recog 2.1.20 → 2.1.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/lib/recog/version.rb +1 -1
  3. data/remap.json +131 -0
  4. data/spec/lib/fingerprint_self_test_spec.rb +16 -1
  5. data/update_cpes.py +202 -0
  6. data/xml/apache_os.xml +29 -5
  7. data/xml/architecture.xml +3 -3
  8. data/xml/dns_versionbind.xml +56 -10
  9. data/xml/ftp_banners.xml +56 -12
  10. data/xml/h323_callresp.xml +4 -4
  11. data/xml/hp_pjl_id.xml +8 -8
  12. data/xml/http_cookies.xml +20 -8
  13. data/xml/http_servers.xml +122 -8
  14. data/xml/http_wwwauth.xml +13 -3
  15. data/xml/imap_banners.xml +19 -1
  16. data/xml/ldap_searchresult.xml +44 -68
  17. data/xml/mdns_device-info_txt.xml +18 -7
  18. data/xml/mdns_workstation_txt.xml +7 -7
  19. data/xml/mysql_banners.xml +159 -13
  20. data/xml/mysql_error.xml +124 -21
  21. data/xml/nntp_banners.xml +10 -4
  22. data/xml/ntp_banners.xml +144 -84
  23. data/xml/operating_system.xml +39 -10
  24. data/xml/pop_banners.xml +32 -12
  25. data/xml/rsh_resp.xml +8 -3
  26. data/xml/sip_banners.xml +4 -3
  27. data/xml/sip_user_agents.xml +4 -3
  28. data/xml/smb_native_lm.xml +9 -4
  29. data/xml/smb_native_os.xml +50 -25
  30. data/xml/smtp_banners.xml +108 -33
  31. data/xml/smtp_debug.xml +11 -8
  32. data/xml/smtp_ehlo.xml +14 -11
  33. data/xml/smtp_expn.xml +17 -11
  34. data/xml/smtp_help.xml +17 -11
  35. data/xml/smtp_mailfrom.xml +4 -3
  36. data/xml/smtp_noop.xml +13 -8
  37. data/xml/smtp_quit.xml +10 -8
  38. data/xml/smtp_rcptto.xml +1 -3
  39. data/xml/smtp_rset.xml +10 -8
  40. data/xml/smtp_turn.xml +10 -8
  41. data/xml/smtp_vrfy.xml +18 -11
  42. data/xml/snmp_sysdescr.xml +157 -451
  43. data/xml/snmp_sysobjid.xml +57 -4
  44. data/xml/ssh_banners.xml +104 -5
  45. data/xml/upnp_banners.xml +16 -1
  46. data/xml/x11_banners.xml +34 -9
  47. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2bfeeb07ef75ede0bd291ce0c2d76edc5ffada87
4
- data.tar.gz: 3f856046bab4d8ce4314ba06e2c466a106b9ccee
3
+ metadata.gz: 8a132548a0e8437e0013aec6a0ff43b35b3ff3c8
4
+ data.tar.gz: 589523b4c9e9c365805f60174ac374c0b58d0424
5
5
  SHA512:
6
- metadata.gz: e7407705aba8d9bb0e4841ca60f764866d10502001462d22a9bcfed772b47b991937d2fb385633ed27833471d3378fe2e3e5b883ac80bde15d8e7676e2a54659
7
- data.tar.gz: b3372d0bb14af987db7533d9093688a4cefca151acb726fa1dcbdef8c38c019a4787f8f76fed3a37405d9accd21f14722b95ca9247b5d7b028650a92f51bd977
6
+ metadata.gz: 7896a020384f6261c7fe99f1c896798784e58395c79a07bfc8c920d52117bbf627ba309c097054809025f1300664cec581de851a8bd0c8f4413d5039a6288cd4
7
+ data.tar.gz: e95bef58ff9749118e016f85da5967230d352ff62a950863571a96d9cd74cda212ba0da89489574dd9cd2af46d1e9495ac1862381d2cdd9e688a166e851f4eac
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.1.20'
2
+ VERSION = '2.1.21'
3
3
  end
@@ -0,0 +1,131 @@
1
+ {"remappings": [
2
+ {"r7_vendor": "apache", "cpe_vendor": "apache", "products":
3
+ {
4
+ "httpd": "http_server"
5
+ }
6
+ },
7
+ {"r7_vendor": "alt-n", "cpe_vendor": "altn"},
8
+ {"r7_vendor": "bea", "cpe_vendor": "bea", "products":
9
+ {
10
+ "weblogic": "weblogic_server"
11
+ }
12
+ },
13
+ {"r7_vendor": "centos", "cpe_vendor": "centos", "products":
14
+ {
15
+ "linux": "centos"
16
+ }
17
+ },
18
+ {"r7_vendor": "check_point", "cpe_vendor": "checkpoint"},
19
+ {"r7_vendor": "cisco", "cpe_vendor": "cisco", "products":
20
+ {
21
+ "adaptive_security_appliance": "adaptive_security_appliance_software",
22
+ "pix": "pix_firewall_software",
23
+ "telepresence": "telepresence_video_communication_server_software"
24
+ }
25
+ },
26
+ {"r7_vendor": "debian", "cpe_vendor": "debian", "products":
27
+ {
28
+ "linux": "debian_linux"
29
+ }
30
+ },
31
+ {"r7_vendor": "f5", "cpe_vendor": "f5", "products":
32
+ {
33
+ "big-ip": "big-ip_local_traffic_manager",
34
+ "big-ip_ltm": "big-ip_local_traffic_manager"
35
+ }
36
+ },
37
+ {"r7_vendor": "hp", "cpe_vendor": "hp", "products":
38
+ {
39
+ "ilo": "integrated_lights_out",
40
+ "lotus_domino": "lotus_domino_server",
41
+ "tru64_unix": "tru64"
42
+ }
43
+ },
44
+ {"r7_vendor": "ibm", "cpe_vendor": "ibm", "products":
45
+ {
46
+ "lotus_domino": "lotus_domino_server"
47
+ }
48
+ },
49
+ {"r7_vendor": "juniper", "cpe_vendor": "juniper", "products":
50
+ {
51
+ "junos_os": "junos"
52
+ }
53
+ },
54
+ {"r7_vendor": "linux", "cpe_vendor": "linux", "products":
55
+ {
56
+ "linux": "linux_kernel"
57
+ }
58
+ },
59
+ {"r7_vendor": "microsoft", "cpe_vendor": "microsoft", "products":
60
+ {
61
+ "active_directory_controller": "active_directory",
62
+ "exchange_server_5.5": "exchange_server",
63
+ "exchange_2000_server": "exchange_server",
64
+ "exchange_2003_server": "exchange_server",
65
+ "exchange_2007_server": "exchange_server",
66
+ "lightweight_directory_server": "active_directory_lightweight_directory_service",
67
+ "windows_server_2003_datacenter_edition": "windows_server_2003",
68
+ "windows_server_2003_r2": "windows_server_2003",
69
+ "windows_2008_r2": "windows_server_2008",
70
+ "windows_server_2008_datacenter_edition": "windows_server_2008",
71
+ "windows_server_2008_r2": "windows_server_2008",
72
+ "windows_server_2008_r2_datacenter_edition": "windows_server_2008",
73
+ "windows_server_2012_r2": "windows_server_2012",
74
+ "nt": "windows_nt",
75
+ "windows_nt_desktop": "windows_nt",
76
+ "windows_nt_server": "windows_nt",
77
+ "windows_server_2000": "windows_2000",
78
+ "windows_2000_server": "windows_2000",
79
+ "windows_2000_datacenter_server": "windows_2000",
80
+ "pws": "personal_web_server"
81
+ }
82
+ },
83
+ {"r7_vendor": "mort_bay", "cpe_vendor": "mortbay"},
84
+ {"r7_vendor": "net-snmp", "cpe_vendor": "net-snmp", "products":
85
+ {
86
+ "snmp_agent": "net-snmp"
87
+ }
88
+ },
89
+ {"r7_vendor": "palo_alto_networks", "cpe_vendor": "paloaltonetworks", "products":
90
+ {
91
+ "pa_firewall": "pan-os"
92
+ }
93
+ },
94
+ {"r7_vendor": "proftpd_project", "cpe_vendor": "proftpd"},
95
+ {"r7_vendor": "red_hat", "cpe_vendor": "redhat", "products":
96
+ {
97
+ "cygwin_x_server_project": "cygwin",
98
+ "fedora_core_linux": "fedora_core",
99
+ "jboss_as": "jboss_wildfly_application_server",
100
+ "jboss_eap": "jboss_enterprise_application_platform",
101
+ "jbossweb": "jboss_web_framework_kit",
102
+ "red_hat_directory_server": "directory_server"
103
+ }
104
+ },
105
+ {"r7_vendor": "sun", "cpe_vendor": "sun", "products":
106
+ {
107
+ "solaris": "sunos"
108
+ }
109
+ },
110
+ {"r7_vendor": "ubuntu", "cpe_vendor": "canonical", "products":
111
+ {
112
+ "linux": "ubuntu_linux"
113
+ }
114
+ },
115
+ {"r7_vendor": "vandyke_software", "cpe_vendor": "vandyke"},
116
+ {"r7_vendor": "vmware", "cpe_vendor": "vmware", "products":
117
+ {
118
+ "photon_linux": "photon_os",
119
+ "zimbra": "zimbra_desktop",
120
+ "vmware_esx_server": "esx",
121
+ "vmware_esxi_server": "esxi"
122
+ }
123
+ },
124
+ {"r7_vendor": "wind_river", "cpe_vendor": "windriver"},
125
+ {"r7_vendor": "x.org", "cpe_vendor": "x.org", "products":
126
+ {
127
+ "x.org_x11": "x11"
128
+ }
129
+ }
130
+ ]
131
+ }
@@ -32,8 +32,15 @@ describe Recog::DB do
32
32
  fp = db.fingerprints[i]
33
33
 
34
34
  context "#{fp.name}" do
35
+ param_names = []
35
36
  fp.params.each do |param_name, pos_value|
36
37
  pos, value = pos_value
38
+ it "has valid looking fingerprint parameter names" do
39
+ unless param_name =~ /^(?:cookie|[^\.]+\..*)$/
40
+ fail "'#{param_name}' is invalid"
41
+ end
42
+ end
43
+
37
44
  it "doesn't have param values for capture params" do
38
45
  if pos > 0 && !value.to_s.empty?
39
46
  fail "'#{fp.name}'s #{param_name} is a non-zero pos but specifies a value of '#{value}'"
@@ -45,12 +52,20 @@ describe Recog::DB do
45
52
  fail "'#{fp.name}'s #{param_name} is not a capture (pos=0) but doesn't specify a value"
46
53
  end
47
54
  end
55
+
56
+ it "doesn't have duplicate params" do
57
+ if param_names.include?(param_name)
58
+ fail "'#{fp.name}'s has duplicate #{param_name}"
59
+ else
60
+ param_names << param_name
61
+ end
62
+ end
48
63
  end
49
64
  end
50
65
 
51
66
  context "#{fp.regex}" do
52
67
 
53
- it "has a name" do
68
+ it "has a valid looking name" do
54
69
  expect(fp.name).not_to be_nil
55
70
  expect(fp.name).not_to be_empty
56
71
  end
@@ -0,0 +1,202 @@
1
+ #!/usr/bin/env python
2
+
3
+ import json
4
+ import logging
5
+ import re
6
+ import sys
7
+
8
+ from lxml import etree
9
+
10
+ def parse_r7_remapping(file):
11
+ remap = {} # r7_vendor => { 'cpe_vendor' => <cpe_vendor>, 'products': { r7_product1 => cpe_product1 }}
12
+ remappings = None
13
+ with open(file) as remap_file:
14
+ remappings = json.load(remap_file)["remappings"]
15
+
16
+ for remap_json in remappings:
17
+ r7_vendor = remap_json['r7_vendor']
18
+ cpe_vendor = remap_json['cpe_vendor']
19
+ if r7_vendor in remap:
20
+ raise ValueError("R7 vendor {} duplicated in {}".format(r7_vendor, file))
21
+
22
+ product_map = {}
23
+ if 'products' in remap_json:
24
+ product_map = remap_json['products']
25
+ remap[r7_vendor] = {'cpe_vendor': cpe_vendor, 'products': product_map}
26
+
27
+ return remap
28
+
29
+
30
+ def parse_cpe_vp_map(file):
31
+ vp_map = {} # cpe_type -> vendor -> products
32
+ parser = etree.XMLParser(remove_comments=False)
33
+ doc = etree.parse(file, parser)
34
+ namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
35
+ for cpe_name in doc.xpath("//ns:cpe-list/ns:cpe-item/@name", namespaces=namespaces):
36
+ cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
37
+ if cpe_match:
38
+ cpe_type, vendor, product = cpe_match.group(1, 2, 3)
39
+ if not cpe_type in vp_map:
40
+ vp_map[cpe_type] = {}
41
+ if not vendor in vp_map[cpe_type]:
42
+ vp_map[cpe_type][vendor] = set()
43
+ vp_map[cpe_type][vendor].add(product)
44
+ else:
45
+ logging.error("Unexpected CPE %s", cpe_name)
46
+
47
+ return vp_map
48
+
49
+ def main():
50
+ if len(sys.argv) != 4:
51
+ logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
52
+ exit(1)
53
+
54
+ cpe_vp_map = parse_cpe_vp_map(sys.argv[2])
55
+ if not cpe_vp_map:
56
+ logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
57
+ exit(1)
58
+
59
+ r7_vp_map = parse_r7_remapping(sys.argv[3])
60
+ if not r7_vp_map:
61
+ logging.warning("No Rapid7 vendor/product => CPE mapping read from %s", sys.argv[3])
62
+
63
+ update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map)
64
+
65
+ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
66
+ parser = etree.XMLParser(remove_comments=False)
67
+ doc = etree.parse(xml_file, parser)
68
+
69
+ for fingerprint in doc.xpath('//fingerprint'):
70
+
71
+ # collect all the params, grouping by os and service params that could be used to compute a CPE
72
+ params = {}
73
+ for param in fingerprint.xpath('./param'):
74
+ name = param.attrib['name']
75
+ # remove any existing CPE params
76
+ if re.match(r'^.*\.cpe\d{0,2}$', name):
77
+ param.getparent().remove(param)
78
+ continue
79
+
80
+ match = re.search(r'^(?P<fp_type>hw|os|service(?:\.component)?)\.', name)
81
+ if match:
82
+ fp_type = match.group('fp_type')
83
+ if not fp_type in params:
84
+ params[fp_type] = {}
85
+ if name in params[fp_type]:
86
+ raise ValueError('Duplicated fingerprint named {} in {}'.format(name, fingerprint.attrib['pattern']))
87
+ params[fp_type][name] = param
88
+
89
+
90
+ # for each of the applicable os/service param groups, build a CPE
91
+ for fp_type in params:
92
+ if fp_type == 'os':
93
+ cpe_type = 'o'
94
+ elif fp_type.startswith('service'):
95
+ cpe_type = 'a'
96
+ elif fp_type == 'hw':
97
+ cpe_type = 'h'
98
+ else:
99
+ raise ValueError('Unhandled param type {}'.format(fp_type))
100
+
101
+ # extract the vendor/product/version values from each os/service group,
102
+ # using the static value ('Apache', for example) when pos is 0, and
103
+ # otherwise use a value that contains interpolation markers such that
104
+ # products/projects that use recog content can insert the value
105
+ # extracted from the banner/other data via regex capturing groups
106
+ fp_data = {
107
+ 'vendor': None,
108
+ 'product': None,
109
+ 'version': '-',
110
+ }
111
+ for fp_datum in fp_data:
112
+ fp_datum_param_name = "{}.{}".format(fp_type, fp_datum)
113
+ if fp_datum_param_name in params[fp_type]:
114
+ fp_datum_e = params[fp_type][fp_datum_param_name]
115
+ if fp_datum_e.attrib['pos'] == '0':
116
+ fp_data[fp_datum] = fp_datum_e.attrib['value']
117
+ else:
118
+ fp_data[fp_datum] = "{{{}}}".format(fp_datum_e.attrib['name'])
119
+
120
+ vendor = fp_data['vendor']
121
+ product = fp_data['product']
122
+ version = fp_data['version']
123
+
124
+ # build a reasonable looking CPE value from the vendor/product/version,
125
+ # lowercasing, replacing whitespace with _, and more
126
+ if vendor and product:
127
+ if not cpe_type in cpe_vp_map:
128
+ logging.error("Didn't find CPE type '%s' for '%s' '%s'", cpe_type, vendor, product)
129
+ continue
130
+
131
+ vendor = vendor.lower().replace(' ', '_').replace(',', '')
132
+ product = product.lower().replace(' ', '_').replace(',', '')
