recog 2.3.8 → 2.3.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (67) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -0
  3. data/CONTRIBUTING.md +136 -37
  4. data/README.md +18 -16
  5. data/bin/recog_cleanup +16 -0
  6. data/bin/recog_standardize +30 -6
  7. data/identifiers/README.md +9 -0
  8. data/identifiers/hw_device.txt +77 -0
  9. data/identifiers/hw_family.txt +96 -0
  10. data/identifiers/hw_product.txt +328 -0
  11. data/identifiers/os_architecture.txt +6 -6
  12. data/identifiers/os_device.txt +45 -3
  13. data/identifiers/os_family.txt +206 -41
  14. data/identifiers/os_product.txt +238 -17
  15. data/identifiers/service_family.txt +144 -57
  16. data/identifiers/service_product.txt +384 -83
  17. data/identifiers/vendor.txt +553 -68
  18. data/lib/recog/version.rb +1 -1
  19. data/requirements.txt +1 -1
  20. data/xml/apache_modules.xml +292 -5
  21. data/xml/apache_os.xml +41 -2
  22. data/xml/architecture.xml +11 -3
  23. data/xml/dns_versionbind.xml +76 -8
  24. data/xml/favicons.xml +1700 -0
  25. data/xml/ftp_banners.xml +178 -8
  26. data/xml/h323_callresp.xml +112 -12
  27. data/xml/hp_pjl_id.xml +47 -5
  28. data/xml/html_title.xml +1258 -25
  29. data/xml/http_cookies.xml +64 -9
  30. data/xml/http_servers.xml +667 -37
  31. data/xml/http_wwwauth.xml +141 -26
  32. data/xml/imap_banners.xml +19 -13
  33. data/xml/ldap_searchresult.xml +81 -9
  34. data/xml/mdns_device-info_txt.xml +175 -2
  35. data/xml/mdns_workstation_txt.xml +4 -2
  36. data/xml/mysql_banners.xml +134 -7
  37. data/xml/mysql_error.xml +113 -6
  38. data/xml/nntp_banners.xml +10 -2
  39. data/xml/ntp_banners.xml +80 -4
  40. data/xml/operating_system.xml +89 -3
  41. data/xml/pop_banners.xml +30 -31
  42. data/xml/rsh_resp.xml +11 -2
  43. data/xml/rtsp_servers.xml +22 -2
  44. data/xml/sip_banners.xml +35 -4
  45. data/xml/sip_user_agents.xml +29 -2
  46. data/xml/smb_native_lm.xml +10 -2
  47. data/xml/smb_native_os.xml +79 -2
  48. data/xml/smtp_banners.xml +146 -7
  49. data/xml/smtp_debug.xml +6 -4
  50. data/xml/smtp_ehlo.xml +7 -5
  51. data/xml/smtp_expn.xml +13 -4
  52. data/xml/smtp_help.xml +23 -4
  53. data/xml/smtp_mailfrom.xml +5 -2
  54. data/xml/smtp_noop.xml +6 -5
  55. data/xml/smtp_quit.xml +5 -4
  56. data/xml/smtp_rcptto.xml +5 -2
  57. data/xml/smtp_rset.xml +4 -4
  58. data/xml/smtp_turn.xml +4 -4
  59. data/xml/smtp_vrfy.xml +14 -4
  60. data/xml/snmp_sysdescr.xml +731 -24
  61. data/xml/snmp_sysobjid.xml +47 -2
  62. data/xml/ssh_banners.xml +175 -5
  63. data/xml/telnet_banners.xml +266 -15
  64. data/xml/x11_banners.xml +26 -3
  65. data/xml/x509_issuers.xml +30 -6
  66. data/xml/x509_subjects.xml +200 -31
  67. metadata +8 -2
data/xml/telnet_banners.xml CHANGED
@@ -1,53 +1,63 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints protocol="telnet" database_type="service" preference=".80">
3
3
  <!--
4
4
  TELNET banners with CR/LF/whitespace trimmed from either end.
5
5
  Examples with CR, LF, etc must be base64 encoded in order to past tests.
6
6
  Please follow the style established below.
7
7
  -->
8
+
8
9
  <!--
9
10
  The following 'assert nothing' block is intended to handle banners so simple
10
11
  that they cannot be attributed to a product or vendor. They are at the
11
12
  beginning of the file as a performance tweak given how frequenty they occur.
12
-
13
13
  NOTE:
14
14
  Due to the multi-line nature of TELNET banners the regex are leveraging \A
15
15
  instead of ^ to prevent matching in the beginning of a 'line' (^) instead of
16
16
  at the beginning of the string (\A). This has been verified to work with
17
17
  Ruby, Python, Java, and Golang.
18
18
  -->
19
+
19
20
  <fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
20
21
  <description>bare 'login:' -- assert nothing.</description>
21
22
  <example>login:</example>
22
23
  </fingerprint>
24
+
23
25
  <fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
24
26
  <description>bare 'Username:' -- assert nothing.</description>
25
27
  <example>Username:</example>
26
28
  <example>User:</example>
27
29
  </fingerprint>
30
+
28
31
  <fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
29
32
  <description>bare 'Password:' -- assert nothing.</description>
30
33
  <example>Password:</example>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
33
37
  <description>bare 'Account:' -- assert nothing.</description>
34
38
  <example>Account:</example>
35
39
  </fingerprint>
40
+
36
41
  <fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
37
42
  <description>bare 'Connection refused' -- assert nothing.</description>
38
43
  <example>Connection refused</example>
39
44
  </fingerprint>
45
+
40
46
  <!-- end of assert nothing block -->
47
+
41
48
  <fingerprint pattern="^(?:\r|\n)*User Access Verification(?:\r|\n)+(?:Username|Password):\s*$">
42
49
  <description>Cisco switch or router - user access variant</description>
43
50
  <!-- User Access Verification\r\n\r\nUsername: -->
51
+
44
52
  <example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClVzZXJuYW1lOgo=</example>
45
53
  <!-- User Access Verification\r\n\r\nPassword: -->
54
+
46
55
  <example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClBhc3N3b3JkOgo=</example>
47
56
  <param pos="0" name="service.vendor" value="Cisco"/>
48
57
  <param pos="0" name="os.vendor" value="Cisco"/>
49
58
  <param pos="0" name="hw.vendor" value="Cisco"/>
50
59
  </fingerprint>
60
+
51
61
  <fingerprint pattern="^(?:\r|\n)*Password required, but none set(?:\r|\n)*$">
52
62
  <description>Cisco switch or router - password not set variant</description>
53
63
  <example>Password required, but none set</example>
@@ -55,15 +65,20 @@
55
65
  <param pos="0" name="os.vendor" value="Cisco"/>
56
66
  <param pos="0" name="hw.vendor" value="Cisco"/>
57
67
  </fingerprint>
68
+
58
69
  <fingerprint pattern="^(?:\r|\n)*MikroTik v([\w.]+)(?: \(\w+\))?(?:\r|\n)+Login:\s*$">
59
70
  <description>MikroTik RouterOS</description>
60
71
  <!-- MikroTik v5.2\r\nLogin: -->
72
+
61
73
  <example _encoding="base64" os.version="5.2">TWlrcm9UaWsgdjUuMg0KTG9naW46Cg==</example>
62
74
  <!-- MikroTik v6.42.3 (stable)\r\nLogin: -->
75
+
63
76
  <example _encoding="base64" os.version="6.42.3">TWlrcm9UaWsgdjYuNDIuMyAoc3RhYmxlKQ0KTG9naW46Cg==</example>
64
77
  <!-- MikroTik v6.40.8 (bugfix)\r\nLogin: -->
78
+
65
79
  <example _encoding="base64" os.version="6.40.8">TWlrcm9UaWsgdjYuNDAuOCAoYnVnZml4KQ0KTG9naW46Cg==</example>
66
80
  <!-- MikroTik v6.36rc12 (testing)\r\nLogin: -->
81
+
67
82
  <example _encoding="base64" os.version="6.36rc12">TWlrcm9UaWsgdjYuMzZyYzEyICh0ZXN0aW5nKQ0KTG9naW46Cg==</example>
68
83
  <param pos="0" name="os.vendor" value="MikroTik"/>
69
84
  <param pos="0" name="os.device" value="Router"/>
@@ -73,13 +88,17 @@
73
88
  <param pos="0" name="hw.vendor" value="MikroTik"/>
74
89
  <param pos="0" name="hw.device" value="Router"/>
75
90
  </fingerprint>
91
+
76
92
  <fingerprint pattern="^(?:\r|\n)?ZXHN (\w+)(?: V([\d.]+))?(?:\r|\n)*Login:\s*$">
77
93
  <description>ZTE ZXHN router</description>
78
94
  <!-- ZXHN H108N\r\nLogin: -->
95
+
79
96
  <example _encoding="base64" hw.product="H108N">WlhITiBIMTA4Tg0KTG9naW46Cg==</example>
80
97
  <!-- ZXHN H298A V1.1\r\nLogin: -->
98
+
81
99
  <example _encoding="base64" hw.product="H298A" hw.version="1.1">WlhITiBIMjk4QSBWMS4xDQpMb2dpbjoK</example>
82
100
  <!-- ZXHN H367N\r\n\rLogin: -->
101
+
83
102
  <example _encoding="base64" hw.product="H367N">WlhITiBIMzY3Tg0KDUxvZ2luOgo=</example>
84
103
  <param pos="0" name="hw.vendor" value="ZTE"/>
85
104
  <param pos="0" name="hw.device" value="Router"/>
@@ -87,24 +106,30 @@
87
106
  <param pos="1" name="hw.product"/>
88
107
  <param pos="2" name="hw.version"/>
89
108
  </fingerprint>
109
+
90
110
  <fingerprint pattern="^(F6\d+\w?)\r\n\rLogin:\s*$">
91
111
  <description>ZTE F6xx series GPON router</description>
92
112
  <!-- F668\r\n\rLogin: -->
113
+
93
114
  <example _encoding="base64" hw.product="F668">RjY2OA0KDUxvZ2luOgo=</example>
94
115
  <!-- F612W\r\n\rLogin: -->
116
+
95
117
  <example _encoding="base64" hw.product="F612W">RjYxMlcNCg1Mb2dpbjoK</example>
96
118
  <param pos="0" name="hw.vendor" value="ZTE"/>
97
119
  <param pos="0" name="hw.device" value="Router"/>
98
120
  <param pos="1" name="hw.product"/>
99
121
  </fingerprint>
122
+
100
123
  <fingerprint pattern="^(?:\r|\n)*DD-WRT v([\d.]+)(?:-(\w+))? ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+ \(SVN revision: ([:\w]+)\)(?:\r|\n)+.* login:\s*$">
101
124
  <description>DD-WRT - 24 family</description>
102
125
  <!-- DD-WRT v24-sp2 mini (c) 2013 NewMedia-NET GmbH\r\nRelease: 05/27/13 (SVN revision: 21676)\r\n\r\nDD-WRT login: -->
126
+
103
127
  <example _encoding="base64" os.version="24" os.version.version="sp2" os.edition="mini" os.build="21676">
104
128
  REQtV1JUIHYyNC1zcDIgbWluaSAoYykgMjAxMyBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZ
105
129
  TogMDUvMjcvMTMgKFNWTiByZXZpc2lvbjogMjE2NzYpDQoNCkRELVdSVCBsb2dpbjoK
106
130
  </example>
107
131
  <!-- DD-WRT v24 micro (c) 2010 NewMedia-NET GmbH\r\nRelease: 08/07/10 (SVN revision: 14896)\r\n\r\nProliant DL980R07 X6550 8-core 4P SAS login: -->
132
+
108
133
  <example _encoding="base64" os.version="24" os.edition="micro" os.build="14896">
109
134
  REQtV1JUIHYyNCBtaWNybyAoYykgMjAxMCBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZTogM
110
135
  DgvMDcvMTAgKFNWTiByZXZpc2lvbjogMTQ4OTYpDQoNClByb2xpYW50IERMOTgwUjA3IFg2NT
@@ -120,9 +145,11 @@
120
145
  <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
121
146
  <param pos="0" name="hw.device" value="Router"/>
122
147
  </fingerprint>
148
+
123
149
  <fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+.* login:\s*$">
124
150
  <description>DD-WRT - 3.0 family</description>
125
151
  <!-- DD-WRT v3.0-r34886M std (c) 2018 NewMedia-NET GmbH\r\nRelease: 02/10/18\r\n\r\nwibrate login: -->
152
+
126
153
  <example _encoding="base64" os.version="3.0" os.version.version="r34886M" os.edition="std" os.build="34886M">
127
154
  REQtV1JUIHYzLjAtcjM0ODg2TSBzdGQgKGMpIDIwMTggTmV3TWVkaWEtTkVUIEdtYkgNClJlb
128
155
  GVhc2U6IDAyLzEwLzE4DQoNCndpYnJhdGUgbG9naW46Cg==
@@ -137,33 +164,40 @@
137
164
  <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
138
165
  <param pos="0" name="hw.device" value="Router"/>
139
166
  </fingerprint>
167
+
140
168
