recog 3.0.3 → 3.1.0

data/recog/xml/http_servers.xml

@@ -113,11 +113,11 @@
   -->
 
   <fingerprint pattern="(?i)^cwpsrv$">
-    <description>CentOS Web Panel</description>
+    <description>Control Web Panel (CWP) (formerly CentOS Web Panel) - web hosting control panel web server</description>
     <example>cwpsrv</example>
-    <param pos="0" name="service.vendor" value="CentOS WebPanel"/>
-    <param pos="0" name="service.product" value="CentOS Web Panel"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:centos-webpanel:centos_web_panel:-"/>
+    <param pos="0" name="service.vendor" value="Control Web Panel"/>
+    <param pos="0" name="service.product" value="Control Web Panel"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:control-webpanel:webpanel:-"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
@@ -4902,4 +4902,256 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:crowcpp:crow:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^darkstat/(\d+(?:\.\d+)*)$">
+    <description>darkstat - network statistics gatherer</description>
+    <example service.version="3.0.719">darkstat/3.0.719</example>
+    <param pos="0" name="service.vendor" value="darkstat Project"/>
+    <param pos="0" name="service.product" value="darkstat"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^darkhttpd/(\d+(?:\.\d+)*)(?:\.from\.git)?$">
+    <description>darkhttpd - web server</description>
+    <example service.version="1.12">darkhttpd/1.12</example>
+    <example service.version="1.13">darkhttpd/1.13.from.git</example>
+    <param pos="0" name="service.vendor" value="darkhttpd Project"/>
+    <param pos="0" name="service.product" value="darkhttpd"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:darkhttpd_project:darkhttpd:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ServerTech-AWS/v(\d+(?:\.\d+)*[a-z](?:-[a-z][0-9])*)$">
+    <description>Server Technology Advanced Web Server (AWS)</description>
+    <example service.version="7.1g-b1">ServerTech-AWS/v7.1g-b1</example>
+    <example service.version="8.0x">ServerTech-AWS/v8.0x</example>
+    <param pos="0" name="service.vendor" value="Server Technology"/>
+    <param pos="0" name="service.product" value="Advanced Web Server"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Server Technology"/>
+    <param pos="0" name="hw.vendor" value="Server Technology"/>
+  </fingerprint>
+
+  <!-- ntopng -->
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[(?:FreeBSD |[\w-]+-freebsd)(\d+(?:\.\d+)*)(?:[a-z0-9-])* \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on FreeBSD</description>
+    <example service.version="5.0.220112" os.version="12.3" os.arch="amd64">ntopng 5.0.220112 [FreeBSD 12.3 [amd64][FreeBSD 12.3]]</example>
+    <example service.version="3.8.201001" os.version="11.3" os.arch="amd64">ntopng 3.8.201001 [amd64-unknown-freebsd11.3 [amd64][]]</example>
+    <example service.version="3.4.0" os.version="12.2" os.arch="arm">ntopng 3.4.0 [armv7-unknown-freebsd12.2-gnueabihf [arm][]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
+    <param pos="0" name="os.family" value="FreeBSD"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="2" name="os.version"/>
+    <param pos="3" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[(?:[\w-]+-linux-gnu)? \[(\w+)\]\[CentOS (?:Linux )?release (\d+(?:\.\d+)*)(?: \((?:Core|Final)\)\s*)?\]\]$">
+    <description>ntopng - web-based network traffic monitoring on CentOS</description>
+    <example service.version="3.2.171221" os.version="6.9" os.arch="x86_64">ntopng 3.2.171221 [x86_64-unknown-linux-gnu [x86_64][CentOS release 6.9 (Final)]]</example>
+    <example service.version="3.4.210629" os.version="7.5.1804" os.arch="x86_64">ntopng 3.4.210629 [ [x86_64][CentOS Linux release 7.5.1804 (Core) ]]</example>
+    <example service.version="3.6.181022" os.version="7.5.1804" os.arch="x86_64">ntopng 3.6.181022 [x86_64-unknown-linux-gnu [x86_64][CentOS Linux release 7.5.1804 (Core) ]]</example>
+    <example service.version="4.3.211226" os.version="8.4.2105" os.arch="x86_64">ntopng 4.3.211226 [x86_64-unknown-linux-gnu [x86_64][CentOS Linux release 8.4.2105]]</example>
+    <example service.version="5.4.221110" os.version="7.9.2009" os.arch="x86_64">ntopng 5.4.221110 [x86_64-unknown-linux-gnu [x86_64][CentOS Linux release 7.9.2009 (Core)]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="CentOS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="3" name="os.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[[\w-]+-linux-gnu \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Linux</description>
+    <example service.version="4.2.201125" os.arch="x86_64">ntopng 4.2.201125 [x86_64-unknown-linux-gnu [x86_64][]]</example>
+    <example service.version="3.8.220621" os.arch="i686">ntopng 3.8.220621 [i686-pc-linux-gnu [i686][]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*)\s+\[[\w-]+-linux-gnu \((\w+)\)\]$">
+    <description>ntopng - web-based network traffic monitoring on Linux (older ntopng)</description>
+    <example service.version="2.0.150531" os.arch="x86_64">ntopng 2.0.150531  [x86_64-unknown-linux-gnu (x86_64)]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian [\w/]+ \[(\w+)\]\[Ubuntu (\d+(?:\.\d+)*) LTS\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Ubuntu</description>
+    <example service.version="4.2.210309" os.arch="x86_64" os.version="18.04.5">ntopng 4.2.210309 [Debian buster/sid [x86_64][Ubuntu 18.04.5 LTS]]</example>
