recog 1.0.3 → 1.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1068e270c672aa9dd8c71a5e8fb476c14cacf85a
-  data.tar.gz: f07af0de32f1d6472e2c9e965dc959ea9e65f6e4
+  metadata.gz: 796c259c3ef2b6768e453d45c6eafecea0d3307e
+  data.tar.gz: 18619b2bc105b2c9f8a607aa42b8a74cd2226416
 SHA512:
-  metadata.gz: 8c10dd6f2c687f34097cd0d437fccd5f72d68b944203d532b7cd2cde8eac463bf192e7a6e776ba6d73dfeedda33c9fe2dde7bb98622ddf4b1278c3a4d2de9a0f
-  data.tar.gz: d36667a29f1920331406a429925fa79043288ae5807fd18397164fed0e783e0c4aa80754c5e8bfdb55da99de22ca3f3667d9e9957c3664760a2324749d6c10e2
+  metadata.gz: 262b8c5243d2700fef9809eac70e68400fb4a40a21f305e9ada37eb48faf2fe2189127d27904b8ea3f1d416c5c786adf1f2604735ed81d42be59f64710ad9316
+  data.tar.gz: 4cbfa966c8268210113965387576182ea7aa4a98267af5bac81b9194db89fac554882a6421b37f2c96cde466b0589ed2165fd9faf9228421214bb49834fb6a5e

data/bin/recog_verify.rb

@@ -9,7 +9,7 @@ require 'recog/verifier_factory'
 options = OpenStruct.new(color: false, detail: false)
 
 option_parser = OptionParser.new do |opts|
-  opts.banner = "Usage: #{$0} [options] XML_FINGERPRINTS_FILE"
+  opts.banner = "Usage: #{$0} [options] XML_FINGERPRINT_FILE1 ..."
   opts.separator "Verifies that each fingerprint passes its internal tests."
   opts.separator ""
   opts.separator "Options"
@@ -34,12 +34,15 @@ option_parser = OptionParser.new do |opts|
 end
 option_parser.parse!(ARGV)
 
-if ARGV.count != 1
+if ARGV.empty?
+  $stderr.puts 'Missing XML fingerprint files'
   puts option_parser
-  exit
+  exit(1)
 end
 
-ndb = Recog::DB.new(ARGV.shift)
-options.fingerprints = ndb.fingerprints
-verifier = Recog::VerifierFactory.build(options)
-verifier.verify_tests
+ARGV.each do |file|
+  ndb = Recog::DB.new(file)
+  options.fingerprints = ndb.fingerprints
+  verifier = Recog::VerifierFactory.build(options)
+  verifier.verify_tests
+end

data/lib/recog/fingerprint.rb

@@ -45,13 +45,36 @@ class Fingerprint
     match_data = @regex.match(match_string)
     return if match_data.nil?
 
+    # sanity check any positional extractions
+    positions = @params.values.map(&:first).map(&:to_i)
+    captures_size = match_data.captures.size
+    if @params.empty? && captures_size > 0
+      raise "Non-asserting fingerprint with regex #{@regex} captures #{captures_size} time(s); 0 are needed"
+    else
+      if captures_size > 0
+        max_pos = positions.max
+        # if it is actually looking to extract, ensure that there is enough to extract
+        if max_pos > 0 && captures_size < max_pos
+          raise "Regex #{@regex} only has #{captures_size} captures; cannot extract from position #{max_pos}"
+        end
+        # if there is not extraction but capturing is happening, fail since this is a waste
+        if captures_size > max_pos
+          raise "Regex #{@regex} captures #{captures_size - max_pos} too many (#{captures_size} vs #{max_pos})"
+        end
+      end
+    end
+
+    # now do extraction
     result = { 'matched' => @name }
     @params.each_pair do |k,v|
-      if v[0] == 0
+      pos = v[0]
+      if pos == 0
         # A match offset of 0 means this param has a hardcoded value
         result[k] = v[1]
       else
-        result[k] = match_data[ v[0] ]
+        # A match offset other than 0 means the value should come from
+        # the corresponding match result index
+        result[k] = match_data[ pos ]
       end
     end
     return result
@@ -105,7 +128,7 @@ class Fingerprint
   # @return [String] Contents of the source XML's `description` tag
   def parse_description(xml)
     element = xml.xpath('description')
-    element.empty? ? '' : element.first.content
+    element.empty? ? '' : element.first.content.gsub(/[\r\n]+/, ' ').gsub(/\s{3,}/, '  ').strip
   end
 
   # @param xml [Nokogiri::XML::Element]

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = "1.0.3"
+  VERSION = "1.0.4"
 end

data/spec/lib/fingerprint_self_test_spec.rb

@@ -17,16 +17,11 @@ describe Recog::DB do
 
         context "#{fp.regex}" do
 
-          if fp.name.nil? || fp.name.empty?
-            skip "has a name"
+          it "has a name" do
+            expect(fp.name).not_to be_nil
+            expect(fp.name).not_to be_empty
           end
 
-          # Not yet enforced
-          # it "has a name" do
-          #   expect(fp.name).not_to be_nil
-          #   expect(fp.name).not_to be_empty
-          # end
-
           it "has a regex" do
             expect(fp.regex).not_to be_nil
             expect(fp.regex.class).to be ::Regexp

data/xml/ftp_banners.xml

@@ -268,7 +268,7 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(:? \S+)?$">
+  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
     <example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
     <example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
     <example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
@@ -304,6 +304,7 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.family" value="Firewall-1"/>
     <param pos="0" name="os.product" value="Firewall-1"/>
+    <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^Blue Coat FTP Service$">
     <example>Blue Coat FTP Service</example>
@@ -355,6 +356,7 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.vendor" value="D-Link"/>
     <param pos="0" name="os.product" value="DCS-2100"/>
     <param pos="0" name="os.device" value="Web cam"/>
+    <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^Secure Gateway FTP server ready\.$">
     <example>Secure Gateway FTP server ready.</example>
@@ -372,8 +374,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="os.product"/>
     <param pos="0" name="os.device" value="Storage"/>
   </fingerprint>
-  <fingerprint pattern="^AXIS (\S+) (?:Network( Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
-    <example>Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
+  <fingerprint pattern="^AXIS (\S+) (?:Network(?: Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
+    <example os.product="2100" os.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
     <example>AXIS 207 Network Camera 4.40.1 (Apr 16 2007) ready.</example>
     <example>AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
     <description>Axis Network Camera</description>
@@ -556,6 +558,7 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.family" value="LinkCom Xpress"/>
     <param pos="0" name="os.device" value="Print server"/>
     <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
     <description>MPI Technologies Linkcom Express FTP Server</description>

data/xml/http_servers.xml

@@ -1728,7 +1728,7 @@
       <param pos="1" name="service.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(-LE-jdk14)? \(HTTP/1.1 Connector\)$">
+   <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
       <example>Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
       <example>Apache Tomcat/4.1.12 (HTTP/1.1 Connector)</example>
       <example>Apache Tomcat/4.1.27-LE-jdk14 (HTTP/1.1 Connector)</example>
@@ -2009,6 +2009,7 @@
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="OS/400"/>
       <param pos="0" name="os.product" value="OS/400"/>
+      <param pos="1" name="os.version"/>
    </fingerprint>
 
    <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
@@ -2116,7 +2117,7 @@
       <param pos="1" name="service.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(\d\.[\d_]+)$">
+   <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
       <example>Sun-Java-System-Web-Server/7.0</example>
       <example>Sun-ONE-Web-Server/6.1</example>
       <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web
@@ -2174,7 +2175,7 @@
       <param pos="1" name="service.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(4\.\d+)$">
+   <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(?:4\.\d+)$">
      <!-- Some 4.x versions only return a partial version number (4.x instead of 4.x.x). -->
       <example>Sun-Java-System-Web-Proxy-Server/4.0</example>
       <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server,
@@ -2185,7 +2186,7 @@
       <!-- don't specify the version as it is only partially known -->
    </fingerprint>
 
-   <fingerprint pattern="^Sun-ILOM-Web-Server/(\d\.[\d._]+)$">
+   <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
       <example>Sun-ILOM-Web-Server/1.0</example>
       <description>Sun Integrated Lights Out Manager (ILOM) usually
       bundled with Sun Fire servers</description>
@@ -2322,7 +2323,7 @@
       <param pos="0" name="service.family" value="Lotus Domino"/>
    </fingerprint>
 
-   <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(.*)$">
+   <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
       <example>Lotus-Domino/5.0.8</example>
       <example>Lotus-Domino/Release-4.6.7(Intl)</example>
       <description>IBM Lotus Notes/Domino with version info</description>
@@ -2332,7 +2333,7 @@
       <param pos="1" name="service.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(\s+SP\d+)?)\s+.*$">
+   <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
       <example>WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
       <example>WebLogic Server 7.0 SP4 Tue Aug 12 11:22:26 PDT 2003</example>
       <example>WebLogic WebLogic Server 6.1 SP4  11/08/2002 21:50:43 #221641</example>
@@ -2379,7 +2380,7 @@
       <param pos="0" name="os.product" value="Windows"/>
    </fingerprint>
 
-   <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(\d\.[\d.]+)$">
+   <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
       <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
       <example>Abyss/2.3.2-X1-Win32 AbyssLib/2.3.2</example>
       <description>Aprelium Technologies Abyss Web Server X1
@@ -2608,6 +2609,7 @@
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.product" value="JetDirect"/>
       <param pos="0" name="service.family" value="JetDirect"/>
+      <param pos="1" name="service.version"/>
       <param pos="0" name="os.vendor" value="HP"/>
       <param pos="0" name="os.device" value="Printer"/>
       <param pos="0" name="os.family" value="JetDirect"/>
@@ -2794,6 +2796,7 @@
       <param pos="0" name="os.family" value="Raptor"/>
       <param pos="0" name="os.device" value="Firewall"/>
       <param pos="0" name="os.product" value="Raptor"/>
+      <param pos="1" name="os.version"/>
    </fingerprint>
 
    <fingerprint pattern="^NS_(\d\.\d)$">
@@ -2873,7 +2876,7 @@
       <param pos="0" name="os.product" value="Linux"/>
    </fingerprint>
 
-   <fingerprint pattern="^RealVNC/(\S+)$">
+   <fingerprint pattern="^RealVNC/(?:\S+)$">
       <description>RealVNC built-in webserver</description>
       <example>RealVNC/4.0</example>
       <param pos="0" name="service.vendor" value="RealVNC Ltd."/>
@@ -3266,7 +3269,7 @@
    </fingerprint>
 
    <!-- Hikvision is OEMd by a number of DVR manufacturers -->
-    <fingerprint pattern="^(Hikvision|DVRDVS)-Webs$">
+    <fingerprint pattern="^(?:Hikvision|DVRDVS)-Webs$">
       <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
       <example>Hikvision-Webs</example>
       <example>DVRDVS-Webs</example>
@@ -3282,6 +3285,7 @@
       <example>NET-DK 1.1</example>
       <param pos="0" name="service.vendor" value="ARRIS"/>
       <param pos="0" name="service.product" value="Net-DK Web Server"/>
+      <param pos="1" name="service.version"/>
       <param pos="0" name="os.vendor" value="ARRIS"/>
       <param pos="0" name="os.device" value="Cable Modem"/>
    </fingerprint>
@@ -3302,7 +3306,7 @@
          assert nothing.</description>
    </fingerprint>
 
-   <fingerprint pattern="^Web-Server/((?:\d+\.)+\d+)$">
+   <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
       <example>Web-Server/3.0</example>
       <!-- Hard to be sure with such a generic name, but I
            suspect this server has been obfuscated. -->

data/xml/ntp_banners.xml

@@ -139,7 +139,7 @@ NTP "banners", taken from a readvar response
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?6\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on Mac OSX 10.2/Jaguar</description>
-    <example service.version="4.1.1@1.786" os.version="10.2" os.version.version="8">
+    <example service.version="4.1.1@1.786" os.version.version="8">
       version="ntpd 4.1.1@1.786 Tue Nov 12 09:30:41 PST 2002 (1)", processor="Power Macintosh", system="Darwin6.8",
     </example>
     <param pos="0" name="service.family" value="NTP"/>
@@ -224,7 +224,7 @@ NTP "banners", taken from a readvar response
   </fingerprint>
   <fingerprint pattern="^.*processor=&quot;([^&quot;]+)&quot;.*system=&quot;BSD/OS([\d.]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>BSD/OS with a version and arch</description>
-    <example os.arch="i386" os.product="BSD/OS" os.version="4.3.1">
+    <example os.arch="i386" os.version="4.3.1">
       processor="i386", system="BSD/OS4.3.1", leap=0, stratum=2
     </example>
     <param pos="0" name="os.vendor" value="Berkeley Software Design Inc."/>
@@ -418,6 +418,7 @@ NTP "banners", taken from a readvar response
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Solaris"/>
     <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="1" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;JUNOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on Juniper/Netscreen JunOS</description>
@@ -436,14 +437,14 @@ NTP "banners", taken from a readvar response
   </fingerprint>
   <fingerprint pattern="processor=&quot;([^ ]+)&quot;,.*system=&quot;JUNOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>Juniper/Netscreen JunOS NTP without a version</description>
-    <example>processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
-    <example>processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
-    <example>processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
+    <example os.arch="i386" os.version="7.0R2.7">processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
+    <example os.arch="i386" os.version="6.4R1.6">processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
+    <example os.arch="i386" os.version="5.5R2.3">processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
     <param pos="0" name="os.vendor" value="Juniper"/>
     <param pos="0" name="os.family" value="Junos"/>
     <param pos="0" name="os.product" value="Junos OS"/>
-    <param pos="2" name="os.arch"/>
-    <param pos="3" name="os.version"/>
+    <param pos="1" name="os.arch"/>
+    <param pos="2" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Windows/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on Windows</description>
@@ -640,7 +641,7 @@ NTP "banners", taken from a readvar response
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="0" name="os.arch" value="i386"/>
   </fingerprint>
-  <fingerprint pattern="system=&quot;UNIX/(Unixware([^ ]+))&quot;" flags="REG_ICASE">
+  <fingerprint pattern="system=&quot;UNIX/Unixware([^ ]+)&quot;" flags="REG_ICASE">
     <description>SCO Unixware NTP</description>
     <example>
       system="UNIX/Unixware2", leap=3, stratum=16, rootdelay=0.00,
@@ -652,7 +653,7 @@ NTP "banners", taken from a readvar response
     <param pos="0" name="os.vendor" value="SCO"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^.*processor=&quot;([^&quot;]+)&quot;, system=&quot;SCO_SV([\d\.]+)&quot;" flags="REG_ICASE">
+  <fingerprint pattern="^.*processor=&quot;([^&quot;]+)&quot;, system=&quot;SCO_SV([\d\.]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>SCO Unixware NTP</description>
     <example os.version="3.2" os.arch="i386">
       processor="i386", system="SCO_SV3.2", leap=0, stratum=2, precision=-18

data/xml/rsh_resp.xml

@@ -75,7 +75,7 @@ Rservices responses to requests are matched against these patterns to fingerprin
       <param pos="0" name="os.product" value="AIX"/>
    </fingerprint>
 
-   <fingerprint pattern="^.remshd: (getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
+   <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
       <example>xremshd: getservbyname
       </example>
       <example>xremshd: Kerberos Authentication not enabled.

data/xml/smb_native_os.xml

@@ -14,7 +14,7 @@
       <param pos="1" name="os.product"/>
    </fingerprint>
 
-   <fingerprint pattern="^(Windows (95|98|ME))$">
+   <fingerprint pattern="^(Windows (?:95|98|ME))$">
       <description>Windows 95/98/ME</description>
       <example os.product="Windows 95">Windows 95</example>
       <example os.product="Windows 98">Windows 98</example>

data/xml/smtp_expn.xml

@@ -38,8 +38,7 @@ See comment at the top of smtp_banners.xml for additional info.
    </fingerprint>
 
    <fingerprint pattern="^500[ -]Don't you wish! *$">
-      <description>
-      </description>
+     <description>GNAT box SMTP</description>
       <param pos="0" name="service.vendor" value="Global Technology Associates"/>
       <param pos="0" name="service.family" value="GNAT Box"/>
       <param pos="0" name="service.product" value="GNAT Box"/>

data/xml/smtp_mailfrom.xml

@@ -5,18 +5,15 @@ This file is currently unused.
 
 <fingerprints>
    <fingerprint pattern="250 .* is syntactically correct *">
-      <description>
-         Exim
-         example: 250 &lt;nosuchuser@rapid7.com&gt; is syntactically correct
-      </description>
+     <description>exim</description>
+     <example>250 &lt;nosuchuser@rapid7.com&gt; is syntactically correct</example>
       <param pos="0" name="service.vendor" value="exim"/>
       <param pos="0" name="service.family" value="exim"/>
       <param pos="0" name="service.product" value="exim"/>
    </fingerprint>
 
