recog 3.0.2 → 3.0.3

data/recog/xml/html_title.xml

@@ -333,7 +333,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^NETIASPOT Management Console|Konsola zarzdzania NETIASPOT$">
+  <fingerprint pattern="^(?:NETIASPOT Management Console|Konsola zarzdzania NETIASPOT)$">
     <description>Netia Spot wireless router</description>
     <example>Konsola zarzdzania NETIASPOT</example>
     <example>NETIASPOT Management Console</example>
@@ -576,7 +576,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ui:unifi_video:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^UniFi NVR: Software Portal|airVision: \[NVR\] - Software Portal$">
+  <fingerprint pattern="^(?:UniFi NVR: Software Portal|airVision: \[NVR\] - Software Portal)$">
     <description>UniFi NVR for recording from UniFi video cameras</description>
     <example>UniFi NVR: Software Portal</example>
     <example>airVision: [NVR] - Software Portal</example>
@@ -682,7 +682,7 @@
     <param pos="0" name="hw.device" value="Switch"/>
   </fingerprint>
 
-  <fingerprint pattern="^Welcome to nginx!|Test Page for the Nginx HTTP Server$">
+  <fingerprint pattern="^(?:Welcome to nginx!|Test Page for the Nginx HTTP Server)$">
     <description>Default OS-agnostic nginx</description>
     <example>Welcome to nginx!</example>
     <example>Test Page for the Nginx HTTP Server</example>
@@ -2034,6 +2034,30 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^ManageEngine PAM360$">
+    <description>ManageEngine PAM360</description>
+    <example>ManageEngine PAM360</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="PAM360"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_pam360:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ManageEngine PasswordManager Pro$">
+    <description>ManageEngine Password Manager Pro</description>
+    <example>ManageEngine PasswordManager Pro</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="ManageEngine Password Manager Pro"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_password_manager_pro:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ManageEngine Access Manager Plus$">
+    <description>ManageEngine Access Manager Plus</description>
+    <example>ManageEngine Access Manager Plus</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="Access Manager Plus"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_access_manager_plus:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^(ScanFront \d.+)Web Menu$">
     <!-- no space between the product model and "Web Menu" in the title -->
 
@@ -2387,7 +2411,7 @@
     <param pos="0" name="hw.product" value="Network Node"/>
   </fingerprint>
 
-  <fingerprint pattern="^S2 Netbox Login|Home - NetBox$">
+  <fingerprint pattern="^(?:S2 Netbox Login|Home - NetBox)$">
     <description>S2 Netbox Appliance</description>
     <example>S2 Netbox Login</example>
     <example>Home - NetBox</example>
@@ -2439,7 +2463,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ibm:tivoli_storage_flashcopy_manager:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Jupyter Notebook|JupyterLab|Home Page - Select or create a notebook$">
+  <fingerprint pattern="^(?:Jupyter Notebook|JupyterLab|Home Page - Select or create a notebook)$">
     <description>Jupyter Notebook Server</description>
     <example>Jupyter Notebook</example>
     <example>JupyterLab</example>
@@ -2500,7 +2524,7 @@
     <param pos="0" name="service.product" value="Network Monitor"/>
   </fingerprint>
 
-  <fingerprint pattern="^BrightSign&amp;reg;|BrightSign Applications|Diagnostics Web Server$">
+  <fingerprint pattern="^(?:BrightSign&amp;reg;|BrightSign Applications|Diagnostics Web Server)$">
     <description>BrightSign Controller</description>
     <example>BrightSign&amp;reg;</example>
     <example>BrightSign Applications</example>
@@ -2521,7 +2545,7 @@
     <param pos="0" name="hw.device" value="WAP"/>
   </fingerprint>
 
-  <fingerprint pattern="^DD System Manager|System Manager$">
+  <fingerprint pattern="^(?:DD System Manager|System Manager)$">
     <description>Data Domain System Manager</description>
     <example>DD System Manager</example>
     <example>System Manager</example>
@@ -2574,7 +2598,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:influxdata:influxdb:2.0"/>
   </fingerprint>
 
-  <fingerprint pattern="^Sign in . GitLab|GitLab|GitLab is not responding$">
+  <fingerprint pattern="^(?:Sign in . GitLab|GitLab|GitLab is not responding)$">
     <description>GitLab</description>
     <example>Sign in · GitLab</example>
     <example>GitLab is not responding</example>
@@ -2585,7 +2609,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^GitHub Enterprise|Setup GitHub Enterprise|GitHub Enterprise preflight check$">
+  <fingerprint pattern="^(?:GitHub Enterprise|Setup GitHub Enterprise|GitHub Enterprise preflight check)$">
     <description>GitHub Enterprise</description>
     <example>GitHub Enterprise</example>
     <example>Setup GitHub Enterprise</example>
@@ -2594,7 +2618,7 @@
     <param pos="0" name="service.product" value="Enterprise"/>
   </fingerprint>
 
-  <fingerprint pattern="^SAP NetWeaver Application Server Java|SAP&amp;#x20;NetWeaver&amp;#x20;Portal|Loading Portal\.\.\.$">
+  <fingerprint pattern="^(?:SAP NetWeaver Application Server Java|SAP&amp;#x20;NetWeaver&amp;#x20;Portal|Loading Portal\.\.\.)$">
     <description>SAP NetWeaver Portal</description>
     <example>SAP NetWeaver Application Server Java</example>
     <example>SAP&amp;#x20;NetWeaver&amp;#x20;Portal</example>
@@ -2613,7 +2637,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:lansweeper:lansweeper:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Celery Flower|Flower$">
+  <fingerprint pattern="^(?:Celery Flower|Flower)$">
     <description>Celery Flower Dashboard</description>
     <example>Celery Flower</example>
     <example>Flower</example>
@@ -2753,7 +2777,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:flink:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Twonky|Twonky Server|TwonkyMedia|TwonkyMedia server media browser$">
+  <fingerprint pattern="^(?:Twonky|Twonky Server|TwonkyMedia|TwonkyMedia server media browser)$">
     <description>Twonky Server</description>
     <example>Twonky</example>
     <example>Twonky Server</example>
@@ -2798,7 +2822,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:sabnzbd:sabnzbd:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Zabbix|.*: Zabbix$">
+  <fingerprint pattern="^(?:Zabbix|.*: Zabbix)$">
     <description>Zabbix</description>
     <example>Zabbix</example>
     <example>appliance: Zabbix</example>
@@ -2820,7 +2844,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:dd-wrt:dd-wrt:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^Apache Druid|Druid Console|Legacy Coordinator Console$">
+  <fingerprint pattern="^(?:Apache Druid|Druid Console|Legacy Coordinator Console)$">
     <description>Apache Druid</description>
     <example>Apache Druid</example>
     <example>Legacy Coordinator Console</example>
@@ -3030,7 +3054,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Gitea: .*|LocalRepo|TurnKey Gitea$">
+  <fingerprint pattern="^(?:Gitea: .*|LocalRepo|TurnKey Gitea)$">
     <description>Gitea</description>
     <example>Gitea: Git with a cup of tea</example>
     <example>TurnKey Gitea</example>
@@ -3118,7 +3142,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:rstudio:connect:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^TurnKey Moodle|New Site$">
+  <fingerprint pattern="^(?:TurnKey Moodle|New Site)$">
     <description>Moodle</description>
     <example>TurnKey Moodle</example>
     <example>New Site</example>
@@ -3157,7 +3181,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:jira:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Welcome to XAMPP|XAMPP for Linux">
+  <fingerprint pattern="^Log in - Bitbucket$">
+    <description>Atlassian Bitbucket</description>
+    <example>Log in - Bitbucket</example>
+    <param pos="0" name="service.vendor" value="Atlassian"/>
+    <param pos="0" name="service.product" value="Bitbucket"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:bitbucket:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Welcome to XAMPP|XAMPP for Linux)">
     <description>XAMPP Server</description>
     <example>Welcome to XAMPP</example>
     <example>XAMPP for Linux</example>
@@ -3182,7 +3214,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:kodi:kodi:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Drupal|TurnKey Drupal\d+|Select an installation profile$">
+  <fingerprint pattern="^(?:Drupal|TurnKey Drupal\d+|Select an installation profile)$">
     <description>Drupal CMS</description>
     <example>Drupal</example>
     <example>TurnKey Drupal8</example>
@@ -3859,7 +3891,7 @@
     <param pos="0" name="hw.family" value="Vigor"/>
   </fingerprint>
 
-  <fingerprint pattern="^WSO2 API Manager|\[Publisher Portal\]WSO2 APIM$">
+  <fingerprint pattern="^(?:WSO2 API Manager|\[Publisher Portal\]WSO2 APIM)$">
     <description>WSO2 API Manager</description>
     <example>WSO2 API Manager</example>
     <example>[Publisher Portal]WSO2 APIM</example>
@@ -3910,6 +3942,58 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^\s*(?:\S)*\s*::\s*Mayan EDMS\s*$">
+    <description>Mayan EDMS - open-source document management system</description>
+    <example>:: Mayan EDMS</example>
+    <example>Home :: Mayan EDMS</example>
+    <param pos="0" name="service.vendor" value="Mayan-EDMS"/>
+    <param pos="0" name="service.product" value="Mayan EDMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mayan-edms:mayan_edms:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Papermerge \| Log in$">
+    <description>Papermerge - open-source document management system</description>
+    <example>Papermerge | Log in</example>
+    <param pos="0" name="service.vendor" value="Papermerge"/>
+    <param pos="0" name="service.product" value="Papermerge"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:papermerge:papermerge:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^SuiteCRM$">
+    <description>SuiteCRM</description>
+    <example>SuiteCRM</example>
+    <param pos="0" name="service.vendor" value="SalesAgility"/>
+    <param pos="0" name="service.product" value="SuiteCRM"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:salesagility:suitecrm:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^OpenSearch Dashboards$">
+    <description>OpenSearch Dashboards</description>
+    <example>OpenSearch Dashboards</example>
+    <param pos="0" name="service.vendor" value="Amazon"/>
+    <param pos="0" name="service.product" value="OpenSearch"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:amazon:opensearch:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Supervisor Status$">
+    <description>Supervisor - web interface</description>
+    <example>Supervisor Status</example>
+    <param pos="0" name="service.vendor" value="Supervisord"/>
+    <param pos="0" name="service.product" value="Supervisor"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:supervisord:supervisor:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^qdPM (?:\| Login|(\d+(?:\.\d+)*)(?: BETA)? Installation)$">
+    <description>qdPM - project management tool</description>
+    <example>qdPM | Login</example>
+    <example service.version="9.1">qdPM 9.1 Installation</example>
+    <example service.version="9.0">qdPM 9.0 BETA Installation</example>
+    <param pos="0" name="service.vendor" value="qdPM"/>
+    <param pos="0" name="service.product" value="qdPM"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:qdpm:qdpm:{service.version}"/>
+  </fingerprint>
+
   <!-- Specific Eltex fingerprints to enable CPE generation -->
 
   <fingerprint pattern="^Eltex - NTP-RG-1402G$">

data/recog/xml/http_cookies.xml

@@ -277,6 +277,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^BITBUCKETSESSIONID=">
+    <description>Atlassian Bitbucket</description>
+    <example>BITBUCKETSESSIONID=49D9B4A9C574CFA312E671F3453CEAC5; Max-Age=1209600; Expires=Tue, 04-Oct-2022 22:16:45 GMT; Path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="Atlassian"/>
+    <param pos="0" name="service.product" value="Bitbucket"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:bitbucket:-"/>
+  </fingerprint>
+
   <fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
     <description>F5 BIG-IP LTM - Server variant</description>
     <example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
@@ -718,6 +726,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^qdPM8=">
+    <description>qdPM - project management tool</description>
+    <example>qdPM8=57d23588bfe525e24760bf4c73b10759; path=/</example>
+    <param pos="0" name="service.vendor" value="qdPM"/>
+    <param pos="0" name="service.product" value="qdPM"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:qdpm:qdpm:-"/>
+  </fingerprint>
+
   <!--
         Ignore various cookies that are very generic cookies for session IDs
         that are not necessarily indicative of any particular