+    <example service.version="5.4.220721" os.arch="x86_64" os.version="20.04.4">ntopng 5.4.220721 [Debian bullseye/sid [x86_64][Ubuntu 20.04.4 LTS]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Ubuntu"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="3" name="os.version"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian (\d+(?:\.\d+)*) \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Debian</description>
+    <example service.version="5.4.221124" os.version="11.0" os.arch="x86_64">ntopng 5.4.221124 [Debian 11.0 [x86_64][Debian GNU/Linux 11 (bullseye)]]</example>
+    <example service.version="5.5.220724" os.version="11.1" os.arch="armv7l">ntopng 5.5.220724 [Debian 11.1 [armv7l][Raspbian GNU/Linux 11 (bullseye)]]</example>
+    <example service.version="5.5.221127" os.version="11.4" os.arch="aarch64">ntopng 5.5.221127 [Debian 11.4 [aarch64][Debian GNU/Linux 11 (bullseye)]]</example>
+    <example service.version="4.2.201206" os.version="10.6" os.arch="aarch64">ntopng 4.2.201206 [Debian 10.6 [aarch64][]]</example>
+    <example service.version="5.5.221116" os.version="10.8" os.arch="x86_64">ntopng 5.5.221116 [Debian 10.8 [x86_64][Debian GNU/Linux 10 (buster)]]</example>
+    <example service.version="5.5.221211" os.version="10.11" os.arch="armv7l">ntopng 5.5.221211 [Debian 10.11 [armv7l][Raspbian GNU/Linux 10 (buster)]]</example>
+    <example service.version="4.3.210624" os.version="9.12" os.arch="x86_64">ntopng 4.3.210624 [Debian 9.12 [x86_64][Debian GNU/Linux 9.12 (stretch)]]</example>
+    <example service.version="3.7.180907" os.version="9.1" os.arch="x86_64">ntopng 3.7.180907 [Debian 9.1 [x86_64][Debian GNU/Linux 9.1 (stretch)]]</example>
+    <example service.version="3.9.200305" os.version="8.11" os.arch="x86_64">ntopng 3.9.200305 [Debian 8.11 [x86_64][Debian GNU/Linux 8.11 (jessie)]]</example>
+    <example service.version="2.5.161119" os.version="7.11" os.arch="i686">ntopng 2.5.161119 [Debian 7.11 [i686][Debian GNU/Linux 7.11 (wheezy)]]</example>
+    <example service.version="3.3.180306" os.version="7.10" os.arch="x86_64">ntopng 3.3.180306 [Debian 7.10 [x86_64][Debian GNU/Linux 7.10 (wheezy)]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="2" name="os.version"/>
+    <param pos="3" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian bookworm/sid \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Debian 12.0 (bookworm)</description>
+    <example service.version="5.2.220414" os.arch="x86_64">ntopng 5.2.220414 [Debian bookworm/sid [x86_64][]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="12.0"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:12.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian bullseye/sid \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Debian 11.0 (bullseye)</description>
+    <example service.version="3.8.200814" os.arch="x86_64">ntopng 3.8.200814 [Debian bullseye/sid [x86_64][]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="11.0"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:11.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian buster/sid \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Debian 10.0 (buster)</description>
+    <example service.version="3.8.190204" os.arch="x86_64">ntopng 3.8.190204 [Debian buster/sid [x86_64][]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="10.0"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian stretch/sid \((\w+)\)\]$">
+    <description>ntopng - web-based network traffic monitoring on Debian 9.0 (stretch)</description>
+    <example service.version="2.3.160415" os.arch="x86_64">ntopng 2.3.160415 [Debian stretch/sid (x86_64)]</example>
+    <example service.version="2.3.160415" os.arch="i686">ntopng 2.3.160415 [Debian stretch/sid (i686)]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="9.0"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[Debian wheezy/sid \((\w+)\)\]$">
+    <description>ntopng - web-based network traffic monitoring on Debian 7.0 (wheezy)</description>
+    <example service.version="2.2.160403" os.arch="x86_64">ntopng 2.2.160403 [Debian wheezy/sid (x86_64)]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="7.0"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[[\w-]+openbsd(\d+(?:\.\d+)*) \[(\w+)\]\[[^\]]*\]\]$">
+    <description>ntopng - web-based network traffic monitoring on OpenBSD</description>
+    <example service.version="3.8.201001" os.version="6.8" os.arch="amd64">ntopng 3.8.201001 [amd64-unknown-openbsd6.8 [amd64][]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="OpenBSD"/>
+    <param pos="0" name="os.family" value="OpenBSD"/>
+    <param pos="0" name="os.product" value="OpenBSD"/>
+    <param pos="2" name="os.version"/>
+    <param pos="3" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:openbsd:openbsd:{os.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \[[^\]]* \[(\w+)\]\[Windows\]\]$">
+    <description>ntopng - web-based network traffic monitoring on Windows</description>
+    <example service.version="5.5.221014" os.arch="x64">ntopng 5.5.221014 [Win64 [x64][Windows]]</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ntopng (\d+(?:\.\d+)*) \((\w+)\)$">
+    <description>ntopng - web-based network traffic monitoring on unknown OS</description>
+    <example service.version="5.4.220905" os.arch="amd64">ntopng 5.4.220905 (amd64)</example>
+    <param pos="0" name="service.vendor" value="ntop"/>
+    <param pos="0" name="service.product" value="ntopng"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ntop:ntopng:{service.version}"/>
+    <param pos="2" name="os.arch"/>
+  </fingerprint>
+
 </fingerprints>

data/recog/xml/http_wwwauth.xml

@@ -143,7 +143,7 @@
 
   <!-- Hikvision is OEMd by a number of DVR manufacturers -->
 
-  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?i:hikvision)&quot;">
+  <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;hikvision&quot;">
     <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
     <example>Basic realm="hikvision"</example>
     <param pos="0" name="service.vendor" value="Hikvision"/>
@@ -701,6 +701,18 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:amazon:opensearch:-"/>
   </fingerprint>
 
+  <fingerprint pattern="(?i)^Basic realm=&quot;(Sentry Switched (?:CDU|(?:DC )*PDU))&quot;">
+    <description>Server Technology Sentry Switched Device</description>
+    <example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Basic realm="Sentry Switched CDU"</example>
+    <example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Basic realm="Sentry Switched PDU"</example>
+    <example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Basic realm="Sentry Switched DC PDU"</example>
+    <param pos="0" name="os.vendor" value="Server Technology"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="0" name="hw.vendor" value="Server Technology"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Power Device"/>
+  </fingerprint>
+
   <!-- a variety of headers we currently just ignore -->
 
   <fingerprint pattern="(?i)^NTLM$">

data/recog/xml/imap_banners.xml

@@ -142,7 +142,6 @@
     <example>Dovecot (Debian) ready.</example>
     <example>[CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.</example>
     <param pos="0" name="service.vendor" value="Dovecot"/>
-    <param pos="0" name="service.vendor" value="Dovecot"/>
     <param pos="0" name="service.family" value="Dovecot"/>
     <param pos="0" name="service.product" value="Dovecot"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>

data/recog/xml/smb_native_os.xml

@@ -855,7 +855,7 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?i:unix)$">
+  <fingerprint pattern="(?i)^unix$">
     <description>Generally some Samba variant, which reports Unix</description>
     <example>Unix</example>
     <param pos="0" name="os.family" value="Unix"/>

data/recog/xml/smtp_banners.xml

@@ -345,7 +345,7 @@
     <param pos="1" name="system.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
+  <fingerprint pattern="(?i)^ ?([^, ]{1,512}),? +ESMTP \(?Exim +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
     <description>Exim - with version string and optional timestamp</description>
     <example service.version="4.91" host.name="foo.bar" system.time="Thu, 29 Apr 2021 05:41:36 +400">foo.bar  ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
     <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
@@ -368,7 +368,7 @@
     <param pos="3" name="system.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
+  <fingerprint pattern="(?i)^([^, ]{1,512}),? ESMTP Exim +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
     <description>Exim - with digit only version string and optional timestamp</description>
     <example service.version="125302" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:11 -0500">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
     <param pos="0" name="service.vendor" value="exim"/>
@@ -381,7 +381,7 @@
     <param pos="3" name="system.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
+  <fingerprint pattern="(?i)^([^, ]{1,512}),? ESMTP Exim +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
     <description>Exim - with version string and optional timestamp (Ubuntu)</description>
     <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300" host.name="foo.bar">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
     <param pos="0" name="os.vendor" value="Ubuntu"/>
@@ -398,7 +398,7 @@
     <param pos="3" name="system.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
+  <fingerprint pattern="(?i)^([^, ]{1,512}),? ESMTP Exim(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
     <description>Exim - without version string and with optional timestamp</description>
     <example host.name="foo.bar">foo.bar ESMTP Exim</example>
     <example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
@@ -412,7 +412,7 @@
     <param pos="2" name="system.time"/>
   </fingerprint>
 
-  <fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
+  <fingerprint pattern="(?i)^ ?ESMTP Exim (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
     <description>Exim - without hostname</description>
     <example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
     <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:41:41 +0300"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
@@ -741,7 +741,7 @@
 
   <!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
 
-  <fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
+  <fingerprint pattern="(?i)^([^ ]{1,512}) +E?SMTP MERAK ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
     <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
     <example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 20:01:41 +1000">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
     <example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 12:08:09 +0200">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
@@ -1080,7 +1080,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
 
-  <fingerprint pattern="^([^ ]{1,512}) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
+  <fingerprint pattern="^([^ ]{1,512}) ESMTP server \([Pp]ost\.[Oo]ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
     <description>Post.Office</description>
     <example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
     <example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>

data/recog/xml/snmp_sysdescr.xml

@@ -3772,7 +3772,7 @@ Copyright (c) 1995-2005 by Cisco Systems
 
   <!-- These devices are all some form of device/terminal/serial/console server -->
 
-  <fingerprint pattern="^(?i:Lantronix) ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
+  <fingerprint pattern="(?i)^Lantronix ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
     <description>Lantronix terminal server</description>
     <example os.product="MSS100" os.family="MSS" os.version="V3.6">Lantronix MSS100 Version V3.6/9(030114)</example>
     <example os.product="EDS8PS" os.family="EDS" os.version="4.1.0.2R17">Lantronix EDS8PS V4.1.0.2R17 (03111515KK9H)</example>
@@ -6264,6 +6264,22 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="1" name="os.product"/>
   </fingerprint>
 
+  <!--======================================================================
+                               Server Technology
+   =======================================================================-->
+
+  <fingerprint pattern="^(Sentry Switched (?:CDU|(?:DC )*PDU))$">
+    <description>Server Technology Sentry Switched Device</description>
+    <example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Sentry Switched CDU</example>
+    <example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Sentry Switched PDU</example>
+    <example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Sentry Switched DC PDU</example>
+    <param pos="0" name="os.vendor" value="Server Technology"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="0" name="hw.vendor" value="Server Technology"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Power Device"/>
+  </fingerprint>
+
   <!--======================================================================
                               SonicWall
    =======================================================================-->
@@ -7489,15 +7505,20 @@ Copyright (c) 1995-2005 by Cisco Systems
   </fingerprint>
 
   <!--======================================================================
-                              ZEBRANET
+                              Zebra
    =======================================================================-->
 
   <fingerprint pattern="^ZebraNet PrintServer$">
-    <description>ZebraNet PrintServer</description>
+    <description>Zebra ZebraNet PrintServer</description>
     <example>ZebraNet PrintServer</example>
-    <param pos="0" name="os.vendor" value="ZebraNet"/>
-    <param pos="0" name="os.product" value="PrintServer"/>
+    <param pos="0" name="os.vendor" value="Zebra"/>
+    <param pos="0" name="os.family" value="ZebraNet"/>
+    <param pos="0" name="os.product" value="ZebraNet PrintServer Firmware"/>
     <param pos="0" name="os.device" value="Print Server"/>
+    <param pos="0" name="hw.vendor" value="Zebra"/>
+    <param pos="0" name="hw.family" value="ZebraNet"/>
+    <param pos="0" name="hw.product" value="ZebraNet PrintServer"/>
+    <param pos="0" name="hw.device" value="Print Server"/>
   </fingerprint>
 
   <!--======================================================================

data/recog/xml/ssh_banners.xml

@@ -1787,7 +1787,7 @@
     <param pos="1" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^([\d.]{1,8})[ _]sshlib:? (?i:GlobalScape)$">
+  <fingerprint pattern="(?i)^([\d.]{1,8})[ _]sshlib:? GlobalScape$">
     <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
     <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
     <example service.component.version="1.82">1.82_sshlib Globalscape</example>
@@ -1953,7 +1953,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^WRQReflection(?i:F)orSecureIT_(.*)$">
+  <fingerprint pattern="^WRQReflection[Ff]orSecureIT_(.*)$">
     <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)</description>
     <example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
     <example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.1.0
 platform: ruby
 authors:
 - Rapid7 Research
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-10-20 00:00:00.000000000 Z
+date: 2023-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec