recog 2.1.36 → 2.1.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/xml/dns_versionbind.xml +2 -0
- data/xml/http_cookies.xml +10 -1
- data/xml/http_servers.xml +52 -1
- data/xml/http_wwwauth.xml +148 -9
- data/xml/mdns_device-info_txt.xml +49 -1
- data/xml/sip_banners.xml +18 -1
- data/xml/sip_user_agents.xml +69 -0
- data/xml/snmp_sysdescr.xml +13 -13
- data/xml/telnet_banners.xml +2 -2
- data/xml/upnp_banners.xml +67 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bedbc15c938e70988703707bf0bd8f012c3419eb
|
|
4
|
+
data.tar.gz: a8e520662bc9dc4b5adcce03b5c592afc18264ab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fdd4793619ba2ba21c5bcc7cf9b6e1b7a6dde4f446499570da657a5d746753b6e301d02dbf99ca1c5cda779d92c47eed706c2c3618fe9c7e78a1c601290ef1dd
|
|
7
|
+
data.tar.gz: a9984190a25fd84004610efc0eafb6bc843aa373e226a11523390044bac321f968f5f03aec5ee20b839f91dca9bc8aafaaf296a63f5c89af173e177588fe7049
|
data/lib/recog/version.rb
CHANGED
data/xml/dns_versionbind.xml
CHANGED
|
@@ -622,6 +622,8 @@
|
|
|
622
622
|
<param pos="0" name="service.product" value="DNS"/>
|
|
623
623
|
<param pos="0" name="os.device" value="NAS"/>
|
|
624
624
|
<param pos="0" name="os.family" value="Linux"/>
|
|
625
|
+
<param pos="0" name="os.product" value="DSM"/>
|
|
626
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
|
625
627
|
<param pos="0" name="hw.vendor" value="Synology"/>
|
|
626
628
|
<param pos="0" name="hw.device" value="NAS"/>
|
|
627
629
|
</fingerprint>
|
data/xml/http_cookies.xml
CHANGED
|
@@ -105,13 +105,14 @@
|
|
|
105
105
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
|
106
106
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
|
107
107
|
</fingerprint>
|
|
108
|
-
<fingerprint pattern="^webvpn(?:c|_portal|Lang|login|SharePoint)?=">
|
|
108
|
+
<fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
|
|
109
109
|
<description>Cisco ASA VPN</description>
|
|
110
110
|
<example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
|
|
111
111
|
<example>webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
|
|
112
112
|
<example>webvpn_portal=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
|
|
113
113
|
<example>webvpnSharePoint=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
|
|
114
114
|
<example>webvpnlogin=1; path=/; secure</example>
|
|
115
|
+
<example>webvpncontext=00@sslvpn</example>
|
|
115
116
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
116
117
|
<param pos="0" name="service.product" value="HTTP"/>
|
|
117
118
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
@@ -132,6 +133,14 @@
|
|
|
132
133
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
|
133
134
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
|
134
135
|
</fingerprint>
|
|
136
|
+
<fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS])=.*">
|
|
137
|
+
<description>Citrix NetScaler</description>
|
|
138
|
+
<example>NSC_AAAC=xyz;</example>
|
|
139
|
+
<param pos="0" name="os.vendor" value="Citrix"/>
|
|
140
|
+
<param pos="0" name="os.family" value="NetScaler"/>
|
|
141
|
+
<param pos="0" name="os.device" value="NetScaler"/>
|
|
142
|
+
<param pos="0" name="os.product" value="NetScaler"/>
|
|
143
|
+
</fingerprint>
|
|
135
144
|
<fingerprint pattern="^(EktGUID|ecm)=.*">
|
|
136
145
|
<description>Ektron CMS400.net
|
|
137
146
|
http://www.ektron.com/developers/cms400kb.cfm?id=2174
|
data/xml/http_servers.xml
CHANGED
|
@@ -65,6 +65,13 @@
|
|
|
65
65
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
|
|
66
66
|
<param pos="2" name="apache.info"/>
|
|
67
67
|
</fingerprint>
|
|
68
|
+
<fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
|
|
69
|
+
<description>Apache CouchDB</description>
|
|
70
|
+
<example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
|
|
71
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
|
72
|
+
<param pos="0" name="service.product" value="CouchDB"/>
|
|
73
|
+
<param pos="1" name="service.version"/>
|
|
74
|
+
</fingerprint>
|
|
68
75
|
<fingerprint pattern="^support@arraynetworks.net$">
|
|
69
76
|
<description>Array Networks device</description>
|
|
70
77
|
<example>support@arraynetworks.net</example>
|
|
@@ -296,6 +303,14 @@
|
|
|
296
303
|
<param pos="0" name="service.component.family" value="Coyote"/>
|
|
297
304
|
<param pos="1" name="service.component.version"/>
|
|
298
305
|
</fingerprint>
|
|
306
|
+
<fingerprint pattern="^Apache Tomcat$">
|
|
307
|
+
<description>HTTP connector for Apache Tomcat with no version</description>
|
|
308
|
+
<example>Apache Tomcat</example>
|
|
309
|
+
<param pos="0" name="service.vendor" value="Apache"/>
|
|
310
|
+
<param pos="0" name="service.product" value="Tomcat"/>
|
|
311
|
+
<param pos="0" name="service.family" value="Tomcat"/>
|
|
312
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
|
|
313
|
+
</fingerprint>
|
|
299
314
|
<fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
|
|
300
315
|
<description>JBoss with embedded tomcat</description>
|
|
301
316
|
<example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
|
|
@@ -754,6 +769,13 @@
|
|
|
754
769
|
<param pos="0" name="os.product" value="Windows"/>
|
|
755
770
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
756
771
|
</fingerprint>
|
|
772
|
+
<fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
|
|
773
|
+
<description>Generic IP Cameras</description>
|
|
774
|
+
<example>camera</example>
|
|
775
|
+
<example>IPCamera Login</example>
|
|
776
|
+
<example>Mini Dome IP Camera</example>
|
|
777
|
+
<param pos="0" name="hw.device" value="Camera"/>
|
|
778
|
+
</fingerprint>
|
|
757
779
|
<fingerprint pattern="^ASP.NET$">
|
|
758
780
|
<description>Something written in ASP.NET</description>
|
|
759
781
|
<example>ASP.NET</example>
|
|
@@ -780,6 +802,12 @@
|
|
|
780
802
|
<param pos="0" name="hw.vendor" value="Bosch"/>
|
|
781
803
|
<param pos="0" name="hw.device" value="DVR"/>
|
|
782
804
|
</fingerprint>
|
|
805
|
+
<fingerprint pattern="^FUHO-DVR$">
|
|
806
|
+
<description>FUHO Surveillance/DVR</description>
|
|
807
|
+
<example>FUHO-DVR</example>
|
|
808
|
+
<param pos="0" name="hw.vendor" value="FUHO"/>
|
|
809
|
+
<param pos="0" name="hw.device" value="DVR"/>
|
|
810
|
+
</fingerprint>
|
|
783
811
|
<fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
|
|
784
812
|
<description>HeiTel Digital Video Recorder</description>
|
|
785
813
|
<example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
|
|
@@ -1498,6 +1526,13 @@
|
|
|
1498
1526
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
|
1499
1527
|
<param pos="0" name="hw.device" value="Firewall"/>
|
|
1500
1528
|
</fingerprint>
|
|
1529
|
+
<fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
|
|
1530
|
+
<description>Cradlepoint HTTP service</description>
|
|
1531
|
+
<example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
|
|
1532
|
+
<param pos="1" name="service.version"/>
|
|
1533
|
+
<param pos="0" name="service.vendor" value="Cradlepoint"/>
|
|
1534
|
+
<param pos="0" name="service.product" value="HTTP"/>
|
|
1535
|
+
</fingerprint>
|
|
1501
1536
|
<fingerprint pattern="^DesktopAuthority/(.*)$">
|
|
1502
1537
|
<description>ScriptLogic DesktopAuthority</description>
|
|
1503
1538
|
<param pos="1" name="service.version"/>
|
|
@@ -2094,6 +2129,12 @@
|
|
|
2094
2129
|
<param pos="0" name="hw.vendor" value="ARRIS"/>
|
|
2095
2130
|
<param pos="0" name="hw.device" value="Cable Modem"/>
|
|
2096
2131
|
</fingerprint>
|
|
2132
|
+
<fingerprint pattern="^2wire Gateway$">
|
|
2133
|
+
<description>Web server found on some Arris/2wire devices</description>
|
|
2134
|
+
<example>2wire Gateway</example>
|
|
2135
|
+
<param pos="0" name="service.vendor" value="ARRIS"/>
|
|
2136
|
+
<param pos="0" name="service.product" value="2wire"/>
|
|
2137
|
+
</fingerprint>
|
|
2097
2138
|
<!-- junit says,
|
|
2098
2139
|
"Example pattern '' from http_servers.xml didn't match pattern '^$'"
|
|
2099
2140
|
Figure out if we have a way to support matching empty strings later.
|
|
@@ -2171,9 +2212,10 @@
|
|
|
2171
2212
|
<param pos="0" name="service.vendor" value="Amazon"/>
|
|
2172
2213
|
<param pos="0" name="service.product" value="Snowball"/>
|
|
2173
2214
|
</fingerprint>
|
|
2174
|
-
<fingerprint pattern="^cloudflare
|
|
2215
|
+
<fingerprint pattern="^cloudflare(?:-nginx)?$">
|
|
2175
2216
|
<description>CloudFlare web load balancer endpoint</description>
|
|
2176
2217
|
<example>cloudflare-nginx</example>
|
|
2218
|
+
<example>cloudflare</example>
|
|
2177
2219
|
<param pos="0" name="service.vendor" value="CloudFlare"/>
|
|
2178
2220
|
<param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
|
|
2179
2221
|
<param pos="0" name="service.family" value="CloudFlare"/>
|
|
@@ -2279,6 +2321,15 @@
|
|
|
2279
2321
|
<param pos="0" name="hw.family" value="DVR"/>
|
|
2280
2322
|
<param pos="0" name="hw.device" value="DVR"/>
|
|
2281
2323
|
</fingerprint>
|
|
2324
|
+
<fingerprint pattern="^OpenTV/([\d\.]+)$">
|
|
2325
|
+
<description>OpenTV</description>
|
|
2326
|
+
<example os.version="5.40">OpenTV/5.40</example>
|
|
2327
|
+
<param pos="0" name="os.vendor" value="NAGRA"/>
|
|
2328
|
+
<param pos="0" name="os.product" value="OpenTV"/>
|
|
2329
|
+
<param pos="0" name="os.device" value="DVR"/>
|
|
2330
|
+
<param pos="1" name="os.version"/>
|
|
2331
|
+
<param pos="0" name="hw.device" value="DVR"/>
|
|
2332
|
+
</fingerprint>
|
|
2282
2333
|
<!-- Tridium previously had a product with the 'Niagra' spelling -->
|
|
2283
2334
|
<fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
|
|
2284
2335
|
<description>Tridium Niagara AX Framework</description>
|
data/xml/http_wwwauth.xml
CHANGED
|
@@ -54,6 +54,11 @@
|
|
|
54
54
|
<param pos="0" name="os.version" value="12"/>
|
|
55
55
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:12"/>
|
|
56
56
|
</fingerprint>
|
|
57
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Cisco_CCSP_CWMP_TCPCR".*$">
|
|
58
|
+
<description>Generic Cisco CWMP/CPE equipment</description>
|
|
59
|
+
<example>Basic realm="Cisco_CCSP_CWMP_TCPCR"</example>
|
|
60
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
61
|
+
</fingerprint>
|
|
57
62
|
<fingerprint pattern="^(?:Basic|Digest) realm=.FW-1. Reason: no user Server .$">
|
|
58
63
|
<description>Check Point FireWall-1</description>
|
|
59
64
|
<param pos="0" name="service.vendor" value="Check Point"/>
|
|
@@ -65,6 +70,12 @@
|
|
|
65
70
|
<param pos="0" name="os.family" value="Firewall-1"/>
|
|
66
71
|
<param pos="0" name="os.product" value="Firewall-1"/>
|
|
67
72
|
</fingerprint>
|
|
73
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpanel".*">
|
|
74
|
+
<description>cPanel</description>
|
|
75
|
+
<example>Basic realm="cPanel"</example>
|
|
76
|
+
<param pos="0" name="service.vendor" value="cPanel"/>
|
|
77
|
+
<param pos="0" name="service.product" value="cPanel"/>
|
|
78
|
+
</fingerprint>
|
|
68
79
|
<fingerprint pattern="^(?:Basic|Digest) realm=.APC Management Card.$">
|
|
69
80
|
<description>APC device</description>
|
|
70
81
|
<param pos="0" name="service.vendor" value="APC"/>
|
|
@@ -73,6 +84,61 @@
|
|
|
73
84
|
<param pos="0" name="os.product" value="Unknown"/>
|
|
74
85
|
<param pos="0" name="os.device" value="Power device"/>
|
|
75
86
|
</fingerprint>
|
|
87
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="ADSL\S* (?:Modem|Router|Modem/Router)".*$">
|
|
88
|
+
<description>Generic ADSL modems/routers</description>
|
|
89
|
+
<example>Basic realm="ADSL Modem"</example>
|
|
90
|
+
<example>Basic realm="ADSL Modem/Router"</example>
|
|
91
|
+
<example>Basic realm="ADSL Router"</example>
|
|
92
|
+
<example>Basic realm="ADSL2+ Router"</example>
|
|
93
|
+
<param pos="0" name="hw.device" value="ADSL Modem"/>
|
|
94
|
+
</fingerprint>
|
|
95
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Broadband Router".*$">
|
|
96
|
+
<description>Generic Broadband modems/routers</description>
