recog 3.0.3 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +45 -2
- data/lib/recog/fingerprint.rb +9 -2
- data/lib/recog/version.rb +1 -1
- data/recog/xml/dhcp_vendor_class.xml +535 -1
- data/recog/xml/dns_versionbind.xml +3 -3
- data/recog/xml/favicons.xml +156 -6
- data/recog/xml/ftp_banners.xml +23 -9
- data/recog/xml/html_title.xml +153 -6
- data/recog/xml/http_cookies.xml +73 -2
- data/recog/xml/http_servers.xml +256 -4
- data/recog/xml/http_wwwauth.xml +13 -1
- data/recog/xml/imap_banners.xml +0 -1
- data/recog/xml/smb_native_os.xml +1 -1
- data/recog/xml/smtp_banners.xml +7 -7
- data/recog/xml/snmp_sysdescr.xml +26 -5
- data/recog/xml/ssh_banners.xml +2 -2
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
data/recog/xml/http_servers.xml
CHANGED
|
@@ -113,11 +113,11 @@
|
|
|
113
113
|
-->
|
|
114
114
|
|
|
115
115
|
<fingerprint pattern="(?i)^cwpsrv$">
|
|
116
|
-
<description>CentOS Web Panel</description>
|
|
116
|
+
<description>Control Web Panel (CWP) (formerly CentOS Web Panel) - web hosting control panel web server</description>
|
|
117
117
|
<example>cwpsrv</example>
|
|
118
|
-
<param pos="0" name="service.vendor" value="
|
|
119
|
-
<param pos="0" name="service.product" value="
|
|
120
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
|
118
|
+
<param pos="0" name="service.vendor" value="Control Web Panel"/>
|
|
119
|
+
<param pos="0" name="service.product" value="Control Web Panel"/>
|
|
120
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:control-webpanel:webpanel:-"/>
|
|
121
121
|
<param pos="0" name="os.family" value="Linux"/>
|
|
122
122
|
<param pos="0" name="os.product" value="Linux"/>
|
|
123
123
|
</fingerprint>
|
|
@@ -4902,4 +4902,256 @@
|
|
|
4902
4902
|
<param pos="0" name="service.cpe23" value="cpe:/a:crowcpp:crow:{service.version}"/>
|
|
4903
4903
|
</fingerprint>
|
|
4904
4904
|
|
|
4905
|
+
<fingerprint pattern="^darkstat/(\d+(?:\.\d+)*)$">
|
|
4906
|
+
<description>darkstat - network statistics gatherer</description>
|
|
4907
|
+
<example service.version="3.0.719">darkstat/3.0.719</example>
|
|
4908
|
+
<param pos="0" name="service.vendor" value="darkstat Project"/>
|
|
4909
|
+
<param pos="0" name="service.product" value="darkstat"/>
|
|
4910
|
+
<param pos="1" name="service.version"/>
|
|
4911
|
+
</fingerprint>
|
|
4912
|
+
|
|
4913
|
+
<fingerprint pattern="^darkhttpd/(\d+(?:\.\d+)*)(?:\.from\.git)?$">
|
|
4914
|
+
<description>darkhttpd - web server</description>
|
|
4915
|
+
<example service.version="1.12">darkhttpd/1.12</example>
|
|
4916
|
+
<example service.version="1.13">darkhttpd/1.13.from.git</example>
|
|
4917
|
+
<param pos="0" name="service.vendor" value="darkhttpd Project"/>
|
|
4918
|
+
<param pos="0" name="service.product" value="darkhttpd"/>
|
|
4919
|
+
<param pos="1" name="service.version"/>
|
|
4920
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:darkhttpd_project:darkhttpd:{service.version}"/>
|
|
4921
|
+
</fingerprint>
|
|
4922
|
+
|
|
4923
|
+
<fingerprint pattern="^ServerTech-AWS/v(\d+(?:\.\d+)*[a-z](?:-[a-z][0-9])*)$">
|
|
4924
|
+
<description>Server Technology Advanced Web Server (AWS)</description>
|
|
4925
|
+
<example service.version="7.1g-b1">ServerTech-AWS/v7.1g-b1</example>
|
|
4926
|
+
<example service.version="8.0x">ServerTech-AWS/v8.0x</example>
|
|
4927
|
+
<param pos="0" name="service.vendor" value="Server Technology"/>
|
|
4928
|
+
<param pos="0" name="service.product" value="Advanced Web Server"/>
|
|
4929
|
+
<param pos="1" name="service.version"/>
|
|
4930
|
+
<param pos="0" name="os.vendor" value="Server Technology"/>
|
|
4931
|
+
<param pos="0" name="hw.vendor" value="Server Technology"/>
|
|
4932
|
+
</fingerprint>
|
|
4933
|
+
|
|
4934
|
+
<!-- ntopng -->
|
|
4935
|
+
|
|
4936
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[(?:FreeBSD |[\w-]+-freebsd)(\d+(?:\.\d+)*)(?:[a-z0-9-])* \[(\w+)\]\[[^\]]*\]\]$">
|
|
4937
|
+
<description>ntopng - web-based network traffic monitoring on FreeBSD</description>
|
|
4938
|
+
<example service.version="5.0.220112" os.version="12.3" os.arch="amd64">ntopng 5.0.220112 [FreeBSD 12.3 [amd64][FreeBSD 12.3]]</example>
|
|
4939
|
+
<example service.version="3.8.201001" os.version="11.3" os.arch="amd64">ntopng 3.8.201001 [amd64-unknown-freebsd11.3 [amd64][]]</example>
|
|
4940
|
+
<example service.version="3.4.0" os.version="12.2" os.arch="arm">ntopng 3.4.0 [armv7-unknown-freebsd12.2-gnueabihf [arm][]]</example>
|
|
4941
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
4942
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
4943
|
+
<param pos="1" name="service.version"/>
|
|
4944
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
4945
|
+
<param pos="0" name="os.vendor" value="FreeBSD"/>
|
|
4946
|
+
<param pos="0" name="os.family" value="FreeBSD"/>
|
|
4947
|
+
<param pos="0" name="os.product" value="FreeBSD"/>
|
|
4948
|
+
<param pos="2" name="os.version"/>
|
|
4949
|
+
<param pos="3" name="os.arch"/>
|
|
4950
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
|
|
4951
|
+
</fingerprint>
|
|
4952
|
+
|
|
4953
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[(?:[\w-]+-linux-gnu)? \[(\w+)\]\[CentOS (?:Linux )?release (\d+(?:\.\d+)*)(?: \((?:Core|Final)\)\s*)?\]\]$">
|
|
4954
|
+
<description>ntopng - web-based network traffic monitoring on CentOS</description>
|
|
4955
|
+
<example service.version="3.2.171221" os.version="6.9" os.arch="x86_64">ntopng 3.2.171221 [x86_64-unknown-linux-gnu [x86_64][CentOS release 6.9 (Final)]]</example>
|
|
4956
|
+
<example service.version="3.4.210629" os.version="7.5.1804" os.arch="x86_64">ntopng 3.4.210629 [ [x86_64][CentOS Linux release 7.5.1804 (Core) ]]</example>
|
|
4957
|
+
<example service.version="3.6.181022" os.version="7.5.1804" os.arch="x86_64">ntopng 3.6.181022 [x86_64-unknown-linux-gnu [x86_64][CentOS Linux release 7.5.1804 (Core) ]]</example>
|
|
4958
|
+
<example service.version="4.3.211226" os.version="8.4.2105" os.arch="x86_64">ntopng 4.3.211226 [x86_64-unknown-linux-gnu [x86_64][CentOS Linux release 8.4.2105]]</example>
|
|
4959
|
+
<example service.version="5.4.221110" os.version="7.9.2009" os.arch="x86_64">ntopng 5.4.221110 [x86_64-unknown-linux-gnu [x86_64][CentOS Linux release 7.9.2009 (Core)]]</example>
|
|
4960
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
4961
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
4962
|
+
<param pos="1" name="service.version"/>
|
|
4963
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
4964
|
+
<param pos="0" name="os.vendor" value="CentOS"/>
|
|
4965
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
4966
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
4967
|
+
<param pos="3" name="os.version"/>
|
|
4968
|
+
<param pos="2" name="os.arch"/>
|
|
4969
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
|
|
4970
|
+
</fingerprint>
|
|
4971
|
+
|
|
4972
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[[\w-]+-linux-gnu \[(\w+)\]\[[^\]]*\]\]$">
|
|
4973
|
+
<description>ntopng - web-based network traffic monitoring on Linux</description>
|
|
4974
|
+
<example service.version="4.2.201125" os.arch="x86_64">ntopng 4.2.201125 [x86_64-unknown-linux-gnu [x86_64][]]</example>
|
|
4975
|
+
<example service.version="3.8.220621" os.arch="i686">ntopng 3.8.220621 [i686-pc-linux-gnu [i686][]]</example>
|
|
4976
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
4977
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
4978
|
+
<param pos="1" name="service.version"/>
|
|
4979
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
4980
|
+
<param pos="0" name="os.vendor" value="Linux"/>
|
|
4981
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
4982
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
4983
|
+
<param pos="2" name="os.arch"/>
|
|
4984
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
|
|
4985
|
+
</fingerprint>
|
|
4986
|
+
|
|
4987
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*)\s+\[[\w-]+-linux-gnu \((\w+)\)\]$">
|
|
4988
|
+
<description>ntopng - web-based network traffic monitoring on Linux (older ntopng)</description>
|
|
4989
|
+
<example service.version="2.0.150531" os.arch="x86_64">ntopng 2.0.150531 [x86_64-unknown-linux-gnu (x86_64)]</example>
|
|
4990
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
4991
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
4992
|
+
<param pos="1" name="service.version"/>
|
|
4993
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
4994
|
+
<param pos="0" name="os.vendor" value="Linux"/>
|
|
4995
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
4996
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
4997
|
+
<param pos="2" name="os.arch"/>
|
|
4998
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
|
|
4999
|
+
</fingerprint>
|
|
5000
|
+
|
|
5001
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian [\w/]+ \[(\w+)\]\[Ubuntu (\d+(?:\.\d+)*) LTS\]\]$">
|
|
5002
|
+
<description>ntopng - web-based network traffic monitoring on Ubuntu</description>
|
|
5003
|
+
<example service.version="4.2.210309" os.arch="x86_64" os.version="18.04.5">ntopng 4.2.210309 [Debian buster/sid [x86_64][Ubuntu 18.04.5 LTS]]</example>
|
|
5004
|
+
<example service.version="5.4.220721" os.arch="x86_64" os.version="20.04.4">ntopng 5.4.220721 [Debian bullseye/sid [x86_64][Ubuntu 20.04.4 LTS]]</example>
|
|
5005
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5006
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5007
|
+
<param pos="1" name="service.version"/>
|
|
5008
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5009
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
5010
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5011
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5012
|
+
<param pos="3" name="os.version"/>
|
|
5013
|
+
<param pos="2" name="os.arch"/>
|
|
5014
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
|
|
5015
|
+
</fingerprint>
|
|
5016
|
+
|
|
5017
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian (\d+(?:\.\d+)*) \[(\w+)\]\[[^\]]*\]\]$">
|
|
5018
|
+
<description>ntopng - web-based network traffic monitoring on Debian</description>
|
|
5019
|
+
<example service.version="5.4.221124" os.version="11.0" os.arch="x86_64">ntopng 5.4.221124 [Debian 11.0 [x86_64][Debian GNU/Linux 11 (bullseye)]]</example>
|
|
5020
|
+
<example service.version="5.5.220724" os.version="11.1" os.arch="armv7l">ntopng 5.5.220724 [Debian 11.1 [armv7l][Raspbian GNU/Linux 11 (bullseye)]]</example>
|
|
5021
|
+
<example service.version="5.5.221127" os.version="11.4" os.arch="aarch64">ntopng 5.5.221127 [Debian 11.4 [aarch64][Debian GNU/Linux 11 (bullseye)]]</example>
|
|
5022
|
+
<example service.version="4.2.201206" os.version="10.6" os.arch="aarch64">ntopng 4.2.201206 [Debian 10.6 [aarch64][]]</example>
|
|
5023
|
+
<example service.version="5.5.221116" os.version="10.8" os.arch="x86_64">ntopng 5.5.221116 [Debian 10.8 [x86_64][Debian GNU/Linux 10 (buster)]]</example>
|
|
5024
|
+
<example service.version="5.5.221211" os.version="10.11" os.arch="armv7l">ntopng 5.5.221211 [Debian 10.11 [armv7l][Raspbian GNU/Linux 10 (buster)]]</example>
|
|
5025
|
+
<example service.version="4.3.210624" os.version="9.12" os.arch="x86_64">ntopng 4.3.210624 [Debian 9.12 [x86_64][Debian GNU/Linux 9.12 (stretch)]]</example>
|
|
5026
|
+
<example service.version="3.7.180907" os.version="9.1" os.arch="x86_64">ntopng 3.7.180907 [Debian 9.1 [x86_64][Debian GNU/Linux 9.1 (stretch)]]</example>
|
|
5027
|
+
<example service.version="3.9.200305" os.version="8.11" os.arch="x86_64">ntopng 3.9.200305 [Debian 8.11 [x86_64][Debian GNU/Linux 8.11 (jessie)]]</example>
|
|
5028
|
+
<example service.version="2.5.161119" os.version="7.11" os.arch="i686">ntopng 2.5.161119 [Debian 7.11 [i686][Debian GNU/Linux 7.11 (wheezy)]]</example>
|
|
5029
|
+
<example service.version="3.3.180306" os.version="7.10" os.arch="x86_64">ntopng 3.3.180306 [Debian 7.10 [x86_64][Debian GNU/Linux 7.10 (wheezy)]]</example>
|
|
5030
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5031
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5032
|
+
<param pos="1" name="service.version"/>
|
|
5033
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5034
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
5035
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5036
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5037
|
+
<param pos="2" name="os.version"/>
|
|
5038
|
+
<param pos="3" name="os.arch"/>
|
|
5039
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
|
5040
|
+
</fingerprint>
|
|
5041
|
+
|
|
5042
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian bookworm/sid \[(\w+)\]\[[^\]]*\]\]$">
|
|
5043
|
+
<description>ntopng - web-based network traffic monitoring on Debian 12.0 (bookworm)</description>
|
|
5044
|
+
<example service.version="5.2.220414" os.arch="x86_64">ntopng 5.2.220414 [Debian bookworm/sid [x86_64][]]</example>
|
|
5045
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5046
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5047
|
+
<param pos="1" name="service.version"/>
|
|
5048
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5049
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
5050
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5051
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5052
|
+
<param pos="0" name="os.version" value="12.0"/>
|
|
5053
|
+
<param pos="2" name="os.arch"/>
|
|
5054
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:12.0"/>
|
|
5055
|
+
</fingerprint>
|
|
5056
|
+
|
|
5057
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian bullseye/sid \[(\w+)\]\[[^\]]*\]\]$">
|
|
5058
|
+
<description>ntopng - web-based network traffic monitoring on Debian 11.0 (bullseye)</description>
|
|
5059
|
+
<example service.version="3.8.200814" os.arch="x86_64">ntopng 3.8.200814 [Debian bullseye/sid [x86_64][]]</example>
|
|
5060
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5061
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5062
|
+
<param pos="1" name="service.version"/>
|
|
5063
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5064
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
5065
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5066
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5067
|
+
<param pos="0" name="os.version" value="11.0"/>
|
|
5068
|
+
<param pos="2" name="os.arch"/>
|
|
5069
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:11.0"/>
|
|
5070
|
+
</fingerprint>
|
|
5071
|
+
|
|
5072
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian buster/sid \[(\w+)\]\[[^\]]*\]\]$">
|
|
5073
|
+
<description>ntopng - web-based network traffic monitoring on Debian 10.0 (buster)</description>
|
|
5074
|
+
<example service.version="3.8.190204" os.arch="x86_64">ntopng 3.8.190204 [Debian buster/sid [x86_64][]]</example>
|
|
5075
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5076
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5077
|
+
<param pos="1" name="service.version"/>
|
|
5078
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5079
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
5080
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5081
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5082
|
+
<param pos="0" name="os.version" value="10.0"/>
|
|
5083
|
+
<param pos="2" name="os.arch"/>
|
|
5084
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
|
|
5085
|
+
</fingerprint>
|
|
5086
|
+
|
|
5087
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian stretch/sid \((\w+)\)\]$">
|
|
5088
|
+
<description>ntopng - web-based network traffic monitoring on Debian 9.0 (stretch)</description>
|
|
5089
|
+
<example service.version="2.3.160415" os.arch="x86_64">ntopng 2.3.160415 [Debian stretch/sid (x86_64)]</example>
|
|
5090
|
+
<example service.version="2.3.160415" os.arch="i686">ntopng 2.3.160415 [Debian stretch/sid (i686)]</example>
|
|
5091
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5092
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5093
|
+
<param pos="1" name="service.version"/>
|
|
5094
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5095
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
5096
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5097
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5098
|
+
<param pos="0" name="os.version" value="9.0"/>
|
|
5099
|
+
<param pos="2" name="os.arch"/>
|
|
5100
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
|
|
5101
|
+
</fingerprint>
|
|
5102
|
+
|
|
5103
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian wheezy/sid \((\w+)\)\]$">
|
|
5104
|
+
<description>ntopng - web-based network traffic monitoring on Debian 7.0 (wheezy)</description>
|
|
5105
|
+
<example service.version="2.2.160403" os.arch="x86_64">ntopng 2.2.160403 [Debian wheezy/sid (x86_64)]</example>
|
|
5106
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5107
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5108
|
+
<param pos="1" name="service.version"/>
|
|
5109
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5110
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
5111
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
5112
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
5113
|
+
<param pos="0" name="os.version" value="7.0"/>
|
|
5114
|
+
<param pos="2" name="os.arch"/>
|
|
5115
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
|
|
5116
|
+
</fingerprint>
|
|
5117
|
+
|
|
5118
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[[\w-]+openbsd(\d+(?:\.\d+)*) \[(\w+)\]\[[^\]]*\]\]$">
|
|
5119
|
+
<description>ntopng - web-based network traffic monitoring on OpenBSD</description>
|
|
5120
|
+
<example service.version="3.8.201001" os.version="6.8" os.arch="amd64">ntopng 3.8.201001 [amd64-unknown-openbsd6.8 [amd64][]]</example>
|
|
5121
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5122
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5123
|
+
<param pos="1" name="service.version"/>
|
|
5124
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5125
|
+
<param pos="0" name="os.vendor" value="OpenBSD"/>
|
|
5126
|
+
<param pos="0" name="os.family" value="OpenBSD"/>
|
|
5127
|
+
<param pos="0" name="os.product" value="OpenBSD"/>
|
|
5128
|
+
<param pos="2" name="os.version"/>
|
|
5129
|
+
<param pos="3" name="os.arch"/>
|
|
5130
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:openbsd:openbsd:{os.version}"/>
|
|
5131
|
+
</fingerprint>
|
|
5132
|
+
|
|
5133
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[[^\]]* \[(\w+)\]\[Windows\]\]$">
|
|
5134
|
+
<description>ntopng - web-based network traffic monitoring on Windows</description>
|
|
5135
|
+
<example service.version="5.5.221014" os.arch="x64">ntopng 5.5.221014 [Win64 [x64][Windows]]</example>
|
|
5136
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5137
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5138
|
+
<param pos="1" name="service.version"/>
|
|
5139
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5140
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
5141
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
5142
|
+
<param pos="0" name="os.product" value="Windows"/>
|
|
5143
|
+
<param pos="2" name="os.arch"/>
|
|
5144
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
5145
|
+
</fingerprint>
|
|
5146
|
+
|
|
5147
|
+
<fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \((\w+)\)$">
|
|
5148
|
+
<description>ntopng - web-based network traffic monitoring on unknown OS</description>
|
|
5149
|
+
<example service.version="5.4.220905" os.arch="amd64">ntopng 5.4.220905 (amd64)</example>
|
|
5150
|
+
<param pos="0" name="service.vendor" value="ntop"/>
|
|
5151
|
+
<param pos="0" name="service.product" value="ntopng"/>
|
|
5152
|
+
<param pos="1" name="service.version"/>
|
|
5153
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
|
|
5154
|
+
<param pos="2" name="os.arch"/>
|
|
5155
|
+
</fingerprint>
|
|
5156
|
+
|
|
4905
5157
|
</fingerprints>
|
data/recog/xml/http_wwwauth.xml
CHANGED
|
@@ -143,7 +143,7 @@
|
|
|
143
143
|
|
|
144
144
|
<!-- Hikvision is OEMd by a number of DVR manufacturers -->
|
|
145
145
|
|
|
146
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="
|
|
146
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest) realm="hikvision"">
|
|
147
147
|
<description>Web server found on DVR and webcam servers sourced from Hikvision</description>
|
|
148
148
|
<example>Basic realm="hikvision"</example>
|
|
149
149
|
<param pos="0" name="service.vendor" value="Hikvision"/>
|
|
@@ -701,6 +701,18 @@
|
|
|
701
701
|
<param pos="0" name="service.cpe23" value="cpe:/a:amazon:opensearch:-"/>
|
|
702
702
|
</fingerprint>
|
|
703
703
|
|
|
704
|
+
<fingerprint pattern="(?i)^Basic realm="(Sentry Switched (?:CDU|(?:DC )*PDU))"">
|
|
705
|
+
<description>Server Technology Sentry Switched Device</description>
|
|
706
|
+
<example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Basic realm="Sentry Switched CDU"</example>
|
|
707
|
+
<example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Basic realm="Sentry Switched PDU"</example>
|
|
708
|
+
<example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Basic realm="Sentry Switched DC PDU"</example>
|
|
709
|
+
<param pos="0" name="os.vendor" value="Server Technology"/>
|
|
710
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
|
711
|
+
<param pos="0" name="hw.vendor" value="Server Technology"/>
|
|
712
|
+
<param pos="1" name="hw.product"/>
|
|
713
|
+
<param pos="0" name="hw.device" value="Power Device"/>
|
|
714
|
+
</fingerprint>
|
|
715
|
+
|
|
704
716
|
<!-- a variety of headers we currently just ignore -->
|
|
705
717
|
|
|
706
718
|
<fingerprint pattern="(?i)^NTLM$">
|
data/recog/xml/imap_banners.xml
CHANGED
|
@@ -142,7 +142,6 @@
|
|
|
142
142
|
<example>Dovecot (Debian) ready.</example>
|
|
143
143
|
<example>[CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.</example>
|
|
144
144
|
<param pos="0" name="service.vendor" value="Dovecot"/>
|
|
145
|
-
<param pos="0" name="service.vendor" value="Dovecot"/>
|
|
146
145
|
<param pos="0" name="service.family" value="Dovecot"/>
|
|
147
146
|
<param pos="0" name="service.product" value="Dovecot"/>
|
|
148
147
|
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
|
data/recog/xml/smb_native_os.xml
CHANGED
|
@@ -855,7 +855,7 @@
|
|
|
855
855
|
<param pos="1" name="service.version"/>
|
|
856
856
|
</fingerprint>
|
|
857
857
|
|
|
858
|
-
<fingerprint pattern="
|
|
858
|
+
<fingerprint pattern="(?i)^unix$">
|
|
859
859
|
<description>Generally some Samba variant, which reports Unix</description>
|
|
860
860
|
<example>Unix</example>
|
|
861
861
|
<param pos="0" name="os.family" value="Unix"/>
|
data/recog/xml/smtp_banners.xml
CHANGED
|
@@ -345,7 +345,7 @@
|
|
|
345
345
|
<param pos="1" name="system.time"/>
|
|
346
346
|
</fingerprint>
|
|
347
347
|
|
|
348
|
-
<fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?
|
|
348
|
+
<fingerprint pattern="(?i)^ ?([^, ]{1,512}),? +ESMTP \(?Exim +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
|
|
349
349
|
<description>Exim - with version string and optional timestamp</description>
|
|
350
350
|
<example service.version="4.91" host.name="foo.bar" system.time="Thu, 29 Apr 2021 05:41:36 +400">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
|
|
351
351
|
<example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
|
|
@@ -368,7 +368,7 @@
|
|
|
368
368
|
<param pos="3" name="system.time"/>
|
|
369
369
|
</fingerprint>
|
|
370
370
|
|
|
371
|
-
<fingerprint pattern="^([^, ]{1,512}),? ESMTP
|
|
371
|
+
<fingerprint pattern="(?i)^([^, ]{1,512}),? ESMTP Exim +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
372
372
|
<description>Exim - with digit only version string and optional timestamp</description>
|
|
373
373
|
<example service.version="125302" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:11 -0500">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
|
374
374
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
@@ -381,7 +381,7 @@
|
|
|
381
381
|
<param pos="3" name="system.time"/>
|
|
382
382
|
</fingerprint>
|
|
383
383
|
|
|
384
|
-
<fingerprint pattern="^([^, ]{1,512}),? ESMTP
|
|
384
|
+
<fingerprint pattern="(?i)^([^, ]{1,512}),? ESMTP Exim +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
385
385
|
<description>Exim - with version string and optional timestamp (Ubuntu)</description>
|
|
386
386
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300" host.name="foo.bar">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
|
387
387
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
@@ -398,7 +398,7 @@
|
|
|
398
398
|
<param pos="3" name="system.time"/>
|
|
399
399
|
</fingerprint>
|
|
400
400
|
|
|
401
|
-
<fingerprint pattern="^([^, ]{1,512}),? ESMTP
|
|
401
|
+
<fingerprint pattern="(?i)^([^, ]{1,512}),? ESMTP Exim(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
402
402
|
<description>Exim - without version string and with optional timestamp</description>
|
|
403
403
|
<example host.name="foo.bar">foo.bar ESMTP Exim</example>
|
|
404
404
|
<example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
|
|
@@ -412,7 +412,7 @@
|
|
|
412
412
|
<param pos="2" name="system.time"/>
|
|
413
413
|
</fingerprint>
|
|
414
414
|
|
|
415
|
-
<fingerprint pattern="^ ?ESMTP
|
|
415
|
+
<fingerprint pattern="(?i)^ ?ESMTP Exim (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
416
416
|
<description>Exim - without hostname</description>
|
|
417
417
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
|
|
418
418
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:41:41 +0300"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
|
|
@@ -741,7 +741,7 @@
|
|
|
741
741
|
|
|
742
742
|
<!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
|
|
743
743
|
|
|
744
|
-
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP
|
|
744
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) +E?SMTP MERAK ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
|
745
745
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
|
746
746
|
<example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 20:01:41 +1000">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
|
747
747
|
<example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 12:08:09 +0200">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
|
|
@@ -1080,7 +1080,7 @@
|
|
|
1080
1080
|
<param pos="1" name="host.name"/>
|
|
1081
1081
|
</fingerprint>
|
|
1082
1082
|
|
|
1083
|
-
<fingerprint pattern="^([^ ]{1,512}) ESMTP server \(
|
|
1083
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP server \([Pp]ost\.[Oo]ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
|
|
1084
1084
|
<description>Post.Office</description>
|
|
1085
1085
|
<example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
|
|
1086
1086
|
<example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
|
data/recog/xml/snmp_sysdescr.xml
CHANGED
|
@@ -3772,7 +3772,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
3772
3772
|
|
|
3773
3773
|
<!-- These devices are all some form of device/terminal/serial/console server -->
|
|
3774
3774
|
|
|
3775
|
-
<fingerprint pattern="
|
|
3775
|
+
<fingerprint pattern="(?i)^Lantronix ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
|
|
3776
3776
|
<description>Lantronix terminal server</description>
|
|
3777
3777
|
<example os.product="MSS100" os.family="MSS" os.version="V3.6">Lantronix MSS100 Version V3.6/9(030114)</example>
|
|
3778
3778
|
<example os.product="EDS8PS" os.family="EDS" os.version="4.1.0.2R17">Lantronix EDS8PS V4.1.0.2R17 (03111515KK9H)</example>
|
|
@@ -6264,6 +6264,22 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
6264
6264
|
<param pos="1" name="os.product"/>
|
|
6265
6265
|
</fingerprint>
|
|
6266
6266
|
|
|
6267
|
+
<!--======================================================================
|
|
6268
|
+
Server Technology
|
|
6269
|
+
=======================================================================-->
|
|
6270
|
+
|
|
6271
|
+
<fingerprint pattern="^(Sentry Switched (?:CDU|(?:DC )*PDU))$">
|
|
6272
|
+
<description>Server Technology Sentry Switched Device</description>
|
|
6273
|
+
<example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Sentry Switched CDU</example>
|
|
6274
|
+
<example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Sentry Switched PDU</example>
|
|
6275
|
+
<example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Sentry Switched DC PDU</example>
|
|
6276
|
+
<param pos="0" name="os.vendor" value="Server Technology"/>
|
|
6277
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
|
6278
|
+
<param pos="0" name="hw.vendor" value="Server Technology"/>
|
|
6279
|
+
<param pos="1" name="hw.product"/>
|
|
6280
|
+
<param pos="0" name="hw.device" value="Power Device"/>
|
|
6281
|
+
</fingerprint>
|
|
6282
|
+
|
|
6267
6283
|
<!--======================================================================
|
|
6268
6284
|
SonicWall
|
|
6269
6285
|
=======================================================================-->
|
|
@@ -7489,15 +7505,20 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
7489
7505
|
</fingerprint>
|
|
7490
7506
|
|
|
7491
7507
|
<!--======================================================================
|
|
7492
|
-
|
|
7508
|
+
Zebra
|
|
7493
7509
|
=======================================================================-->
|
|
7494
7510
|
|
|
7495
7511
|
<fingerprint pattern="^ZebraNet PrintServer$">
|
|
7496
|
-
<description>ZebraNet PrintServer</description>
|
|
7512
|
+
<description>Zebra ZebraNet PrintServer</description>
|
|
7497
7513
|
<example>ZebraNet PrintServer</example>
|
|
7498
|
-
<param pos="0" name="os.vendor" value="
|
|
7499
|
-
<param pos="0" name="os.
|
|
7514
|
+
<param pos="0" name="os.vendor" value="Zebra"/>
|
|
7515
|
+
<param pos="0" name="os.family" value="ZebraNet"/>
|
|
7516
|
+
<param pos="0" name="os.product" value="ZebraNet PrintServer Firmware"/>
|
|
7500
7517
|
<param pos="0" name="os.device" value="Print Server"/>
|
|
7518
|
+
<param pos="0" name="hw.vendor" value="Zebra"/>
|
|
7519
|
+
<param pos="0" name="hw.family" value="ZebraNet"/>
|
|
7520
|
+
<param pos="0" name="hw.product" value="ZebraNet PrintServer"/>
|
|
7521
|
+
<param pos="0" name="hw.device" value="Print Server"/>
|
|
7501
7522
|
</fingerprint>
|
|
7502
7523
|
|
|
7503
7524
|
<!--======================================================================
|
data/recog/xml/ssh_banners.xml
CHANGED
|
@@ -1787,7 +1787,7 @@
|
|
|
1787
1787
|
<param pos="1" name="os.version"/>
|
|
1788
1788
|
</fingerprint>
|
|
1789
1789
|
|
|
1790
|
-
<fingerprint pattern="^([\d.]{1,8})[ _]sshlib:?
|
|
1790
|
+
<fingerprint pattern="(?i)^([\d.]{1,8})[ _]sshlib:? GlobalScape$">
|
|
1791
1791
|
<description>GlobalScape SSH (which uses Bitvise sshlib)</description>
|
|
1792
1792
|
<example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
|
|
1793
1793
|
<example service.component.version="1.82">1.82_sshlib Globalscape</example>
|
|
@@ -1953,7 +1953,7 @@
|
|
|
1953
1953
|
<param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
|
|
1954
1954
|
</fingerprint>
|
|
1955
1955
|
|
|
1956
|
-
<fingerprint pattern="^WRQReflection
|
|
1956
|
+
<fingerprint pattern="^WRQReflection[Ff]orSecureIT_(.*)$">
|
|
1957
1957
|
<description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)</description>
|
|
1958
1958
|
<example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
|
|
1959
1959
|
<example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: recog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
|
95
95
|
-----END CERTIFICATE-----
|
|
96
|
-
date:
|
|
96
|
+
date: 2023-03-17 00:00:00.000000000 Z
|
|
97
97
|
dependencies:
|
|
98
98
|
- !ruby/object:Gem::Dependency
|
|
99
99
|
name: rspec
|
metadata.gz.sig
CHANGED
|
Binary file
|