  <fingerprint pattern="^(TD-\w+) [\d.]+ DSL Modem Router(?:\r|\n)+Authorization failed after trying \d+ times!!!\.(?:\r|\n)+Please login after \d+ seconds!\s*$">
141
169
  <description>TP-LINK TD Family DSL Modem/Router</description>
142
170
  <!-- TD-W8960N 5.0 DSL Modem Router\r\nAuthorization failed after trying 5 times!!!.\r\nPlease login after 416 seconds! -->
171
+
143
172
  <example _encoding="base64" hw.product="TD-W8960N">
144
173
  VEQtVzg5NjBOIDUuMCBEU0wgTW9kZW0gUm91dGVyDQpBdXRob3JpemF0aW9uIGZhaWxlZCBhZ
145
174
  nRlciB0cnlpbmcgNSB0aW1lcyEhIS4NClBsZWFzZSBsb2dpbiBhZnRlciA0MTYgc2Vjb25kcy
146
175
  E=
147
176
  </example>
148
- <param pos="0" name="hw.vendor" value="TP-Link"/>
177
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
149
178
  <param pos="1" name="hw.product"/>
150
179
  <param pos="0" name="hw.device" value="Router"/>
151
180
  </fingerprint>
181
+
152
182
  <fingerprint pattern="^(?:\r|\n)*ZyXEL login:$">
153
183
  <description>ZyXEL simple</description>
154
184
  <example>ZyXEL login:</example>
155
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
185
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
156
186
  </fingerprint>
187
+
157
188
  <fingerprint pattern="^ZyXEL \w?DSL Router\r\nLogin:$">
158
189
  <description>ZyXEL Router - simple</description>
159
190
  <!-- ZyXEL VDSL Router\r\nLogin: -->
191
+
160
192
  <example _encoding="base64">WnlYRUwgVkRTTCBSb3V0ZXINCkxvZ2luOgo=</example>
161
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
193
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
162
194
  <param pos="0" name="hw.device" value="Router"/>
163
195
  </fingerprint>
196
+
164
197
  <fingerprint pattern="^Debian GNU\/Linux 9(?:\r|\n)+([\w.-]+) login:\s*$">
165
198
  <description>Debian 9.0 (stretch)</description>
166
199
  <!-- Debian GNU/Linux 9\r\nserver-01.2 login: -->
200
+
167
201
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA5DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
168
202
  <param pos="0" name="os.vendor" value="Debian"/>
169
203
  <param pos="0" name="os.family" value="Linux"/>
@@ -172,9 +206,11 @@
172
206
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
173
207
  <param pos="1" name="host.name"/>
174
208
  </fingerprint>
209
+
175
210
  <fingerprint pattern="^Debian GNU\/Linux 8(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
176
211
  <description>Debian 8.0 (jessie)</description>
177
212
  <!-- Debian GNU/Linux 8\r\nserver-01.2 login: -->
213
+
178
214
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA4DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
179
215
  <param pos="0" name="os.vendor" value="Debian"/>
180
216
  <param pos="0" name="os.family" value="Linux"/>
@@ -183,9 +219,11 @@
183
219
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
184
220
  <param pos="1" name="host.name"/>
185
221
  </fingerprint>
222
+
186
223
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 7(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
187
224
  <description>Debian 7.0 (wheezy)</description>
188
225
  <!-- Debian GNU/Linux 7\r\nserver-01.2 login: -->
226
+
189
227
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA3DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
190
228
  <param pos="0" name="os.vendor" value="Debian"/>
191
229
  <param pos="0" name="os.family" value="Linux"/>
@@ -194,9 +232,11 @@
194
232
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
195
233
  <param pos="1" name="host.name"/>
196
234
  </fingerprint>
235
+
197
236
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 6(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
198
237
  <description>Debian 6.0 (sqeeze)</description>
199
238
  <!-- Debian GNU/Linux 6.0\r\nserver-01.2 login: -->
239
+
200
240
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA2LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
201
241
  <param pos="0" name="os.vendor" value="Debian"/>
202
242
  <param pos="0" name="os.family" value="Linux"/>
@@ -205,9 +245,11 @@
205
245
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:6.0"/>
206
246
  <param pos="1" name="host.name"/>
207
247
  </fingerprint>
248
+
208
249
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 5(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
209
250
  <description>Debian 5.0 (lenny)</description>
210
251
  <!-- Debian GNU/Linux 5.0\r\nserver-01.2 login: -->
252
+
211
253
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA1LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
212
254
  <param pos="0" name="os.vendor" value="Debian"/>
213
255
  <param pos="0" name="os.family" value="Linux"/>
@@ -216,9 +258,11 @@
216
258
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:5.0"/>
217
259
  <param pos="1" name="host.name"/>
218
260
  </fingerprint>
261
+
219
262
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 4(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
220
263
  <description>Debian 4.0 (etch)</description>
221
264
  <!-- Debian GNU/Linux 4.0\r\nserver-01.2 login: -->
265
+
222
266
  <example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA0LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
223
267
  <param pos="0" name="os.vendor" value="Debian"/>
224
268
  <param pos="0" name="os.family" value="Linux"/>
@@ -227,9 +271,11 @@
227
271
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:4.0"/>
228
272
  <param pos="1" name="host.name"/>
229
273
  </fingerprint>
274
+
230
275
  <fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux (3.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*$">
231
276
  <description>Debian 3.x (woody/sarge)</description>
232
277
  <!-- Debian GNU/Linux 3.1\r\nserver-01.2 login: -->
278
+
233
279
  <example _encoding="base64" os.version="3.1" host.name="server-01.2">
234
280
  RGViaWFuIEdOVS9MaW51eCAzLjENCnNlcnZlci0wMS4yIGxvZ2luOgo=
235
281
  </example>
@@ -240,13 +286,16 @@
240
286
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
241
287
  <param pos="2" name="host.name"/>
242
288
  </fingerprint>
289
+
243
290
  <fingerprint pattern="^(?:\r|\n)*Ubuntu ([\d.]+)(?: LTS)?(?:\r|\n)+([\w.-]+) login:\s*$">
244
291
  <description>Ubuntu - most versions</description>
245
292
  <!-- Ubuntu 16.04.4 LTS\r\nserver-01.2 login: -->
293
+
246
294
  <example _encoding="base64" os.version="16.04.4" host.name="server-01.2">
247
295
  VWJ1bnR1IDE2LjA0LjQgTFRTDQpzZXJ2ZXItMDEuMiBsb2dpbjoK
248
296
  </example>
249
297
  <!-- Ubuntu 17.04\r\nnginx login: -->
298
+
250
299
  <example _encoding="base64" os.version="17.04" host.name="nginx">
251
300
  VWJ1bnR1IDE3LjA0DQpuZ2lueCBsb2dpbjoK
252
301
  </example>
@@ -257,13 +306,16 @@
257
306
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
258
307
  <param pos="2" name="host.name"/>
259
308
  </fingerprint>
309
+
260
310
  <fingerprint pattern="(?:\r|\n)*Debian GNU\/Linux (2.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*">
261
311
  <description>Debian 2.x (hamm/slink/potato)</description>
262
312
  <!-- Debian GNU/Linux 2.2\r\nserver-01.2 login: -->
313
+
263
314
  <example _encoding="base64" os.version="2.2" host.name="server-01.2">
264
315
  RGViaWFuIEdOVS9MaW51eCAyLjINCnNlcnZlci0wMS4yIGxvZ2luOgo=
265
316
  </example>
266
317
  <!-- Debian GNU/Linux 2.2 localhost.localdomain\r\nmoon login: -->
318
+
267
319
  <example _encoding="base64" os.version="2.2" host.name="moon">
268
320
  RGViaWFuIEdOVS9MaW51eCAyLjIgbG9jYWxob3N0LmxvY2FsZG9tYWluDQptb29uIGxvZ2luOgo=
269
321
  </example>
@@ -274,14 +326,17 @@
274
326
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
275
327
  <param pos="2" name="host.name"/>
276
328
  </fingerprint>
329
+
277
330
  <fingerprint pattern="^CentOS release ([\d.]+) \(Final\)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
278
331
  <description>CentOS</description>
279
332
  <!-- CentOS release 5.9 (Final)\r\nKernel 2.6.18-348.6.1.el5 on an i686\r\nlogin: -->
333
+
280
334
  <example _encoding="base64" os.version="5.9" linux.kernel.version="2.6.18-348.6.1.el5" os.arch="i686">
281
335
  Q2VudE9TIHJlbGVhc2UgNS45IChGaW5hbCkNCktlcm5lbCAyLjYuMTgtMzQ4LjYuMS5lbDUgb
282
336
  24gYW4gaTY4Ng0KbG9naW46Cg==
283
337
  </example>
284
338
  <!-- CentOS release 6.10 (Final)\r\nKernel 2.6.32-754.2.1.el6.x86_64 on an x86_64\r\nserver-01.2 login: -->
339
+
285
340
  <example _encoding="base64" os.version="6.10" linux.kernel.version="2.6.32-754.2.1.el6.x86_64" os.arch="x86_64" host.name="server-01.2">
286
341
  Q2VudE9TIHJlbGVhc2UgNi4xMCAoRmluYWwpDQpLZXJuZWwgMi42LjMyLTc1NC4yLjEuZWw2L
287
342
  ng4Nl82NCBvbiBhbiB4ODZfNjQNCnNlcnZlci0wMS4yIGxvZ2luOgo=
@@ -295,6 +350,7 @@
295
350
  <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
296
351
  <param pos="4" name="host.name"/>
297
352
  </fingerprint>
353
+
298
354
  <fingerprint pattern="^(?:\r|\n)*(RT-AC\d\d\w) login:\s*$">
299
355
  <description>Asus Wireless Access Point/Router - RT-AC prefix</description>
300
356
  <example hw.product="RT-AC54U">RT-AC54U login:</example>
@@ -305,6 +361,7 @@
305
361
  <param pos="0" name="hw.device" value="WAP"/>
306
362
  <param pos="1" name="hw.product"/>
307
363
  </fingerprint>
364
+
308
365
  <fingerprint pattern="^(?:\r|\n)*(AC\d\d00) login:\s*$">
309
366
  <description>Asus Wireless Access Point/Router - AC prefix</description>
310
367
  <example hw.product="AC1000">AC1000 login:</example>
@@ -315,6 +372,7 @@
315
372
  <param pos="0" name="hw.device" value="WAP"/>
316
373
  <param pos="1" name="hw.product"/>
317
374
  </fingerprint>
375
+
318
376
  <fingerprint pattern="^(?:\r|\n)*(Air5\d+\w{0,2}) login:\s*$">
319
377
  <description>Airties</description>
320
378
  <example hw.product="Air5650">Air5650 login:</example>
@@ -323,9 +381,11 @@
323
381
  <param pos="0" name="hw.device" value="WAP"/>
324
382
  <param pos="1" name="hw.product"/>
325
383
  </fingerprint>
384
+
326
385
  <fingerprint pattern="^Amazon Linux AMI release ([\d.]+)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
327
386
  <description>Amazon Linux AMI</description>
328
387
  <!-- Amazon Linux AMI release 2013.09\r\nKernel 3.4.68-59.97.amzn1.x86_64 on an x86_64\r\nserver-01.2 login: -->
388
+
329
389
  <example _encoding="base64" os.version="2013.09" linux.kernel.version="3.4.68-59.97.amzn1.x86_64" os.arch="x86_64" host.name="server-01.2">
330
390
  QW1hem9uIExpbnV4IEFNSSByZWxlYXNlIDIwMTMuMDkNCktlcm5lbCAzLjQuNjgtNTkuOTcuY
331
391
  W16bjEueDg2XzY0IG9uIGFuIHg4Nl82NA0Kc2VydmVyLTAxLjIgbG9naW46Cg==
@@ -338,9 +398,11 @@
338
398
  <param pos="3" name="os.arch"/>
339
399
  <param pos="4" name="host.name"/>
340
400
  </fingerprint>
401
+
341
402
  <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
342
403
  <description>ALCATEL Service Router running TiMOS</description>
343
404
  <!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
405
+
344
406
  <example _encoding="base64" os.version="12.0.R12" hw.product="SR 7750" os.arch="hops64">
345
407
  VGlNT1MtQy0xMi4wLlIxMiBjcG0vaG9wczY0IEFMQ0FURUwgU1IgNzc1MCBDb3B5cmlnaHQgK
346
408
  GMpIDIwMDAtMjAxNSBBbGNhdGVsLUx1Y2VudC4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQ
@@ -356,16 +418,20 @@
356
418
  <param pos="0" name="hw.device" value="Router"/>
357
419
  <param pos="3" name="hw.product"/>
358
420
  </fingerprint>
421
+
359
422
  <!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
423
+
360
424
  <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
361
425
  <description>Nokia Service Router running TiMOS</description>
362
426
  <!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
427
+
363
428
  <example _encoding="base64" os.version="14.0.R5" os.arch="hops64" hw.product="7750 SR">
364
429
  VGlNT1MtQy0xNC4wLlI1IGNwbS9ob3BzNjQgTm9raWEgNzc1MCBTUiBDb3B5cmlnaHQgKGMpI
365
430
  DIwMDAtMjAxNiBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcmV2aXR5DQpMb2
366
431
  dpbjoK
367
432
  </example>
368
433
  <!-- TiMOS-C-14.0.R10 cpm/hops64 Nokia 7950 XRS Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
434
+
369
435
  <example _encoding="base64" os.version="14.0.R10" os.arch="hops64" hw.product="7950 XRS">
370
436
  VGlNT1MtQy0xNC4wLlIxMCBjcG0vaG9wczY0IE5va2lhIDc5NTAgWFJTIENvcHlyaWdodCAoY
371
437
  ykgMjAwMC0yMDE3IE5va2lhLg0NCkJhbm5lciBTaG9ydGVuZWQgRm9yIA0NCkJyZXZpdHkNCk
@@ -381,15 +447,18 @@
381
447
  <param pos="0" name="hw.device" value="Router"/>
382
448
  <param pos="3" name="hw.product"/>
383
449
  </fingerprint>
450
+
384
451
  <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
385
452
  <description>Nokia Service Access Switch running TiMOS</description>
386
453
  <!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
454
+
387
455
  <example _encoding="base64" os.version="8.0.R12" os.arch="hops" hw.product="SAS-Mxp 22F2C 4SFP+ 7210">
388
456
  VGlNT1MtQi04LjAuUjEyIGJvdGgvaG9wcyBOb2tpYSBTQVMtTXhwIDIyRjJDIDRTRlArIDcyM
389
457
  TAgQ29weXJpZ2h0IChjKSAyMDAwLTIwMTcgTm9raWEuDQ0KQmFubmVyIFNob3J0ZW5lZCBGb3
390
458
  IgDQ0KQnJldml0eQ0KTG9naW46Cg==
391
459
  </example>
392
460
  <!-- TiMOS-B-9.0.R9 both/mpc Nokia SAS-M 24F 2XFP 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
461
+
393
462
  <example _encoding="base64" os.version="9.0.R9" os.arch="mpc" hw.product="SAS-M 24F 2XFP 7210">
394
463
  VGlNT1MtQi05LjAuUjkgYm90aC9tcGMgTm9raWEgU0FTLU0gMjRGIDJYRlAgNzIxMCBDb3B5c
395
464
  mlnaHQgKGMpIDIwMDAtMjAxNyBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcm
@@ -405,14 +474,17 @@
405
474
  <param pos="0" name="hw.device" value="Switch"/>
406
475
  <param pos="3" name="hw.product"/>
407
476
  </fingerprint>
477
+
408
478
  <fingerprint pattern="^(?:\r|\n)*Grandstream (HT[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d-\d\d\d\d(?:\r|\n)+Password:\s*$">
409
479
  <description>Grandstream HandyTone Analog Telephone Adapters</description>
410
480
  <!-- Grandstream HT812 Command Shell Copyright 2006-2017\r\nPassword: -->
481
+
411
482
  <example _encoding="base64" hw.product="HT812">
412
483
  R3JhbmRzdHJlYW0gSFQ4MTIgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAwNi0yMDE3DQpQY
413
484
  XNzd29yZDoK
414
485
  </example>
415
486
  <!-- Grandstream HT-502 V2.0A Command Shell Copyright 2006-2014\r\nPassword: -->
487
+
416
488
  <example _encoding="base64" hw.product="HT-502">
417
489
  R3JhbmRzdHJlYW0gSFQtNTAyICBWMi4wQSBDb21tYW5kIFNoZWxsIENvcHlyaWdodCAyMDA2L
418
490
  TIwMTQNClBhc3N3b3JkOgo=
@@ -422,14 +494,17 @@
422
494
  <param pos="0" name="hw.device" value="VoIP"/>
423
495
  <param pos="1" name="hw.product"/>
424
496
  </fingerprint>
497
+
425
498
  <fingerprint pattern="^(?:\r|\n)*Grandstream (GXW[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d(?:-\d\d\d\d)?(?:\r|\n)+Password:\s*$">
426
499
  <description>Grandstream Analog VoIP Gateways</description>
427
500
  <!-- Grandstream GXW-4008 V1.5A Command Shell Copyright 2006-2015\r\nPassword: -->
501
+
428
502
  <example _encoding="base64" hw.product="GXW-4008">
429
503
  R3JhbmRzdHJlYW0gR1hXLTQwMDggIFYxLjVBIENvbW1hbmQgU2hlbGwgQ29weXJpZ2h0IDIwM
430
504
  DYtMjAxNQ0KUGFzc3dvcmQ6Cg==
431
505
  </example>
432
506
  <!-- Grandstream GXW4216 V2.3B Command Shell Copyright 2015\r\nPassword: -->
507
+
433
508
  <example _encoding="base64" hw.product="GXW4216">
434
509
  R3JhbmRzdHJlYW0gR1hXNDIxNiAgVjIuM0IgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAxN
435
510
  Q0KUGFzc3dvcmQ6Cg==
@@ -439,9 +514,11 @@
439
514
  <param pos="0" name="hw.device" value="VoIP"/>
440
515
  <param pos="1" name="hw.product"/>
441
516
  </fingerprint>
517
+
442
518
  <fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
443
519
  <description>Grandstream IP Cameras</description>
444
520
  <!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
521
+
445
522
  <example _encoding="base64" hw.product="GXV3674_FHD_VF">
446
523
  R3JhbmRzdHJlYW0gR1hWMzY3NF9GSERfVkYgICAgU2hlbGwgQ29tbWFuZC5Db3B5aWdodCAyM
447
524
  DExLTIwMTQNClVzZXJuYW1lOgo=
@@ -451,14 +528,17 @@
451
528
  <param pos="0" name="hw.device" value="Web cam"/>
452
529
  <param pos="1" name="hw.product"/>
453
530
  </fingerprint>
531
+
454
532
  <fingerprint pattern="^(?:\r|\n)*Welcome to Polycom RMX\s*(\w+) \(COP\) Console Utility(?:\r|\n)+Copyright \(C\) \d\d\d\d-\d\d\d\d POLYCOM(?:\r|\n)+Password:\s*$">
455
533
  <description>Polycom Real Time Media Conferencing</description>
456
534
  <!-- Welcome to Polycom RMX 500 (COP) Console Utility\r\n\rCopyright (C) 2008-2010 POLYCOM\r\n\r\r\n\rPassword: -->
535
+
457
536
  <example _encoding="base64" hw.product="500">
458
537
  V2VsY29tZSB0byBQb2x5Y29tIFJNWCA1MDAgKENPUCkgQ29uc29sZSBVdGlsaXR5DQoNQ29we
459
538
  XJpZ2h0IChDKSAyMDA4LTIwMTAgUE9MWUNPTQ0KDQ0KDVBhc3N3b3JkOgo=
460
539
  </example>
461
540
  <!-- Welcome to Polycom RMX 1000C (COP) Console Utility\r\n\rCopyright (C) 2008-2012 POLYCOM\r\n\r\r\n\rPassword: -->
541
+
462
542
  <example _encoding="base64" hw.product="1000C">
463
543
  V2VsY29tZSB0byBQb2x5Y29tIFJNWCAxMDAwQyAoQ09QKSBDb25zb2xlIFV0aWxpdHkNCg1Db
464
544
  3B5cmlnaHQgKEMpIDIwMDgtMjAxMiBQT0xZQ09NDQoNDQoNUGFzc3dvcmQ6Cg==
@@ -468,9 +548,11 @@
468
548
  <param pos="0" name="hw.device" value="Video Conferencing"/>
469
549
  <param pos="1" name="hw.product"/>
470
550
  </fingerprint>
551
+
471
552
  <fingerprint pattern="^(?:\r|\n)*Hi, my name is :\s+[\w.\s-]+(?:\r|\n)+Here is what I know about myself:(?:\r|\n)+Model:\s+VSX (\w+)(?:\r|\n)+Serial Number:\s+(\w+)(?:\r|\n)+Software Version:\s+Release ([\d.-]+)\s">
472
553
  <description>Polycom Video Conferencing - VSX Family</description>
473
554
  <!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
555
+
474
556
  <example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
475
557
  SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
476
558
  3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
@@ -485,9 +567,11 @@
485
567
  <param pos="2" name="host.id"/>
486
568
  <param pos="3" name="os.version"/>
487
569
  </fingerprint>
570
+
488
571
  <fingerprint pattern="Polycom Command Shell(?:\r|\n)+XCOM host:\s+localhost port: \d+">
489
572
  <description>Polycom Diagnotic Service</description>
490
573
  <!-- Polycom Command Shell\r\r\nXCOM host: localhost port: 4121\r\r\nTTY name: /dev/pts/0\r\r\nSession type: telnet\r\r\nNCF\r\nNCF\r\n2018-08-15 18:03:10 DEBUG -->
574
+
491
575
  <example _encoding="base64">
492
576
  UG9seWNvbSBDb21tYW5kIFNoZWxsDQ0KWENPTSBob3N0OiAgICBsb2NhbGhvc3QgcG9ydDogN
493
577
  DEyMQ0NClRUWSBuYW1lOiAgICAgL2Rldi9wdHMvMA0NClNlc3Npb24gdHlwZTogdGVsbmV0DQ
@@ -496,9 +580,11 @@
496
580
  <param pos="0" name="hw.vendor" value="Polycom"/>
497
581
  <param pos="0" name="hw.device" value="Video Conferencing"/>
498
582
  </fingerprint>
583
+
499
584
  <fingerprint pattern="^Welcome to the Windows CE Telnet Service on (WEBBOX[\w.-]+)(?:\r|\n)+login:\s*$">
500
585
  <description>Sunny WebBox Windows CE</description>
501
586
  <!-- Welcome to the Windows CE Telnet Service on WEBBOX150000000\r\n\r\nlogin: -->
587
+
502
588
  <example _encoding="base64" host.name="WEBBOX150000000">
503
589
  V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBXRUJCT1gxNTAwM
504
590
  DAwMDANCg0KbG9naW46Cg==
@@ -513,9 +599,11 @@
513
599
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
514
600
  <param pos="1" name="host.name"/>
515
601
  </fingerprint>
602
+
516
603
  <fingerprint pattern="^Welcome to the Windows CE Telnet Service on ([\w.-]+)(?:\r|\n)+login:\s*$">
517
604
  <description>Windows CE</description>
518
605
  <!-- Welcome to the Windows CE Telnet Service on MY-CE-DEVICE\r\n\r\nlogin: -->
606
+
519
607
  <example _encoding="base64" host.name="MY-CE-DEVICE">
520
608
  V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBNWS1DRS1ERVZJQ
521
609
  0UNCg0KbG9naW46Cg==
@@ -526,15 +614,18 @@
526
614
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
527
615
  <param pos="1" name="host.name"/>
528
616
  </fingerprint>
617
+
529
618
  <fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
530
619
  <description>HP Printer - Jet Direct</description>
531
620
  <!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
621
+
532
622
  <example _encoding="base64">
533
623
  SFAgSmV0RGlyZWN0DQpQYXNzd29yZCBpcyBub3Qgc2V0DQoNClBsZWFzZSB0eXBlICJtZW51I
534
624
  iBmb3IgdGhlIE1FTlUgc3lzdGVtLCANCm9yICI/IiBmb3IgaGVscCwgb3IgIi8iIGZvciBjdX
535
625
  JyZW50IHNldHRpbmdzLg0KPgo=
536
626
  </example>
537
627
  <!-- HP JetDirect\r\n\r\nEnter username: -->
628
+
538
629
  <example _encoding="base64">SFAgSmV0RGlyZWN0DQoNCkVudGVyIHVzZXJuYW1lOgo=</example>
539
630
  <param pos="0" name="service.vendor" value="HP"/>
540
631
  <param pos="0" name="service.product" value="JetDirect"/>
@@ -548,16 +639,20 @@
548
639
  <param pos="0" name="hw.product" value="JetDirect"/>
549
640
  <param pos="0" name="hw.device" value="Printer"/>
550
641
  </fingerprint>
642
+
551
643
  <fingerprint pattern="^(?:\r|\n)*%connection closed by remote host!(?:\x00)?$">
552
644
  <description>HP switch blocking connection using network ACL</description>
553
645
  <!-- %connection closed by remote host! -->
646
+
554
647
  <example _encoding="base64">JWNvbm5lY3Rpb24gY2xvc2VkIGJ5IHJlbW90ZSBob3N0IQ==</example>
555
648
  <param pos="0" name="hw.vendor" value="HP"/>
556
649
  <param pos="0" name="hw.device" value="Switch"/>
557
650
  </fingerprint>
651
+
558
652
  <fingerprint pattern="^(?:\r|\n)*Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin:$">
559
653
  <description>Huawei HG series Home Gateway routers</description>
560
654
  <!-- Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin: -->
655
+
561
656
  <example _encoding="base64">
562
657
  V2VsY29tZSBWaXNpdGluZyBIdWF3ZWkgSG9tZSBHYXRld2F5DQpDb3B5cmlnaHQgYnkgSHVhd
563
658
  2VpIFRlY2hub2xvZ2llcyBDby4sIEx0ZC4NCg0KTG9naW46Cg==
@@ -565,9 +660,11 @@
565
660
  <param pos="0" name="hw.vendor" value="Huawei"/>
566
661
  <param pos="0" name="hw.device" value="Router"/>
567
662
  </fingerprint>
663
+
568
664
  <fingerprint pattern="^(?:\r|\n)*Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.(?:(?:\r|\n)+Login authentication)?(?:\r|\n)+Username:$">
569
665
  <description>Huawei Router</description>
570
666
  <!-- Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.\r\n\r\nLogin authentication\r\n\r\n\r\nUsername: -->
667
+
571
668
  <example _encoding="base64">
572
669
  V2FybmluZzogVGVsbmV0IGlzIG5vdCBhIHNlY3VyZSBwcm90b2NvbCwgYW5kIGl0IGlzIHJlY
573
670
  29tbWVuZGVkIHRvIHVzZSBTdGVsbmV0Lg0KDQpMb2dpbiBhdXRoZW50aWNhdGlvbg0KDQoNCl
@@ -576,10 +673,13 @@
576
673
  <param pos="0" name="hw.vendor" value="Huawei"/>
577
674
  <param pos="0" name="hw.device" value="Router"/>
578
675
  </fingerprint>
676
+
579
677
  <fingerprint pattern="^(?:\r|\n)*(?:% Password expiration warning.\r\n)?-+\r\nCisco Configuration Professional \(Cisco CP\) is installed on this device. \r\nThis feature requires the one-time use of the username">
580
678
  <description>Cisco router - Cisco Configuration Pro variant</description>
581
679
  <!-- There are are roughly 69 dash characters before the CRLF in the banner below but can't be included in XML comments. -->
680
+
582
681
  <!-- \r\nCisco Configuration Professional (Cisco CP) is installed on this device. \r\nThis feature requires the one-time use of the username -->
682
+
583
683
  <example _encoding="base64">
584
684
  LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
585
685
  S0tLS0tLS0tLS0tLS0tLS0NCkNpc2NvIENvbmZpZ3VyYXRpb24gUHJvZmVzc2lvbmFsIChDaX
@@ -595,10 +695,13 @@
595
695
  <param pos="0" name="hw.vendor" value="Cisco"/>
596
696
  <param pos="0" name="hw.device" value="Router"/>
597
697
  </fingerprint>
698
+
598
699
  <fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
599
700
  <description>Cisco Catalyst 1900</description>
600
701
  <!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
702
+
601
703
  <!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
704
+
602
705
  <example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
603
706
  Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
604
707
  3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
@@ -618,15 +721,18 @@
618
721
  <param pos="2" name="hw.model"/>
619
722
  <param pos="3" name="host.id"/>
620
723
  </fingerprint>
724
+
621
725
  <fingerprint pattern="^192.0.0.64 login:\s*$">
622
726
  <description>Hikvision cameras and NVRs (multiple)</description>
623
727
  <example>192.0.0.64 login:</example>
624
728
  <param pos="0" name="os.vendor" value="Hikvision"/>
625
729
  <param pos="0" name="hw.vendor" value="Hikvision"/>
626
730
  </fingerprint>
731
+
627
732
  <fingerprint pattern="^Remote Management Console\r\nlogin:\s*$">
628
733
  <description>Juniper Netscreen</description>
629
734
  <!-- Remote Management Console\r\nlogin: -->
735
+
630
736
  <example _encoding="base64">UmVtb3RlIE1hbmFnZW1lbnQgQ29uc29sZQ0KbG9naW46Cg==</example>
631
737
  <param pos="0" name="os.vendor" value="Juniper"/>
632
738
  <param pos="0" name="os.device" value="Firewall"/>
@@ -637,6 +743,7 @@
637
743
  <param pos="0" name="hw.device" value="Firewall"/>
638
744
  <param pos="0" name="hw.product" value="NetScreen"/>
639
745
  </fingerprint>
746
+
640
747
  <fingerprint pattern="^(?:\r|\n)*(FGT\w{13}) login:\s*$">
641
748
  <description>Fortinet FortiGate - w/ autogenerated hostname</description>
642
749
  <example host.name="FGT60C3G13001111">FGT60C3G13001111 login:</example>
@@ -650,6 +757,7 @@
650
757
  <param pos="0" name="hw.device" value="Firewall"/>
651
758
  <param pos="1" name="host.name"/>
652
759
  </fingerprint>
760
+
653
761
  <fingerprint pattern="^(?:\r|\n)*KWS-1043N login:\s*$">
654
762
  <description>Clipcomm KWS router</description>
655
763
  <example hw.product="KWS-1043N">KWS-1043N login:</example>
@@ -657,6 +765,7 @@
657
765
  <param pos="0" name="hw.device" value="Router"/>
658
766
  <param pos="0" name="hw.product" value="KWS-1043N"/>
659
767
  </fingerprint>
768
+
660
769
  <fingerprint pattern="^(?:\r|\n)*(SMCD3\w+-\w\w\w) login:\s*$">
661
770
  <description>SMC Cable Modem</description>
662
771
  <example hw.product="SMCD3GN2-BIZ">SMCD3GN2-BIZ login:</example>
@@ -664,6 +773,7 @@
664
773
  <param pos="0" name="hw.device" value="Cable Modem"/>
665
774
  <param pos="1" name="hw.product"/>
666
775
  </fingerprint>
776
+
667
777
  <fingerprint pattern="^(?:\r|\n)*ADB-4820CD login:\s*$">
668
778
  <description>ADB ADB-4820CD DVR</description>
669
779
  <example>ADB-4820CD login:</example>
@@ -671,6 +781,7 @@
671
781
  <param pos="0" name="hw.device" value="DVR"/>
672
782
  <param pos="0" name="hw.product" value="ADB-4820CD"/>
673
783
  </fingerprint>
784
+
674
785
  <fingerprint pattern="^(?:\r|\n)*IMDVRS login:\s*$">
675
786
  <description>Rifatron IMDVRS DVR</description>
676
787
  <example>IMDVRS login:</example>
@@ -678,41 +789,51 @@
678
789
  <param pos="0" name="hw.family" value="IMDVR"/>
679
790
  <param pos="0" name="hw.device" value="DVR"/>
680
791
  </fingerprint>
792
+
681
793
  <fingerprint pattern="^(?:\r|\n)*Ruijie login:\s*$">
682
794
  <description>Ruijie device (likely router/switch)</description>
683
795
  <example>Ruijie login:</example>
684
796
  <param pos="0" name="hw.vendor" value="Ruijie"/>
685
797
  </fingerprint>
798
+
686
799
  <fingerprint pattern="^Welcome to Microsoft Telnet Service \r\n\n\rlogin:\s*$">
687
800
  <description>Microsoft Windows</description>
688
801
  <!-- Welcome to Microsoft Telnet Service \r\n\n\rlogin: -->
802
+
689
803
  <example _encoding="base64">V2VsY29tZSB0byBNaWNyb3NvZnQgVGVsbmV0IFNlcnZpY2UgDQoKDWxvZ2luOgo=</example>
690
804
  <param pos="0" name="os.vendor" value="Microsoft"/>
691
805
  <param pos="0" name="os.family" value="Windows"/>
692
806
  <param pos="0" name="os.product" value="Windows"/>
693
807
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
694
808
  </fingerprint>
809
+
695
810
  <!-- The following fingerprints are for generic Broadcom hardware where the
696
811
  vendor has left the default banner in place. These could be rebadged by
697
812
  ZTE, CenturyLink, Sky, Huawei, etc.
698
813
  -->
814
+
699
815
  <fingerprint pattern="^(BCM\d+) (?:Broadband|ADSL|xDSL|DSL) Router\r\nLogin:\s*">
700
816
  <description>OEM'd Broadcom Router</description>
701
817
  <!-- BCM963268 Broadband Router\r\nLogin: -->
818
+
702
819
  <example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINCkxvZ2luOgo=</example>
703
820
  <param pos="0" name="hw.device" value="Router"/>
704
821
  <param pos="1" name="hw.product"/>
705
822
  </fingerprint>
823
+
706
824
  <fingerprint pattern="^(BCM\d+) Broadband Router\r\nTelnet is Disabled in WAN Side$">
707
825
  <description>OEM'd Broadcom Router - telnet disabled on WAN side</description>
708
826
  <!-- BCM963268 Broadband Router\r\nTelnet is Disabled in WAN Side -->
827
+
709
828
  <example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINClRlbG5ldCBpcyBEaXNhYmxlZCBpbiBXQU4gU2lkZQo=</example>
710
829
  <param pos="0" name="hw.device" value="Router"/>
711
830
  <param pos="1" name="hw.product"/>
712
831
  </fingerprint>
832
+
713
833
  <fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
714
834
  <description>OEM'd Broadcom Router - input validation code</description>
715
835
  <!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
836
+
716
837
  <example _encoding="base64" hw.product="BCM96318">
717
838
  QkNNOTYzMTggQnJvYWRiYW5kIFJvdXRlcg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09P
718
839
  T09PT09PT09PT09PT09PT09PT09PT09PQ0KICAgICogKiAgICAgICAgICogKiAqICogICAgIC
@@ -728,9 +849,11 @@
728
849
  <param pos="0" name="hw.device" value="Router"/>
729
850
  <param pos="1" name="hw.product"/>
730
851
  </fingerprint>
852
+
731
853
  <fingerprint pattern="^(BCM\d+) Broadband Router\r\nMaximum number of incorrect account entries exceeded.">
732
854
  <description>OEM'd Broadcom Router - Max incorrect tries - variant 1</description>
733
855
  <!-- BCM96328 Broadband Router\r\nMaximum number of incorrect account entries exceeded. -->
856
+
734
857
  <example _encoding="base64" hw.product="BCM96328">
735
858
  QkNNOTYzMjggQnJvYWRiYW5kIFJvdXRlcg0KTWF4aW11bSBudW1iZXIgb2YgaW5jb3JyZWN0I
736
859
  GFjY291bnQgZW50cmllcyBleGNlZWRlZC4K
@@ -738,9 +861,11 @@
738
861
  <param pos="0" name="hw.device" value="Router"/>
739
862
  <param pos="1" name="hw.product"/>
740
863
  </fingerprint>
864
+
741
865
  <fingerprint pattern="^(BCM\d+) Broadband Router\r\nSorry, you need to wait for \d+ second before next login attempt.(?:\r|\n)*">
742
866
  <description>OEM'd Broadcom Router - Max incorrect tries - variant 2</description>
743
867
  <!-- BCM96816 Broadband Router\r\nSorry, you need to wait for 119 second before next login attempt. -->
868
+
744
869
  <example _encoding="base64" hw.product="BCM96816">
745
870
  QkNNOTY4MTYgQnJvYWRiYW5kIFJvdXRlcg0KU29ycnksIHlvdSBuZWVkIHRvIHdhaXQgZm9yI
746
871
  DExOSBzZWNvbmQgYmVmb3JlIG5leHQgbG9naW4gYXR0ZW1wdC4K
@@ -748,10 +873,13 @@
748
873
  <param pos="0" name="hw.device" value="Router"/>
749
874
  <param pos="1" name="hw.product"/>
750
875
  </fingerprint>
876
+
751
877
  <!-- Moxa Industrial Solutions-->
878
+
752
879
  <fingerprint pattern="^(?:\r|\n)*NPort (NP6[\w-]+)(?:\r|\n|\x00)+Console terminal type">
753
880
  <description>Moxa NPort Terminal Server - 6xxx Series</description>
754
881
  <!-- NPort NP6610-32\r\u0000\nConsole terminal type (1: ansi/vt100, 2: vt52) : 1 -->
882
+
755
883
  <example _encoding="base64" hw.product="NP6610-32">
756
884
  TlBvcnQgTlA2NjEwLTMyDQAKQ29uc29sZSB0ZXJtaW5hbCB0eXBlICgxOiBhbnNpL3Z0MTAwLC
757
885
  AyOiB2dDUyKSA6IDE=
@@ -761,9 +889,11 @@
761
889
  <param pos="0" name="hw.device" value="Device Server"/>
762
890
  <param pos="1" name="hw.product"/>
763
891
  </fingerprint>
892
+
764
893
  <fingerprint pattern="^Model name\s+: NPort (IA-\d+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+System uptime">
765
894
  <description>Moxa NPort Device Server - IA Series</description>
766
895
  <!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
896
+
767
897
  <example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
768
898
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
769
899
  DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
@@ -779,10 +909,13 @@
779
909
  <param pos="4" name="os.version"/>
780
910
  <param pos="5" name="os.version.version"/>
781
911
  </fingerprint>
912
+
782
913
  <fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
783
914
  <description>Moxa NPort Device Server - 5xxx Series</description>
784
915
  <!-- Some versions of the banner below have a line full of dashes which cannot be included in the example comment -->
916
+
785
917
  <!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
918
+
786
919
  <example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
787
920
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
788
921
  iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
@@ -798,9 +931,11 @@
798
931
  <param pos="4" name="os.version"/>
799
932
  <param pos="5" name="os.version.version"/>
800
933
  </fingerprint>
934
+
801
935
  <fingerprint pattern="^Model name\s+: MGate (MB3[\w-]+)(?:\r|\n|\x00|)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
802
936
  <description>Moxa MGate Modbus Gateway</description>
803
937
  <!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
938
+
804
939
  <example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
805
940
  TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
806
941
  Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
@@ -816,9 +951,11 @@
816
951
  <param pos="4" name="os.version"/>
817
952
  <param pos="5" name="os.version.version"/>
818
953
  </fingerprint>
954
+
819
955
  <fingerprint pattern="^Model name\s+: (NE[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
820
956
  <description>Moxa NE Series Embedded device server</description>
821
957
  <!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
958
+
822
959
  <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
823
960
  TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
824
961
  kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
@@ -833,25 +970,29 @@
833
970
  <param pos="4" name="os.version"/>
834
971
  <param pos="5" name="os.version.version"/>
835
972
  </fingerprint>
973
+
836
974
  <fingerprint pattern="^Red Hat Linux release ([^\\s]+)\\s*.*$">
837
975
  <description>RedHat general purpose linux</description>
838
976
  <!-- Red Hat Linux release 9 (Shrike)\nKernel 2.4.20-8 on an i686\nlogin: -->
977
+
839
978
  <example _encoding="base64" os.version="9 (Shrike)">
840
979
  UmVkIEhhdCBMaW51eCByZWxlYXNlIDkgKFNocmlrZSlcbktlcm5lbCAyLjQuMjAtOCBvbiBhbiBpNjg2XG5sb2dpbjo=
841
980
  </example>
842
- <param pos="0" name="os.vendor" value="RedHat"/>
981
+ <param pos="0" name="os.vendor" value="Red Hat"/>
843
982
  <param pos="0" name="os.family" value="Linux"/>
844
983
  <param pos="0" name="os.device" value="Linux"/>
845
984
  <param pos="1" name="os.version"/>
846
985
  </fingerprint>
986
+
847
987
  <fingerprint pattern="^(?m)Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
848
988
  <description>RedHat Enterprise Linux ES</description>
849
989
  <!-- Red Hat Enterprise Linux ES release 3 (Taroon Update 9\nKernel 2.4.21-47.EL on an x86_64\nlogin: -->
990
+
850
991
  <example _encoding="base64" os.version="3" linux.kernel.version="2.4.21-47.EL" os.arch="x86_64">
851
992
  UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IEVTIHJlbGVhc2UgMyAoVGFyb29uIFVwZGF0ZSA5KQpLZXJuZWwgMi40LjIxLTQ3Lk
852
993
  VMIG9uIGFuIHg4Nl82NApsb2dpbjo=
853
994
  </example>
854
- <param pos="0" name="os.vendor" value="RedHat"/>
995
+ <param pos="0" name="os.vendor" value="Red Hat"/>
855
996
  <param pos="0" name="os.family" value="Linux"/>
856
997
  <param pos="0" name="os.product" value="Linux"/>
857
998
  <param pos="1" name="os.version"/>
@@ -859,41 +1000,47 @@
859
1000
  <param pos="3" name="os.arch"/>
860
1001
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
861
1002
  </fingerprint>
1003
+
862
1004
  <fingerprint pattern="^(?m)Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
863
1005
  <description>RedHat Enterprise Linux AS</description>
864
1006
  <!-- Red Hat Enterprise Linux AS release 5.8 (Tikanga)\nKernel 2.6.18-308.11.1.el5 on an x86_64\nlogin: -->
1007
+
865
1008
  <example _encoding="base64" os.version="5.8" linux.kernel.version="2.6.18-308.11.1.el5" os.arch="x86_64">
866
1009
  UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IEFTIHJlbGVhc2UgNS44IChUaWthbmdhKQpLZXJuZWwgM
867
1010
  i42LjE4LTMwOC4xMS4xLmVsNSBvbiBhbiB4ODZfNjQKbG9naW46
868
1011
  </example>
869
- <param pos="0" name="os.vendor" value="RedHat"/>
1012
+ <param pos="0" name="os.vendor" value="Red Hat"/>
870
1013
  <param pos="0" name="os.family" value="Linux"/>
871
1014
  <param pos="0" name="os.product" value="RedHat Enterprise AS"/>
872
1015
  <param pos="1" name="os.version"/>
873
1016
  <param pos="2" name="linux.kernel.version"/>
874
1017
  <param pos="3" name="os.arch"/>
875
1018
  </fingerprint>
1019
+
876
1020
  <fingerprint pattern="^(?m)Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
877
1021
  <description>RedHat Enterprise Linux WS</description>
878
1022
  <!--Red Hat Enterprise Linux WS release 2.1 (Tampa) \nKernel 2.4.9-e.40smp on an i686 \nlogin: -->
1023
+
879
1024
  <example _encoding="base64" os.version="2.1" linux.kernel.version="2.4.9-e.40smp" os.arch="i686">
880
1025
  UmVkIEhhdCBFbnRlcnByaXNlIExpbnV4IFdTIHJlbGVhc2UgMi4xIChUYW1wY
881
1026
  SkgCktlcm5lbCAyLjQuOS1lLjQwc21wIG9uIGFuIGk2ODYgCmxvZ2luOiA=
882
1027
  </example>
883
- <param pos="0" name="os.vendor" value="RedHat"/>
1028
+ <param pos="0" name="os.vendor" value="Red Hat"/>
884
1029
  <param pos="0" name="os.family" value="Linux"/>
885
1030
  <param pos="0" name="os.product" value="RedHat Enterprise WS"/>
886
1031
  <param pos="1" name="os.version"/>
887
1032
  <param pos="2" name="linux.kernel.version"/>
888
1033
  <param pos="3" name="os.arch"/>
889
1034
  </fingerprint>
1035
+
890
1036
  <fingerprint pattern="^(?m)Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
891
1037
  <description>Fedora Core Release</description>
892
1038
  <!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
1039
+
893
1040
  <example _encoding="base64" os.version="1" linux.kernel.version="2.4.20-13.9ensim-3.5.0-13" os.arch="i686">
894
1041
  RmVkb3JhIENvcmUgcmVsZWFzZSAxIChZYXJyb3cpCktlcm5lbCAyLjQuMjAtMTMuOWVuc2ltLTMuNS4wLTEzIG9uIGFuIGk2ODYKbG9naW46
895
1042
  </example>
896
- <param pos="0" name="os.vendor" value="Redhat"/>
1043
+ <param pos="0" name="os.vendor" value="Red Hat"/>
897
1044
  <param pos="0" name="os.family" value="Linux"/>
898
1045
  <param pos="0" name="os.product" value="Fedora"/>
899
1046
  <param pos="1" name="os.version"/>
@@ -901,9 +1048,11 @@
901
1048
  <param pos="3" name="os.arch"/>
902
1049
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
903
1050
  </fingerprint>
1051
+
904
1052
  <fingerprint pattern="^(?m)Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
905
1053
  <description>SuSE Linux</description>
906
1054
  <!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
1055
+
907
1056
  <example _encoding="base64" os.version="7.0" os.arch="i386" linux.kernel.version="2.2.16-RAID (0). 2VG029037">
908
1057
  V2VsY29tZSB0byBTdVNFIExpbnV4IDcuMCAoaTM4NikgLSBLZXJuZWwgMi4yLjE2LVJBSUQgKDApLiAyVkcwMjkwMzcgCgpsb2dpbjo=
909
1058
  </example>
@@ -915,9 +1064,11 @@
915
1064
  <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:{os.version}"/>
916
1065
  <param pos="3" name="linux.kernel.version"/>
917
1066
  </fingerprint>
1067
+
918
1068
  <fingerprint pattern="^Turbolinux ApplianceServer (\d+\.\d+).*">
919
1069
  <description>Turbolinux ApplianceServer</description>
920
1070
  <!--Turbolinux ApplianceServer 4.0 (Atlas2) Linux 2.6.32-431.23.3.el6.x86_64 on a x86_64\n(senyo191x89.digitalink.ne.jp) TTY: 12:15 on Tuesday, 02 October 2018 login: -->
1071
+
921
1072
  <example _encoding="base64" os.version="4.0">
922
1073
  VHVyYm9saW51eCBBcHBsaWFuY2VTZXJ2ZXIgNC4wIChBdGxhczIpIExpbnV4IDIuNi4zMi00MzEuMjMuMy5lbDYueDg
923
1074
  2XzY0IG9uIGEgeDg2XzY0IChzZW55bzE5MXg4OS5kaWdpdGFsaW5rLm5lLmpwKSBUVFk6IDEyOjE1IG9uIFR1ZXNkYX
@@ -928,9 +1079,11 @@
928
1079
  <param pos="0" name="os.product" value="Linux"/>
929
1080
  <param pos="1" name="os.version"/>
930
1081
  </fingerprint>
1082
+
931
1083
  <fingerprint pattern="^UnixWare ([^ ]+).*$">
932
1084
  <description>UnixWare</description>
933
1085
  <!-- UnixWare 2.1.3 (profil) (pts/3)\n\n\nlogin: -->
1086
+
934
1087
  <example _encoding="base64" os.version="2.1.3">
935
1088
  VW5peFdhcmUgMi4xLjMgKHByb2ZpbCkgKHB0cy8zKQoKCgpsb2dpbjog
936
1089
  </example>
@@ -940,9 +1093,11 @@
940
1093
  <param pos="0" name="os.product" value="UnixWare"/>
941
1094
  <param pos="1" name="os.version"/>
942
1095
  </fingerprint>
1096
+
943
1097
  <fingerprint pattern="^Telnet Server Build (5.*)">
944
1098
  <description>Windows 2000</description>
945
1099
  <!--Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)\nWelcome to Microsoft Telnet Service \nTelnet Server Build 5.00.99034.1\nlogin: -->
1100
+
946
1101
  <example _encoding="base64" os.version="5.00.99034.1">
947
1102
  TWljcm9zb2Z0IChSKSBXaW5kb3dzIE5UIChUTSkgVmVyc2lvbiA0LjAwIChCdWlsZCAxMzgxKQpXZWxj
948
1103
  b21lIHRvIE1pY3Jvc29mdCBUZWxuZXQgU2VydmljZSAKVGVsbmV0IFNlcnZlciBCdWlsZCA1LjAwLjk5MDM0LjEKCmxvZ2luOiA=
@@ -953,9 +1108,11 @@
953
1108
  <param pos="1" name="os.version"/>
954
1109
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
955
1110
  </fingerprint>
1111
+
956
1112
  <fingerprint pattern="^Welcome. Type return, enter password at # prompt">
957
1113
  <description>Brother Printer</description>
958
1114
  <!-- Welcome. Type return, enter password at # prompt -->
1115
+
959
1116
  <example _encoding="base64">
960
1117
  V2VsY29tZS4gVHlwZSByZXR1cm4sIGVudGVyIHBhc3N3b3JkIGF0ICMgcHJvbXB0Cg==
961
1118
  </example>
@@ -964,9 +1121,11 @@
964
1121
  <param pos="0" name="os.device" value="Printer"/>
965
1122
  <param pos="0" name="os.product" value="Brother Printer"/>
966
1123
  </fingerprint>
1124
+
967
1125
  <fingerprint pattern="^(.*) Copyright by ARESCOM">
968
1126
  <description>Arescom System</description>
969
1127
  <!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
1128
+
970
1129
  <example _encoding="base64" os.model="NDS1260HE-TLI">
971
1130
  TkRTMTI2MEhFLVRMSSBDb3B5cmlnaHQgYnkgQVJFU0NPTSAyMDAyCgoKClBhc3N3b3JkOgo=
972
1131
  </example>
@@ -974,30 +1133,36 @@
974
1133
  <param pos="0" name="os.device" value="WAP"/>
975
1134
  <param pos="1" name="os.model"/>
976
1135
  </fingerprint>
1136
+
977
1137
  <fingerprint pattern="^Welcome to ViewStation">
978
1138
  <description>Polycom ViewStation Video Vonference System</description>
979
1139
  <!-- Welcome to ViewStation\nPassword: -->
1140
+
980
1141
  <example _encoding="base64">
981
1142
  V2VsY29tZSB0byBWaWV3U3RhdGlvbgoKUGFzc3dvcmQ6
982
1143
  </example>
983
1144
  <param pos="0" name="os.vendor" value="Polycom"/>
984
1145
  <param pos="0" name="os.device" value="ViewStation"/>
985
1146
  </fingerprint>
1147
+
986
1148
  <fingerprint pattern="^FlowPoint\/(.*) SDSL \[ATM\] Router .*v(.*) Ready">
987
1149
  <!--FlowPoint/2200 SDSL [ATM] Router fp2200-12 v3.0.2 Ready\nLogin: -->
1150
+
988
1151
  <description>FlowPoint 2200 DSL router</description>
989
1152
  <example _encoding="base64" hw.model="2200" os.version="3.0.2">
990
1153
  Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
991
1154
  </example>
992
- <param pos="0" name="os.vendor" value="Flowpoint"/>
1155
+ <param pos="0" name="os.vendor" value="FlowPoint"/>
993
1156
  <param pos="0" name="hw.device" value="Broadband router"/>
994
1157
  <param pos="0" name="hw.product" value="DSL Router"/>
995
1158
  <param pos="1" name="hw.model"/>
996
1159
  <param pos="2" name="os.version"/>
997
1160
  </fingerprint>
1161
+
998
1162
  <fingerprint pattern="^GlobespanVirata Inc\., Software Release (.*)">
999
1163
  <description>GlobespanVirata broadband router</description>
1000
1164
  <!--GlobespanVirata Inc., Software Release 2.1.040407a3_u_e_A\nCopyright (c) 2001-2003 by GlobespanVirata, Inc.\n\nlogin: -->
1165
+
1001
1166
  <example _encoding="base64" os.version="2.1.040407a3_u_e_A">
1002
1167
  R2xvYmVzcGFuVmlyYXRhIEluYy4sIFNvZnR3YXJlIFJlbGVhc2UgMi4xLjA0MDQwN2EzX3VfZV9BCgpDb3B5cmlnaHQgKG
1003
1168
  MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
@@ -1006,14 +1171,17 @@
1006
1171
  <param pos="0" name="hw.device" value="Broadband router"/>
1007
1172
  <param pos="1" name="os.version"/>
1008
1173
  </fingerprint>
1174
+
1009
1175
  <fingerprint pattern="^VxWorks login:">
1010
1176
  <description>VxWorks embedded device</description>
1011
1177
  <example>VxWorks login: </example>
1012
1178
  <param pos="0" name="os.family" value="VxWorks"/>
1013
1179
  </fingerprint>
1180
+
1014
1181
  <fingerprint pattern=".*Nortel.*Passport ([^ ]*) .*Software Release ([^ ]*).*">
1015
1182
  <description>Nortel Passport</description>
1016
1183
  <!-- *********************************************\n\n\n* Copyright (c) 2003 Nortel Networks, Inc. *\n\n\n* All Rights Reserved *\n\n\n* Passport 8010 *\n\n\n* Software Release 3.5.0.0 *\n\n\n*********************************************\n\n\n\n\nLogin: -->
1184
+
1017
1185
  <example _encoding="base64" os.product="8010" os.version="3.5.0.0">
1018
1186
  KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqXG5cblxuKiBDb3B5cmlnaHQgKG
1019
1187
  MpIDIwMDMgTm9ydGVsIE5ldHdvcmtzLCBJbmMuICAqXG5cblxuKiBBbGwgUmlnaHRzIFJlc2VydmVkICAgICAg
@@ -1026,9 +1194,11 @@
1026
1194
  <param pos="1" name="os.product"/>
1027
1195
  <param pos="2" name="os.version"/>
1028
1196
  </fingerprint>
1197
+
1029
1198
  <fingerprint pattern="^IPSO.* \((.*)\) \(tty.*\)">
1030
1199
  <description>Checkpoint Firewall-1 running on a Nokia IPSO appliance</description>
1031
1200
  <!-- IPSO/i386 (BJ-IDC-FW2) (ttyp7)\n\n\nThis system is for authorized use only.\n\n\n\n\n\n\nlogin: -->
1201
+
1032
1202
  <example _encoding="base64" host.name="BJ-IDC-FW2">
1033
1203
  SVBTTy9pMzg2IChCSi1JREMtRlcyKSAodHR5cDcpCgoKClRoaXMgc3lzdGVtIGlzIGZvciBhdXRob3Jpem
1034
1204
  VkIHVzZSBvbmx5LgoKCgoKCgoKbG9naW46IA==
@@ -1039,10 +1209,13 @@
1039
1209
  <param pos="0" name="os.product" value="IPSO"/>
1040
1210
  <param pos="1" name="host.name"/>
1041
1211
  </fingerprint>
1212
+
1042
1213
  <fingerprint pattern="Tasman Networks Inc.*Telnet Login">
1043
1214
  <description>Tasman Networks Login</description>
1044
1215
  <!-- #\n# Tasman Networks Inc. Telnet Login\n#Escape character is '^]'\n\n\n\nlogin: -->
1216
+
1045
1217
  <!-- Dashes removed from example banner due to xml issue -->
1218
+
1046
1219
  <example _encoding="base64" os.vendor="Tasman Networks">
1047
1220
  Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0
1048
1221
  tLS0tLS0tCiMgVGFzbWFuIE5ldHdvcmtzIEluYy4gVGVsbmV0IExvZ2luCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS
@@ -1053,9 +1226,11 @@
1053
1226
  <param pos="0" name="os.device" value="Router"/>
1054
1227
  <param pos="0" name="os.product" value="Tasman Networks router"/>
1055
1228
  </fingerprint>
1229
+
1056
1230
  <fingerprint pattern="Pragma Systems">
1057
1231
  <description>MS Windows running Pragma TelnetD server</description>
1058
1232
  <!-- Welcome to Gemadept Logistics RF Server\n(C) Copyright 1994-2012 Pragma Systems, Inc.\nlogin name: -->
1233
+
1059
1234
  <example _encoding="base64">
1060
1235
  V2VsY29tZSB0byBHZW1hZGVwdCBMb2dpc3RpY3MgUkYgU2VydmVyCihDKSBDb3B5cmlnaHQgMTk5NC0yMDEyIFB
1061
1236
  yYWdtYSBTeXN0ZW1zLCBJbmMuCgpsb2dpbiBuYW1lOiA=
@@ -1065,9 +1240,11 @@
1065
1240
  <param pos="0" name="os.product" value="Windows"/>
1066
1241
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1067
1242
  </fingerprint>
1243
+
1068
1244
  <fingerprint pattern="^Application Required. No Installation Default">
1069
1245
  <description>probably IBM AS/400 running TN3270 or 5250 emulation server</description>
1070
1246
  <!-- Application Required. No Installation Default\nEnter Application Name: -->
1247
+
1071
1248
  <example _encoding="base64">
1072
1249
  QXBwbGljYXRpb24gUmVxdWlyZWQuIE5vIEluc3RhbGxhdGlvbiBEZWZhdWx0ICAgICAgICA
1073
1250
  gICAgICAgICAgICAgICAgICAgICAgICAgIApFbnRlciBBcHBsaWNhdGlvbiBOYW1lOg==
@@ -1077,9 +1254,11 @@
1077
1254
  <param pos="0" name="os.product" value="OS/400"/>
1078
1255
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1079
1256
  </fingerprint>
1257
+
1080
1258
  <fingerprint pattern="^This copy of the Ataman TCP Remote Logon Services">
1081
1259
  <description>Windows NT/2k/2k3 running Ataman telnet server</description>
1082
1260
  <!-- This copy of the Ataman TCP Remote Logon Services is registered as licensed to:\nECI2/DDMS\nAccount Name: -->
1261
+
1083
1262
  <example _encoding="base64">
1084
1263
  VGhpcyBjb3B5IG9mIHRoZSBBdGFtYW4gVENQIFJlbW90ZSBMb2dvbiBTZXJ2aWNlcyBpcyByZWdpc3RlcmVkIG
1085
1264
  FzIGxpY2Vuc2VkIHRvOgoJRUNJMi9ERE1TCgpBY2NvdW50IE5hbWU6IA==
@@ -1089,9 +1268,11 @@
1089
1268
  <param pos="0" name="os.product" value="Windows"/>
1090
1269
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1091
1270
  </fingerprint>
1271
+
1092
1272
  <fingerprint pattern="Cobalt Linux release\W(.*)\W\(.*">
1093
1273
  <description>Cobalt Linux</description>
1094
1274
  <!-- Cobalt Linux release 6.0 (Shinkansen)\nKernel 2.2.16C37_III on an i586\nlogin: -->
1275
+
1095
1276
  <example _encoding="base64" os.version="6.0">
1096
1277
  Q29iYWx0IExpbnV4IHJlbGVhc2UgNi4wIChTaGlua2Fuc2VuKQpLZXJuZWwgMi4yLjE2QzM3X0lJSSBvbiBhbiBpNTg2CmxvZ2luOiA=
1097
1278
  </example>
@@ -1100,9 +1281,11 @@
1100
1281
  <param pos="0" name="os.product" value="Linux"/>
1101
1282
  <param pos="1" name="os.version"/>
1102
1283
  </fingerprint>
1284
+
1103
1285
  <fingerprint pattern="^Check Point FireWall-1 authenticated Telnet server running on (.*)">
1104
1286
  <description>Check Point Firewall-1</description>
1105
1287
  <!-- Check Point FireWall-1 authenticated Telnet server running on gaatdrf2\nUser: -->
1288
+
1106
1289
  <example _encoding="base64" host.name="gaatdrf2">
1107
1290
  Q2hlY2sgUG9pbnQgRmlyZVdhbGwtMSBhdXRoZW50aWNhdGVkIFRlbG5ldCBzZXJ2ZXIgcnVubmluZyBvbiBnYWF0ZHJmMgoKVXNlcjog
1108
1291
  </example>
@@ -1112,9 +1295,11 @@
1112
1295
  <param pos="0" name="os.product" value="Checkpoint FW1"/>
1113
1296
  <param pos="1" name="host.name"/>
1114
1297
  </fingerprint>
1298
+
1115
1299
  <fingerprint pattern="^Raptor Firewall">
1116
1300
  <description>Raptor Firewall</description>
1117
1301
  <!-- Raptor Firewall Secure Gateway.\nHostname: -->
1302
+
1118
1303
  <example _encoding="base64">
1119
1304
  UmFwdG9yIEZpcmV3YWxsIFNlY3VyZSBHYXRld2F5LgoKSG9zdG5hbWU6IA==
1120
1305
  </example>
@@ -1123,9 +1308,11 @@
1123
1308
  <param pos="0" name="os.device" value="Firewall"/>
1124
1309
  <param pos="0" name="os.product" value="Raptor"/>
1125
1310
  </fingerprint>
1311
+
1126
1312
  <fingerprint pattern="UNIX\(r\) System V Release (\d*.\d*)">
1127
1313
  <description>SunOS (Solaris)</description>
1128
1314
  <!-- Raptor Firewall Secure Gateway.\nHostname: -->
1315
+
1129
1316
  <example _encoding="base64" os.version="4.0">
1130
1317
  VU5JWChyKSBTeXN0ZW0gViBSZWxlYXNlIDQuMCAoVGhlLVNlcnZlcikKCgoKbG9naW46IA==
1131
1318
  </example>
@@ -1135,9 +1322,11 @@
1135
1322
  <param pos="1" name="os.version"/>
1136
1323
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1137
1324
  </fingerprint>
1325
+
1138
1326
  <fingerprint pattern="Solaris (.*)">
1139
1327
  <description>Solaris</description>
1140
1328
  <!-- Seattle Community Network Sun Solaris 1.1.1.B\nPlease login as 'visitor' if you are a visitorn\n\nSunOS UNIX (scn)\n\n\nlogin:-->
1329
+
1141
1330
  <example _encoding="base64" os.version="1.1.1.B">
1142
1331
  U2VhdHRsZSBDb21tdW5pdHkgTmV0d29yayBTdW4gU29sYXJpcyAxLjEuMS5CClBsZWFzZSBsb2dpbiBhcyAndml
1143
1332
  zaXRvcicgaWYgeW91IGFyZSBhIHZpc2l0b3IKCgpTdW5PUyBVTklYIChzY24pCgoKCmxvZ2luOg==
@@ -1148,9 +1337,11 @@
1148
1337
  <param pos="1" name="os.version"/>
1149
1338
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
1150
1339
  </fingerprint>
1340
+
1151
1341
  <fingerprint pattern="^Digital UNIX \(([^)]+).*">
1152
1342
  <description>Digital Unix</description>
1153
1343
  <!-- Digital UNIX (journal) (ttyp2)\n\n\nlogin: -->
1344
+
1154
1345
  <example _encoding="base64" host.name="journal">
1155
1346
  RGlnaXRhbCBVTklYIChqb3VybmFsKSAodHR5cDIpCgoKCmxvZ2luOiA=
1156
1347
  </example>
@@ -1159,9 +1350,11 @@
1159
1350
  <param pos="0" name="os.product" value="Digital Unix"/>
1160
1351
  <param pos="1" name="host.name"/>
1161
1352
  </fingerprint>
1353
+
1162
1354
  <fingerprint pattern="^(?m)Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1163
1355
  <description>Compaq Tru64 UNIX V</description>
1164
1356
  <!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
1357
+
1165
1358
  <example _encoding="base64" os.version="5.1B" os.rev="2650">
1166
1359
  Q29tcGFxIFRydTY0IFVOSVggVjUuMUIgKFJldi4gMjY1MCkgKGRvY2FscGhhKSAocHRzLzExKQoKCgoKCmxvZ2luOg==
1167
1360
  </example>
@@ -1172,9 +1365,11 @@
1172
1365
  <param pos="2" name="os.rev"/>
1173
1366
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1174
1367
  </fingerprint>
1368
+
1175
1369
  <fingerprint pattern="HP-UX ([^ ]+) [A-Z]\.([^ ]+) ([^ ]+) ([^ ]+)\s([^ ]+\)).*$">
1176
1370
  <description>System HP-UX</description>
1177
1371
  <!-- HP-UX ctout B.11.11 U 9000/800 (tc)\nlogin: -->
1372
+
1178
1373
  <example _encoding="base64" host.name="ctout" os.version="11.11" hw.series="9000/800" hw.model="(tc)">
1179
1374
  SFAtVVggY3RvdXQgQi4xMS4xMSBVIDkwMDAvODAwICh0YykKCmxvZ2luOiA=
1180
1375
  </example>
@@ -1188,18 +1383,22 @@
1188
1383
  <param pos="4" name="hw.series"/>
1189
1384
  <param pos="5" name="hw.model"/>
1190
1385
  </fingerprint>
1386
+
1191
1387
  <fingerprint pattern="^Data ONTAP">
1192
1388
  <description>A NetApp apliance</description>
1193
1389
  <!-- Data ONTAP (s500.)\nlogin: -->
1390
+
1194
1391
  <example _encoding="base64">RGF0YSBPTlRBUCAoczUwMC4pCmxvZ2luOiA=</example>
1195
1392
  <param pos="0" name="os.vendor" value="NetApp"/>
1196
1393
  <param pos="0" name="os.family" value="Data ONTAP"/>
1197
1394
  <param pos="0" name="os.product" value="Data ONTAP"/>
1198
1395
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
1199
1396
  </fingerprint>
1397
+
1200
1398
  <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
1201
1399
  <description>OpenVMS</description>
1202
1400
  <!-- Welcome to OpenVMS (TM) Alpha Operating System, Version V8.4 - NOT70\n\nUsername: -->
1401
+
1203
1402
  <example _encoding="base64" os.version="8.4">
1204
1403
  IFdlbGNvbWUgdG8gT3BlblZNUyAoVE0pIEFscGhhIE9wZXJhdGluZyBTeXN0Z
1205
1404
  W0sIFZlcnNpb24gVjguNCAgICAgLSBOT1Q3MAoKClVzZXJuYW1lOiA=
@@ -1209,9 +1408,11 @@
1209
1408
  <param pos="0" name="os.product" value="VMS"/>
1210
1409
  <param pos="1" name="os.version"/>
1211
1410
  </fingerprint>
1411
+
1212
1412
  <fingerprint pattern="^(?m)SCO OpenServer\(TM\) Release ([^ ]+).*$">
1213
1413
  <description>SCO OpenServer</description>
1214
1414
  <!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
1415
+
1215
1416
  <example _encoding="base64" os.version="5">
1216
1417
  U0NPIE9wZW5TZXJ2ZXIoVE0pIFJlbGVhc2UgNSAoYm9tZGlhLmNvLnphKSAodHR5cDYpCgpsb2dpbjo=
1217
1418
  </example>
@@ -1220,9 +1421,11 @@
1220
1421
  <param pos="0" name="os.product" value="OpenServer"/>
1221
1422
  <param pos="1" name="os.version"/>
1222
1423
  </fingerprint>
1424
+
1223
1425
  <fingerprint pattern="^% Username: timeout expired!">
1224
1426
  <description>Some kind of Cisco device</description>
1225
1427
  <!-- % Username: timeout expired!-->
1428
+
1226
1429
  <example _encoding="base64">
1227
1430
  JSBVc2VybmFtZTogIHRpbWVvdXQgZXhwaXJlZCE=
1228
1431
  </example>
@@ -1231,6 +1434,7 @@
1231
1434
  <param pos="0" name="os.product" value="IOS"/>
1232
1435
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1233
1436
  </fingerprint>
1437
+
1234
1438
  <fingerprint pattern="^Welcome to MKS Telnet Server Version">
1235
1439
  <description>Windows running MKS Telnet Server</description>
1236
1440
  <example _encoding="base64">
@@ -1241,15 +1445,18 @@
1241
1445
  <param pos="0" name="os.product" value="Windows"/>
1242
1446
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1243
1447
  </fingerprint>
1448
+
1244
1449
  <fingerprint pattern="^Sorry, this system is engaged\.">
1245
1450
  <description>an embedded print server</description>
1246
1451
  <example>Sorry, this system is engaged.</example>
1247
1452
  <param pos="0" name="os.vendor" value="Epson"/>
1248
1453
  <param pos="0" name="os.device" value="Printer"/>
1249
1454
  </fingerprint>
1455
+
1250
1456
  <fingerprint pattern="^TELNET session now in ESTABLISHED state">
1251
1457
  <description>an Allied Telesyn router</description>
1252
1458
  <!-- TELNET session now in ESTABLISHED state\n\nGEO-003 login: -->
1459
+
1253
1460
  <example _encoding="base64">
1254
1461
  VEVMTkVUIHNlc3Npb24gbm93IGluIEVTVEFCTElTSEVEIHN0YXRlCgpHRU8tMDAzIGxvZ2luOiA=
1255
1462
  </example>
@@ -1257,9 +1464,11 @@
1257
1464
  <param pos="0" name="os.device" value="Router"/>
1258
1465
  <param pos="0" name="os.product" value="Allied Telesyn router"/>
1259
1466
  </fingerprint>
1467
+
1260
1468
  <fingerprint pattern="^CONEXANT SYSTEMS.*ACCESS RUNNER ADSL">
1261
1469
  <description>a Conexant ADSL router</description>
1262
1470
  <!-- CONEXANT SYSTEMS, INC. ACCESS RUNNER ADSL CONSOLE PORT>>>LOGON PASSWORD>3.27****** -->
1471
+
1263
1472
  <example _encoding="base64">
1264
1473
  Q09ORVhBTlQgU1lTVEVNUywgSU5DLiBBQ0NFU1MgUlVOTkVSIEFEU0wgQ09OU09MRSBQ
1265
1474
  T1JUPj4+TE9HT04gUEFTU1dPUkQ+My4yNyoqKioqKg==
@@ -1268,9 +1477,11 @@
1268
1477
  <param pos="0" name="os.device" value="Broadband router"/>
1269
1478
  <param pos="0" name="os.product" value="AccessRunner ADSL router"/>
1270
1479
  </fingerprint>
1480
+
1271
1481
  <fingerprint pattern="^System administrator is connecting from">
1272
1482
  <description>a DrayTek Vigor SOHO Router</description>
1273
1483
  <!-- System administrator is connecting from 54.39.173.86\n\nReject the connection request !!! -->
1484
+
1274
1485
  <example _encoding="base64">
1275
1486
  U3lzdGVtIGFkbWluaXN0cmF0b3IgaXMgY29ubmVjdGluZyBmcm9tIDU0LjM5LjE3My44NgoKUmVqZWN0IH
1276
1487
  RoZSBjb25uZWN0aW9uIHJlcXVlc3QgISEh
@@ -1279,9 +1490,11 @@
1279
1490
  <param pos="0" name="hw.device" value="Broadband router"/>
1280
1491
  <param pos="0" name="hw.product" value="Vigor"/>
1281
1492
  </fingerprint>
1493
+
1282
1494
  <fingerprint pattern=".*Version\s(\d*.\d*)\/OpenBSD.*">
1283
1495
  <description>OpenBSD</description>
1284
1496
  <!-- 220 killer09 FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. -->
1497
+
1285
1498
  <example _encoding="base64" os.version="6.4">
1286
1499
  MjIwIGtpbGxlcjA5IEZUUCBzZXJ2ZXIgKFZlcnNpb24gNi40L09wZW5CU0QvTGludXgtZnRwZC0wLjE3KSByZWFkeS4K
1287
1500
  </example>
@@ -1291,9 +1504,11 @@
1291
1504
  <param pos="1" name="os.version"/>
1292
1505
  <param pos="0" name="os.cpe23" value="cpe:/o:openbsd:openbsd:{os.version}"/>
1293
1506
  </fingerprint>
1507
+
1294
1508
  <fingerprint pattern="^FreeBSD\/([^\\s]+)\s+\(([^\s]+)\)">
1295
1509
  <description>a FreeBSD</description>
1296
1510
  <!-- FreeBSD/amd64 (ms.gymspgs.cz) (pts/0)\n\n\n\nlogin: -->
1511
+
1297
1512
  <example _encoding="base64" os.arch="amd64" host.name="ms.gymspgs.cz">
1298
1513
  RnJlZUJTRC9hbWQ2NCAobXMuZ3ltc3Bncy5jeikgKHB0cy8wKQoKCgpsb2dpbjo=
1299
1514
  </example>
@@ -1304,9 +1519,11 @@
1304
1519
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
1305
1520
  <param pos="2" name="host.name"/>
1306
1521
  </fingerprint>
1522
+
1307
1523
  <fingerprint pattern="^NetBSD">
1308
1524
  <description>NetBSD</description>
1309
1525
  <!-- NetBSD/evbsh3 (Fukuyama.Host_AKS_0555_WL-v2.60d) (ttyp1) -->
1526
+
1310
1527
  <example _encoding="base64">
1311
1528
  TmV0QlNEL21lc3NpbWlwcyAoKSAodHR5cDMpCgpsb2dpbjog
1312
1529
  </example>
@@ -1315,9 +1532,11 @@
1315
1532
  <param pos="0" name="os.product" value="NetBSD"/>
1316
1533
  <param pos="0" name="os.cpe23" value="cpe:/o:netbsd:netbsd:-"/>
1317
1534
  </fingerprint>
1535
+
1318
1536
  <fingerprint pattern="^IRIX\W\((.*)\)">
1319
1537
  <description>SGI IRIX</description>
1320
1538
  <!-- IRIX (artemis.biol.uoa.gr)\n\n\n\nlogin: -->
1539
+
1321
1540
  <example _encoding="base64" host.name="artemis.biol.uoa.gr">
1322
1541
  SVJJWCAoYXJ0ZW1pcy5iaW9sLnVvYS5ncikKCgoKbG9naW46IA==
1323
1542
  </example>
@@ -1327,12 +1546,15 @@
1327
1546
  <param pos="0" name="os.cpe23" value="cpe:/o:sgi:irix:-"/>
1328
1547
  <param pos="1" name="host.name"/>
1329
1548
  </fingerprint>
1549
+
1330
1550
  <fingerprint pattern="(?m)(ES|RS)\s([^\s]+) System Software, Version ([^\s]+).*Riverstone Networks" flags="REG_MULTILINE">
1331
1551
  <description>a Riverstone router</description>
1332
1552
  <!-- Using '+' instead of '-' due to xml issue -->
1553
+
1333
1554
  <!-- ++++++++++++++++++++++++++++++++++\nES 10170 System Software, Version 9.3.0.4\n
1334
1555
  Riverstone Networks, Inc., Copyright (c) 2000-2003. All rights reserved.\nSystem started on 2018-09-06 15:58:\n
1335
1556
  +++++++++++++++++++++++++++++++++++++++ -->
1557
+
1336
1558
  <example _encoding="base64" os.product="10170" os.version="9.3.0.4" os.family="ES">
1337
1559
  LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
1338
1560
  S0tLS0tLQpFUyAxMDE3MCBTeXN0ZW0gU29mdHdhcmUsIFZlcnNpb24gOS4zLjAuNApSaXZlcnN0b25lIE5ldH
@@ -1343,6 +1565,7 @@
1343
1565
  <!-- +++++++++++++++++++++++++++++++++++++++\nRS 10170 System Software, Version 9.3.0.5\n
1344
1566
  Riverstone Networks, Inc., Copyright (c) 2000-2003. All rights reserved.\nSystem started on 2018-09-06 15:58:\n
1345
1567
  +++++++++++++++++++++++++++++++++++++++ -->
1568
+
1346
1569
  <example _encoding="base64" os.product="8000" os.version="9.3.0.5" os.family="RS">
1347
1570
  LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
1348
1571
  S0tLS0tLQpSUyA4MDAwIFN5c3RlbSBTb2Z0d2FyZSwgVmVyc2lvbiA5LjMuMC41ClJpdmVyc3RvbmUgTmV0d2
@@ -1356,6 +1579,7 @@
1356
1579
  <param pos="2" name="os.product"/>
1357
1580
  <param pos="3" name="os.version"/>
1358
1581
  </fingerprint>
1582
+
1359
1583
  <fingerprint pattern="^HP ([^\s]+) ProCurve Switch">
1360
1584
  <description>HP ProCurve Switch</description>
1361
1585
  <!-- ==============================================================================\nHP J4121A ProCurve Switch 4000M\n
@@ -1366,6 +1590,7 @@
1366
1590
  Software feature updates\n* New product announcements\n* Special events\n\n\nPlease register your
1367
1591
  products now at: www.ProCurve.com\n==============================================================================\n
1368
1592
  \n\nUsername: -->
1593
+
1369
1594
  <example _encoding="base64" os.product="J4121A">
1370
1595
  PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09P
1371
1596
  T09PT09PT09PT09PT09PT09PT09PT09CkhQIEo0MTIxQSBQcm9DdXJ2ZSBTd2l0Y2ggNDAwME
@@ -1389,11 +1614,13 @@
1389
1614
  <param pos="0" name="os.device" value="Switch"/>
1390
1615
  <param pos="1" name="os.product"/>
1391
1616
  </fingerprint>
1617
+
1392
1618
  <fingerprint pattern="^(?m).*ConnectUPS">
1393
1619
  <description>PowerWare ConnectUPS</description>
1394
1620
  <!-- +============================================================================+\n| [ ConnectUPS Web/SNMP
1395
1621
  Card Configuration Utility ] |\n+============================================================================+\n
1396
1622
  \nEnter Password: -->
1623
+
1397
1624
  <example _encoding="base64">
1398
1625
  Kz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0
1399
1626
  9PT09PT09PT09PT09PT0rCnwgICAgICAgICAgICBbIENvbm5lY3RVUFMgV2ViL1NOTVAgQ2FyZCBDb25maW
@@ -1406,9 +1633,11 @@
1406
1633
  <param pos="0" name="os.device" value="UPS"/>
1407
1634
  <param pos="0" name="os.product" value="ConnectUPS"/>
1408
1635
  </fingerprint>
1636
+
1409
1637
  <fingerprint pattern="^Imagistics.*im">
1410
1638
  <description>an Imagistics device</description>
1411
1639
  <!-- Imagistics im3511/im4511 Ver 01.00.20 TELNET server.\nCopyright(c) 2001-2005, silex technology, Inc.\nlogin: -->
1640
+
1412
1641
  <example _encoding="base64">
1413
1642
  SW1hZ2lzdGljcyBpbTM1MTEvaW00NTExIFZlciAwMS4wMC4yMCBURUxORVQgc2VydmVyLgpDb3B5cmlnaH
1414
1643
  QoYykgMjAwMS0yMDA1LCBzaWxleCB0ZWNobm9sb2d5LCBJbmMuCmxvZ2luOiA=
@@ -1418,9 +1647,11 @@
1418
1647
  <param pos="0" name="os.device" value="Multifunction Device"/>
1419
1648
  <param pos="0" name="os.product" value="im"/>
1420
1649
  </fingerprint>
1650
+
1421
1651
  <fingerprint pattern="^NRG Maintenance Shell">
1422
1652
  <description>a Ricoh NRG device</description>
1423
1653
  <!-- NRG Maintenance Shell. \nUser access verification.\nlogin: -->
1654
+
1424
1655
  <example _encoding="base64">
1425
1656
  TlJHIE1haW50ZW5hbmNlIFNoZWxsLiAgIAoKVXNlciBhY2Nlc3MgdmVyaWZpY2F0aW9uLgoKbG9naW46
1426
1657
  </example>
@@ -1428,9 +1659,11 @@
1428
1659
  <param pos="0" name="os.device" value="Printer"/>
1429
1660
  <param pos="0" name="os.product" value="NRG Printer"/>
1430
1661
  </fingerprint>
1662
+
1431
1663
  <fingerprint pattern="^SHARP (AR-[^\\s]+) Ver ([^\\s]+) TELNET server">
1432
1664
  <description>SHARP AR Series multifunction device</description>
1433
1665
  <!-- SHARP AR-M351U Ver 01.00.18 TELNET server.\nCopyright(c) 2001-2005, silex technology, Inc.\nlogin: -->
1666
+
1434
1667
  <example _encoding="base64" os.product="AR-M351U" os.version="01.00.18">
1435
1668
  U0hBUlAgQVItTTM1MVUgVmVyIDAxLjAwLjE4IFRFTE5FVCBzZXJ2ZXIuCkNvcHlyaWdodChjKSAyMDAx
1436
1669
  LTIwMDUsIHNpbGV4IHRlY2hub2xvZ3ksIEluYy4KbG9naW46IA==
@@ -1441,10 +1674,12 @@
1441
1674
  <param pos="1" name="os.product"/>
1442
1675
  <param pos="2" name="os.version"/>
1443
1676
  </fingerprint>
1677
+
1444
1678
  <fingerprint pattern="^SHARP (MX-[^\\s]+) Ver ([^\\s]+) TELNET server">
1445
1679
  <description>SHARP MX Series multifunction device</description>
1446
1680
  <!-- SHARP MX-3610N Ver 01.05.00.0o.18 TELNET server.\nCopyright(C) 2005- SHARP CORPORATION\nCopyright(C) 2005-
1447
1681
  silex technology, Inc.\nlogin: -->
1682
+
1448
1683
  <example _encoding="base64" os.product="MX-3610N" os.version="01.05.00.0o.18">
1449
1684
  U0hBUlAgTVgtMzYxME4gVmVyIDAxLjA1LjAwLjBvLjE4IFRFTE5FVCBzZXJ2ZXIuCkNvcHlyaWdodC
1450
1685
  hDKSAyMDA1LSAgICAgU0hBUlAgQ09SUE9SQVRJT04KQ29weXJpZ2h0KEMpIDIwMDUtICAgICBzaWxl
@@ -1456,11 +1691,13 @@
1456
1691
  <param pos="1" name="os.product"/>
1457
1692
  <param pos="2" name="os.version"/>
1458
1693
  </fingerprint>
1694
+
1459
1695
  <fingerprint pattern="^(?m).*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1460
1696
  <description>System is a Buffalo/MELCO Embedded Print Server</description>
1461
1697
  <!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
1462
1698
  \n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
1463
1699
  Uptime: 0 days, 00: 00: 12\n \nPlease Enter Password:"-->
1700
+
1464
1701
  <example _encoding="base64" os.version="2.00" host.id="PS-B04E8E" os.model="LPV" os.address="AE 32 EA 21 BB E3">
1465
1702
  KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiogV2VsY29tZSB0byBNRUxDTyBQc
1466
1703
  mludCBTZXJ2ZXIgKlxuKiBUZWxuZXQgQ29uc29sZSAqXG4qKioqKioqKioqKioqKioqKioqKioqKi
@@ -1477,9 +1714,11 @@
1477
1714
  <param pos="3" name="os.version"/>
1478
1715
  <param pos="4" name="os.address"/>
1479
1716
  </fingerprint>
1717
+
1480
1718
  <fingerprint pattern="^(?m)AIX Version\W(\d).*">
1481
1719
  <description>System is IBM AIX v</description>
1482
1720
  <!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
1721
+
1483
1722
  <example _encoding="base64" os.version="6">
1484
1723
  QUlYIFZlcnNpb24gNgpDb3B5cmlnaHQgSUJNIENvcnBvcmF0aW9uLCAxOTgyLCAyMDA3Lgpsb2dpbjogCg==
1485
1724
  </example>
@@ -1489,9 +1728,11 @@
1489
1728
  <param pos="1" name="os.version"/>
1490
1729
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1491
1730
  </fingerprint>
1731
+
1492
1732
  <fingerprint pattern="^(?m)CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1493
1733
  <description>System is Cisco UCS Device</description>
1494
1734
  <!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
1735
+
1495
1736
  <example _encoding="base64" host.name="fake-ucs-device-3-1-p">
1496
1737
  Q0lNQyBEZWJ1ZyBGaXJtd2FyZSBVdGlsaXR5IFNoZWxsCmZha2UtdWNzLWRldmljZS0zLTEtcCBsb2dpbjogCg==
1497
1738
  </example>
@@ -1501,6 +1742,7 @@
1501
1742
  <param pos="0" name="os.product" value="UCS Device"/>
1502
1743
  <param pos="1" name="host.name"/>
1503
1744
  </fingerprint>
1745
+
1504
1746
  <fingerprint pattern="^(?m)HP ProLiant.*v(\d+.\d+)">
1505
1747
  <description>Sytem is HP ProLiant server</description>
1506
1748
  <!-- HP ProLiant BL e-Class Integrated Administrator v2.00
@@ -1509,6 +1751,7 @@
1509
1751
  authorized user. Any authorized or unauthorized access and use may be moni-
1510
1752
  tored and can result in criminal or civil prosecution under applicable law.
1511
1753
  IA-00508BEBAA59 login: -->
1754
+
1512
1755
  <example _encoding="base64" os.version="2.00">
1513
1756
  SFAgUHJvTGlhbnQgQkwgZS1DbGFzcyBJbnRlZ3JhdGVkIEFkbWluaXN0cmF0b3IgdjIuMDAKICAgICAgI
1514
1757
  CAgQ29weXJpZ2h0IDIwMDUgSGV3bGV0dC1QYWNrYXJkIERldmVsb3BtZW50IEdyb3VwLCBMLlAuCgogIC
@@ -1526,11 +1769,12 @@
1526
1769
  <param pos="0" name="os.product" value="ProLiant"/>
1527
1770
  <param pos="1" name="os.version"/>
1528
1771
  </fingerprint>
1772
+
1529
1773
  <fingerprint pattern="^Power Measurement Ltd. Meter ION ([[:alnum:]]+)">
1530
1774
  <!-- Power Measurement Ltd. Meter ION 7330V271 ETH ETH7330V272
1531
1775
  Serial#: PB-0204A058-11
1532
-
1533
1776
  login: -->
1777
+
1534
1778
  <description>Power Measurement ION Power Meter</description>
1535
1779
  <example _encoding="base64" hw.vendor="Power Measurement Ltd." hw.family="ION" hw.version="7330V271">
1536
1780
  UG93ZXIgTWVhc3VyZW1lbnQgTHRkLiBNZXRlciBJT04gNzMzMFYyNzEgRVRIIEVUSDczMzBWMjcyCg1TZ
@@ -1540,10 +1784,12 @@
1540
1784
  <param pos="0" name="hw.family" value="ION"/>
1541
1785
  <param pos="1" name="hw.version"/>
1542
1786
  </fingerprint>
1787
+
1543
1788
  <fingerprint pattern="^GW25 v([[:digit:]\.]+) - Intelligent Power Meters GPRS Gateway[[:space:]]+Developed by Satelitech">
1544
1789
  <!-- GW25 v1.2.1 - Intelligent Power Meters GPRS Gateway
1545
1790
  Developed by Satelitech S.A for ESG Dilec
1546
1791
  Enter password: -->
1792
+
1547
1793
  <description>Satelitech Power Meter</description>
1548
1794
  <example _encoding="base64" hw.vendor="Satelitech" hw.family="GW25" hw.version="1.2.1">
1549
1795
  R1cyNSB2MS4yLjEgLSBJbnRlbGxpZ2VudCBQb3dlciBNZXRlcnMgR1BSUyBHYXRld2F5Cg1EZXZlbG9wZ
@@ -1553,10 +1799,11 @@
1553
1799
  <param pos="0" name="hw.family" value="GW25"/>
1554
1800
  <param pos="1" name="hw.version"/>
1555
1801
  </fingerprint>
1802
+
1556
1803
  <fingerprint pattern="^RDK \(A Yocto Project based Distro\) ([^ ]+) Docsis-Gateway">
1557
1804
  <!-- RDK (A Yocto Project based Distro) 2.0 Docsis-Gateway
1558
-
1559
1805
  Docsis-Gateway login: -->
1806
+
1560
1807
  <description>DOCSIS Cable Modem Running RDK</description>
1561
1808
  <example _encoding="base64" hw.device="DOCSIS Cable Modem" os.vendor="Yocto" os.product="RDK" os.version="2.0">
1562
1809
  UkRLIChBIFlvY3RvIFByb2plY3QgYmFzZWQgRGlzdHJvKSAyLjAgRG9jc2lzLUdhdGV3YXkNCg0NCg1Eb
@@ -1567,24 +1814,27 @@
1567
1814
  <param pos="0" name="os.product" value="RDK"/>
1568
1815
  <param pos="1" name="os.version"/>
1569
1816
  </fingerprint>
1817
+
1570
1818
  <fingerprint pattern="^RICOH Maintenance Shell">
1571
1819
  <description>a Ricoh device</description>
1572
1820
  <!-- RICOH Maintenance Shell.
1573
1821
  User access verification.
1574
1822
  login:-->
1823
+
1575
1824
  <example _encoding="base64">
1576
1825
  UklDT0ggTWFpbnRlbmFuY2UgU2hlbGwuICAgCg1Vc2VyIGFjY2VzcyB2ZXJpZmljYXRpb24uCg1sb2dpbjo=
1577
1826
  </example>
1578
1827
  <param pos="0" name="os.vendor" value="Ricoh"/>
1579
1828
  <param pos="0" name="os.device" value="Printer"/>
1580
1829
  </fingerprint>
1830
+
1581
1831
  <fingerprint pattern="Precise/RTCS v([\d\.]+) Telnet server">
1582
1832
  <description>Liebert UPS</description>
1583
1833
  <!-- Precise/RTCS v2.90.00 Telnet server
1584
1834
  Service Port Manager Active
1585
-
1586
1835
  <Esc> Ends Session
1587
1836
  -->
1837
+
1588
1838
  <example _encoding="base64" os.version="2.90.00">
1589
1839
  UHJlY2lzZS9SVENTIHYyLjkwLjAwIFRlbG5ldCBzZXJ2ZXIKCgpTZXJ2aWNlIFBvcnQgTWFuYWdlciBBY3RpdmUKCjxFc2M+IEVuZHMgU2Vzc2lvbgoKroot
1590
1840
  </example>
@@ -1594,4 +1844,5 @@
1594
1844
  <param pos="0" name="os.vendor" value="Liebert"/>
1595
1845
  <param pos="1" name="os.version"/>
1596
1846
  </fingerprint>
1597
- </fingerprints>
1847
+
1848
+ </fingerprints>