|
|
97
|
+
<example>Basic realm="Broadband Router"</example>
|
|
98
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
99
|
+
</fingerprint>
|
|
100
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="DSL\S* (?:Modem|Router|Modem/Router)".*$">
|
|
101
|
+
<description>Generic DSL modems/routers</description>
|
|
102
|
+
<example>Basic realm="DSL Modem"</example>
|
|
103
|
+
<param pos="0" name="hw.device" value="DSL Modem"/>
|
|
104
|
+
</fingerprint>
|
|
105
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="DVR".*$">
|
|
106
|
+
<description>Generic DVR</description>
|
|
107
|
+
<example>Basic realm="DVR"</example>
|
|
108
|
+
<param pos="0" name="hw.device" value="DVR"/>
|
|
109
|
+
</fingerprint>
|
|
110
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Wireless Access Point".*$">
|
|
111
|
+
<description>Generic WAP</description>
|
|
112
|
+
<example>Basic realm="Wireless Access Point"</example>
|
|
113
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
114
|
+
</fingerprint>
|
|
115
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?".*$">
|
|
116
|
+
<description>Generic IP Cameras</description>
|
|
117
|
+
<example>Basic realm="camera"</example>
|
|
118
|
+
<example>Basic realm="IPCamera Login"</example>
|
|
119
|
+
<example>Basic realm="Mini Dome IP Camera"</example>
|
|
120
|
+
<param pos="0" name="hw.device" value="Camera"/>
|
|
121
|
+
</fingerprint>
|
|
122
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="(DCS-[^"]+)".*$">
|
|
123
|
+
<description>D-Link DCS IP Cameras</description>
|
|
124
|
+
<example hw.product="DCS-5222LB1">Basic realm="DCS-5222LB1"</example>
|
|
125
|
+
<example hw.product="DCS-2530L">Basic realm="DCS-2530L"</example>
|
|
126
|
+
<param pos="0" name="hw.vendor" value="D-Link"/>
|
|
127
|
+
<param pos="0" name="hw.device" value="Camera"/>
|
|
128
|
+
<param pos="1" name="hw.product"/>
|
|
129
|
+
</fingerprint>
|
|
130
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="GoAhead".*$">
|
|
131
|
+
<description>GoAhead webserver</description>
|
|
132
|
+
<example>Basic realm="GoAhead"</example>
|
|
133
|
+
<param pos="0" name="service.vendor" value="Oracle"/>
|
|
134
|
+
<param pos="0" name="service.product" value="GoAhead Webserver"/>
|
|
135
|
+
<param pos="0" name="service.family" value="GoAhead Webserver"/>
|
|
136
|
+
</fingerprint>
|
|
137
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="kubernetes-master".*$">
|
|
138
|
+
<description>Kubernetes master nodes</description>
|
|
139
|
+
<example>Basic realm="kubernetes-master"</example>
|
|
140
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
|
141
|
+
</fingerprint>
|
|
76
142
|
<fingerprint pattern="^(?:Basic|Digest) realm=.SpeedTouch \(([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2})\).$">
|
|
77
143
|
<description>Thomson SpeedTouch xDSL routers</description>
|
|
78
144
|
<param pos="0" name="service.vendor" value="Thomson"/>
|
|
@@ -106,6 +172,13 @@
|
|
|
106
172
|
<param pos="1" name="os.product"/>
|
|
107
173
|
<param pos="2" name="host.mac"/>
|
|
108
174
|
</fingerprint>
|
|
175
|
+
<fingerprint pattern="^(?:Basic|Digest).*realm="Thomson(?: Gateway)?".*$">
|
|
176
|
+
<description>Thomson generic devices</description>
|
|
177
|
+
<example>Digest realm="Thomson Gateway"</example>
|
|
178
|
+
<example>Basic realm="Thomson"</example>
|
|
179
|
+
<param pos="0" name="hw.vendor" value="Thomson"/>
|
|
180
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
181
|
+
</fingerprint>
|
|
109
182
|
<fingerprint pattern="^(?:Basic|Digest) realm=.(?:SmartAX )?(MT\d+[^ ]*)(?: ADSL Router)?.$">
|
|
110
183
|
<description>Huawei xDSL routers</description>
|
|
111
184
|
<param pos="0" name="service.vendor" value="Huawei"/>
|
|
@@ -116,6 +189,21 @@
|
|
|
116
189
|
<param pos="0" name="os.family" value="MT"/>
|
|
117
190
|
<param pos="1" name="os.product"/>
|
|
118
191
|
</fingerprint>
|
|
192
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="HuaweiHomeGateway".*$">
|
|
193
|
+
<description>Huawei Home Gateway Routers</description>
|
|
194
|
+
<example>Basic realm="HuaweiHomeGateway"</example>
|
|
195
|
+
<param pos="0" name="hw.vendor" value="Huawei"/>
|
|
196
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
197
|
+
<param pos="0" name="hw.product" value="Home Gateway"/>
|
|
198
|
+
</fingerprint>
|
|
199
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="EchoLife .*".*$">
|
|
200
|
+
<description>Huawei EchoLife Home Gateways</description>
|
|
201
|
+
<example>Basic realm="EchoLife Portal de Inicio"</example>
|
|
202
|
+
<example>Basic realm="EchoLife Home Gateway"</example>
|
|
203
|
+
<param pos="0" name="hw.vendor" value="Huawei"/>
|
|
204
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
205
|
+
<param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
|
|
206
|
+
</fingerprint>
|
|
119
207
|
<fingerprint pattern="^(?:Basic|Digest) realm=.WRT54G.$">
|
|
120
208
|
<description>Linksys WRT54G wireless access point
|
|
121
209
|
(dozen of variants of the product)</description>
|
|
@@ -142,13 +230,6 @@
|
|
|
142
230
|
<param pos="0" name="os.device" value="Router"/>
|
|
143
231
|
<param pos="1" name="os.product"/>
|
|
144
232
|
</fingerprint>
|
|
145
|
-
<fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*Router ([A-Z0-9\-\+]+).*$">
|
|
146
|
-
<description>TP-LINK SoHo Router</description>
|
|
147
|
-
<example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
|
|
148
|
-
<param pos="0" name="os.vendor" value="TP-LINK"/>
|
|
149
|
-
<param pos="0" name="os.device" value="Router"/>
|
|
150
|
-
<param pos="1" name="os.product"/>
|
|
151
|
-
</fingerprint>
|
|
152
233
|
<fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+).*$">
|
|
153
234
|
<description>TP-LINK SoHo Router</description>
|
|
154
235
|
<example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
|
|
@@ -171,6 +252,21 @@
|
|
|
171
252
|
<param pos="0" name="os.device" value="WAP"/>
|
|
172
253
|
<param pos="1" name="os.product"/>
|
|
173
254
|
</fingerprint>
|
|
255
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK (.*Router.*)".*$">
|
|
256
|
+
<description>TP-LINK Routers</description>
|
|
257
|
+
<example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
|
|
258
|
+
<example>Basic realm="TP-LINK Gigabit Broadband VPN Router R600VPN"</example>
|
|
259
|
+
<example>Basic realm="TP-LINK Wireless Lite N Router WR740N/WR741ND"</example>
|
|
260
|
+
<param pos="0" name="hw.vendor" value="TP-Link"/>
|
|
261
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
262
|
+
<param pos="1" name="hw.product"/>
|
|
263
|
+
</fingerprint>
|
|
264
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK IP-Camera".*$">
|
|
265
|
+
<description>TP-LINK IP-Cameras</description>
|
|
266
|
+
<example>Basic realm="TP-LINK IP-Camera"</example>
|
|
267
|
+
<param pos="0" name="hw.vendor" value="TP-Link"/>
|
|
268
|
+
<param pos="0" name="hw.device" value="Camera"/>
|
|
269
|
+
</fingerprint>
|
|
174
270
|
<fingerprint pattern="(?i)^(?:Basic|Digest) .*realm="Broadcom Management Service".*$">
|
|
175
271
|
<description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
|
|
176
272
|
<example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
|
|
@@ -226,6 +322,24 @@
|
|
|
226
322
|
<param pos="0" name="os.device" value="Switch"/>
|
|
227
323
|
<param pos="1" name="os.product"/>
|
|
228
324
|
</fingerprint>
|
|
325
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="SERCOMM CPE Authentication".*$">
|
|
326
|
+
<description>Assorted Sercomm CPE devices</description>
|
|
327
|
+
<example>Digest realm="SERCOMM CPE Authentication"</example>
|
|
328
|
+
<param pos="0" name="hw.vendor" value="Sercomm"/>
|
|
329
|
+
</fingerprint>
|
|
330
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TiVo DVR".*$">
|
|
331
|
+
<description>Tivo DVR</description>
|
|
332
|
+
<example>Digest realm="TiVo DVR"</example>
|
|
333
|
+
<param pos="0" name="hw.vendor" value="Tivo"/>
|
|
334
|
+
<param pos="0" name="hw.family" value="DVR"/>
|
|
335
|
+
<param pos="0" name="hw.device" value="DVR"/>
|
|
336
|
+
</fingerprint>
|
|
337
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="UBEE".*$">
|
|
338
|
+
<description>Ubee Cable Modems</description>
|
|
339
|
+
<example>Digest qop="auth", realm="Ubee", nonce="1544738973"</example>
|
|
340
|
+
<param pos="0" name="hw.vendor" value="Ubee"/>
|
|
341
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
342
|
+
</fingerprint>
|
|
229
343
|
<fingerprint pattern="^(?:Basic|Digest) realm="XDB"$">
|
|
230
344
|
<description>Web server providing web services for Oracle's XML DB.</description>
|
|
231
345
|
<example>Basic realm="XDB"</example>
|
|
@@ -233,6 +347,27 @@
|
|
|
233
347
|
<param pos="0" name="service.product" value="XML DB"/>
|
|
234
348
|
<param pos="0" name="service.family" value="Oracle"/>
|
|
235
349
|
</fingerprint>
|
|
350
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpe@zte.com".*$">
|
|
351
|
+
<description>Assorted ZTE CPE devices</description>
|
|
352
|
+
<example>Digest realm="cpe@zte.com"</example>
|
|
353
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
354
|
+
</fingerprint>
|
|
355
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="ZXHN (\S+)".*$">
|
|
356
|
+
<description>ZTE ZXHN router</description>
|
|
357
|
+
<example>Basic realm="ZXHN H108L"</example>
|
|
358
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
359
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
360
|
+
<param pos="0" name="hw.family" value="ZXHN"/>
|
|
361
|
+
<param pos="1" name="hw.product"/>
|
|
362
|
+
</fingerprint>
|
|
363
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(ZXV\S* \S+)".*$">
|
|
364
|
+
<description>ZTE ZXV router</description>
|
|
365
|
+
<example hw.product="ZXV10 W300">Basic realm="ZXV10 W300"</example>
|
|
366
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
367
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
368
|
+
<param pos="0" name="hw.family" value="ZXV"/>
|
|
369
|
+
<param pos="1" name="hw.product"/>
|
|
370
|
+
</fingerprint>
|
|
236
371
|
<!-- a variety of headers we currently just ignore -->
|
|
237
372
|
<fingerprint pattern="(?i)^NTLM$">
|
|
238
373
|
<description>Ignore NTLM-only</description>
|
|
@@ -243,9 +378,13 @@
|
|
|
243
378
|
<description>Ignore Negotiate-only</description>
|
|
244
379
|
<example>Negotiate</example>
|
|
245
380
|
</fingerprint>
|
|
246
|
-
<fingerprint pattern="^(?:Basic|Digest) .*realm="null
|
|
247
|
-
<description>Ignore null
|
|
381
|
+
<fingerprint pattern="^(?:Basic|Digest) .*realm="(?:/|\.|null|/?index.html?)?"">
|
|
382
|
+
<description>Ignore null/empty/period/index.</description>
|
|
248
383
|
<example>Basic realm="null"</example>
|
|
384
|
+
<example>Basic realm="."</example>
|
|
385
|
+
<example>Basic realm=""</example>
|
|
386
|
+
<example>Basic realm="/"</example>
|
|
387
|
+
<example>Basic realm="index.html"</example>
|
|
249
388
|
</fingerprint>
|
|
250
389
|
<fingerprint pattern="^(?:Basic|Digest) .*realm="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)".*$">
|
|
251
390
|
<description>Ignore realms with an IPv4 address</description>
|
|
@@ -257,6 +257,18 @@
|
|
|
257
257
|
<param pos="0" name="hw.product" value="MacBook Pro (13-inch, 2016, Two Thunderbolt 3 ports)"/>
|
|
258
258
|
<param pos="0" name="hw.device" value="Laptop"/>
|
|
259
259
|
</fingerprint>
|
|
260
|
+
<fingerprint pattern="^model=MacBookPro12,1$">
|
|
261
|
+
<description>MacBook Pro (Retina, 13-inch, Early 2015)</description>
|
|
262
|
+
<example>model=MacBookPro12,1</example>
|
|
263
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
|
264
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
|
|
265
|
+
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
266
|
+
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
267
|
+
<param pos="0" name="hw.vendor" value="Apple"/>
|
|
268
|
+