133
+ if 'unknown' in [vendor, product]:
134
+ continue
135
+
136
+ if (vendor.startswith('{') and vendor.endswith('}')) or (product.startswith('{') and product.endswith('}')):
137
+ continue
138
+
139
+ remapped_vendor = False
140
+ og_vendor = vendor
141
+ if not vendor in cpe_vp_map[cpe_type]:
142
+ if vendor in r7_vp_map:
143
+ vendor = r7_vp_map[vendor]['cpe_vendor']
144
+ remapped_vendor = True
145
+ if not vendor in cpe_vp_map[cpe_type]:
146
+ logging.error("Remapped vendor %s (remapped from %s) invalid for CPE %s (product %s)", vendor, og_vendor, cpe_type, product)
147
+ continue
148
+ else:
149
+ logging.error("Vendor %s invalid for CPE %s and no remapping (product %s)", vendor, cpe_type, product)
150
+ continue
151
+
152
+
153
+ # if the product as specified is not found in the CPE dictionary for this vendor
154
+ if not product in cpe_vp_map[cpe_type][vendor]:
155
+ # if this vendor has a remapping from R7
156
+ if og_vendor in r7_vp_map:
157
+ # if this product has a remapping for this vendor from R7
158
+ if product in r7_vp_map[og_vendor]['products']:
159
+ og_product = product
160
+ product = r7_vp_map[og_vendor]['products'][product]
161
+ # ensure that the remapped product is valid for the given vendor in CPE
162
+ if not product in cpe_vp_map[cpe_type][vendor]:
163
+ logging.error("Remapped product %s (remapped from %s) from vendor %s invalid for CPE %s", product, og_product, vendor, cpe_type)
164
+ continue
165
+ else:
166
+ if remapped_vendor:
167
+ logging.error("Product %s from vendor %s (remapped from %s) invalid for CPE %s and no mapping", product, vendor, og_vendor, cpe_type)
168
+ else:
169
+ logging.error("Product %s from vendor %s invalid for CPE %s and no mapping", product, vendor, cpe_type)
170
+ continue
171
+ else:
172
+ if remapped_vendor:
173
+ logging.error("Vendor %s (remapped from %s) is valid for CPE %s but product %s not valid and no mapping", vendor, og_vendor, cpe_type, product)
174
+ else:
175
+ logging.error("Vendor %s is valid for CPE %s but product %s not valid and no mapping", vendor, cpe_type, product)
176
+ continue
177
+
178
+ # building the CPE string
179
+ cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
180
+
181
+ if version:
182
+ cpe_value += ":{}".format(version)
183
+
184
+ cpe_param = etree.Element('param')
185
+ cpe_param.attrib['pos'] = '0'
186
+ cpe_param.attrib['name'] = '{}.cpe23'.format(fp_type)
187
+ cpe_param.attrib['value'] = cpe_value
188
+
189
+ for param_name in params[fp_type]:
190
+ param = params[fp_type][param_name]
191
+ parent = param.getparent()
192
+ index = parent.index(param) + 1
193
+ parent.insert(index, cpe_param)
194
+
195
+ root = doc.getroot()
196
+
197
+ with open(xml_file, 'wb') as xml_out:
198
+ xml_out.write(etree.tostring(root, pretty_print=True, xml_declaration=True, encoding=doc.docinfo.encoding))
199
+
200
+ if __name__ == '__main__':
201
+ try: exit(main())
202
+ except KeyboardInterrupt: pass
@@ -1,10 +1,10 @@
1
1
  <?xml version="1.0" encoding="UTF-8"?>
2
- <!--
3
- When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
4
- on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
5
- against the following patterns to extract OS information.
6
- -->
7
2
  <fingerprints matches="apache_os" database_type="util.os" preference="0.10">
3
+ <!--
4
+ When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
5
+ on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
6
+ against the following patterns to extract OS information.
7
+ -->
8
8
  <fingerprint pattern=".*\(iSeries\).*">
9
9
  <description>IBM i5/OS iSeries (OS/400)</description>
10
10
  <param pos="0" name="os.vendor" value="IBM"/>
@@ -20,6 +20,7 @@ against the following patterns to extract OS information.
20
20
  <param pos="0" name="os.family" value="Linux"/>
21
21
  <param pos="0" name="os.product" value="Linux"/>
22
22
  <param pos="0" name="os.version" value="9.2"/>
23
+ <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:9.2"/>
23
24
  </fingerprint>
24
25
  <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.100mdk\).*">
25
26
  <description>Mandriva (formerly Mandrake) Linux 10.0</description>
@@ -29,6 +30,7 @@ against the following patterns to extract OS information.
29
30
  <param pos="0" name="os.family" value="Linux"/>
30
31
  <param pos="0" name="os.product" value="Linux"/>
31
32
  <param pos="0" name="os.version" value="10.0"/>
33
+ <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:10.0"/>
32
34
  </fingerprint>
33
35
  <fingerprint pattern=".*\((?:Mandrake|Mandriva) Linux/.*">
34
36
  <description>Mandriva (formerly Mandrake) Linux unknown version</description>
@@ -36,6 +38,7 @@ against the following patterns to extract OS information.
36
38
  <param pos="0" name="os.device" value="General"/>
37
39
  <param pos="0" name="os.family" value="Linux"/>
38
40
  <param pos="0" name="os.product" value="Linux"/>
41
+ <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
39
42
  </fingerprint>
40
43
  <fingerprint pattern=".*\(Mandrakelinux/.*">
41
44
  <description>Mandriva (formerly Mandrake) Linux unknown version</description>
@@ -43,6 +46,7 @@ against the following patterns to extract OS information.
43
46
  <param pos="0" name="os.device" value="General"/>
44
47
  <param pos="0" name="os.family" value="Linux"/>
45
48
  <param pos="0" name="os.product" value="Linux"/>
49
+ <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
46
50
  </fingerprint>
47
51
  <fingerprint pattern=".*\(PalmOS\).*">
48
52
  <description>PalmOS</description>
@@ -58,6 +62,7 @@ against the following patterns to extract OS information.
58
62
  <param pos="0" name="os.device" value="General"/>
59
63
  <param pos="0" name="os.family" value="Windows"/>
60
64
  <param pos="0" name="os.product" value="Windows"/>
65
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
61
66
  </fingerprint>
62
67
  <fingerprint pattern=".*\(Darwin\).*">
63
68
  <description>Apple Mac OS X</description>
@@ -65,6 +70,7 @@ against the following patterns to extract OS information.
65
70
  <param pos="0" name="os.device" value="General"/>
66
71
  <param pos="0" name="os.family" value="Mac OS X"/>
67
72
  <param pos="0" name="os.product" value="Mac OS X"/>
73
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
68
74
  </fingerprint>
69
75
  <fingerprint pattern=".*\(Ubuntu\).*">
70
76
  <description>Ubuntu</description>
@@ -72,6 +78,7 @@ against the following patterns to extract OS information.
72
78
  <param pos="0" name="os.device" value="General"/>
73
79
  <param pos="0" name="os.family" value="Linux"/>
74
80
  <param pos="0" name="os.product" value="Linux"/>
81
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
75
82
  </fingerprint>
76
83
  <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
77
84
  <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
@@ -94,6 +101,7 @@ against the following patterns to extract OS information.
94
101
  <param pos="0" name="os.family" value="Linux"/>
95
102
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
96
103
  <param pos="0" name="os.version" value="11"/>
104
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
97
105
  </fingerprint>
98
106
  <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\).*">
99
107
  <description>Red Hat Fedora 13</description>
@@ -102,6 +110,7 @@ against the following patterns to extract OS information.
102
110
  <param pos="0" name="os.family" value="Linux"/>
103
111
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
104
112
  <param pos="0" name="os.version" value="13"/>
113
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
105
114
  </fingerprint>
106
115
  <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\).*">
107
116
  <description>Red Hat Fedora 14</description>
@@ -110,6 +119,7 @@ against the following patterns to extract OS information.
110
119
  <param pos="0" name="os.family" value="Linux"/>
111
120
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
112
121
  <param pos="0" name="os.version" value="14"/>
122
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
113
123
  </fingerprint>
114
124
  <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\).*">
115
125
  <description>Red Hat Fedora 17</description>
@@ -118,6 +128,7 @@ against the following patterns to extract OS information.
118
128
  <param pos="0" name="os.family" value="Linux"/>
119
129
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
120
130
  <param pos="0" name="os.version" value="17"/>
131
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
121
132
  </fingerprint>
122
133
  <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\).*">
123
134
  <description>Red Hat Fedora 18</description>
@@ -126,6 +137,7 @@ against the following patterns to extract OS information.
126
137
  <param pos="0" name="os.family" value="Linux"/>
127
138
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
128
139
  <param pos="0" name="os.version" value="18"/>
140
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
129
141
  </fingerprint>
130
142
  <fingerprint pattern=".*\(Fedora\).*">
131
143
  <description>Red Hat Fedora</description>
@@ -133,6 +145,7 @@ against the following patterns to extract OS information.
133
145
  <param pos="0" name="os.device" value="General"/>
134
146
  <param pos="0" name="os.family" value="Linux"/>
135
147
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
148
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
136
149
  </fingerprint>
137
150
  <fingerprint pattern=".*\(RHEL\).*">
138
151
  <description>Red Hat Fedora</description>
@@ -140,6 +153,7 @@ against the following patterns to extract OS information.
140
153
  <param pos="0" name="os.device" value="General"/>
141
154
  <param pos="0" name="os.family" value="Linux"/>
142
155
  <param pos="0" name="os.product" value="Enterprise Linux"/>
156
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
143
157
  </fingerprint>
144
158
  <fingerprint pattern=".*\(Red[ -]Hat(?:[/ ]Linux)?\).*">
145
159
  <description>Red Hat Linux</description>
@@ -147,6 +161,7 @@ against the following patterns to extract OS information.
147
161
  <param pos="0" name="os.device" value="General"/>
148
162
  <param pos="0" name="os.family" value="Linux"/>
149
163
  <param pos="0" name="os.product" value="Linux"/>
164
+ <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
150
165
  </fingerprint>
151
166
  <fingerprint pattern=".*Debian(?:[/ ]GNU)?(?:/Linux)?.*">
152
167
  <description>Debian Linux</description>
@@ -154,6 +169,7 @@ against the following patterns to extract OS information.
154
169
  <param pos="0" name="os.device" value="General"/>
155
170
  <param pos="0" name="os.family" value="Linux"/>
156
171
  <param pos="0" name="os.product" value="Linux"/>
172
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
157
173
  </fingerprint>
158
174
  <fingerprint pattern=".*\((?:Linux/)?S[uU]SE(?:/Linux)?\).*">
159
175
  <description>Novell SuSE Linux</description>
@@ -161,6 +177,7 @@ against the following patterns to extract OS information.
161
177
  <param pos="0" name="os.device" value="General"/>
162
178
  <param pos="0" name="os.family" value="Linux"/>
163
179
  <param pos="0" name="os.product" value="Linux"/>
180
+ <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:-"/>
164
181
  </fingerprint>
165
182
  <fingerprint pattern=".*\(NETWARE\).*">
166
183
  <description>Novell NetWare</description>
@@ -168,6 +185,7 @@ against the following patterns to extract OS information.
168
185
  <param pos="0" name="os.device" value="General"/>
169
186
  <param pos="0" name="os.family" value="NetWare"/>
170
187
  <param pos="0" name="os.product" value="NetWare"/>
188
+ <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
171
189
  </fingerprint>
172
190
  <fingerprint pattern=".*HP-UX_Apache-based_Web_Server.*">
173
191
  <description>HP HP-UX</description>
@@ -175,6 +193,7 @@ against the following patterns to extract OS information.
175
193
  <param pos="0" name="os.device" value="General"/>
176
194
  <param pos="0" name="os.family" value="HP-UX"/>
177
195
  <param pos="0" name="os.product" value="HP-UX"/>
196
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
178
197
  </fingerprint>
179
198
  <fingerprint pattern=".*\(CentOS\).*">
180
199
  <description>CentOS Linux</description>
@@ -182,6 +201,7 @@ against the following patterns to extract OS information.
182
201
  <param pos="0" name="os.device" value="General"/>
183
202
  <param pos="0" name="os.family" value="Linux"/>
184
203
  <param pos="0" name="os.product" value="Linux"/>
204
+ <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
185
205
  </fingerprint>
186
206
  <fingerprint pattern=".*\(Turbolinux\).*">
187
207
  <description>Turbolinux</description>
@@ -196,6 +216,7 @@ against the following patterns to extract OS information.
196
216
  <param pos="0" name="os.device" value="General"/>
197
217
  <param pos="0" name="os.family" value="FreeBSD"/>
198
218
  <param pos="0" name="os.product" value="FreeBSD"/>
219
+ <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
199
220
  </fingerprint>
200
221
  <fingerprint pattern=".*\(Asianux\).*">
201
222
  <description>Asianux Linux</description>
@@ -210,6 +231,7 @@ against the following patterns to extract OS information.
210
231
  <param pos="0" name="os.device" value="General"/>
211
232
  <param pos="0" name="os.family" value="Linux"/>
212
233
  <param pos="0" name="os.product" value="Linux"/>
234
+ <param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
213
235
  </fingerprint>
214
236
  <fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
215
237
  <description>CentOS Linux</description>
@@ -217,6 +239,7 @@ against the following patterns to extract OS information.
217
239
  <param pos="0" name="os.device" value="General"/>
218
240
  <param pos="0" name="os.family" value="Linux"/>
219
241
  <param pos="0" name="os.product" value="Linux"/>
242
+ <param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
220
243
  </fingerprint>
221
244
  <fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
222
245
  <description>CentOS Linux</description>
@@ -224,6 +247,7 @@ against the following patterns to extract OS information.
224
247
  <param pos="0" name="os.device" value="General"/>
225
248
  <param pos="0" name="os.family" value="Linux"/>
226
249
  <param pos="0" name="os.product" value="Secure Linux"/>
250
+ <param pos="0" name="os.cpe23" value="cpe:/o:trustix:secure_linux:-"/>
227
251
  </fingerprint>
228
252
  <fingerprint pattern=".*\(White Box\).*">
229
253
  <description>White Box Enterprise Linux</description>