recog 2.3.8 → 2.3.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +6 -0
- data/CONTRIBUTING.md +136 -37
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +30 -6
- data/identifiers/README.md +9 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +6 -6
- data/identifiers/os_device.txt +45 -3
- data/identifiers/os_family.txt +206 -41
- data/identifiers/os_product.txt +238 -17
- data/identifiers/service_family.txt +144 -57
- data/identifiers/service_product.txt +384 -83
- data/identifiers/vendor.txt +553 -68
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +41 -2
- data/xml/architecture.xml +11 -3
- data/xml/dns_versionbind.xml +76 -8
- data/xml/favicons.xml +1700 -0
- data/xml/ftp_banners.xml +178 -8
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1258 -25
- data/xml/http_cookies.xml +64 -9
- data/xml/http_servers.xml +667 -37
- data/xml/http_wwwauth.xml +141 -26
- data/xml/imap_banners.xml +19 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +175 -2
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +134 -7
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +80 -4
- data/xml/operating_system.xml +89 -3
- data/xml/pop_banners.xml +30 -31
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +22 -2
- data/xml/sip_banners.xml +35 -4
- data/xml/sip_user_agents.xml +29 -2
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +79 -2
- data/xml/smtp_banners.xml +146 -7
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +731 -24
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +175 -5
- data/xml/telnet_banners.xml +266 -15
- data/xml/x11_banners.xml +26 -3
- data/xml/x509_issuers.xml +30 -6
- data/xml/x509_subjects.xml +200 -31
- metadata +8 -2
data/xml/http_wwwauth.xml
CHANGED
@@ -1,6 +1,7 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints matches="http_header.wwwauth" protocol="http" database_type="service" preference="0.85">
|
3
3
|
<!-- HTTP WWW-Authenticate headers are matched against these patterns to fingerprint HTTP servers. -->
|
4
|
+
|
4
5
|
<fingerprint pattern="^(?:Basic|Digest) realm="access"$">
|
5
6
|
<description>Cisco IOS 11.x</description>
|
6
7
|
<example>Basic realm="access"</example>
|
@@ -18,6 +19,7 @@
|
|
18
19
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
19
20
|
<param pos="0" name="hw.device" value="Router"/>
|
20
21
|
</fingerprint>
|
22
|
+
|
21
23
|
<fingerprint pattern="^(?:Basic|Digest) realm="level[ _]15[ _]or[ _]view[ _]access"$">
|
22
24
|
<description>Cisco IOS 12.x - view access variant</description>
|
23
25
|
<example>Basic realm="level_15 or view_access"</example>
|
@@ -36,6 +38,7 @@
|
|
36
38
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
37
39
|
<param pos="0" name="hw.device" value="Router"/>
|
38
40
|
</fingerprint>
|
41
|
+
|
39
42
|
<fingerprint pattern="^(?:Basic|Digest) realm="level[ _]\d\d?[ _]access"$">
|
40
43
|
<description>Cisco IOS 12.x</description>
|
41
44
|
<example>Basic realm="level_15_access"</example>
|
@@ -54,6 +57,7 @@
|
|
54
57
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
55
58
|
<param pos="0" name="hw.device" value="Router"/>
|
56
59
|
</fingerprint>
|
60
|
+
|
57
61
|
<fingerprint pattern="^Basic realm="(NetVanta [^"]+)"$" certainty="1.0">
|
58
62
|
<description>ADTRAN Netvanta Router</description>
|
59
63
|
<example hw.product="NetVanta 1238 PoE">Basic realm="NetVanta 1238 PoE"</example>
|
@@ -65,11 +69,13 @@
|
|
65
69
|
<param pos="0" name="hw.family" value="NetVanta"/>
|
66
70
|
<param pos="1" name="hw.product"/>
|
67
71
|
</fingerprint>
|
72
|
+
|
68
73
|
<fingerprint pattern="^(?:Basic|Digest) realm="Cisco_CCSP_CWMP_TCPCR".*$">
|
69
74
|
<description>Generic Cisco CWMP/CPE equipment</description>
|
70
75
|
<example>Basic realm="Cisco_CCSP_CWMP_TCPCR"</example>
|
71
76
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
72
77
|
</fingerprint>
|
78
|
+
|
73
79
|
<fingerprint pattern="^(?:Basic|Digest) realm="FW-1. Reason: no user Server "$">
|
74
80
|
<description>Check Point FireWall-1</description>
|
75
81
|
<example>Basic realm="FW-1. Reason: no user Server "</example>
|
@@ -82,6 +88,7 @@
|
|
82
88
|
<param pos="0" name="os.family" value="Firewall-1"/>
|
83
89
|
<param pos="0" name="os.product" value="Firewall-1"/>
|
84
90
|
</fingerprint>
|
91
|
+
|
85
92
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpanel".*">
|
86
93
|
<description>cPanel</description>
|
87
94
|
<example>Basic realm="cPanel"</example>
|
@@ -89,6 +96,7 @@
|
|
89
96
|
<param pos="0" name="service.product" value="cPanel"/>
|
90
97
|
<param pos="0" name="service.cpe23" value="cpe:/a:cpanel:cpanel:-"/>
|
91
98
|
</fingerprint>
|
99
|
+
|
92
100
|
<fingerprint pattern="^(?:Basic|Digest) realm="APC Management Card"$">
|
93
101
|
<description>APC device</description>
|
94
102
|
<example>Basic realm="APC Management Card"</example>
|
@@ -97,6 +105,7 @@
|
|
97
105
|
<param pos="0" name="os.vendor" value="APC"/>
|
98
106
|
<param pos="0" name="os.device" value="Power device"/>
|
99
107
|
</fingerprint>
|
108
|
+
|
100
109
|
<fingerprint pattern="^(?:Basic|Digest) realm="ADSL\S* (?:Modem|Router|Modem/Router)".*$">
|
101
110
|
<description>Generic ADSL modems/routers</description>
|
102
111
|
<example>Basic realm="ADSL Modem"</example>
|
@@ -105,22 +114,27 @@
|
|
105
114
|
<example>Basic realm="ADSL2+ Router"</example>
|
106
115
|
<param pos="0" name="hw.device" value="ADSL Modem"/>
|
107
116
|
</fingerprint>
|
117
|
+
|
108
118
|
<fingerprint pattern="^(?:Basic|Digest) realm="Broadband Router".*$">
|
109
119
|
<description>Generic Broadband modems/routers</description>
|
110
120
|
<example>Basic realm="Broadband Router"</example>
|
111
121
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
112
122
|
</fingerprint>
|
123
|
+
|
113
124
|
<fingerprint pattern="^(?:Basic|Digest) realm="DSL\S* (?:Modem|Router|Modem/Router)".*$">
|
114
125
|
<description>Generic DSL modems/routers</description>
|
115
126
|
<example>Basic realm="DSL Modem"</example>
|
116
127
|
<param pos="0" name="hw.device" value="DSL Modem"/>
|
117
128
|
</fingerprint>
|
129
|
+
|
118
130
|
<fingerprint pattern="^(?:Basic|Digest) realm="DVR".*$">
|
119
131
|
<description>Generic DVR</description>
|
120
132
|
<example>Basic realm="DVR"</example>
|
121
133
|
<param pos="0" name="hw.device" value="DVR"/>
|
122
134
|
</fingerprint>
|
135
|
+
|
123
136
|
<!-- Hikvision is OEMd by a number of DVR manufacturers -->
|
137
|
+
|
124
138
|
<fingerprint pattern="^(?:Basic|Digest) realm="(?i:hikvision)".*$">
|
125
139
|
<description>Web server found on DVR and webcam servers sourced from Hikvision</description>
|
126
140
|
<example>Basic realm="hikvision"</example>
|
@@ -128,19 +142,23 @@
|
|
128
142
|
<param pos="0" name="service.product" value="Hikvision Web Server"/>
|
129
143
|
<param pos="0" name="os.vendor" value="Hikvision"/>
|
130
144
|
<param pos="0" name="os.device" value="DVR"/>
|
145
|
+
<param pos="0" name="hw.vendor" value="Hikvision"/>
|
131
146
|
<param pos="0" name="hw.device" value="DVR"/>
|
132
147
|
</fingerprint>
|
148
|
+
|
133
149
|
<fingerprint pattern="^(?:Basic|Digest) realm="Merit LILIN Ent\. Co\., Ltd.".*$">
|
134
150
|
<description>Merit LILIN generic device</description>
|
135
151
|
<example>Basic realm="Merit LILIN Ent. Co., Ltd,"</example>
|
136
152
|
<example>Basic realm="Merit LILIN Ent. Co., Ltd."</example>
|
137
153
|
<param pos="0" name="hw.vendor" value="Merit LILIN"/>
|
138
154
|
</fingerprint>
|
155
|
+
|
139
156
|
<fingerprint pattern="^(?:Basic|Digest) realm="Wireless Access Point".*$">
|
140
157
|
<description>Generic WAP</description>
|
141
158
|
<example>Basic realm="Wireless Access Point"</example>
|
142
159
|
<param pos="0" name="hw.device" value="WAP"/>
|
143
160
|
</fingerprint>
|
161
|
+
|
144
162
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?".*$">
|
145
163
|
<description>Generic IP Cameras</description>
|
146
164
|
<example>Basic realm="camera"</example>
|
@@ -148,6 +166,7 @@
|
|
148
166
|
<example>Basic realm="Mini Dome IP Camera"</example>
|
149
167
|
<param pos="0" name="hw.device" value="Web cam"/>
|
150
168
|
</fingerprint>
|
169
|
+
|
151
170
|
<fingerprint pattern="^(?:Basic|Digest) realm="(DCS-[^"]+)".*$">
|
152
171
|
<description>D-Link DCS IP Cameras</description>
|
153
172
|
<example hw.product="DCS-5222LB1">Basic realm="DCS-5222LB1"</example>
|
@@ -156,6 +175,7 @@
|
|
156
175
|
<param pos="0" name="hw.device" value="Web cam"/>
|
157
176
|
<param pos="1" name="hw.product"/>
|
158
177
|
</fingerprint>
|
178
|
+
|
159
179
|
<fingerprint pattern="^(?:Basic|Digest) realm="GoAhead".*$">
|
160
180
|
<description>GoAhead webserver</description>
|
161
181
|
<example>Basic realm="GoAhead"</example>
|
@@ -163,25 +183,19 @@
|
|
163
183
|
<param pos="0" name="service.product" value="GoAhead Webserver"/>
|
164
184
|
<param pos="0" name="service.family" value="GoAhead Webserver"/>
|
165
185
|
</fingerprint>
|
186
|
+
|
166
187
|
<fingerprint pattern="^(?:Basic|Digest) realm="kubernetes-master".*$">
|
167
188
|
<description>Kubernetes master nodes</description>
|
168
189
|
<example>Basic realm="kubernetes-master"</example>
|
169
190
|
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
170
191
|
</fingerprint>
|
171
|
-
|
172
|
-
<description>Netgear Orbi</description>
|
173
|
-
<example hw.product="Orbi">Basic realm="NETGEAR Orbi"</example>
|
174
|
-
<example hw.product="Orbi-micro">Basic realm="NETGEAR Orbi-micro"</example>
|
175
|
-
<param pos="0" name="hw.vendor" value="Netgear"/>
|
176
|
-
<param pos="0" name="hw.device" value="WAP"/>
|
177
|
-
<param pos="0" name="hw.family" value="Orbi"/>
|
178
|
-
<param pos="1" name="hw.product"/>
|
179
|
-
</fingerprint>
|
192
|
+
|
180
193
|
<fingerprint pattern="(?i)^(?:Basic|Digest) realm="RUIJIE(?:-CPE)?".*$">
|
181
194
|
<description>Ruijie Networks generic</description>
|
182
195
|
<example>Digest realm="RUIJIE-CPE"</example>
|
183
196
|
<param pos="0" name="hw.vendor" value="Ruijie"/>
|
184
197
|
</fingerprint>
|
198
|
+
|
185
199
|
<fingerprint pattern="^Basic realm="SpeedTouch"$">
|
186
200
|
<description>Thomson SpeedTouch xDSL router - short variant</description>
|
187
201
|
<example>Basic realm="SpeedTouch"</example>
|
@@ -195,6 +209,7 @@
|
|
195
209
|
<param pos="0" name="hw.family" value="SpeedTouch"/>
|
196
210
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
197
211
|
</fingerprint>
|
212
|
+
|
198
213
|
<fingerprint pattern="^(?:Basic|Digest) realm="SpeedTouch \(([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2})\)"$">
|
199
214
|
<description>Thomson SpeedTouch xDSL router</description>
|
200
215
|
<example host.mac="00-90-D0-F9-91-52">Basic realm="SpeedTouch (00-90-D0-F9-91-52)"</example>
|
@@ -210,10 +225,12 @@
|
|
210
225
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
211
226
|
<param pos="1" name="host.mac"/>
|
212
227
|
</fingerprint>
|
228
|
+
|
213
229
|
<!--
|
214
230
|
Really need some examples for the fingerprints below. The regex and params
|
215
231
|
imply that the nonce inlcudes the MAC address.
|
216
232
|
-->
|
233
|
+
|
217
234
|
<fingerprint pattern="^(?:Basic|Digest) realm="SpeedTouch", nonce="[0-9A-Z]+:([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}):\d+:\d+", qop="auth"$">
|
218
235
|
<description>Thomson SpeedTouch xDSL router - qop variant</description>
|
219
236
|
<param pos="0" name="service.vendor" value="Thomson"/>
|
@@ -228,6 +245,7 @@
|
|
228
245
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
229
246
|
<param pos="1" name="host.mac"/>
|
230
247
|
</fingerprint>
|
248
|
+
|
231
249
|
<fingerprint pattern="^(?:Basic|Digest) realm="ST (\d+) R 5.x Telecom Italia", nonce="[0-9A-Z]+:([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}):\d+:\d+", qop="auth"$">
|
232
250
|
<description>Thomson SpeedTouch xDSL router - Telecom Italia</description>
|
233
251
|
<param pos="0" name="service.vendor" value="Thomson"/>
|
@@ -242,6 +260,7 @@
|
|
242
260
|
<param pos="1" name="os.product"/>
|
243
261
|
<param pos="2" name="host.mac"/>
|
244
262
|
</fingerprint>
|
263
|
+
|
245
264
|
<fingerprint pattern="^(?:Basic|Digest).*realm="Thomson(?: Gateway)?".*$">
|
246
265
|
<description>Thomson generic devices</description>
|
247
266
|
<example>Digest realm="Thomson Gateway"</example>
|
@@ -249,6 +268,7 @@
|
|
249
268
|
<param pos="0" name="hw.vendor" value="Thomson"/>
|
250
269
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
251
270
|
</fingerprint>
|
271
|
+
|
252
272
|
<fingerprint pattern="^(?:Basic|Digest) realm="(?:SmartAX )?(MT\d+[^ ]*)(?: ADSL Router)?"$">
|
253
273
|
<description>Huawei xDSL routers</description>
|
254
274
|
<example hw.product="MT882">Basic realm="SmartAX MT882"</example>
|
@@ -264,6 +284,7 @@
|
|
264
284
|
<param pos="0" name="hw.family" value="MT"/>
|
265
285
|
<param pos="1" name="hw.product"/>
|
266
286
|
</fingerprint>
|
287
|
+
|
267
288
|
<fingerprint pattern="^(?:Basic|Digest) realm="HuaweiHomeGateway".*$">
|
268
289
|
<description>Huawei Home Gateway Routers</description>
|
269
290
|
<example>Basic realm="HuaweiHomeGateway"</example>
|
@@ -271,6 +292,7 @@
|
|
271
292
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
272
293
|
<param pos="0" name="hw.product" value="Home Gateway"/>
|
273
294
|
</fingerprint>
|
295
|
+
|
274
296
|
<fingerprint pattern="^(?:Basic|Digest) realm="EchoLife .*".*$">
|
275
297
|
<description>Huawei EchoLife Home Gateways</description>
|
276
298
|
<example>Basic realm="EchoLife Portal de Inicio"</example>
|
@@ -279,6 +301,7 @@
|
|
279
301
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
280
302
|
<param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
|
281
303
|
</fingerprint>
|
304
|
+
|
282
305
|
<fingerprint pattern="^(?:Basic|Digest) realm="(WRT54G\w*)"$">
|
283
306
|
<description>Linksys WRT54G wireless access point (dozen of variants of the product)</description>
|
284
307
|
<example hw.product="WRT54G">Basic realm="WRT54G"</example>
|
@@ -292,6 +315,7 @@
|
|
292
315
|
<param pos="0" name="hw.device" value="WAP"/>
|
293
316
|
<param pos="1" name="hw.product"/>
|
294
317
|
</fingerprint>
|
318
|
+
|
295
319
|
<fingerprint pattern="^(?:Basic|Digest) realm="(TD-[VW8][A-Z0-9]+)(?:| \d+\.\d+)"$">
|
296
320
|
<description>TP-LINK SoHo Router - dash variant</description>
|
297
321
|
<example>Basic realm="TD-W8901G"</example>
|
@@ -301,6 +325,7 @@
|
|
301
325
|
<param pos="0" name="os.device" value="Router"/>
|
302
326
|
<param pos="1" name="os.product"/>
|
303
327
|
</fingerprint>
|
328
|
+
|
304
329
|
<fingerprint pattern="^(?:Basic|Digest) realm="(TD8[A-Z0-9]+)"$">
|
305
330
|
<description>TP-LINK SoHo Router</description>
|
306
331
|
<example>Basic realm="TD854W"</example>
|
@@ -311,6 +336,7 @@
|
|
311
336
|
<param pos="0" name="os.device" value="Router"/>
|
312
337
|
<param pos="1" name="os.product"/>
|
313
338
|
</fingerprint>
|
339
|
+
|
314
340
|
<fingerprint pattern="^(?:Basic|Digest) realm="TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)".*$">
|
315
341
|
<description>TP-LINK SoHo Router - verbose variant</description>
|
316
342
|
<example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
|
@@ -333,27 +359,31 @@
|
|
333
359
|
<param pos="0" name="os.device" value="WAP"/>
|
334
360
|
<param pos="1" name="os.product"/>
|
335
361
|
</fingerprint>
|
362
|
+
|
336
363
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK (.*Router.*)".*$">
|
337
364
|
<description>TP-LINK Routers</description>
|
338
365
|
<example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
|
339
366
|
<example>Basic realm="TP-LINK Gigabit Broadband VPN Router R600VPN"</example>
|
340
367
|
<example>Basic realm="TP-LINK Wireless Lite N Router WR740N/WR741ND"</example>
|
341
|
-
<param pos="0" name="hw.vendor" value="TP-
|
368
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
342
369
|
<param pos="0" name="hw.device" value="Router"/>
|
343
370
|
<param pos="1" name="hw.product"/>
|
344
371
|
</fingerprint>
|
372
|
+
|
345
373
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK IP-Camera".*$">
|
346
374
|
<description>TP-LINK IP-Cameras</description>
|
347
375
|
<example>Basic realm="TP-LINK IP-Camera"</example>
|
348
|
-
<param pos="0" name="hw.vendor" value="TP-
|
376
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
349
377
|
<param pos="0" name="hw.device" value="Web cam"/>
|
350
378
|
</fingerprint>
|
379
|
+
|
351
380
|
<fingerprint pattern="(?i)^(?:Basic|Digest) .*realm="Broadcom Management Service".*$">
|
352
381
|
<description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
|
353
382
|
<example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
|
354
383
|
<param pos="0" name="service.vendor" value="Broadcom"/>
|
355
384
|
<param pos="0" name="service.product" value="Management Service"/>
|
356
385
|
</fingerprint>
|
386
|
+
|
357
387
|
<fingerprint pattern="^(?:Basic|Digest) .*realm="SWAT".*$">
|
358
388
|
<description>Samba Web Administration Tool (SWAT)</description>
|
359
389
|
<example>Basic realm="SWAT"</example>
|
@@ -361,6 +391,7 @@
|
|
361
391
|
<param pos="0" name="service.family" value="Samba"/>
|
362
392
|
<param pos="0" name="service.product" value="SWAT"/>
|
363
393
|
</fingerprint>
|
394
|
+
|
364
395
|
<fingerprint pattern="^.*(?:Basic|Digest) realm="SPIP Configuration".*$">
|
365
396
|
<description>SPIP publishing system (www.spip.net)</description>
|
366
397
|
<example>Basic realm="SPIP Configuration", Digest realm="SPIP Configuration", nonce="116761147", algorithm="MD5"</example>
|
@@ -368,6 +399,7 @@
|
|
368
399
|
<param pos="0" name="service.product" value="SPIP"/>
|
369
400
|
<param pos="0" name="service.cpe23" value="cpe:/a:spip:spip:-"/>
|
370
401
|
</fingerprint>
|
402
|
+
|
371
403
|
<fingerprint pattern="^.*(?:Basic|Digest) .*realm="HP ISEE @ ([^"]+)".*$">
|
372
404
|
<description>HP Instant Support Enterprise Edition with a hostname</description>
|
373
405
|
<example host.name="blah">Basic realm="HP ISEE @ blah"</example>
|
@@ -375,6 +407,7 @@
|
|
375
407
|
<param pos="0" name="service.product" value="ISEE"/>
|
376
408
|
<param pos="1" name="host.name"/>
|
377
409
|
</fingerprint>
|
410
|
+
|
378
411
|
<fingerprint pattern="^.*(?:Basic|Digest) .*realm="BIG-IP".*$">
|
379
412
|
<description>Generic F5 Big-IP</description>
|
380
413
|
<example>Basic realm="BIG-IP"</example>
|
@@ -383,7 +416,9 @@
|
|
383
416
|
<param pos="0" name="service.product" value="BIG-IP LTM"/>
|
384
417
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
385
418
|
</fingerprint>
|
419
|
+
|
386
420
|
<!-- HP ProCurve -->
|
421
|
+
|
387
422
|
<fingerprint pattern="(?i)^(?:Basic|Digest) realm="(?:HP|ProCurve) (J[3]\d{3}A)"$">
|
388
423
|
<description>HP ProCurve Hubs</description>
|
389
424
|
<example os.product="J3295A">Basic realm="HP J3295A"</example>
|
@@ -392,6 +427,7 @@
|
|
392
427
|
<param pos="0" name="os.device" value="Hub"/>
|
393
428
|
<param pos="1" name="os.product"/>
|
394
429
|
</fingerprint>
|
430
|
+
|
395
431
|
<fingerprint pattern="(?i)^(?:Basic|Digest) realm="(?:HP|ProCurve) (J[489]\d{3}A)"$">
|
396
432
|
<description>HP ProCurve Switches</description>
|
397
433
|
<example os.product="J4110A">Basic realm="HP J4110A"</example>
|
@@ -403,11 +439,13 @@
|
|
403
439
|
<param pos="0" name="os.device" value="Switch"/>
|
404
440
|
<param pos="1" name="os.product"/>
|
405
441
|
</fingerprint>
|
442
|
+
|
406
443
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="SERCOMM CPE Authentication".*$">
|
407
444
|
<description>Assorted Sercomm CPE devices</description>
|
408
445
|
<example>Digest realm="SERCOMM CPE Authentication"</example>
|
409
446
|
<param pos="0" name="hw.vendor" value="Sercomm"/>
|
410
447
|
</fingerprint>
|
448
|
+
|
411
449
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TiVo DVR".*$">
|
412
450
|
<description>Tivo DVR</description>
|
413
451
|
<example>Digest realm="TiVo DVR"</example>
|
@@ -415,12 +453,14 @@
|
|
415
453
|
<param pos="0" name="hw.family" value="DVR"/>
|
416
454
|
<param pos="0" name="hw.device" value="DVR"/>
|
417
455
|
</fingerprint>
|
456
|
+
|
418
457
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="UBEE".*$">
|
419
458
|
<description>Ubee Cable Modems</description>
|
420
459
|
<example>Digest qop="auth", realm="Ubee", nonce="1544738973"</example>
|
421
460
|
<param pos="0" name="hw.vendor" value="Ubee"/>
|
422
461
|
<param pos="0" name="hw.device" value="Broadband router"/>
|
423
462
|
</fingerprint>
|
463
|
+
|
424
464
|
<fingerprint pattern="^(?:Basic|Digest) realm="XDB"$">
|
425
465
|
<description>Web server providing web services for Oracle's XML DB.</description>
|
426
466
|
<example>Basic realm="XDB"</example>
|
@@ -428,11 +468,13 @@
|
|
428
468
|
<param pos="0" name="service.product" value="XML DB"/>
|
429
469
|
<param pos="0" name="service.family" value="Oracle"/>
|
430
470
|
</fingerprint>
|
471
|
+
|
431
472
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpe@zte.com".*$">
|
432
473
|
<description>Assorted ZTE CPE devices</description>
|
433
474
|
<example>Digest realm="cpe@zte.com"</example>
|
434
475
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
435
476
|
</fingerprint>
|
477
|
+
|
436
478
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="ZXHN (\S+)".*$">
|
437
479
|
<description>ZTE ZXHN router</description>
|
438
480
|
<example>Basic realm="ZXHN H108L"</example>
|
@@ -441,6 +483,7 @@
|
|
441
483
|
<param pos="0" name="hw.family" value="ZXHN"/>
|
442
484
|
<param pos="1" name="hw.product"/>
|
443
485
|
</fingerprint>
|
486
|
+
|
444
487
|
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(ZXV\S* \S+)".*$">
|
445
488
|
<description>ZTE ZXV router</description>
|
446
489
|
<example hw.product="ZXV10 W300">Basic realm="ZXV10 W300"</example>
|
@@ -449,20 +492,98 @@
|
|
449
492
|
<param pos="0" name="hw.family" value="ZXV"/>
|
450
493
|
<param pos="1" name="hw.product"/>
|
451
494
|
</fingerprint>
|
495
|
+
|
496
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest)\s+realm="Siqura"$">
|
497
|
+
<description>Siqura Video Encoder</description>
|
498
|
+
<example>Basic realm="Siqura"</example>
|
499
|
+
<param pos="0" name="os.vendor" value="Siqura"/>
|
500
|
+
<param pos="0" name="os.family" value="Linux"/>
|
501
|
+
<param pos="0" name="hw.vendor" value="Siqura"/>
|
502
|
+
<param pos="0" name="hw.device" value="Video Encoder"/>
|
503
|
+
</fingerprint>
|
504
|
+
|
505
|
+
<fingerprint pattern="^Digest realm="(Orbit-351)"">
|
506
|
+
<description>Steinsvik Orbit 351 IP Camera (Truen TCAM Rebrand)</description>
|
507
|
+
<example hw.product="Orbit-351">Digest realm="Orbit-351", nonce="0000040dY892418598785d2a2304a74adf22f6098f2792", stale=FALSE</example>
|
508
|
+
<param pos="0" name="hw.vendor" value="Steinsvik"/>
|
509
|
+
<param pos="0" name="hw.device" value="Web cam"/>
|
510
|
+
<param pos="1" name="hw.product"/>
|
511
|
+
<param pos="0" name="os.vendor" value="Steinsvik"/>
|
512
|
+
<param pos="0" name="os.family" value="Linux"/>
|
513
|
+
<param pos="0" name="os.product" value="Linux"/>
|
514
|
+
</fingerprint>
|
515
|
+
|
516
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="NETGEAR (Orbi(?:-(?:micro|mini))?)".*$">
|
517
|
+
<description>Netgear Orbi</description>
|
518
|
+
<example hw.product="Orbi">Basic realm="NETGEAR Orbi"</example>
|
519
|
+
<example hw.product="Orbi-micro">Basic realm="NETGEAR Orbi-micro"</example>
|
520
|
+
<example hw.product="Orbi-mini">Basic realm="NETGEAR Orbi-mini"</example>
|
521
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
522
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
523
|
+
<param pos="0" name="hw.family" value="Orbi"/>
|
524
|
+
<param pos="1" name="hw.product"/>
|
525
|
+
</fingerprint>
|
526
|
+
|
527
|
+
<fingerprint pattern="(?:Basic|Digest) realm="NETGEAR ([a-zA-Z0-9\-\+]+)\s*".*$">
|
528
|
+
<description>Netgear Routers</description>
|
529
|
+
<example hw.product="DG834">Basic realm="NETGEAR DG834 "</example>
|
530
|
+
<example hw.product="C7000v2">Basic realm="NETGEAR C7000v2"</example>
|
531
|
+
<example hw.product="R7000P">Basic realm="NETGEAR R7000P"</example>
|
532
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
533
|
+
<param pos="0" name="hw.device" value="Router"/>
|
534
|
+
<param pos="1" name="hw.product"/>
|
535
|
+
</fingerprint>
|
536
|
+
|
537
|
+
<!-- Fallback to the most generic Netgear match -->
|
538
|
+
|
539
|
+
<fingerprint pattern="(?:Basic|Digest) realm="Netgear".*$">
|
540
|
+
<description>Netgear Unspecified Router</description>
|
541
|
+
<example>Basic realm="Netgear"</example>
|
542
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
543
|
+
<param pos="0" name="hw.device" value="Router"/>
|
544
|
+
</fingerprint>
|
545
|
+
|
546
|
+
<!-- This fingerprint is suspect, as it's missing the Basic/Digest qualifier -->
|
547
|
+
|
548
|
+
<fingerprint pattern="^(?:NETGEAR|NetGear) Router ([a-zA-Z0-9\-\+]+)$">
|
549
|
+
<description>Netgear Routers w/o Authentication Type</description>
|
550
|
+
<example hw.product="WNR2000v4">NETGEAR Router WNR2000v4</example>
|
551
|
+
<example hw.product="R6100">NETGEAR Router R6100</example>
|
552
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
553
|
+
<param pos="0" name="hw.device" value="Router"/>
|
554
|
+
<param pos="1" name="hw.product"/>
|
555
|
+
</fingerprint>
|
556
|
+
|
557
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?".*$">
|
558
|
+
<description>Fujitsu Siemens Primergy with BMC RemoteView on an iRMC card</description>
|
559
|
+
<example host.name="IRMCA0EC88">Digest realm="iRMC@IRMCA0EC88", qop="auth", nonce="d569ace4-00029040", opaque="29040", stale="FALSE"</example>
|
560
|
+
<param pos="0" name="service.vendor" value="Fujitsu Siemens"/>
|
561
|
+
<param pos="0" name="service.product" value="RemoteView"/>
|
562
|
+
<param pos="0" name="service.family" value="RemoteView"/>
|
563
|
+
<param pos="0" name="hw.vendor" value="Fujitsu Siemens"/>
|
564
|
+
<param pos="0" name="hw.family" value="Primergy"/>
|
565
|
+
<param pos="0" name="hw.product" value="Primergy"/>
|
566
|
+
<param pos="1" name="host.name"/>
|
567
|
+
</fingerprint>
|
568
|
+
|
452
569
|
<!-- a variety of headers we currently just ignore -->
|
570
|
+
|
453
571
|
<fingerprint pattern="(?i)^NTLM$">
|
454
572
|
<description>Ignore NTLM-only</description>
|
455
573
|
<example>NTLM</example>
|
456
574
|
<example>Ntlm</example>
|
457
575
|
</fingerprint>
|
576
|
+
|
458
577
|
<fingerprint pattern="^Negotiate$">
|
459
578
|
<description>Ignore Negotiate-only</description>
|
460
579
|
<example>Negotiate</example>
|
461
580
|
</fingerprint>
|
581
|
+
|
462
582
|
<!--
|
463
583
|
Using a wildcard . instead of ['"] in the following line will result in
|
464
584
|
this fingerprint matching examples from other fingerprints.
|
465
585
|
-->
|
586
|
+
|
466
587
|
<fingerprint pattern="^(?:Basic|Digest) .*realm=['"](?:\/|\.|null|\/?index.html?)?['"]">
|
467
588
|
<description>Ignore null/empty/period/index.</description>
|
468
589
|
<example>Basic realm="null"</example>
|
@@ -472,37 +593,30 @@
|
|
472
593
|
<example>Basic realm='/'</example>
|
473
594
|
<example>Basic realm="index.html"</example>
|
474
595
|
</fingerprint>
|
596
|
+
|
475
597
|
<fingerprint pattern="^(?:Basic|Digest) .*realm="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)".*$">
|
476
598
|
<description>Ignore realms with an IPv4 address</description>
|
477
599
|
<example>Basic realm="192.168.0.1"</example>
|
478
600
|
<example>Digest qop="auth", realm="172.16.0.1", nonce="AAAAAAAAAAAAAP//DwHpM0IvM78=", algorithm="MD5"</example>
|
479
601
|
</fingerprint>
|
602
|
+
|
480
603
|
<fingerprint pattern="^(?:Basic|Digest) .*realm="config".*$">
|
481
604
|
<description>Ignore generic 'config' realms</description>
|
482
605
|
<example>Digest realm="config", nonce="1155041914", algorithm="MD5", qop="auth"</example>
|
483
606
|
</fingerprint>
|
484
|
-
|
485
|
-
<description>Fujitsu Siemens Primergy with BMC RemoteView on an iRMC card</description>
|
486
|
-
<example host.name="IRMCA0EC88">Digest realm="iRMC@IRMCA0EC88", qop="auth", nonce="d569ace4-00029040", opaque="29040", stale="FALSE"</example>
|
487
|
-
<param pos="0" name="service.vendor" value="Fujitsu Siemens"/>
|
488
|
-
<param pos="0" name="service.product" value="RemoteView"/>
|
489
|
-
<param pos="0" name="service.family" value="RemoteView"/>
|
490
|
-
<param pos="0" name="hw.vendor" value="Fujitsu Siemens"/>
|
491
|
-
<param pos="0" name="hw.family" value="Primergy"/>
|
492
|
-
<param pos="0" name="hw.product" value="Primergy"/>
|
493
|
-
<param pos="1" name="host.name"/>
|
494
|
-
</fingerprint>
|
607
|
+
|
495
608
|
<!--
|
496
609
|
Temporarily disable this version-less fingerprint because it overrode the
|
497
610
|
one in http_servers.xml (see NEX-1255).
|
498
|
-
|
499
611
|
<fingerprint pattern="^(?:Basic|Digest) realm="Lyris ListManager: enter email address and password"$">
|
500
612
|
<description>Lyris ListManager</description>
|
501
613
|
<example>Basic realm="Lyris ListManager: enter email address and password"</example>
|
502
614
|
<param pos="0" name="service.vendor" value="Lyris"/>
|
503
615
|
<param pos="0" name="service.product" value="ListManager"/>
|
504
616
|
</fingerprint>
|
617
|
+
|
505
618
|
-->
|
619
|
+
|
506
620
|
<!--
|
507
621
|
Basic realm= StarVoice
|
508
622
|
Basic realm="802.11g Remote-Motion CCD Network Camera"
|
@@ -550,7 +664,6 @@ Basic realm="Login to Vigor 3300"
|
|
550
664
|
Basic realm="Login"
|
551
665
|
Basic realm="MR314"
|
552
666
|
Basic realm="NetComm NB1300"
|
553
|
-
Basic realm="NETGEAR DG834 "
|
554
667
|
Basic realm="NetLinx"
|
555
668
|
Basic realm="Netopia-2000"
|
556
669
|
Basic realm="Netopia-3000"
|
@@ -590,7 +703,9 @@ Digest realm="HiPER", domain="222.66.99.209", qop="auth", nonce="aa81b6584c4716f
|
|
590
703
|
Digest realm="i3micro VRG", nonce="1186428394", qop="auth", algorithm=MD5
|
591
704
|
Digest realm="WatchGuard SOHO Configuration",qop="auth",nonce="7c8e98007db668881687bd538e6e8581"
|
592
705
|
-->
|
706
|
+
|
593
707
|
<!-- This is in various PHP coding examples, but is not a reliable FP source:
|
594
708
|
Basic realm="User Login"
|
595
709
|
-->
|
596
|
-
|
710
|
+
|
711
|
+
</fingerprints>
|