    <fingerprint pattern="501[ -]System error\. *">
-      <description>
-      </description>
+     <description>GNAT Box SMTP</description>
       <param pos="0" name="service.vendor" value="Global Technology Associates"/>
       <param pos="0" name="service.family" value="GNAT Box"/>
       <param pos="0" name="service.product" value="GNAT Box"/>

data/xml/snmp_sysdescr.xml

@@ -41,9 +41,9 @@
       <param pos="2" name="os.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^3COM: (AP\S+): .*11.*Access Point, Software v(\S+), Bootrom v(\S+), Hardware (\S+)$">
+   <fingerprint pattern="^3COM: (AP\S+): .*11.*Access Point, Software v(\S+), Bootrom v\S+, Hardware \S+$">
       <description>3COM WAP</description>
-      <example>3COM: AP8760: Dual Radio 11a/b/g Access Point, Software v2.1.13b05_sh, Bootrom v1.2.1, Hardware R02</example>
+      <example os.product="AP8760" os.version="2.1.13b05_sh">3COM: AP8760: Dual Radio 11a/b/g Access Point, Software v2.1.13b05_sh, Bootrom v1.2.1, Hardware R02</example>
       <param pos="0" name="os.vendor" value="3Com"/>
       <param pos="0" name="os.family" value="Access Point"/>
       <param pos="0" name="os.device" value="WAP"/>
@@ -411,7 +411,7 @@
       <param pos="2" name="os.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^3Com (.*Switch.*) \d+-Port.*Software Version (\d\..*(Release|Feature).*)$">
+   <fingerprint pattern="^3Com (.*Switch.*) \d+-Port.*Software Version (\d\..*(?:Release|Feature).*)$">
       <description>3COM Switch</description>
       <example>3Com Switch 4210 18-Port Software Version 3.10 Release 2212P01</example>
       <example>3Com Switch 4210 26-Port Software Version 3.10 Release 2212</example>
@@ -461,7 +461,7 @@
                               ADTRAN
    =======================================================================-->
 
-   <fingerprint pattern="^ADTRAN (MX\d+( \S+)?( \S+)?)$" flags="REG_ICASE">
+   <fingerprint pattern="^ADTRAN (MX\d+(?: \S+)?(?: \S+)?)$" flags="REG_ICASE">
       <description>ADTRAN Multiplexer</description>
       <example>ADTRAN MX2820 Multiplexer</example>
       <example>ADTRAN MX2800 DS3 Multiplexer</example>
@@ -492,13 +492,11 @@
       <param pos="1"  name="os.product"/>
    </fingerprint>
 
-   <fingerprint pattern="^ADTRAN (TA\S+( \S+)?( \S+)?)$" flags="REG_ICASE">
+   <fingerprint pattern="^ADTRAN (TA\S+(?: \S+)?(?: \S+)?)$" flags="REG_ICASE">
       <description>ADTRAN TotalAccess</description>
-      <example>ADTRAN TA1448S-CE</example>
-      <example>Adtran TA1124</example>
-      <example>Adtran TA1148</example>
-      <example>Adtran TA1224</example>
-      <example>Adtran TA1248</example>
+      <example os.product="TA1448S-CE">ADTRAN TA1448S-CE</example>
+      <example os.product="TA1124">Adtran TA1124</example>
+      <example os.product="TA1148">Adtran TA1148</example>
       <param pos="0"  name="os.device"   value="Media Gateway"/>
       <param pos="0"  name="os.vendor"   value="ADTRAN"/>
       <param pos="0"  name="os.family"   value="Total Access"/>
@@ -710,7 +708,7 @@
 
    <fingerprint pattern="^Apple Base Station V([^\s]+) Compatible$">
       <description>Apple Airport base station</description>
-      <example>Apple Base Station V3.84 Compatible</example>
+      <example os.version="3.84">Apple Base Station V3.84 Compatible</example>
       <param pos="0" name="os.vendor" value="Apple"/>
       <param pos="0" name="os.family" value="Airport"/>
       <param pos="0" name="os.product" value="Base Station"/>
@@ -718,7 +716,7 @@
       <param pos="1" name="os.version"/>
     </fingerprint>
 
-   <fingerprint pattern="^Apple AirPort - Apple (Inc\.|Computer).*$">
+   <fingerprint pattern="^Apple AirPort - Apple (?:Inc\.|Computer).*$">
       <description>Apple Airport Extreme</description>
       <example>Apple AirPort - Apple Inc., 2006-2009. All rights Reserved.</example>
       <example>Apple AirPort - Apple Computer, 2006. All rights Reserved</example>
@@ -1108,6 +1106,7 @@
       <param pos="0" name="os.vendor" value="Brother"/>
       <param pos="0" name="os.product" value="Unknown"/>
       <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.version"/>
    </fingerprint>
 
    <fingerprint pattern="^Brother (NC-\d+\S+),\s*Firmware Ver\.\s?([^\s,]+).*">
@@ -1254,7 +1253,7 @@
                               CANON
    =======================================================================-->
 
-   <fingerprint pattern="^Canon (iR ?\S+( [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
+   <fingerprint pattern="^Canon (iR ?\S+(?: [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
       <description>Canon iR multifunction device</description>
       <example>Canon iR C3220-C1 /P</example>
       <example>Canon iR105PLUS-M3 /P</example>
@@ -1283,7 +1282,7 @@
       <param pos="1" name="os.product"/>
    </fingerprint>
 
-   <fingerprint pattern="^Canon (iPR ?\S+( [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
+   <fingerprint pattern="^Canon (iPR ?\S+(?: [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
       <description>Canon iPR multifunction device</description>
       <example>Canon iPR C1 /P</example>
       <example>Canon iPR C1-Q1 /P</example>
@@ -1494,6 +1493,7 @@
       <param pos="0" name="os.device" value="Switch"/>
       <param pos="0" name="os.family" value="Packet-Optical"/>
       <param pos="1" name="os.product"/>
+      <param pos="2" name="os.version"/>
    </fingerprint>
 
 
@@ -1828,7 +1828,7 @@ Copyright (c) 1995-2005 by Cisco Systems
    </fingerprint>
 
 
-   <fingerprint pattern="^Datamax (Printer|.*Print Server).*$">
+   <fingerprint pattern="^Datamax (?:Printer|.*Print Server).*$">
       <description>Datamax printer</description>
       <example>Datamax DMXrfNet Print Server compatible with an HP JETDIRECT EX</example>
       <example>Datamax Printer</example>
@@ -1916,7 +1916,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="2" name="os.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^Dell (\S+)(?: Mono)? Laser Printer(?:;| version) (\S+);?.*$">
+   <fingerprint pattern="^Dell (\S+)(?: Mono)? Laser Printer(?:;| version) \S+;?.*$">
       <description>Dell Laser Printer</description>
       <example>Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1</example>
       <example>Dell 2350dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1</example>
@@ -2223,7 +2223,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="1" name="os.product"/>
    </fingerprint>
 
-   <fingerprint pattern="^EPSON (Internal .* Scanning Card|Network Image Express|Network Scanning Box)$">
+   <fingerprint pattern="^EPSON (?:Internal .* Scanning Card|Network Image Express|Network Scanning Box)$">
       <description>Epson Network Scanner</description>
       <example>EPSON Internal 10Base-T/100Base-TX Scanning Card</example>
       <example>EPSON Network Image Express</example>
@@ -2233,7 +2233,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.product" value="Network Scanner"/>
    </fingerprint>
 
-   <fingerprint pattern="^EPSON UIB (\S+) Ethernet Interface Card$">
+   <fingerprint pattern="^EPSON UIB \S+ Ethernet Interface Card$">
       <description>Epson Network Printer</description>
       <example>EPSON UIB 10/100Base-T Ethernet Interface Card</example>
       <example>EPSON UIB 10Base Ethernet Interface Card</example>
@@ -2410,7 +2410,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="2" name="os.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^Foundry AP: (\S+) v(\S+)$">
+   <fingerprint pattern="^Foundry AP: \S+ v(\S+)$">
       <description>Foundry Networks APs</description>
       <example>Foundry AP: 01.03.04Tw8 v2.0.0</example>
       <example>Foundry AP: 01.03.05Tw8 v3.0.4</example>
@@ -2576,12 +2576,9 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="2" name="os.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^(\S+) (.*?) (HP|Compaq) Tru64 UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
+   <fingerprint pattern="^(\S+) (.*?) (?:HP|Compaq) Tru64 UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
       <description>Digital/Compaq/HP Tru64 Unix</description>
-      <example>was1 AlphaServer DS10 466 MHz Compaq Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 25 13:29:07 KST 2004 TCP/IP</example>
-      <example>wessex.eas.usdfa.ca COMPAQ AlphaServer DS10 617 MHz Compaq Tru64 UNIX V5.1A (Rev. 1885); Thu Nov 29 14:55:23 GMT 2001 TCP/IP</example>
-      <example>whizbang.geog.usdf.edu COMPAQ Professional Workstation XP1000 Compaq Tru64 UNIX V5.0A (Rev. 1094); Thu Sep 23 11:58:27 PDT 2004 TCP/IP</example>
-      <example>xian AlphaServer DS25 Compaq Tru64 UNIX V5.1B (Rev. 2650); Tue Mar 23 13:46:38 CST 2004 TCP/IP</example>
+      <example host.name="was1" hw.product="AlphaServer DS10 466 MHz" os.version="5.1B" os.version.version="2650">was1 AlphaServer DS10 466 MHz Compaq Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 25 13:29:07 KST 2004 TCP/IP</example>
       <param pos="0" name="os.vendor" value="HP"/>
       <param pos="0" name="os.family" value="Unix"/>
       <param pos="0" name="os.product" value="Tru64 Unix"/>
@@ -2680,7 +2677,7 @@ Copyright (c) 1995-2005 by Cisco Systems
 
   <fingerprint pattern="^HP Series Router (\S+) HP Comware Platform Software Comware Software Version ([^\s,]+)[,\s]\s*Release ([^,\s]+)?[,\s].*Copyright.*$">
       <description>HP Comware</description>
-      <example>HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, Release 2209P15, Standard Copyright(c) 2010-2012 Hewlett-Packard Development Company, L.P.</example>
+      <example hw.product="A-MSR20-40" os.product="A-MSR20-40" os.version="5.20" os.version.version="2209P15">HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, Release 2209P15, Standard Copyright(c) 2010-2012 Hewlett-Packard Development Company, L.P.</example>
       <example>HP Series Router A-MSR30-20 HP Comware Platform Software Comware Software Version 5.20, Release 2207P41, Standard Copyright(c) 2010 Hewlett-Packard Development Company, L.P.</example>
       <example>HP Series Router A-MSR900 HP Comware Platform Software Comware Software Version 5.20, Release 2207P41 Copyright(c) 2010 Hewlett-Packard Development Company, L.P.</example>
       <param pos="0" name="os.vendor" value="HP"/>
@@ -2694,11 +2691,12 @@ Copyright (c) 1995-2005 by Cisco Systems
 
   <fingerprint pattern="^HP Series Router (\S+) HP Comware Platform Software Comware Software Version ([^,]+), (\S+) Copyright.*$">
       <description>HP Comware</description>
-      <example>HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, T2207L16 Copyright(c) 2010-2011 Hewlett-Packard Development Company, L.P.</example>
+      <example os.product="A-MSR20-40" hw.product="A-MSR20-40" os.version="5.20" os.version.version="T2207L16">HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, T2207L16 Copyright(c) 2010-2011 Hewlett-Packard Development Company, L.P.</example>
       <param pos="0" name="os.vendor" value="HP"/>
       <param pos="0" name="os.device" value="Router"/>
       <param pos="0" name="os.family" value="Comware"/>
       <param pos="2" name="os.version"/>
+      <param pos="3" name="os.version.version"/>
       <param pos="1" name="os.product"/>
       <param pos="1" name="hw.product"/>
    </fingerprint>
@@ -4324,6 +4322,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.device" value="Terminal Server"/>
       <param pos="1" name="os.product"/>
       <param pos="2" name="os.family"/>
+      <param pos="3" name="os.version"/>
    </fingerprint>
 
    <fingerprint pattern="^Lantronix Inc\. - (Modbus Bridge)$">
@@ -5608,9 +5607,9 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="2" name="os.version.version.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^Nortel Application Switch (\S+)(\s+\S+|)$">
+   <fingerprint pattern="^Nortel Application Switch (\S+)(?:\s+\S+|)$">
       <description>Nortel Application switch</description>
-      <example>Nortel Application Switch 2424</example>
+      <example os.product="2424">Nortel Application Switch 2424</example>
       <param pos="0" name="os.vendor" value="Nortel"/>
       <param pos="0" name="os.family" value="Application Switch"/>
       <param pos="0" name="os.device" value="Load balancer"/>
@@ -5918,7 +5917,7 @@ Copyright (c) 1995-2005 by Cisco Systems
         <param pos="0" name="os.device" value="Multifunction Device"/>
     </fingerprint>
 
-    <fingerprint pattern="^Oce, 3165 ([^,]+), Controller (\S+)$">
+    <fingerprint pattern="^Oce, 3165 ([^,]+), Controller \S+$">
         <description>Oce 3165 multifunction device</description>
         <example>Oce, 3165 R8.2, Controller R10.2.8</example>
         <param pos="0" name="os.vendor" value="Oce"/>
@@ -6142,6 +6141,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.family" value="NEO"/>
       <param pos="0" name="os.product" value="NEO Tape Library"/>
       <param pos="0" name="os.device" value="Storage"/>
+      <param pos="1" name="os.version"/>
    </fingerprint>
 
    <!--======================================================================
@@ -7054,7 +7054,7 @@ Copyright (c) 1995-2005 by Cisco Systems
                               SCO
    =======================================================================-->
 
