <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1228
1351
  <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1232,6 +1355,7 @@ more text
1232
1355
  <param pos="0" name="hw.device" value="WAP"/>
1233
1356
  <param pos="1" name="hw.product"/>
1234
1357
  </fingerprint>
1358
+
1235
1359
  <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1236
1360
  <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1237
1361
  <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1245,6 +1369,7 @@ more text
1245
1369
  <param pos="0" name="hw.family" value="FRITZ!Box"/>
1246
1370
  <param pos="1" name="hw.product"/>
1247
1371
  </fingerprint>
1372
+
1248
1373
  <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1249
1374
  <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1250
1375
  <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1252,10 +1377,11 @@ more text
1252
1377
  <param pos="0" name="service.product" value="inetutils ftpd"/>
1253
1378
  <param pos="0" name="service.vendor" value="GNU"/>
1254
1379
  <param pos="1" name="service.version"/>
1255
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1380
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1256
1381
  <param pos="0" name="hw.family" value="WiMax"/>
1257
1382
  <param pos="0" name="hw.device" value="WAP"/>
1258
1383
  </fingerprint>
1384
+
1259
1385
  <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1260
1386
  <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1261
1387
  <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1267,6 +1393,7 @@ more text
1267
1393
  <param pos="1" name="hw.product"/>
1268
1394
  <param pos="2" name="os.version"/>
1269
1395
  </fingerprint>
1396
+
1270
1397
  <fingerprint pattern="^DiskStation FTP server ready\.$">
1271
1398
  <description>FTPD on a Synology DiskStation NAS</description>
1272
1399
  <example>DiskStation FTP server ready.</example>
@@ -1279,6 +1406,7 @@ more text
1279
1406
  <param pos="0" name="hw.family" value="DiskStation"/>
1280
1407
  <param pos="0" name="hw.device" value="NAS"/>
1281
1408
  </fingerprint>
1409
+
1282
1410
  <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1283
1411
  <description>FTPD on a Synology device</description>
1284
1412
  <example>Synology FTP server ready.</example>
@@ -1290,6 +1418,7 @@ more text
1290
1418
  <param pos="0" name="os.product" value="Linux"/>
1291
1419
  <param pos="0" name="hw.vendor" value="Synology"/>
1292
1420
  </fingerprint>
1421
+
1293
1422
  <fingerprint pattern="^.Welcome to MyBookLive.$">
1294
1423
  <description>FTPD on Western Digital My Book Live NAS</description>
1295
1424
  <example>"Welcome to MyBookLive"</example>
@@ -1298,6 +1427,7 @@ more text
1298
1427
  <param pos="0" name="hw.product" value="My Book Live"/>
1299
1428
  <param pos="0" name="hw.device" value="NAS"/>
1300
1429
  </fingerprint>
1430
+
1301
1431
  <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1302
1432
  <description>Multicraft FTPD Server</description>
1303
1433
  <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1307,6 +1437,7 @@ more text
1307
1437
  <param pos="0" name="service.vendor" value="Multicraft"/>
1308
1438
  <param pos="1" name="service.version"/>
1309
1439
  </fingerprint>
1440
+
1310
1441
  <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1311
1442
  <description>Bftpd FTPD Server</description>
1312
1443
  <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1318,6 +1449,7 @@ more text
1318
1449
  <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1319
1450
  <param pos="2" name="host.ip"/>
1320
1451
  </fingerprint>
1452
+
1321
1453
  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1322
1454
  <description>ProFTPD on QNAP Turbo Station NAS</description>
1323
1455
  <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1333,6 +1465,7 @@ more text
1333
1465
  <param pos="0" name="hw.device" value="NAS"/>
1334
1466
  <param pos="2" name="host.ip"/>
1335
1467
  </fingerprint>
1468
+
1336
1469
  <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1337
1470
  <description>Twisted (Python) FTP Server</description>
1338
1471
  <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1342,6 +1475,7 @@ more text
1342
1475
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1343
1476
  <param pos="1" name="service.version"/>
1344
1477
  </fingerprint>
1478
+
1345
1479
  <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1346
1480
  <description>Gene6 FTP Server on Windows</description>
1347
1481
  <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1355,6 +1489,7 @@ more text
1355
1489
  <param pos="0" name="os.product" value="Windows"/>
1356
1490