<param pos="0" name="hw.family" value="MacBook Pro"/>
|
|
269
|
+
<param pos="0" name="hw.product" value="MacBook Pro (Retina, 13-inch, Early 2015)"/>
|
|
270
|
+
<param pos="0" name="hw.device" value="Laptop"/>
|
|
271
|
+
</fingerprint>
|
|
260
272
|
<fingerprint pattern="^model=MacBookPro11,4$">
|
|
261
273
|
<description>MacBook Pro (Retina, 15-inch, Mid 2015)</description>
|
|
262
274
|
<example>model=MacBookPro11,4</example>
|
|
@@ -342,6 +354,18 @@
|
|
|
342
354
|
<param pos="0" name="hw.product" value="MacBook (Retina, 12-inch, 2017)"/>
|
|
343
355
|
<param pos="0" name="hw.device" value="Laptop"/>
|
|
344
356
|
</fingerprint>
|
|
357
|
+
<fingerprint pattern="^model=MacBookPro9,2$">
|
|
358
|
+
<description>MacBook Pro (13-inch, Mid 2012)</description>
|
|
359
|
+
<example>model=MacBookPro9,2</example>
|
|
360
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
|
361
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
|
|
362
|
+
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
363
|
+
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
364
|
+
<param pos="0" name="hw.vendor" value="Apple"/>
|
|
365
|
+
<param pos="0" name="hw.family" value="MacBook Pro"/>
|
|
366
|
+
<param pos="0" name="hw.product" value="MacBook Pro (13-inch, Mid 2012)"/>
|
|
367
|
+
<param pos="0" name="hw.device" value="Laptop"/>
|
|
368
|
+
</fingerprint>
|
|
345
369
|
<fingerprint pattern="^model=MacBook9,1$">
|
|
346
370
|
<description>MacBook (Retina, 12-inch, Early 2016)</description>
|
|
347
371
|
<example>model=MacBook9,1</example>
|
|
@@ -429,7 +453,7 @@
|
|
|
429
453
|
<param pos="0" name="hw.device" value="Tablet"/>
|
|
430
454
|
</fingerprint>
|
|
431
455
|
<fingerprint pattern="^model=J12[78]AP$">
|
|
432
|
-
<description>iPad Pro (9.7-inch)
|
|
456
|
+
<description>iPad Pro (9.7-inch)</description>
|
|
433
457
|
<example>model=J127AP</example>
|
|
434
458
|
<param pos="0" name="os.vendor" value="Apple"/>
|
|
435
459
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
|
|
@@ -440,6 +464,18 @@
|
|
|
440
464
|
<param pos="0" name="hw.product" value="iPad Pro (9.7-inch)"/>
|
|
441
465
|
<param pos="0" name="hw.device" value="Tablet"/>
|
|
442
466
|
</fingerprint>
|
|
467
|
+
<fingerprint pattern="^model=J121AP$">
|
|
468
|
+
<description>iPad Pro (12.9-inch)</description>
|
|
469
|
+
<example>model=J121AP</example>
|
|
470
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
|
471
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
|
|
472
|
+
<param pos="0" name="os.family" value="iOS"/>
|
|
473
|
+
<param pos="0" name="os.product" value="iOS"/>
|
|
474
|
+
<param pos="0" name="hw.vendor" value="Apple"/>
|
|
475
|
+
<param pos="0" name="hw.family" value="iPad Pro"/>
|
|
476
|
+
<param pos="0" name="hw.product" value="iPad Pro (12.9-inch)"/>
|
|
477
|
+
<param pos="0" name="hw.device" value="Tablet"/>
|
|
478
|
+
</fingerprint>
|
|
443
479
|
<!-- iPad -->
|
|
444
480
|
<fingerprint pattern="^model=J71[ts]AP$">
|
|
445
481
|
<description>iPad (5th generation)</description>
|
|
@@ -466,6 +502,18 @@
|
|
|
466
502
|
<param pos="0" name="hw.product" value="iPad Air"/>
|
|
467
503
|
<param pos="0" name="hw.device" value="Tablet"/>
|
|
468
504
|
</fingerprint>
|
|
505
|
+
<fingerprint pattern="^model=J8[12]AP$">
|
|
506
|
+
<description>iPad Air 2</description>
|
|
507
|
+
<example>model=J81AP</example>
|
|
508
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
|
509
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
|
|
510
|
+
<param pos="0" name="os.family" value="iOS"/>
|
|
511
|
+
<param pos="0" name="os.product" value="iOS"/>
|
|
512
|
+
<param pos="0" name="hw.vendor" value="Apple"/>
|
|
513
|
+
<param pos="0" name="hw.family" value="iPad Air"/>
|
|
514
|
+
<param pos="0" name="hw.product" value="iPad Air 2"/>
|
|
515
|
+
<param pos="0" name="hw.device" value="Tablet"/>
|
|
516
|
+
</fingerprint>
|
|
469
517
|
<!-- iPad mini -->
|
|
470
518
|
<fingerprint pattern="^model=J8[567]AP$">
|
|
471
519
|
<description>iPad mini 2</description>
|
data/xml/sip_banners.xml
CHANGED
|
@@ -94,6 +94,13 @@
|
|
|
94
94
|
<param pos="1" name="hw.model"/>
|
|
95
95
|
<param pos="2" name="hw.version"/>
|
|
96
96
|
</fingerprint>
|
|
97
|
+
<fingerprint pattern="EnGenius_Router$">
|
|
98
|
+
<description>EnGenius DuraFon IP Phone</description>
|
|
99
|
+
<example>EnGenius_Router</example>
|
|
100
|
+
<param pos="0" name="hw.vendor" value="enGenius"/>
|
|
101
|
+
<param pos="0" name="hw.product" value="DuraFon"/>
|
|
102
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
103
|
+
</fingerprint>
|
|
97
104
|
<fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
|
|
98
105
|
<description>Media5 Corporation SIP Stack</description>
|
|
99
106
|
<example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
|
|
@@ -134,12 +141,22 @@
|
|
|
134
141
|
<param pos="1" name="hw.product"/>
|
|
135
142
|
<param pos="2" name="hw.version"/>
|
|
136
143
|
</fingerprint>
|
|
137
|
-
<fingerprint pattern="^
|
|
144
|
+
<fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
|
|
145
|
+
<description>ZTE ZXDSL router</description>
|
|
146
|
+
<example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
|
|
147
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
148
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
149
|
+
<param pos="0" name="hw.family" value="ZXDSL"/>
|
|
150
|
+
<param pos="1" name="hw.product"/>
|
|
151
|
+
<param pos="2" name="hw.version"/>
|
|
152
|
+
</fingerprint>
|
|
153
|
+
<fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
|
|
138
154
|
<description>ZTE ZXHN router</description>
|
|
139
155
|
<example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
|
|
140
156
|
<example hw.product="H367N" hw.version="1.0.4">ZXHN H367N/V1.0.4</example>
|
|
141
157
|
<example hw.product="H218N" hw.version="1.02.01">ZXHN H218N/V1.02.01</example>
|
|
142
158
|
<example hw.product="H208N" hw.version="1.0.2T02">ZXHN H208N/V1.0.2T02</example>
|
|
159
|
+
<example hw.product="H368N" hw.version="1.10.00T10">H368N/V1.10.00T10</example>
|
|
143
160
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
144
161
|
<param pos="0" name="hw.device" value="Router"/>
|
|
145
162
|
<param pos="0" name="hw.family" value="ZXHN"/>
|
data/xml/sip_user_agents.xml
CHANGED
|
@@ -55,4 +55,73 @@
|
|
|
55
55
|
<param pos="1" name="os.product"/>
|
|
56
56
|
<param pos="2" name="os.version"/>
|
|
57
57
|
</fingerprint>
|
|
58
|
+
<fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
|
|
59
|
+
<description>Mitel SIP Phones</description>
|
|
60
|
+
<example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
|
|
61
|
+
<param pos="0" name="hw.vendor" value="Mitel"/>
|
|
62
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
63
|
+
<param pos="1" name="hw.product"/>
|
|
64
|
+
<param pos="2" name="hw.version"/>
|
|
65
|
+
<param pos="3" name="host.mac"/>
|
|
66
|
+
</fingerprint>
|
|
67
|
+
<fingerprint pattern="^Mitel Border GW/(\S+)$">
|
|
68
|
+
<description>Mitel SIP Gateway</description>
|
|
69
|
+
<example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
|
|
70
|
+
<param pos="0" name="hw.vendor" value="Mitel"/>
|
|
71
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
72
|
+
<param pos="0" name="hw.product" value="Border GW"/>
|
|
73
|
+
<param pos="1" name="hw.version"/>
|
|
74
|
+
</fingerprint>
|
|
75
|
+
<fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
|
|
76
|
+
<description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
|
|
77
|
+
<example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
|
|
78
|
+
<example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
|
|
79
|
+
<example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
|
|
80
|
+
<example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
|
|
81
|
+
<example hw.version="4.0.8.1608" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
|
|
82
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
83
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
84
|
+
<param pos="1" name="hw.family"/>
|
|
85
|
+
<param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
|
|
86
|
+
<param pos="2" name="hw.model"/>
|
|
87
|
+
<param pos="3" name="hw.version"/>
|
|
88
|
+
<param pos="4" name="host.mac"/>
|
|
89
|
+
</fingerprint>
|
|
90
|
+
<fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
|
|
91
|
+
<description>Polycom RealPresence Trio Phones</description>
|
|
92
|
+
<example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
|
|
93
|
+
<example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
|
|
94
|
+
<example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
|
|
95
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
96
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
97
|
+
<param pos="0" name="hw.family" value="RealPresence"/>
|
|
98
|
+
<param pos="0" name="hw.product" value="RealPresence Trio {hw.model}"/>
|
|
99
|
+
<param pos="1" name="hw.model"/>
|
|
100
|
+
<param pos="2" name="hw.version"/>
|
|
101
|
+
<param pos="3" name="host.mac"/>
|
|
102
|
+
</fingerprint>
|
|
103
|
+
<fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
|
|
104
|
+
<description>Polycom HDX Video Conferencing</description>
|
|
105
|
+
<example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
|
|
106
|
+
<example hw.model="4000" hw.product="HDX 4000" hw.version="3.1.0">PolycomHDX4000/3.1.0</example>
|
|
107
|
+
<example hw.model="7000" hw.product="HDX 7000" hw.version="3.0.2.1-17007">Polycom HDX 7000 HD (Release - 3.0.2.1-17007)</example>
|
|
108
|
+
<example hw.model="8000" hw.product="HDX 8000" hw.version="3.1.7">PolycomHDX8000HD/3.1.7</example>
|
|
109
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
110
|
+
<param pos="0" name="hw.family" value="HDX"/>
|
|
111
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
112
|
+
<param pos="0" name="hw.product" value="HDX {hw.model}"/>
|
|
113
|
+
<param pos="1" name="hw.model"/>
|
|
114
|
+
<param pos="2" name="hw.version"/>
|
|
115
|
+
</fingerprint>
|
|
116
|
+
<fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
|
|
117
|
+
<description>Polycom RealPresence Group Video Conferencing</description>
|
|
118
|
+
PolycomRealPresenceGroup700/6.2.0
|
|
119
|
+
<example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
|
|
120
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
121
|
+
<param pos="0" name="hw.family" value="RealPresence Group"/>
|
|
122
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
123
|
+
<param pos="0" name="hw.product" value="RealPresence Group {hw.model}"/>
|
|
124
|
+
<param pos="1" name="hw.model"/>
|
|
125
|
+
<param pos="2" name="hw.version"/>
|
|
126
|
+
</fingerprint>
|
|
58
127
|
</fingerprints>
|
data/xml/snmp_sysdescr.xml
CHANGED
|
@@ -702,7 +702,7 @@
|
|
|
702
702
|
</fingerprint>
|
|
703
703
|
-->
|
|
704
704
|
<fingerprint pattern="^DEFINITY ONE Release (\S+) Agent$">
|
|
705
|
-
<description>Avaya Definity One media, voicemail,
|
|
705
|
+
<description>Avaya Definity One media, voicemail, VoIP server</description>
|
|
706
706
|
<example>DEFINITY ONE Release 3 Agent</example>
|
|
707
707
|
<param pos="0" name="os.vendor" value="Avaya"/>
|
|
708
708
|
<param pos="0" name="os.product" value="Definity One"/>
|
|
@@ -1358,7 +1358,7 @@
|
|
|
1358
1358
|
<example>TANDBERG MPS-MCU</example>
|
|
1359
1359
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
1360
1360
|
<param pos="0" name="os.product" value="MPS-MCU"/>
|
|
1361
|
-
<param pos="0" name="os.device" value="
|
|
1361
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
|
1362
1362
|
</fingerprint>
|
|
1363
1363
|
<fingerprint pattern="^Cisco Adaptive Security Appliance Version (\d+\.\d+\(\d+\)\d*)">
|
|
1364
1364
|
<description>Cisco Adaptive Security Appliance</description>
|
|
@@ -1379,7 +1379,7 @@
|
|
|
1379
1379
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
1380
1380
|
<param pos="0" name="os.family" value="760 Series"/>
|
|
1381
1381
|
<param pos="0" name="os.product" value="761"/>
|
|
1382
|
-
<param pos="0" name="os.device" value="Broadband
|
|
1382
|
+
<param pos="0" name="os.device" value="Broadband router"/>
|
|
1383
1383
|
<param pos="1" name="os.version"/>
|
|
1384
1384
|
</fingerprint>
|
|
1385
1385
|
<fingerprint pattern="^Cisco Systems, Inc\./VPN 3000 Concentrator(?: Series)? Version (\S+) built.*$">
|
|
@@ -4411,7 +4411,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
4411
4411
|
<example>Netopia R9100 v4.8.2</example>
|
|
4412
4412
|
<param pos="0" name="os.vendor" value="Netopia"/>
|
|
4413
4413
|
<param pos="0" name="os.family" value="Netopia"/>
|
|
4414
|
-
<param pos="0" name="os.device" value="Broadband
|
|
4414
|
+
<param pos="0" name="os.device" value="Broadband router"/>
|
|
4415
4415
|
<param pos="1" name="os.product"/>
|
|
4416
4416
|
<param pos="2" name="os.version"/>
|
|
4417
4417
|
</fingerprint>
|
|
@@ -5644,13 +5644,13 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
5644
5644
|
SHORETEL
|
|
5645
5645
|
=======================================================================-->
|
|
5646
5646
|
<fingerprint pattern="^ShoreGear (\S+)$">
|
|
5647
|
-
<description>Shoretel ShoreGear
|
|
5647
|
+
<description>Shoretel ShoreGear VoIP Switch</description>
|
|
5648
5648
|
<example>ShoreGear 60/12</example>
|
|
5649
5649
|
<example>ShoreGear T1</example>
|
|
5650
5650
|
<param pos="0" name="os.certainty" value="0.9"/>
|
|
5651
5651
|
<param pos="0" name="os.vendor" value="Shoretel"/>
|
|
5652
5652
|
<param pos="0" name="os.family" value="ShoreGear"/>
|
|
5653
|
-
<param pos="0" name="os.device" value="
|
|
5653
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
|
5654
5654
|
<param pos="1" name="os.product"/>
|
|
5655
5655
|
</fingerprint>
|
|
5656
5656
|
<!--======================================================================
|
|
@@ -5716,12 +5716,12 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
5716
5716
|
SIEMENS
|
|
5717
5717
|
=======================================================================-->
|
|
5718
5718
|
<fingerprint pattern="^SNMP agent for HiPath 3000.*V(\S+)$">
|
|
5719
|
-
<description>Siemens HiPath 3000
|
|
5719
|
+
<description>Siemens HiPath 3000 VoIP system</description>
|
|
5720
5720
|
<example>SNMP agent for HiPath 3000 V3/V4</example>
|
|
5721
5721
|
<example>SNMP agent for HiPath 3000/5000 V5.x</example>
|
|
5722
5722
|
<example>SNMP agent for HiPath 3000 V3.x</example>
|
|
5723
5723
|
<param pos="0" name="os.vendor" value="Siemens"/>
|
|
5724
|
-
<param pos="0" name="os.device" value="
|
|
5724
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
|
5725
5725
|
<param pos="0" name="os.product" value="HiPath 3000"/>
|
|
5726
5726
|
<param pos="1" name="os.version"/>
|
|
5727
5727
|
</fingerprint>
|
|
@@ -5757,7 +5757,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
5757
5757
|
<example>HiPath optiPoint 400 Economy HFA</example>
|
|
5758
5758
|
<example>HiPath optiPoint 400 Standard HFA</example>
|
|
5759
5759
|
<param pos="0" name="os.vendor" value="Siemens"/>
|
|
5760
|
-
<param pos="0" name="os.device" value="
|
|
5760
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
|
5761
5761
|
<param pos="0" name="os.family" value="HFA"/>
|
|
5762
5762
|
<param pos="1" name="os.product"/>
|
|
5763
5763
|
</fingerprint>
|
|
@@ -5766,7 +5766,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
5766
5766
|
<example>optiPoint 410 phone</example>
|
|
5767
5767
|
<example>optiPoint 600 office</example>
|
|
5768
5768
|
<param pos="0" name="os.vendor" value="Siemens"/>
|
|
5769
|
-
<param pos="0" name="os.device" value="
|
|
5769
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
|
5770
5770
|
<param pos="0" name="os.family" value="optiPoint"/>
|
|
5771
5771
|
<param pos="1" name="os.product"/>
|
|
5772
5772
|
</fingerprint>
|
|
@@ -6553,20 +6553,20 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
6553
6553
|
<example>Prestige 642R-13</example>
|
|
6554
6554
|
<param pos="0" name="os.vendor" value="ZyXEL"/>
|
|
6555
6555
|
<param pos="0" name="os.product" value="Prestige 642R-13"/>
|
|
6556
|
-
<param pos="0" name="os.device" value="Broadband
|
|
6556
|
+
<param pos="0" name="os.device" value="Broadband router"/>
|
|
6557
6557
|
</fingerprint>
|
|
6558
6558
|
<fingerprint pattern="^Prestige 660ME-61$">
|
|
6559
6559
|
<description>ZxXEL Prestige 660ME-61 ADSL router</description>
|
|
6560
6560
|
<example>Prestige 660ME-61</example>
|
|
6561
6561
|
<param pos="0" name="os.vendor" value="ZyXEL"/>
|
|
6562
6562
|
<param pos="0" name="os.product" value="Prestige 660ME-61"/>
|
|
6563
|
-
<param pos="0" name="os.device" value="Broadband
|
|
6563
|
+
<param pos="0" name="os.device" value="Broadband router"/>
|
|
6564
6564
|
</fingerprint>
|
|
6565
6565
|
<fingerprint pattern="^Prestige 650R-T3$">
|
|
6566
6566
|
<description>ZxXEL Prestige 650R-T3 ADSL router</description>
|
|
6567
6567
|
<example>Prestige 650R-T3</example>
|
|
6568
6568
|
<param pos="0" name="os.vendor" value="ZyXEL"/>
|
|
6569
6569
|
<param pos="0" name="os.product" value="Prestige 650R-T3"/>
|
|
6570
|
-
<param pos="0" name="os.device" value="Broadband
|
|
6570
|
+
<param pos="0" name="os.device" value="Broadband router"/>
|
|
6571
6571
|
</fingerprint>
|
|
6572
6572
|
</fingerprints>
|
data/xml/telnet_banners.xml
CHANGED
|
@@ -986,7 +986,7 @@
|
|
|
986
986
|
Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
|
|
987
987
|
</example>
|
|
988
988
|
<param pos="0" name="os.vendor" value="Flowpoint"/>
|
|
989
|
-
<param pos="0" name="hw.device" value="Broadband
|
|
989
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
990
990
|
<param pos="0" name="hw.product" value="DSL router"/>
|
|
991
991
|
<param pos="1" name="hw.model"/>
|
|
992
992
|
<param pos="2" name="os.version"/>
|
|
@@ -999,7 +999,7 @@
|
|
|
999
999
|
MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
|
|
1000
1000
|
</example>
|
|
1001
1001
|
<param pos="0" name="os.vendor" value="Conexant"/>
|
|
1002
|
-
<param pos="0" name="hw.device" value="Broadband
|
|
1002
|
+
<param pos="0" name="hw.device" value="Broadband router"/>
|
|
1003
1003
|
<param pos="1" name="os.version"/>
|
|
1004
1004
|
</fingerprint>
|
|
1005
1005
|
<fingerprint pattern="^VxWorks login:">
|
data/xml/upnp_banners.xml
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<!-- UPnP Server headers are matched against these patterns to fingerprint UPnP servers. -->
|
|
2
3
|
<fingerprints matches="ssdp_header.server" protocol="ssdp" database_type="service" preference="0.70">
|
|
3
|
-
|
|
4
|
+
<fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
|
|
5
|
+
<description>AVM FRITZ! devices of various types</description>
|
|
6
|
+
<example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
|
|
7
|
+
<param pos="0" name="os.vendor" value="AVM"/>
|
|
8
|
+
<param pos="0" name="os.family" value="FRITZ!Box"/>
|
|
9
|
+
<param pos="2" name="os.product"/>
|
|
10
|
+
<param pos="3" name="os.version"/>
|
|
11
|
+
<param pos="1" name="host.name"/>
|
|
12
|
+
</fingerprint>
|
|
4
13
|
<fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
|
|
5
14
|
<description>Linux MiniUPnPd UPnP Server</description>
|
|
6
15
|
<example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
|
|
@@ -446,6 +455,11 @@
|
|
|
446
455
|
<param pos="1" name="os.version"/>
|
|
447
456
|
<param pos="0" name="os.device" value="Router"/>
|
|
448
457
|
</fingerprint>
|
|
458
|
+
<fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
|
|
459
|
+
<description>D-Link generic</description>
|
|
460
|
+
<example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
|
|
461
|
+
<param pos="0" name="hw.vendor" value="D-Link"/>
|
|
462
|
+
</fingerprint>
|
|
449
463
|
<fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
|
|
450
464
|
<description>TP-Link WAP UPnP Server</description>
|
|
451
465
|
<example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
|
|
@@ -531,6 +545,38 @@
|
|
|
531
545
|
<param pos="1" name="os.version"/>
|
|
532
546
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
|
533
547
|
</fingerprint>
|
|
548
|
+
<fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
|
|
549
|
+
<description>Loxone Miniserver Smart Home</description>
|
|
550
|
+
<example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
|
|
551
|
+
<param pos="0" name="hw.vendor" value="Loxone"/>
|
|
552
|
+
<param pos="0" name="hw.product" value="Miniserver"/>
|
|
553
|
+
<param pos="0" name="hw.device" value="Building Automation"/>
|
|
554
|
+
<param pos="1" name="host.name"/>
|
|
555
|
+
</fingerprint>
|
|
556
|
+
<fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
|
|
557
|
+
<description>Mikrotik RouterOS</description>
|
|
558
|
+
<example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
|
|
559
|
+
<param pos="0" name="os.vendor" value="MikroTik"/>
|
|
560
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
561
|
+
<param pos="0" name="os.family" value="RouterOS"/>
|
|
562
|
+
<param pos="0" name="os.product" value="RouterOS"/>
|
|
563
|
+
<param pos="1" name="os.version"/>
|
|
564
|
+
</fingerprint>
|
|
565
|
+
<fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
|
|
566
|
+
<description>Roku with a version</description>
|
|
567
|
+
<example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
|
|
568
|
+
<param pos="0" name="hw.vendor" value="Roku"/>
|
|
569
|
+
<param pos="0" name="hw.product" value="Roku"/>
|
|
570
|
+
<param pos="0" name="hw.device" value="Media Server"/>
|
|
571
|
+
<param pos="1" name="hw.version"/>
|
|
572
|
+
</fingerprint>
|
|
573
|
+
<fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
|
|
574
|
+
<description>Roku without a version</description>
|
|
575
|
+
<example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
|
|
576
|
+
<param pos="0" name="hw.vendor" value="Roku"/>
|
|
577
|
+
<param pos="0" name="hw.product" value="Roku"/>
|
|
578
|
+
<param pos="0" name="hw.device" value="Media Server"/>
|
|
579
|
+
</fingerprint>
|
|
534
580
|
<fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
|
|
535
581
|
<description>Xbox Media Center UPnP Server</description>
|
|
536
582
|
<example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
|
|
@@ -541,4 +587,24 @@
|
|
|
541
587
|
<param pos="0" name="service.product" value="XBMC"/>
|
|
542
588
|
<param pos="1" name="service.version"/>
|
|
543
589
|
</fingerprint>
|
|
590
|
+
<fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
|
|
591
|
+
<description>Synology DiskStation NAS with IP</description>
|
|
592
|
+
<example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
|
|
593
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
|
594
|
+
<param pos="0" name="hw.family" value="DiskStation"/>
|
|
595
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
|
596
|
+
<param pos="0" name="os.device" value="NAS"/>
|
|
597
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
598
|
+
<param pos="0" name="os.product" value="DSM"/>
|
|
599
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
|
600
|
+
<param pos="1" name="host.ip"/>
|
|
601
|
+
</fingerprint>
|
|
602
|
+
<fingerprint pattern="Synology/DSM/(\S+)$">
|
|
603
|
+
<description>Synology DiskStation NAS with hostname</description>
|
|
604
|
+
<example host.name="stuff">Synology/DSM/stuff</example>
|
|
605
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
|
606
|
+
<param pos="0" name="hw.family" value="DiskStation"/>
|
|
607
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
|
608
|
+
<param pos="1" name="host.name"/>
|
|
609
|
+
</fingerprint>
|
|
544
610
|
</fingerprints>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: recog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.37
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-12-
|
|
11
|
+
date: 2018-12-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|