recog 2.3.9 → 2.3.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f5780c5e203e7c8dc3133a5b85c3637ea810f26711eef8811b3a473edb8b062
-  data.tar.gz: c72b22caa6baf5718c06b8be97442056c3b892af439cc5e1757c71e88dcd72ce
+  metadata.gz: c46efafef760f2701e6eeee565e715ac04544300ebfb08f0083db856e4c81603
+  data.tar.gz: 4e66bbd5ec6364325c9c7130aeb7434ab20242def9d7200d0e7d8e588f577c40
 SHA512:
-  metadata.gz: 3b4ebdc3592c3e4e7dbaa0e567b9528a521b23b1c509340429719438146cc2ff61c939928b4ef0ae84c59f9089b22317fd16797f1cf80556294ed5966ef21e51
-  data.tar.gz: d93f5cbb5a8bc591888c2d6e26b80787cc9984d0b9a5d5435dfc5aee2172f39bb9905a029c34fd3235d1a33b3f444c425aad2a74db96895b95b6b69a6df934b4
+  metadata.gz: 61ca19b2266100f66d6c220459941ddbc0aa795cbcd2bc52c6782cd66feeb6787a3d1657486ff2af99c196592b5cdabcb2c4d9b33e7efe136f175d2bf5c12bbc
+  data.tar.gz: dd5718510eb4780815fda18496c37afcbb4971246d2b9c6e439ca4697ac17ca1f9e70d3f634b04b5b9be7374e4fc15a346d3177ac5cf827c50e9136f48169009

data/cpe-remap.yaml

@@ -16,10 +16,16 @@ mappings:
       weblogic: weblogic_server
   blue_coat:
     vendor: bluecoat
+  carnegie_mellon_university:
+    vendor: cmu
+    products:
+      cyrus_imap: cyrus_imap_server
   centos:
     vendor: centos
     products:
       linux: centos
+  centos_webpanel:
+    vendor: centos-webpanel
   check_point:
     vendor: checkpoint
   cisco:
@@ -32,6 +38,9 @@ mappings:
     vendor: debian
     products:
       linux: debian_linux
+  embedthis:
+    products:
+       goahead_webserver: goahead
   f5:
     vendor: f5
     products:
@@ -41,14 +50,13 @@ mappings:
     vendor: hp
     products:
       ilo: integrated_lights_out
-      lotus_domino: lotus_domino_server
       tru64_unix: tru64
   ibm:
     vendor: ibm
     products:
       lotus_domino: lotus_domino_server
+      ibm_domino: lotus_domino
       os/400: os_400
-      z/os: z\/os
   jamf:
     products:
       jamf_pro: jamf
@@ -58,6 +66,10 @@ mappings:
       junos_os: junos
   kibana:
     vendor: elasticsearch
+  cz.nic:
+    vendor: knot-dns
+  litespeed_technologies:
+    vendor: litespeedtech
   linux:
     vendor: linux
     products:
@@ -95,6 +107,10 @@ mappings:
     vendor: modwsgi
   mort_bay:
     vendor: mortbay
+  nlnet_labs:
+    vendor: nlnetlabs
+    products:
+      dnsd: name_server_daemon
   net-snmp:
     vendor: net-snmp
     products:

data/identifiers/service_product.txt

@@ -421,6 +421,7 @@ Symantec Endpoint Protection Manager
 Symantec Mail Security for SMTP
 Symantec Messaging Gateway
 TBS FTP Server
+TCP/IP
 TCPIP POP server
 TUX Web Server
 TeamCity

data/identifiers/vendor.txt

@@ -782,6 +782,7 @@ Tomato
 TornadoWeb
 Toshiba
 Trancell
+Treck
 Trend Micro
 Tridium
 Troy

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.9'
+  VERSION = '2.3.14'
 end

data/update_cpes.py

@@ -24,6 +24,7 @@ def parse_cpe_vp_map(file):
                 vp_map[cpe_type] = {}
             if not vendor in vp_map[cpe_type]:
                 vp_map[cpe_type][vendor] = set()
+            product = product.replace('%2f', '/')
             vp_map[cpe_type][vendor].add(product)
         else:
             logging.error("Unexpected CPE %s", cpe_name)
@@ -160,6 +161,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                         continue
 
                 # building the CPE string
+                # Last minute escaping of '/'
+                product = product.replace('/', '\/')
                 cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
 
                 if version:

data/xml/dns_versionbind.xml

@@ -8,6 +8,42 @@
     dnsmasq-2.76-1-ubnt2
   -->
 
+  <!--
+  The following 'assert nothing' block is intended to handle banners so simple
+  that they cannot be attributed to a product or vendor. They are at the
+  beginning of the file as a performance tweak given how frequenty they occur.
+  -->
+
+  <fingerprint pattern="^$">
+    <description>empty string -- assert nothing.</description>
+    <example/>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^none$">
+    <description>bare 'none' -- assert nothing.</description>
+    <example>none</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^null$">
+    <description>bare 'null' -- assert nothing.</description>
+    <example>null</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="(?i)^unknown$">
+    <description>bare 'unknown' -- assert nothing.</description>
+    <example>unknown</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^no version$">
+    <description>bare 'no version' -- assert nothing.</description>
+    <example>no version</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
   <!-- Red Hat package naming:
        https://fedoraproject.org/wiki/Packaging:DistTag
        https://fedoraproject.org/wiki/Packaging:Versioning
@@ -161,6 +197,21 @@
     <param pos="0" name="os.product" value="Zentyal"/>
   </fingerprint>
 
+  <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10[\w~\.]+-Debian$">
+    <description>ISC BIND: Debian 10.0 (buster)</description>
+    <example service.version="9.11.5-P4">9.11.5-P4-5.1+deb10u1-Debian</example>
+    <param pos="0" name="service.vendor" value="ISC"/>
+    <param pos="0" name="service.family" value="BIND"/>
+    <param pos="0" name="service.product" value="BIND"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="10.0"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
+  </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9\+deb8u[\w~\.]+-Debian$">
     <description>ISC BIND: Debian 8.0 (jessie)</description>
     <example service.version="9.9.5">9.9.5-9+deb8u11-Debian</example>
@@ -376,13 +427,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
+  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
     <description>PowerDNS Authoritative Server: format 2</description>
     <example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
     <example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul  4 2016 15:44:39 by root@foo-bar.baz)</example>
     <example service.version="4.0.0-alpha2">PowerDNS Authoritative Server 4.0.0-alpha2 (built Feb 01 2016 00:12:05 by buildbot@baz)</example>
     <example service.version="4.0.0-beta1">PowerDNS Authoritative Server 4.0.0-beta1 (built Feb 01 2016 00:00:00 by buildbot@baz)</example>
     <example service.version="0.0.g56d692a">PowerDNS Authoritative Server 0.0.g56d692a (built Feb 25 2017 13:10:19 by root@foo-bar.baz)</example>
+    <example service.version="4.2.0-rc2.995.master.g8cc411dc4">PowerDNS Authoritative Server 4.2.0-rc2.995.master.g8cc411dc4 (built Nov  6 2019 11:48:12 by root@foo-bar.baz)</example>
     <param pos="0" name="service.vendor" value="PowerDNS"/>
     <param pos="0" name="service.family" value="PowerDNS"/>
     <param pos="0" name="service.product" value="Authoritative Server"/>
@@ -464,6 +516,7 @@
     <param pos="0" name="service.family" value="NSD"/>
     <param pos="0" name="service.product" value="dnsd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^unbound ([\d.]+)$">
@@ -473,6 +526,7 @@
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(?i:unbound)$">
@@ -481,6 +535,21 @@
     <param pos="0" name="service.vendor" value="NLnet Labs"/>
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
+    <description>ISC BIND: Raspbian based on Debian Buster</description>
+    <example service.version="9.11.5-P4">9.11.5-P4-5.1+deb10u1-Raspbian</example>
+    <param pos="0" name="service.vendor" value="ISC"/>
+    <param pos="0" name="service.family" value="BIND"/>
+    <param pos="0" name="service.product" value="BIND"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Raspbian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="10.0"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)-9\+deb8u\d+-Raspbian$">
@@ -517,8 +586,9 @@
     <example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
     <param pos="0" name="service.vendor" value="cz.nic"/>
     <param pos="0" name="service.family" value="Knot"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="Knot DNS"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^UltraDNS Resolver$">
@@ -625,6 +695,34 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
 
+  <!-- This value is a spoofed value. There isn't a publicly available version
+       of Windows with build 6.0.6100 and this explicit string is used in an
+       example of how to change your version on BIND. We tested servers reporting
+       this string and NONE of them were Windows DNS.
+       This fingerprint serves to prevent someone who doesn't know from creating
+       one and stops further pattern matching efforts.
+  -->
+
+  <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
+    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
+    <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
+  </fingerprint>
+
+  <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\w+\))?$">
+    <description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
+    <example>Microsoft DNS 6.0.6003 (1773501D)</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="DNS"/>
+    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.version" value="6.0.6003"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.version" value="Service Pack 2"/>
+    <param pos="0" name="os.build" value="6.0.6003"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
+  </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2008 Service Pack 2</description>
     <example>Microsoft DNS 6.0.6002 (17724D35)</example>
@@ -660,7 +758,8 @@
     <example>DNSServer</example>
     <param pos="0" name="service.vendor" value="Synology"/>
     <param pos="0" name="service.family" value="DSM"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="DNS Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
     <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="DSM"/>
@@ -761,9 +860,10 @@
   <fingerprint pattern="^gdnsd$">
     <description>gdnsd</description>
     <example>gdnsd</example>
-    <param pos="0" name="service.vendor" value="Brandon Black"/>
+    <param pos="0" name="service.vendor" value="gdnsd"/>
     <param pos="0" name="service.family" value="gdnsd"/>
     <param pos="0" name="service.product" value="gdnsd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">
@@ -788,8 +888,8 @@
 
   <fingerprint pattern="^CleanBrowsing v([^ ]+) - (.*)">
     <description>CleanBrowsing DNS Server</description>
-    <example service.vendor="CleanBrowsing" service.family="CleanBrowsing" service.version="1.5a" service.node="dns-edge-usa-west-sunnyvale-p">CleanBrowsing v1.5a - dns-edge-usa-west-sunnyvale-p</example>
-    <example service.vendor="CleanBrowsing" service.family="CleanBrowsing" service.version="1.4a" service.node="dns-edge-usa-west-sunnyvale.cleanbrowsing.org">CleanBrowsing v1.4a - dns-edge-usa-west-sunnyvale.cleanbrowsing.org</example>
+    <example service.version="1.5a" service.node="dns-edge-usa-west-sunnyvale-p">CleanBrowsing v1.5a - dns-edge-usa-west-sunnyvale-p</example>
+    <example service.version="1.4a" service.node="dns-edge-usa-west-sunnyvale.cleanbrowsing.org">CleanBrowsing v1.4a - dns-edge-usa-west-sunnyvale.cleanbrowsing.org</example>
     <param pos="0" name="service.vendor" value="CleanBrowsing"/>
     <param pos="0" name="service.family" value="CleanBrowsing"/>
     <param pos="0" name="service.product" value="DNS"/>
@@ -809,7 +909,7 @@
 
   <fingerprint pattern="^Q9-[^\-]-(.*)$">
     <description>Quad9 Resolver</description>
-    <example service.vendor="IBM" service.family="Quad9" service.product="DNS" service.version="6.0">Q9-P-6.0</example>
+    <example service.version="6.0">Q9-P-6.0</example>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="Quad9"/>
     <param pos="0" name="service.product" value="DNS"/>
@@ -818,10 +918,18 @@
 
   <fingerprint pattern="^keweonDNS v\.(.*)$">
     <description>Keweon DNS</description>
-    <example service.vendor="Keweon" service.product="DNS" service.version="9.63.7201">keweonDNS v.9.63.7201</example>
+    <example service.version="9.63.7201">keweonDNS v.9.63.7201</example>
     <param pos="0" name="service.vendor" value="Keweon"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
 
+  <fingerprint pattern="^Version: recursive-main/(\d+)$">
+    <description>Akamai AnswerX DNS server</description>
+    <example service.version="22386077">Version: recursive-main/22386077</example>
+    <param pos="0" name="service.vendor" value="Akamai"/>
+    <param pos="0" name="service.product" value="AnswerX"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/favicons.xml

@@ -362,11 +362,12 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:jetbrains:teamcity:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^e48c482f8f5a8e5a6249b21a39f911e7$"><description>Cockroach DB Console</description>
+  <fingerprint pattern="^e48c482f8f5a8e5a6249b21a39f911e7$">
+    <description>Cockroach DB Console</description>
     <example>e48c482f8f5a8e5a6249b21a39f911e7</example>
     <param pos="0" name="service.vendor" value="Cockroach Labs"/>
     <param pos="0" name="service.product" value="CockroachDB"/>
-	  <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:4f21edb50ae95a99bbd4aa0a956a179e|1531801cb9e3047e72034ed34da9d104)$">

data/xml/ftp_banners.xml

@@ -360,6 +360,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
 more stuff</example>
+    <param pos="0" name="service.fvendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
@@ -374,16 +375,20 @@ more stuff</example>
     <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
 more text</example>
     <param pos="1" name="pureftpd.config"/>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
     <description>Basic Pure-FTPd banner, no version</description>
     <example>Welcome to Pure-FTPd</example>
     <example>Pure-FTPd.</example>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
@@ -391,26 +396,56 @@ more text</example>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
 more text</example>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
-    <description>Serv-U (only runs on Windows)</description>
+  <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
+
+  <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
+    <description>SolarWinds Serv-U with version </description>
+    <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
+    <description>Serv-U Serv-U with version on Windows</description>
     <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
     <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
-    <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
-    <param pos="0" name="service.vendor" value="Rhino Software"/>
+    <param pos="0" name="service.vendor" value="Serv-U"/>
     <param pos="0" name="service.product" value="Serv-U"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
+    <description>Serv-U Serv-U with version </description>
+    <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
+    <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
+    <param pos="0" name="service.vendor" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Welcom to Serv-U FTP Server$">
+    <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
+    <example>Welcom to Serv-U FTP Server</example>
+  </fingerprint>
+
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
     <description>zftpserver (only runs on Windows)</description>
     <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -427,23 +462,28 @@ more text</example>
     <description>vsFTPd (Very Secure FTP Daemon)</description>
     <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
     <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
 
   <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
     <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
     <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
     <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
     <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd Extended"/>
     <param pos="1" name="service.version"/>
@@ -453,8 +493,10 @@ more text</example>
     <description>vsFTPd (Very Secure FTP Daemon) error message</description>
     <example>OOPS: vsftpd: root is not mounted.</example>
     <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
@@ -463,9 +505,15 @@ more text</example>
     <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
     <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
     <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
-    <param pos="0" name="service.family" value="FileZilla FTP Server"/>
-    <param pos="0" name="service.product" value="FileZilla FTP Server"/>
+    <param pos="0" name="service.vendor" value="Filezilla-Project"/>
+    <param pos="0" name="service.family" value="FileZilla FTP"/>
+    <param pos="0" name="service.product" value="FileZilla Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
   <fingerprint pattern="^\s*APC FTP server ready\.$">
@@ -574,6 +622,7 @@ more text</example>
     <param pos="0" name="os.family" value="z/OS"/>
     <param pos="0" name="os.device" value="Mainframe"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
 
@@ -1291,7 +1340,7 @@ more text</example>
     <param pos="0" name="os.product" value="Tru64 Unix"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
@@ -1314,9 +1363,11 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
-    <description>MikroTik w/o hostname</description>
-    <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
+  <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
+    <description>MikroTik with description</description>
+    <example os.version="6.43.16">Super Thing_Place-  FTP server (MikroTik 6.43.16) ready</example>
+    <example os.version="6.43.16beta2">Super Thing_Place-  FTP server (MikroTik 6.43.16beta2) ready</example>
+    <example os.version="6.43.16rc56">Super Thing_Place-  FTP server (MikroTik 6.43.16rc56) ready</example>
     <param pos="0" name="os.vendor" value="MikroTik"/>
     <param pos="0" name="os.product" value="RouterOS"/>
     <param pos="1" name="os.version"/>
@@ -1721,4 +1772,15 @@ more text</example>
     <param pos="0" name="os.device" value="Printer"/>
   </fingerprint>
 
+  <fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
+    <description>NetWin SurgeFTP</description>
+    <example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
+    <example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
+    <param pos="0" name="service.vendor" value="NetWin"/>
+    <param pos="0" name="service.product" value="SurgeFTP"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
 </fingerprints>