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1357
1491
  </fingerprint>
1492
+
1358
1493
  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1359
1494
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1360
1495
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1370,6 +1505,7 @@ more text
1370
1505
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1371
1506
  <param pos="1" name="host.name"/>
1372
1507
  </fingerprint>
1508
+
1373
1509
  <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1374
1510
  <description>WS_FTP FTP Server on Windows - V2 variant</description>
1375
1511
  <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1383,24 +1519,27 @@ more text
1383
1519
  <param pos="0" name="os.product" value="Windows"/>
1384
1520
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1385
1521
  </fingerprint>
1522
+
1386
1523
  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1387
1524
  <description>ZyXEL Unified Security Gateway</description>
1388
1525
  <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1389
1526
  <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1390
1527
  <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1391
- <param pos="0" name="service.vendor" value="ZyXEL"/>
1528
+ <param pos="0" name="service.vendor" value="Zyxel"/>
1392
1529
  <param pos="0" name="service.family" value="Unified Security Gateway"/>
1393
1530
  <param pos="0" name="service.product" value="FTPD"/>
1394
1531
  <param pos="2" name="host.ip"/>
1395
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1532
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1396
1533
  <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1397
1534
  <param pos="1" name="hw.product"/>
1398
1535
  </fingerprint>
1536
+
1399
1537
  <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1400
1538
  <description>FTPD on a TP-LINK device (no version/host info)</description>
1401
1539
  <example>Welcome to TP-LINK FTP server</example>
1402
1540
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
1403
1541
  </fingerprint>
1542
+
1404
1543
  <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1405
1544
  <description>FTPD on a TP-LINK device with version, but no host info</description>
1406
1545
  <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
@@ -1408,6 +1547,7 @@ more text
1408
1547
  <param pos="0" name="service.product" value="FTPD"/>
1409
1548
  <param pos="1" name="service.version"/>
1410
1549
  </fingerprint>
1550
+
1411
1551
  <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1412
1552
  <description>ucftpd with version</description>
1413
1553
  <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
@@ -1416,18 +1556,21 @@ more text
1416
1556
  <param pos="0" name="service.product" value="ucftpd"/>
1417
1557
  <param pos="1" name="service.version"/>
1418
1558
  </fingerprint>
1559
+
1419
1560
  <fingerprint pattern="^ucftpd FTP server ready\.$">
1420
1561
  <description>ucftpd without version</description>
1421
1562
  <example>ucftpd FTP server ready.</example>
1422
1563
  <param pos="0" name="service.family" value="ucftpd"/>
1423
1564
  <param pos="0" name="service.product" value="ucftpd"/>
1424
1565
  </fingerprint>
1566
+
1425
1567
  <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1426
1568
  <description>TBS FTP Server</description>
1427
1569
  <example>Welcome to TBS FTP Server.</example>
1428
1570
  <param pos="0" name="service.family" value="TBS FTP Server"/>
1429
1571
  <param pos="0" name="service.product" value="TBS FTP Server"/>
1430
1572
  </fingerprint>
1573
+
1431
1574
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1432
1575
  <description>Sofrel Remote Terminal Unit</description>
1433
1576
  <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
@@ -1438,6 +1581,7 @@ more text
1438
1581
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1439
1582
  <param pos="3" name="system.time"/>
1440
1583
  </fingerprint>
1584
+
1441
1585
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1442
1586
  <description>ALCATEL Service Router running TiMOS</description>
1443
1587
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1448,11 +1592,13 @@ more text
1448
1592
  <param pos="0" name="hw.family" value="Service Router"/>
1449
1593
  <param pos="2" name="hw.product"/>
1450
1594
  </fingerprint>
1595
+
1451
1596
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1452
1597
  <description>Generic FTP fingerprint with a hostname</description>
1453
1598
  <example host.name="example.com">example.com FTP server ready.</example>
1454
1599
  <param pos="1" name="host.name"/>
1455
1600
  </fingerprint>
1601
+
1456
1602
  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1457
1603
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1458
1604
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1460,6 +1606,7 @@ more text
1460
1606
  <param pos="1" name="host.name"/>
1461
1607
  <param pos="2" name="service.version"/>
1462
1608
  </fingerprint>
1609
+
1463
1610
  <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1464
1611
  <description>Generic FTP fingerprint without a hostname</description>
1465
1612
  <example>FTP server is ready.</example>
@@ -1469,12 +1616,14 @@ more text
1469
1616
  <example>FTP Server</example>
1470
1617
  <example>FTP service ready.</example>
1471
1618
  </fingerprint>
1619
+
1472
1620
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1473
1621
  <description>The FTP server of the ProRat malware</description>
1474
1622
  <example>Welcom to ProRat Ftp Server</example>
1475
1623
  <param pos="0" name="service.vendor" value="Pro Group"/>
1476
1624
  <param pos="0" name="service.product" value="ProRat"/>
1477
1625
  </fingerprint>
1626
+
1478
1627
  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1479
1628
  <description>Vermillion FTP Daemon</description>
1480
1629
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1488,6 +1637,7 @@ more text
1488
1637
  <param pos="2" name="service.version"/>
1489
1638
  <param pos="1" name="host.name"/>
1490
1639
  </fingerprint>
1640
+
1491
1641
  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1492
1642
  <description>QVT/Net FTP Server</description>
1493
1643
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1501,6 +1651,7 @@ more text
1501
1651
  <param pos="2" name="service.version"/>
1502
1652
  <param pos="1" name="host.name"/>
1503
1653
  </fingerprint>
1654
+
1504
1655
  <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1505
1656
  <description>Amazon Linux AMI</description>
1506
1657
  <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1509,8 +1660,10 @@ more text
1509
1660
  <param pos="0" name="os.product" value="Linux AMI"/>
1510
1661
  <param pos="1" name="os.version"/>
1511
1662
  </fingerprint>
1663
+
1512
1664
  <!-- Below are banners for FTP service providers, not necessarily
1513
1665
  specific FTP servers-->
1666
+
1514
1667
  <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1515
1668
  <description>Idea FTP Server</description>
1516
1669
  <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1521,18 +1674,21 @@ more text
1521
1674
  <param pos="2" name="host.name"/>
1522
1675
  <param pos="3" name="host.ip"/>
1523
1676
  </fingerprint>
1677
+
1524
1678
  <fingerprint pattern="^Amazon Ftp$">
1525
1679
  <description>Amazon FTP endpoint</description>
1526
1680
  <example>Amazon Ftp</example>
1527
1681
  <param pos="0" name="service.vendor" value="Amazon"/>
1528
1682
  <param pos="0" name="service.product" value="FTP Server"/>
1529
1683
  </fingerprint>
1684
+
1530
1685
  <fingerprint pattern="^Dreamhost FTP Server$">
1531
1686
  <description>Dreamhost FTP endpoint</description>
1532
1687
  <example>Dreamhost FTP Server</example>
1533
1688
  <param pos="0" name="service.vendor" value="Dreamhost"/>
1534
1689
  <param pos="0" name="service.product" value="FTP Server"/>
1535
1690
  </fingerprint>
1691
+
1536
1692
  <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1537
1693
  <description>IBM iSeries FTP</description>
1538
1694
  <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
@@ -1542,6 +1698,7 @@ more text
1542
1698
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1543
1699
  <param pos="1" name="host.name"/>
1544
1700
  </fingerprint>
1701
+
1545
1702
  <fingerprint pattern="^HomeLogic FTP Server">
1546
1703
  <description>ELAN Smart Home Controller</description>
1547
1704
  <example>HomeLogic FTP Server Please Give User Name</example>
@@ -1551,4 +1708,17 @@ more text
1551
1708
  <param pos="0" name="os.vendor" value="ELAN"/>
1552
1709
  <param pos="0" name="os.family" value="Linux"/>
1553
1710
  </fingerprint>
1554
- </fingerprints>
1711
+
1712
+ <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
1713
+ <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
1714
+ <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
1715
+ <param pos="0" name="hw.vendor" value="Honeywell"/>
1716
+ <param pos="1" name="hw.model"/>
1717
+ <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
1718
+ <param pos="0" name="hw.device" value="Printer"/>
1719
+ <param pos="0" name="os.vendor" value="Honeywell"/>
1720
+ <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
1721
+ <param pos="0" name="os.device" value="Printer"/>
1722
+ </fingerprint>
1723
+
1724
+ </fingerprints>