-   <fingerprint pattern="^SCO TCP/IP Runtime Release (\S+)$">
+   <fingerprint pattern="^SCO TCP/IP Runtime Release \S+$">
       <description>SCO</description>
       <example>SCO TCP/IP Runtime Release 2.0.0</example>
       <param pos="0" name="os.vendor" value="SCO"/>
@@ -7660,6 +7660,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.device" value="General"/>
       <param pos="1" name="os.version"/>
       <param pos="2" name="os.arch"/>
+      <param pos="3" name="hw.product"/>
    </fingerprint>
 
    <fingerprint pattern="^SunOS (\S+) 5\.(\S+) \S+ (\S+) \S+ SUNW,([^,]+).*$">
@@ -7669,7 +7670,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <example>SunOS magppg01 5.10 Generic_127127-11 sun4v sparc SUNW,T5240</example>
       <example>SunOS magppg02 5.10 Generic_127127-11 sun4v sparc SUNW,T5240</example>
       <example>SunOS rs1-s3 5.10 Generic_142900-09 sun4v sparc SUNW,Netra-CP3260</example>
-      <example>SunOS sn 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200</example>
+      <example hw.product="Sun-Fire-T200">SunOS sn 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200</example>
       <param pos="0" name="os.vendor" value="Sun"/>
       <param pos="0" name="os.certainty" value="0.9"/>
       <param pos="0" name="os.family" value="Solaris"/>
@@ -7678,6 +7679,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="1" name="host.name"/>
       <param pos="2" name="os.version"/>
       <param pos="3" name="os.arch"/>
+      <param pos="4" name="hw.product"/>
    </fingerprint>
 
    <fingerprint pattern="^SunOS 5\.(\S+) \S+ (\S+)$">
@@ -7828,6 +7830,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.vendor" value="Tandberg"/>
       <param pos="0" name="os.device" value="Web cam"/>
       <param pos="1" name="os.product"/>
+      <param pos="2" name="os.version"/>
    </fingerprint>
 
    <!--======================================================================
@@ -7871,6 +7874,7 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.vendor" value="Unisys"/>
       <param pos="0" name="os.device" value="Printer"/>
       <param pos="1" name="os.product"/>
+      <param pos="2" name="os.version"/>
     </fingerprint>
 
     <fingerprint pattern="^VxWorks SNMPv1/v2c Agent">

data/xml/snmp_sysobjid.xml

@@ -116,7 +116,7 @@
       <param pos="0" name="os.arch" value="x86"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6001.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
       <description>Windows Server 2008 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
@@ -127,7 +127,7 @@
       <param pos="0" name="os.arch" value="x86_64"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6001.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
       <description>Windows Server 2008 Datacenter on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
@@ -160,7 +160,7 @@
       <param pos="0" name="os.arch" value="x86"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6002.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
       <description>Windows Server 2008 SP2 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
@@ -170,9 +170,9 @@
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.version" value="SP2"/>
       <param pos="0" name="os.arch" value="x86_64"/>
-   </fingerprint>   
+   </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6002.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
       <description>Windows Server 2008 Datacenter SP2 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
@@ -182,7 +182,7 @@
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.version" value="SP2"/>
       <param pos="0" name="os.arch" value="x86_64"/>
-   </fingerprint>   
+   </fingerprint>
 
    <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600.*$">
       <description>Windows Server 2008 R2 on x86</description>
@@ -204,7 +204,7 @@
       <param pos="0" name="os.arch" value="x86"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7600.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
       <description>Windows Server 2008 R2 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
@@ -215,7 +215,7 @@
       <param pos="0" name="os.arch" value="x86_64"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7600.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
       <description>Windows Server 2008 Datacenter R2 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
@@ -248,7 +248,7 @@
       <param pos="0" name="os.arch" value="x86"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7601.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
       <description>Windows Server 2008 R2 SP1 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
@@ -260,7 +260,7 @@
       <param pos="0" name="os.arch" value="x86_64"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7601.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
       <description>Windows Server 2008 Datacenter R2 SP1 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
       <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
@@ -272,7 +272,7 @@
       <param pos="0" name="os.arch" value="x86_64"/>
    </fingerprint>
 
-   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.2 \(Build 9200.*$">
+   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.2 \(Build 9200.*$">
       <description>Windows Server 2012 on x86_64</description>
       <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 6 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.2 (Build 9200 Multiprocessor Free)</example>
       <param pos="0" name="os.vendor" value="Microsoft"/>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-09 00:00:00.000000000 Z
+date: 2014-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec