recog 2.3.9 → 2.3.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/recog_cleanup +0 -0
- data/cpe-remap.yaml +18 -2
- data/identifiers/service_product.txt +1 -0
- data/identifiers/vendor.txt +1 -0
- data/lib/recog/version.rb +1 -1
- data/update_cpes.py +3 -0
- data/xml/dns_versionbind.xml +116 -8
- data/xml/favicons.xml +3 -2
- data/xml/ftp_banners.xml +72 -10
- data/xml/html_title.xml +28 -0
- data/xml/http_servers.xml +418 -72
- data/xml/http_wwwauth.xml +7 -7
- data/xml/imap_banners.xml +43 -0
- data/xml/pop_banners.xml +57 -2
- data/xml/smtp_banners.xml +84 -2
- data/xml/snmp_sysdescr.xml +2 -1
- data/xml/ssh_banners.xml +7 -3
- data/xml/telnet_banners.xml +227 -7
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c46efafef760f2701e6eeee565e715ac04544300ebfb08f0083db856e4c81603
|
4
|
+
data.tar.gz: 4e66bbd5ec6364325c9c7130aeb7434ab20242def9d7200d0e7d8e588f577c40
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 61ca19b2266100f66d6c220459941ddbc0aa795cbcd2bc52c6782cd66feeb6787a3d1657486ff2af99c196592b5cdabcb2c4d9b33e7efe136f175d2bf5c12bbc
|
7
|
+
data.tar.gz: dd5718510eb4780815fda18496c37afcbb4971246d2b9c6e439ca4697ac17ca1f9e70d3f634b04b5b9be7374e4fc15a346d3177ac5cf827c50e9136f48169009
|
data/bin/recog_cleanup
CHANGED
File without changes
|
data/cpe-remap.yaml
CHANGED
@@ -16,10 +16,16 @@ mappings:
|
|
16
16
|
weblogic: weblogic_server
|
17
17
|
blue_coat:
|
18
18
|
vendor: bluecoat
|
19
|
+
carnegie_mellon_university:
|
20
|
+
vendor: cmu
|
21
|
+
products:
|
22
|
+
cyrus_imap: cyrus_imap_server
|
19
23
|
centos:
|
20
24
|
vendor: centos
|
21
25
|
products:
|
22
26
|
linux: centos
|
27
|
+
centos_webpanel:
|
28
|
+
vendor: centos-webpanel
|
23
29
|
check_point:
|
24
30
|
vendor: checkpoint
|
25
31
|
cisco:
|
@@ -32,6 +38,9 @@ mappings:
|
|
32
38
|
vendor: debian
|
33
39
|
products:
|
34
40
|
linux: debian_linux
|
41
|
+
embedthis:
|
42
|
+
products:
|
43
|
+
goahead_webserver: goahead
|
35
44
|
f5:
|
36
45
|
vendor: f5
|
37
46
|
products:
|
@@ -41,14 +50,13 @@ mappings:
|
|
41
50
|
vendor: hp
|
42
51
|
products:
|
43
52
|
ilo: integrated_lights_out
|
44
|
-
lotus_domino: lotus_domino_server
|
45
53
|
tru64_unix: tru64
|
46
54
|
ibm:
|
47
55
|
vendor: ibm
|
48
56
|
products:
|
49
57
|
lotus_domino: lotus_domino_server
|
58
|
+
ibm_domino: lotus_domino
|
50
59
|
os/400: os_400
|
51
|
-
z/os: z\/os
|
52
60
|
jamf:
|
53
61
|
products:
|
54
62
|
jamf_pro: jamf
|
@@ -58,6 +66,10 @@ mappings:
|
|
58
66
|
junos_os: junos
|
59
67
|
kibana:
|
60
68
|
vendor: elasticsearch
|
69
|
+
cz.nic:
|
70
|
+
vendor: knot-dns
|
71
|
+
litespeed_technologies:
|
72
|
+
vendor: litespeedtech
|
61
73
|
linux:
|
62
74
|
vendor: linux
|
63
75
|
products:
|
@@ -95,6 +107,10 @@ mappings:
|
|
95
107
|
vendor: modwsgi
|
96
108
|
mort_bay:
|
97
109
|
vendor: mortbay
|
110
|
+
nlnet_labs:
|
111
|
+
vendor: nlnetlabs
|
112
|
+
products:
|
113
|
+
dnsd: name_server_daemon
|
98
114
|
net-snmp:
|
99
115
|
vendor: net-snmp
|
100
116
|
products:
|
data/identifiers/vendor.txt
CHANGED
data/lib/recog/version.rb
CHANGED
data/update_cpes.py
CHANGED
@@ -24,6 +24,7 @@ def parse_cpe_vp_map(file):
|
|
24
24
|
vp_map[cpe_type] = {}
|
25
25
|
if not vendor in vp_map[cpe_type]:
|
26
26
|
vp_map[cpe_type][vendor] = set()
|
27
|
+
product = product.replace('%2f', '/')
|
27
28
|
vp_map[cpe_type][vendor].add(product)
|
28
29
|
else:
|
29
30
|
logging.error("Unexpected CPE %s", cpe_name)
|
@@ -160,6 +161,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
160
161
|
continue
|
161
162
|
|
162
163
|
# building the CPE string
|
164
|
+
# Last minute escaping of '/'
|
165
|
+
product = product.replace('/', '\/')
|
163
166
|
cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
|
164
167
|
|
165
168
|
if version:
|
data/xml/dns_versionbind.xml
CHANGED
@@ -8,6 +8,42 @@
|
|
8
8
|
dnsmasq-2.76-1-ubnt2
|
9
9
|
-->
|
10
10
|
|
11
|
+
<!--
|
12
|
+
The following 'assert nothing' block is intended to handle banners so simple
|
13
|
+
that they cannot be attributed to a product or vendor. They are at the
|
14
|
+
beginning of the file as a performance tweak given how frequenty they occur.
|
15
|
+
-->
|
16
|
+
|
17
|
+
<fingerprint pattern="^$">
|
18
|
+
<description>empty string -- assert nothing.</description>
|
19
|
+
<example/>
|
20
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
21
|
+
</fingerprint>
|
22
|
+
|
23
|
+
<fingerprint pattern="^none$">
|
24
|
+
<description>bare 'none' -- assert nothing.</description>
|
25
|
+
<example>none</example>
|
26
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
27
|
+
</fingerprint>
|
28
|
+
|
29
|
+
<fingerprint pattern="^null$">
|
30
|
+
<description>bare 'null' -- assert nothing.</description>
|
31
|
+
<example>null</example>
|
32
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
33
|
+
</fingerprint>
|
34
|
+
|
35
|
+
<fingerprint pattern="(?i)^unknown$">
|
36
|
+
<description>bare 'unknown' -- assert nothing.</description>
|
37
|
+
<example>unknown</example>
|
38
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
39
|
+
</fingerprint>
|
40
|
+
|
41
|
+
<fingerprint pattern="^no version$">
|
42
|
+
<description>bare 'no version' -- assert nothing.</description>
|
43
|
+
<example>no version</example>
|
44
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
45
|
+
</fingerprint>
|
46
|
+
|
11
47
|
<!-- Red Hat package naming:
|
12
48
|
https://fedoraproject.org/wiki/Packaging:DistTag
|
13
49
|
https://fedoraproject.org/wiki/Packaging:Versioning
|
@@ -161,6 +197,21 @@
|
|
161
197
|
<param pos="0" name="os.product" value="Zentyal"/>
|
162
198
|
</fingerprint>
|
163
199
|
|
200
|
+
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10[\w~\.]+-Debian$">
|
201
|
+
<description>ISC BIND: Debian 10.0 (buster)</description>
|
202
|
+
<example service.version="9.11.5-P4">9.11.5-P4-5.1+deb10u1-Debian</example>
|
203
|
+
<param pos="0" name="service.vendor" value="ISC"/>
|
204
|
+
<param pos="0" name="service.family" value="BIND"/>
|
205
|
+
<param pos="0" name="service.product" value="BIND"/>
|
206
|
+
<param pos="1" name="service.version"/>
|
207
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
208
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
209
|
+
<param pos="0" name="os.family" value="Linux"/>
|
210
|
+
<param pos="0" name="os.product" value="Linux"/>
|
211
|
+
<param pos="0" name="os.version" value="10.0"/>
|
212
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
|
213
|
+
</fingerprint>
|
214
|
+
|
164
215
|
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9\+deb8u[\w~\.]+-Debian$">
|
165
216
|
<description>ISC BIND: Debian 8.0 (jessie)</description>
|
166
217
|
<example service.version="9.9.5">9.9.5-9+deb8u11-Debian</example>
|
@@ -376,13 +427,14 @@
|
|
376
427
|
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
377
428
|
</fingerprint>
|
378
429
|
|
379
|
-
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
|
430
|
+
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
|
380
431
|
<description>PowerDNS Authoritative Server: format 2</description>
|
381
432
|
<example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
|
382
433
|
<example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul 4 2016 15:44:39 by root@foo-bar.baz)</example>
|
383
434
|
<example service.version="4.0.0-alpha2">PowerDNS Authoritative Server 4.0.0-alpha2 (built Feb 01 2016 00:12:05 by buildbot@baz)</example>
|
384
435
|
<example service.version="4.0.0-beta1">PowerDNS Authoritative Server 4.0.0-beta1 (built Feb 01 2016 00:00:00 by buildbot@baz)</example>
|
385
436
|
<example service.version="0.0.g56d692a">PowerDNS Authoritative Server 0.0.g56d692a (built Feb 25 2017 13:10:19 by root@foo-bar.baz)</example>
|
437
|
+
<example service.version="4.2.0-rc2.995.master.g8cc411dc4">PowerDNS Authoritative Server 4.2.0-rc2.995.master.g8cc411dc4 (built Nov 6 2019 11:48:12 by root@foo-bar.baz)</example>
|
386
438
|
<param pos="0" name="service.vendor" value="PowerDNS"/>
|
387
439
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
388
440
|
<param pos="0" name="service.product" value="Authoritative Server"/>
|
@@ -464,6 +516,7 @@
|
|
464
516
|
<param pos="0" name="service.family" value="NSD"/>
|
465
517
|
<param pos="0" name="service.product" value="dnsd"/>
|
466
518
|
<param pos="1" name="service.version"/>
|
519
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
|
467
520
|
</fingerprint>
|
468
521
|
|
469
522
|
<fingerprint pattern="^unbound ([\d.]+)$">
|
@@ -473,6 +526,7 @@
|
|
473
526
|
<param pos="0" name="service.family" value="Unbound"/>
|
474
527
|
<param pos="0" name="service.product" value="unbound"/>
|
475
528
|
<param pos="1" name="service.version"/>
|
529
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
|
476
530
|
</fingerprint>
|
477
531
|
|
478
532
|
<fingerprint pattern="^(?i:unbound)$">
|
@@ -481,6 +535,21 @@
|
|
481
535
|
<param pos="0" name="service.vendor" value="NLnet Labs"/>
|
482
536
|
<param pos="0" name="service.family" value="Unbound"/>
|
483
537
|
<param pos="0" name="service.product" value="unbound"/>
|
538
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
|
539
|
+
</fingerprint>
|
540
|
+
|
541
|
+
<fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
|
542
|
+
<description>ISC BIND: Raspbian based on Debian Buster</description>
|
543
|
+
<example service.version="9.11.5-P4">9.11.5-P4-5.1+deb10u1-Raspbian</example>
|
544
|
+
<param pos="0" name="service.vendor" value="ISC"/>
|
545
|
+
<param pos="0" name="service.family" value="BIND"/>
|
546
|
+
<param pos="0" name="service.product" value="BIND"/>
|
547
|
+
<param pos="1" name="service.version"/>
|
548
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
549
|
+
<param pos="0" name="os.vendor" value="Raspbian"/>
|
550
|
+
<param pos="0" name="os.family" value="Linux"/>
|
551
|
+
<param pos="0" name="os.product" value="Linux"/>
|
552
|
+
<param pos="0" name="os.version" value="10.0"/>
|
484
553
|
</fingerprint>
|
485
554
|
|
486
555
|
<fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)-9\+deb8u\d+-Raspbian$">
|
@@ -517,8 +586,9 @@
|
|
517
586
|
<example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
|
518
587
|
<param pos="0" name="service.vendor" value="cz.nic"/>
|
519
588
|
<param pos="0" name="service.family" value="Knot"/>
|
520
|
-
<param pos="0" name="service.product" value="DNS"/>
|
589
|
+
<param pos="0" name="service.product" value="Knot DNS"/>
|
521
590
|
<param pos="1" name="service.version"/>
|
591
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
|
522
592
|
</fingerprint>
|
523
593
|
|
524
594
|
<fingerprint pattern="^UltraDNS Resolver$">
|
@@ -625,6 +695,34 @@
|
|
625
695
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
626
696
|
</fingerprint>
|
627
697
|
|
698
|
+
<!-- This value is a spoofed value. There isn't a publicly available version
|
699
|
+
of Windows with build 6.0.6100 and this explicit string is used in an
|
700
|
+
example of how to change your version on BIND. We tested servers reporting
|
701
|
+
this string and NONE of them were Windows DNS.
|
702
|
+
This fingerprint serves to prevent someone who doesn't know from creating
|
703
|
+
one and stops further pattern matching efforts.
|
704
|
+
-->
|
705
|
+
|
706
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
|
707
|
+
<description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
|
708
|
+
<example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
|
709
|
+
</fingerprint>
|
710
|
+
|
711
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\w+\))?$">
|
712
|
+
<description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
|
713
|
+
<example>Microsoft DNS 6.0.6003 (1773501D)</example>
|
714
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
715
|
+
<param pos="0" name="service.family" value="DNS"/>
|
716
|
+
<param pos="0" name="service.product" value="DNS"/>
|
717
|
+
<param pos="0" name="service.version" value="6.0.6003"/>
|
718
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
719
|
+
<param pos="0" name="os.family" value="Windows"/>
|
720
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
721
|
+
<param pos="0" name="os.version" value="Service Pack 2"/>
|
722
|
+
<param pos="0" name="os.build" value="6.0.6003"/>
|
723
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
|
724
|
+
</fingerprint>
|
725
|
+
|
628
726
|
<fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\w+\))?$">
|
629
727
|
<description>Microsoft DNS on Windows 2008 Service Pack 2</description>
|
630
728
|
<example>Microsoft DNS 6.0.6002 (17724D35)</example>
|
@@ -660,7 +758,8 @@
|
|
660
758
|
<example>DNSServer</example>
|
661
759
|
<param pos="0" name="service.vendor" value="Synology"/>
|
662
760
|
<param pos="0" name="service.family" value="DSM"/>
|
663
|
-
<param pos="0" name="service.product" value="DNS"/>
|
761
|
+
<param pos="0" name="service.product" value="DNS Server"/>
|
762
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
|
664
763
|
<param pos="0" name="os.device" value="NAS"/>
|
665
764
|
<param pos="0" name="os.family" value="Linux"/>
|
666
765
|
<param pos="0" name="os.product" value="DSM"/>
|
@@ -761,9 +860,10 @@
|
|
761
860
|
<fingerprint pattern="^gdnsd$">
|
762
861
|
<description>gdnsd</description>
|
763
862
|
<example>gdnsd</example>
|
764
|
-
<param pos="0" name="service.vendor" value="
|
863
|
+
<param pos="0" name="service.vendor" value="gdnsd"/>
|
765
864
|
<param pos="0" name="service.family" value="gdnsd"/>
|
766
865
|
<param pos="0" name="service.product" value="gdnsd"/>
|
866
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
|
767
867
|
</fingerprint>
|
768
868
|
|
769
869
|
<fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">
|
@@ -788,8 +888,8 @@
|
|
788
888
|
|
789
889
|
<fingerprint pattern="^CleanBrowsing v([^ ]+) - (.*)">
|
790
890
|
<description>CleanBrowsing DNS Server</description>
|
791
|
-
<example service.
|
792
|
-
<example service.
|
891
|
+
<example service.version="1.5a" service.node="dns-edge-usa-west-sunnyvale-p">CleanBrowsing v1.5a - dns-edge-usa-west-sunnyvale-p</example>
|
892
|
+
<example service.version="1.4a" service.node="dns-edge-usa-west-sunnyvale.cleanbrowsing.org">CleanBrowsing v1.4a - dns-edge-usa-west-sunnyvale.cleanbrowsing.org</example>
|
793
893
|
<param pos="0" name="service.vendor" value="CleanBrowsing"/>
|
794
894
|
<param pos="0" name="service.family" value="CleanBrowsing"/>
|
795
895
|
<param pos="0" name="service.product" value="DNS"/>
|
@@ -809,7 +909,7 @@
|
|
809
909
|
|
810
910
|
<fingerprint pattern="^Q9-[^\-]-(.*)$">
|
811
911
|
<description>Quad9 Resolver</description>
|
812
|
-
<example service.
|
912
|
+
<example service.version="6.0">Q9-P-6.0</example>
|
813
913
|
<param pos="0" name="service.vendor" value="IBM"/>
|
814
914
|
<param pos="0" name="service.family" value="Quad9"/>
|
815
915
|
<param pos="0" name="service.product" value="DNS"/>
|
@@ -818,10 +918,18 @@
|
|
818
918
|
|
819
919
|
<fingerprint pattern="^keweonDNS v\.(.*)$">
|
820
920
|
<description>Keweon DNS</description>
|
821
|
-
<example service.
|
921
|
+
<example service.version="9.63.7201">keweonDNS v.9.63.7201</example>
|
822
922
|
<param pos="0" name="service.vendor" value="Keweon"/>
|
823
923
|
<param pos="0" name="service.product" value="DNS"/>
|
824
924
|
<param pos="1" name="service.version"/>
|
825
925
|
</fingerprint>
|
826
926
|
|
927
|
+
<fingerprint pattern="^Version: recursive-main/(\d+)$">
|
928
|
+
<description>Akamai AnswerX DNS server</description>
|
929
|
+
<example service.version="22386077">Version: recursive-main/22386077</example>
|
930
|
+
<param pos="0" name="service.vendor" value="Akamai"/>
|
931
|
+
<param pos="0" name="service.product" value="AnswerX"/>
|
932
|
+
<param pos="1" name="service.version"/>
|
933
|
+
</fingerprint>
|
934
|
+
|
827
935
|
</fingerprints>
|
data/xml/favicons.xml
CHANGED
@@ -362,11 +362,12 @@
|
|
362
362
|
<param pos="0" name="service.cpe23" value="cpe:/a:jetbrains:teamcity:-"/>
|
363
363
|
</fingerprint>
|
364
364
|
|
365
|
-
<fingerprint pattern="^e48c482f8f5a8e5a6249b21a39f911e7$"
|
365
|
+
<fingerprint pattern="^e48c482f8f5a8e5a6249b21a39f911e7$">
|
366
|
+
<description>Cockroach DB Console</description>
|
366
367
|
<example>e48c482f8f5a8e5a6249b21a39f911e7</example>
|
367
368
|
<param pos="0" name="service.vendor" value="Cockroach Labs"/>
|
368
369
|
<param pos="0" name="service.product" value="CockroachDB"/>
|
369
|
-
|
370
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
370
371
|
</fingerprint>
|
371
372
|
|
372
373
|
<fingerprint pattern="^(?:4f21edb50ae95a99bbd4aa0a956a179e|1531801cb9e3047e72034ed34da9d104)$">
|
data/xml/ftp_banners.xml
CHANGED
@@ -360,6 +360,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
360
360
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-</example>
|
361
361
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-
|
362
362
|
more stuff</example>
|
363
|
+
<param pos="0" name="service.fvendor" value="PureFTPd"/>
|
363
364
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
364
365
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
365
366
|
<param pos="1" name="service.version"/>
|
@@ -374,16 +375,20 @@ more stuff</example>
|
|
374
375
|
<example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------
|
375
376
|
more text</example>
|
376
377
|
<param pos="1" name="pureftpd.config"/>
|
378
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
377
379
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
378
380
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
381
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
|
379
382
|
</fingerprint>
|
380
383
|
|
381
384
|
<fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
|
382
385
|
<description>Basic Pure-FTPd banner, no version</description>
|
383
386
|
<example>Welcome to Pure-FTPd</example>
|
384
387
|
<example>Pure-FTPd.</example>
|
388
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
385
389
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
386
390
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
391
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
|
387
392
|
</fingerprint>
|
388
393
|
|
389
394
|
<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
|
@@ -391,26 +396,56 @@ more text</example>
|
|
391
396
|
<example service.version="1.1.0">=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-</example>
|
392
397
|
<example service.version="1.1.0">=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-
|
393
398
|
more text</example>
|
399
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
394
400
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
395
401
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
396
402
|
<param pos="1" name="service.version"/>
|
403
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
397
404
|
</fingerprint>
|
398
405
|
|
399
|
-
|
400
|
-
|
406
|
+
<!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
|
407
|
+
|
408
|
+
<fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
|
409
|
+
<description>SolarWinds Serv-U with version </description>
|
410
|
+
<example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
|
411
|
+
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
412
|
+
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
|
413
|
+
<param pos="0" name="service.family" value="Serv-U"/>
|
414
|
+
<param pos="1" name="service.version"/>
|
415
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
|
416
|
+
</fingerprint>
|
417
|
+
|
418
|
+
<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
|
419
|
+
<description>Serv-U Serv-U with version on Windows</description>
|
401
420
|
<example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
|
402
421
|
<example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
|
403
|
-
<
|
404
|
-
<param pos="0" name="service.vendor" value="Rhino Software"/>
|
422
|
+
<param pos="0" name="service.vendor" value="Serv-U"/>
|
405
423
|
<param pos="0" name="service.product" value="Serv-U"/>
|
406
424
|
<param pos="0" name="service.family" value="Serv-U"/>
|
407
425
|
<param pos="1" name="service.version"/>
|
426
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
|
408
427
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
409
428
|
<param pos="0" name="os.family" value="Windows"/>
|
410
429
|
<param pos="0" name="os.product" value="Windows"/>
|
411
430
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
412
431
|
</fingerprint>
|
413
432
|
|
433
|
+
<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
|
434
|
+
<description>Serv-U Serv-U with version </description>
|
435
|
+
<example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
|
436
|
+
<example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
|
437
|
+
<param pos="0" name="service.vendor" value="Serv-U"/>
|
438
|
+
<param pos="0" name="service.product" value="Serv-U"/>
|
439
|
+
<param pos="0" name="service.family" value="Serv-U"/>
|
440
|
+
<param pos="1" name="service.version"/>
|
441
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
|
442
|
+
</fingerprint>
|
443
|
+
|
444
|
+
<fingerprint pattern="^Welcom to Serv-U FTP Server$">
|
445
|
+
<description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
|
446
|
+
<example>Welcom to Serv-U FTP Server</example>
|
447
|
+
</fingerprint>
|
448
|
+
|
414
449
|
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
415
450
|
<description>zftpserver (only runs on Windows)</description>
|
416
451
|
<example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
|
@@ -427,23 +462,28 @@ more text</example>
|
|
427
462
|
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
428
463
|
<example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
|
429
464
|
<example service.version="2.0.5">(vsFTPd 2.0.5)</example>
|
465
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
430
466
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
431
467
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
432
468
|
<param pos="1" name="service.version"/>
|
469
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
|
433
470
|
<param pos="2" name="host.name"/>
|
434
471
|
</fingerprint>
|
435
472
|
|
436
473
|
<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
|
437
474
|
<description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
|
438
475
|
<example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
|
476
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
439
477
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
440
478
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
441
479
|
<param pos="1" name="service.version"/>
|
480
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
|
442
481
|
</fingerprint>
|
443
482
|
|
444
483
|
<fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
|
445
484
|
<description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
|
446
485
|
<example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
|
486
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
447
487
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
448
488
|
<param pos="0" name="service.product" value="vsFTPd Extended"/>
|
449
489
|
<param pos="1" name="service.version"/>
|
@@ -453,8 +493,10 @@ more text</example>
|
|
453
493
|
<description>vsFTPd (Very Secure FTP Daemon) error message</description>
|
454
494
|
<example>OOPS: vsftpd: root is not mounted.</example>
|
455
495
|
<example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
|
496
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
456
497
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
457
498
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
499
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
|
458
500
|
</fingerprint>
|
459
501
|
|
460
502
|
<fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
|
@@ -463,9 +505,15 @@ more text</example>
|
|
463
505
|
<example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
|
464
506
|
<example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
|
465
507
|
<example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
|
466
|
-
<param pos="0" name="service.
|
467
|
-
<param pos="0" name="service.
|
508
|
+
<param pos="0" name="service.vendor" value="Filezilla-Project"/>
|
509
|
+
<param pos="0" name="service.family" value="FileZilla FTP"/>
|
510
|
+
<param pos="0" name="service.product" value="FileZilla Server"/>
|
468
511
|
<param pos="1" name="service.version"/>
|
512
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
|
513
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
514
|
+
<param pos="0" name="os.family" value="Windows"/>
|
515
|
+
<param pos="0" name="os.product" value="Windows"/>
|
516
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
469
517
|
</fingerprint>
|
470
518
|
|
471
519
|
<fingerprint pattern="^\s*APC FTP server ready\.$">
|
@@ -574,6 +622,7 @@ more text</example>
|
|
574
622
|
<param pos="0" name="os.family" value="z/OS"/>
|
575
623
|
<param pos="0" name="os.device" value="Mainframe"/>
|
576
624
|
<param pos="1" name="os.version"/>
|
625
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
|
577
626
|
<param pos="2" name="host.name"/>
|
578
627
|
</fingerprint>
|
579
628
|
|
@@ -1291,7 +1340,7 @@ more text</example>
|
|
1291
1340
|
<param pos="0" name="os.product" value="Tru64 Unix"/>
|
1292
1341
|
<param pos="1" name="host.name"/>
|
1293
1342
|
<param pos="2" name="os.version"/>
|
1294
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:hp:
|
1343
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
|
1295
1344
|
</fingerprint>
|
1296
1345
|
|
1297
1346
|
<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
@@ -1314,9 +1363,11 @@ more text</example>
|
|
1314
1363
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
1315
1364
|
</fingerprint>
|
1316
1365
|
|
1317
|
-
<fingerprint pattern="
|
1318
|
-
<description>MikroTik
|
1319
|
-
<example os.version="6.
|
1366
|
+
<fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
|
1367
|
+
<description>MikroTik with description</description>
|
1368
|
+
<example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
|
1369
|
+
<example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
|
1370
|
+
<example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
|
1320
1371
|
<param pos="0" name="os.vendor" value="MikroTik"/>
|
1321
1372
|
<param pos="0" name="os.product" value="RouterOS"/>
|
1322
1373
|
<param pos="1" name="os.version"/>
|
@@ -1721,4 +1772,15 @@ more text</example>
|
|
1721
1772
|
<param pos="0" name="os.device" value="Printer"/>
|
1722
1773
|
</fingerprint>
|
1723
1774
|
|
1775
|
+
<fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
|
1776
|
+
<description>NetWin SurgeFTP</description>
|
1777
|
+
<example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
|
1778
|
+
<example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
|
1779
|
+
<param pos="0" name="service.vendor" value="NetWin"/>
|
1780
|
+
<param pos="0" name="service.product" value="SurgeFTP"/>
|
1781
|
+
<param pos="2" name="service.version"/>
|
1782
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
|
1783
|
+
<param pos="1" name="host.name"/>
|
1784
|
+
</fingerprint>
|
1785
|
+
|
1724
1786
|
</fingerprints>
|