data/recog/xml/http_servers.xml

@@ -956,8 +956,8 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:openresty:openresty:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^gunicorn\/([\d.]+)+$">
-    <description>Gunicorn Gunicorn</description>
+  <fingerprint pattern="^gunicorn\/(\d+(?:\.\d+)*)$">
+    <description>Gunicorn with version</description>
     <example service.version="19.7.1">gunicorn/19.7.1</example>
     <param pos="0" name="service.vendor" value="Gunicorn"/>
     <param pos="0" name="service.product" value="Gunicorn"/>
@@ -965,6 +965,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^gunicorn$">
+    <description>Gunicorn with no version</description>
+    <example>gunicorn</example>
+    <param pos="0" name="service.vendor" value="Gunicorn"/>
+    <param pos="0" name="service.product" value="Gunicorn"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^Serv-U\/([\d.]+)$">
     <description>Serv-U HTTP interface</description>
     <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
@@ -1256,7 +1264,7 @@
     <param pos="1" name="apache.variant.version"/>
   </fingerprint>
 
-  <fingerprint pattern="(?i)^IBM_HTTP_SERVER|IBM-HTTP-SERVER$">
+  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
     <description>IBM HTTP Server with no version info</description>
     <example>IBM_HTTP_SERVER</example>
     <example>IBM_HTTP_Server</example>
@@ -2018,7 +2026,7 @@
     <param pos="0" name="os.product" value="Appliance"/>
   </fingerprint>
 
-  <fingerprint pattern="^BigIP|BIG-IP$">
+  <fingerprint pattern="^(?:BigIP|BIG-IP)$">
     <description>F5 BIG-IP</description>
     <param pos="0" name="service.vendor" value="F5"/>
     <param pos="0" name="service.product" value="BIG-IP LTM"/>
@@ -2593,6 +2601,17 @@
     <param pos="2" name="python.version"/>
   </fingerprint>
 
+  <fingerprint pattern="(?i)^BaseHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
+    <description>BaseHTTPRequestHandler Python class must be subclassed to handle each request method.</description>
+    <example service.version="0.3" python.version="2.7.18">BaseHTTP/0.3 Python/2.7.18</example>
+    <example service.version="0.6" python.version="3.10.6">BaseHTTP/0.6 Python/3.10.6</example>
+    <param pos="0" name="service.vendor" value="Python Software Foundation"/>
+    <param pos="0" name="service.product" value="BaseHTTP"/>
+    <param pos="0" name="service.family" value="Python"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="python.version"/>
+  </fingerprint>
+
   <fingerprint pattern="^Python/(\d\.[\d.]+) aiohttp/(\d[\w.]+)$">
     <description>AIOHTTP Project AIOHTTP</description>
     <example service.version="3.7.4.post0" python.version="3.8">Python/3.8 aiohttp/3.7.4.post0</example>
@@ -2612,6 +2631,26 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:encode:uvicorn:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^WSGIServer/(\d+(?:\.\d+)*)\s*C?Python/(\d+(?:\.\d+)*)$">
+    <description>WSGIServer (wsgiref.simple_server) – a simple WSGI HTTP server for Python</description>
+    <example service.version="0.1" python.version="2.7.18">WSGIServer/0.1 Python/2.7.18</example>
+    <example service.version="0.2" python.version="3.10.5">WSGIServer/0.2 CPython/3.10.5</example>
+    <param pos="0" name="service.vendor" value="Python Software Foundation"/>
+    <param pos="0" name="service.product" value="WSGIServer"/>
+    <param pos="0" name="service.family" value="Python"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="python.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Medusa/(\d+(?:\.\d+)*)$">
+    <description>Medusa - extensible Internet server framework for Python</description>
+    <example service.version="3.41">Medusa/3.41</example>
+    <example service.version="2118">Medusa/2118</example>
+    <param pos="0" name="service.vendor" value="Nightmare Software"/>
+    <param pos="0" name="service.product" value="Medusa"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
   <fingerprint pattern="^Grandstream (GXP[^\s]+) ([\d\.]+)$">
     <description>Grandstream IP Phone</description>
     <example hw.product="GXP2020" hw.version="1.2.5.3">Grandstream GXP2020 1.2.5.3</example>
@@ -3253,7 +3292,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:intel:active_management_technology:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^AMT|Intel\(R\) Active Management Technology$">
+  <fingerprint pattern="^(?:AMT|Intel\(R\) Active Management Technology)$">
     <description>Intel(R) Active Management Technology (AMT) without a version</description>
     <example>AMT</example>
     <example>Intel(R) Active Management Technology</example>
@@ -4817,6 +4856,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:ballerina:ballerina:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Restlet-Framework/(\d+(?:\.\d+)*)$">
+    <description>Restlet Framework - REST API framework for Java</description>
+    <example service.version="2.4.3">Restlet-Framework/2.4.3</example>
+    <param pos="0" name="service.vendor" value="Talend"/>
+    <param pos="0" name="service.product" value="Restlet"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:talend:restlet:{service.version}"/>
+  </fingerprint>
+
   <fingerprint pattern="^((?:Mini|ZTE) web server) ([\d.]+) ZTE corp \d{4}\.$">
     <description>Assorted ZTE CPE device web server</description>
     <example service.product="Mini web server" service.version="1.0">Mini web server 1.0 ZTE corp 2005.</example>
@@ -4828,4 +4876,30 @@
     <param pos="0" name="hw.vendor" value="ZTE"/>
   </fingerprint>
 
+  <fingerprint pattern="^PAM360$">
+    <description>ManageEngine PAM360</description>
+    <example>PAM360</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="PAM360"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_pam360:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^PMP$">
+    <description>ManageEngine Password Manager Pro</description>
+    <example>PMP</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="ManageEngine Password Manager Pro"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_password_manager_pro:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Crow/((?:\d+(?:\.\d+)*)|\S+)$">
+    <description>Crow - C++ framework for web services</description>
+    <example service.version="0.3">Crow/0.3</example>
+    <example service.version="master">Crow/master</example>
+    <param pos="0" name="service.vendor" value="CrowCPP"/>
+    <param pos="0" name="service.product" value="Crow"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:crowcpp:crow:{service.version}"/>
+  </fingerprint>
+
 </fingerprints>

data/recog/xml/http_wwwauth.xml

@@ -693,6 +693,14 @@
     <param pos="0" name="hw.device" value="Power Device"/>
   </fingerprint>
 
+  <fingerprint pattern="(?i)^Basic realm=&quot;OpenSearch Security&quot;">
+    <description>OpenSearch</description>
+    <example>Basic realm="OpenSearch Security"</example>
+    <param pos="0" name="service.vendor" value="Amazon"/>
+    <param pos="0" name="service.product" value="OpenSearch"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:amazon:opensearch:-"/>
+  </fingerprint>
+
   <!-- a variety of headers we currently just ignore -->
 
   <fingerprint pattern="(?i)^NTLM$">

data/recog/xml/imap_banners.xml

@@ -1,6 +1,9 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="imap4.banner" protocol="imap" database_type="service" preference="0.90">
-  <!-- IMAP banners are matched against these patterns to fingerprint IMAP servers. -->
+  <!--
+  IMAP banners are matched against these patterns to fingerprint IMAP servers.
+  The patterns expect the "* OK " part of the banner was removed.
+  -->
 
   <fingerprint pattern="^Microsoft Exchange IMAP4rev1 server version (5\.5\.\d{4}\.\d+) \((.*)\) ready$">
     <description>Microsoft Exchange Server 5.5</description>
@@ -109,19 +112,21 @@
     <param pos="2" name="host.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.$">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?[dD]ovecot (?:DA )?ready\.$">
     <description>Dovecot Secure IMAP Server</description>
     <example>Dovecot ready.</example>
     <example>Dovecot DA ready.</example>
+    <example>[CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.</example>
     <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?Dovecot \(Ubuntu\) ready\.$">
     <description>Dovecot Secure IMAP Server - Ubuntu variant</description>
     <example>Dovecot (Ubuntu) ready.</example>
+    <example>[CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.</example>
     <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
@@ -132,9 +137,11 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Dovecot \(Debian\) ready\.$">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?Dovecot \(Debian\) ready\.$">
     <description>Dovecot Secure IMAP Server - Debian variant</description>
     <example>Dovecot (Debian) ready.</example>
+    <example>[CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.</example>
+    <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
@@ -145,9 +152,10 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?Dovecot \(Raspbian\) ready\.$">
     <description>Dovecot Secure IMAP Server - Raspbian variant</description>
     <example>Dovecot (Raspbian) ready.</example>
+    <example>[CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Raspbian) ready.</example>
     <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
@@ -158,9 +166,10 @@
     <param pos="0" name="hw.product" value="Raspberry Pi"/>
   </fingerprint>
 
-  <fingerprint pattern="^Courier-IMAP ready. Copyright \d+-\d+">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?Courier-IMAP ready. Copyright \d+-\d+">
     <description>Courier MTA IMAP</description>
     <example>Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information.</example>
+    <example>[CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.</example>
     <param pos="0" name="service.vendor" value="Double Precision"/>
     <param pos="0" name="service.family" value="Courier MTA"/>
     <param pos="0" name="service.product" value="Courier IMAP"/>
@@ -196,10 +205,11 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S{1,512}) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?(\S{1,512}) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
     <description>CMU Cyrus IMAP on Mac OS X</description>
     <example host.name="example.com" service.version="2.2.12" os.version="10.4.0">example.com Cyrus IMAP4 v2.2.12-OS X 10.4.0 server ready</example>
     <example host.name="example.com" service.version="2.3.8" os.version="10.5">example.com Cyrus IMAP4 v2.3.8-OS X Server 10.5: 9A562 server ready</example>
+    <example host.name="foo.bar" service.version="2.3.8" os.version="10.5">[CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] foo.bar Cyrus IMAP4 v2.3.8-OS X Server 10.5:&#x9;9G7013y server ready</example>
     <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
     <param pos="0" name="service.family" value="Cyrus MTA"/>
     <param pos="0" name="service.product" value="Cyrus IMAP"/>
@@ -213,10 +223,12 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^(\S{1,512}) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
+  <fingerprint pattern="^(?:\[CAPABILITY [^\]]{1,645}\] )?(\S{1,512}) Cyrus IMAP4? (?:\S+ )?v?(\d+\.\d+.*) server ready$">
     <description>CMU Cyrus IMAP</description>
     <example host.name="example.com" service.version="2.3.7">example.com Cyrus IMAP4 v2.3.7 server ready</example>
     <example host.name="example.com" service.version="2.4.8-Invoca-RPM-2.4.8-1">example.com Cyrus IMAP Murder v2.4.8-Invoca-RPM-2.4.8-1 server ready</example>
+    <example host.name="foo.bar" service.version="2.3.11-Fedora-RPM-2.3.11-1.fc9">[CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] foo.bar Cyrus IMAP4 v2.3.11-Fedora-RPM-2.3.11-1.fc9 server ready</example>
+    <example host.name="foo.bar" service.version="3.0.8-Debian-3.0.8-6+deb10u6">[CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN SASL-IR] foo.bar Cyrus IMAP 3.0.8-Debian-3.0.8-6+deb10u6 server ready</example>
     <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
     <param pos="0" name="service.family" value="Cyrus MTA"/>
     <param pos="0" name="service.product" value="Cyrus IMAP"/>

data/recog/xml/tls_jarm.xml

@@ -4,7 +4,7 @@
     Fingerprint based on https://github.com/salesforce/jarm
   -->
 
-  <fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
+  <fingerprint pattern="^(?:2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25)$">
     <description>Tor relay</description>
     <example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
     <example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
@@ -14,7 +14,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
+  <fingerprint pattern="^(?:2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b)$">
     <description>Synology NAS DSM 6</description>
     <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
     <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
@@ -29,7 +29,7 @@
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
 
-  <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
+  <fingerprint pattern="^(?:00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8)$">
     <description>Synology NAS DSM 7</description>
     <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
     <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
@@ -56,7 +56,7 @@
     <param pos="0" name="os.device" value="Router"/>
   </fingerprint>
 
-  <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
+  <fingerprint pattern="^(?:07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4)$">
     <description>Metasploit listener</description>
     <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
     <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
@@ -71,7 +71,7 @@
   <!-- This fingerprint matches Java's TLS stack,
     see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
 
-  <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
+  <fingerprint pattern="^(?:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2)$">
     <description>Cobalt Strike listener</description>
     <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
     <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
@@ -146,7 +146,7 @@
     <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
+  <fingerprint pattern="^(?:21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d)$">
     <description>VMware ESXi</description>
     <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
     <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.0.3
 platform: ruby
 authors:
 - Rapid7 Research
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-08-24 00:00:00.000000000 Z
+date: 2022-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec