recog 2.1.36 → 2.1.37

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 38bdc881c4ede4d0940ef9fde54b73dff9b76d81
-  data.tar.gz: b14431b396c9a8405ca5db785226b8324e404b94
+  metadata.gz: bedbc15c938e70988703707bf0bd8f012c3419eb
+  data.tar.gz: a8e520662bc9dc4b5adcce03b5c592afc18264ab
 SHA512:
-  metadata.gz: 223ebf60ee2383bb813fd15ef20c1ad2362336f30e633c4a8b7799f5801e54f1a196189a85137767901c953a04a83d081142d8618e83abc275e54467912427c9
-  data.tar.gz: d07e6f5fe1415e4bc16d48ec7e847b00b50ce57ab816457f63603284f85e0a2961f78315c26c1bb4cd6c964c3d1770dccf770124b4b033d6a00d17e7beb37894
+  metadata.gz: fdd4793619ba2ba21c5bcc7cf9b6e1b7a6dde4f446499570da657a5d746753b6e301d02dbf99ca1c5cda779d92c47eed706c2c3618fe9c7e78a1c601290ef1dd
+  data.tar.gz: a9984190a25fd84004610efc0eafb6bc843aa373e226a11523390044bac321f968f5f03aec5ee20b839f91dca9bc8aafaaf296a63f5c89af173e177588fe7049

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.1.36'
+  VERSION = '2.1.37'
 end

data/xml/dns_versionbind.xml

@@ -622,6 +622,8 @@
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="DSM"/>
+    <param pos="0" name="os.vendor" value="Synology"/>
     <param pos="0" name="hw.vendor" value="Synology"/>
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>

data/xml/http_cookies.xml

@@ -105,13 +105,14 @@
     <param pos="0" name="service.family" value="Content Service Switch"/>
     <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
   </fingerprint>
-  <fingerprint pattern="^webvpn(?:c|_portal|Lang|login|SharePoint)?=">
+  <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
     <description>Cisco ASA VPN</description>
     <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
     <example>webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
     <example>webvpn_portal=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
     <example>webvpnSharePoint=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
     <example>webvpnlogin=1; path=/; secure</example>
+    <example>webvpncontext=00@sslvpn</example>
     <param pos="0" name="service.vendor" value="Cisco"/>
     <param pos="0" name="service.product" value="HTTP"/>
     <param pos="0" name="os.vendor" value="Cisco"/>
@@ -132,6 +133,14 @@
     <param pos="0" name="service.family" value="Application Protection System"/>
     <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
   </fingerprint>
+  <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS])=.*">
+    <description>Citrix NetScaler</description>
+    <example>NSC_AAAC=xyz;</example>
+    <param pos="0" name="os.vendor" value="Citrix"/>
+    <param pos="0" name="os.family" value="NetScaler"/>
+    <param pos="0" name="os.device" value="NetScaler"/>
+    <param pos="0" name="os.product" value="NetScaler"/>
+  </fingerprint>
   <fingerprint pattern="^(EktGUID|ecm)=.*">
     <description>Ektron CMS400.net
       http://www.ektron.com/developers/cms400kb.cfm?id=2174

data/xml/http_servers.xml

@@ -65,6 +65,13 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
     <param pos="2" name="apache.info"/>
   </fingerprint>
+  <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
+    <description>Apache CouchDB</description>
+    <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="CouchDB"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
   <fingerprint pattern="^support@arraynetworks.net$">
     <description>Array Networks device</description>
     <example>support@arraynetworks.net</example>
@@ -296,6 +303,14 @@
     <param pos="0" name="service.component.family" value="Coyote"/>
     <param pos="1" name="service.component.version"/>
   </fingerprint>
+  <fingerprint pattern="^Apache Tomcat$">
+    <description>HTTP connector for Apache Tomcat with no version</description>
+    <example>Apache Tomcat</example>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.product" value="Tomcat"/>
+    <param pos="0" name="service.family" value="Tomcat"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
+  </fingerprint>
   <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
     <description>JBoss with embedded tomcat</description>
     <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -754,6 +769,13 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+  <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
+    <description>Generic IP Cameras</description>
+    <example>camera</example>
+    <example>IPCamera Login</example>
+    <example>Mini Dome IP Camera</example>
+    <param pos="0" name="hw.device" value="Camera"/>
+  </fingerprint>
   <fingerprint pattern="^ASP.NET$">
     <description>Something written in ASP.NET</description>
     <example>ASP.NET</example>
@@ -780,6 +802,12 @@
     <param pos="0" name="hw.vendor" value="Bosch"/>
     <param pos="0" name="hw.device" value="DVR"/>
   </fingerprint>
+  <fingerprint pattern="^FUHO-DVR$">
+    <description>FUHO Surveillance/DVR</description>
+    <example>FUHO-DVR</example>
+    <param pos="0" name="hw.vendor" value="FUHO"/>
+    <param pos="0" name="hw.device" value="DVR"/>
+  </fingerprint>
   <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
     <description>HeiTel Digital Video Recorder</description>
     <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -1498,6 +1526,13 @@
     <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
     <param pos="0" name="hw.device" value="Firewall"/>
   </fingerprint>
+  <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
+    <description>Cradlepoint HTTP service</description>
+    <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.vendor" value="Cradlepoint"/>
+    <param pos="0" name="service.product" value="HTTP"/>
+  </fingerprint>
   <fingerprint pattern="^DesktopAuthority/(.*)$">
     <description>ScriptLogic DesktopAuthority</description>
     <param pos="1" name="service.version"/>
@@ -2094,6 +2129,12 @@
     <param pos="0" name="hw.vendor" value="ARRIS"/>
     <param pos="0" name="hw.device" value="Cable Modem"/>
   </fingerprint>
+  <fingerprint pattern="^2wire Gateway$">
+    <description>Web server found on some Arris/2wire devices</description>
+    <example>2wire Gateway</example>
+    <param pos="0" name="service.vendor" value="ARRIS"/>
+    <param pos="0" name="service.product" value="2wire"/>
+  </fingerprint>
   <!-- junit says,
      "Example pattern '' from http_servers.xml didn't match pattern '^$'"
      Figure out if we have a way to support matching empty strings later.
@@ -2171,9 +2212,10 @@
     <param pos="0" name="service.vendor" value="Amazon"/>
     <param pos="0" name="service.product" value="Snowball"/>
   </fingerprint>
-  <fingerprint pattern="^cloudflare-nginx$">
+  <fingerprint pattern="^cloudflare(?:-nginx)?$">
     <description>CloudFlare web load balancer endpoint</description>
     <example>cloudflare-nginx</example>
+    <example>cloudflare</example>
     <param pos="0" name="service.vendor" value="CloudFlare"/>
     <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
     <param pos="0" name="service.family" value="CloudFlare"/>
@@ -2279,6 +2321,15 @@
     <param pos="0" name="hw.family" value="DVR"/>
     <param pos="0" name="hw.device" value="DVR"/>
   </fingerprint>
+  <fingerprint pattern="^OpenTV/([\d\.]+)$">
+    <description>OpenTV</description>
+    <example os.version="5.40">OpenTV/5.40</example>
+    <param pos="0" name="os.vendor" value="NAGRA"/>
+    <param pos="0" name="os.product" value="OpenTV"/>
+    <param pos="0" name="os.device" value="DVR"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.device" value="DVR"/>
+  </fingerprint>
   <!-- Tridium previously had a product with the 'Niagra' spelling -->
   <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
     <description>Tridium Niagara AX Framework</description>

data/xml/http_wwwauth.xml

@@ -54,6 +54,11 @@
     <param pos="0" name="os.version" value="12"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:12"/>
   </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;.*$">
+    <description>Generic Cisco CWMP/CPE equipment</description>
+    <example>Basic realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;</example>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=.FW-1.      Reason: no user      Server .$">
     <description>Check Point FireWall-1</description>
     <param pos="0" name="service.vendor" value="Check Point"/>
@@ -65,6 +70,12 @@
     <param pos="0" name="os.family" value="Firewall-1"/>
     <param pos="0" name="os.product" value="Firewall-1"/>
   </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpanel&quot;.*">
+    <description>cPanel</description>
+    <example>Basic realm=&quot;cPanel&quot;</example>
+    <param pos="0" name="service.vendor" value="cPanel"/>
+    <param pos="0" name="service.product" value="cPanel"/>
+  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=.APC Management Card.$">
     <description>APC device</description>
     <param pos="0" name="service.vendor" value="APC"/>
@@ -73,6 +84,61 @@
     <param pos="0" name="os.product" value="Unknown"/>
     <param pos="0" name="os.device" value="Power device"/>
   </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;ADSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
+    <description>Generic ADSL modems/routers</description>
+    <example>Basic realm=&quot;ADSL Modem&quot;</example>
+    <example>Basic realm=&quot;ADSL Modem/Router&quot;</example>
+    <example>Basic realm=&quot;ADSL Router&quot;</example>
+    <example>Basic realm=&quot;ADSL2+ Router&quot;</example>
+    <param pos="0" name="hw.device" value="ADSL Modem"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Broadband Router&quot;.*$">
+    <description>Generic Broadband modems/routers</description>
+    <example>Basic realm=&quot;Broadband Router&quot;</example>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
+    <description>Generic DSL modems/routers</description>
+    <example>Basic realm=&quot;DSL Modem&quot;</example>
+    <param pos="0" name="hw.device" value="DSL Modem"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DVR&quot;.*$">
+    <description>Generic DVR</description>
+    <example>Basic realm=&quot;DVR&quot;</example>
+    <param pos="0" name="hw.device" value="DVR"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Wireless Access Point&quot;.*$">
+    <description>Generic WAP</description>
+    <example>Basic realm=&quot;Wireless Access Point&quot;</example>
+    <param pos="0" name="hw.device" value="WAP"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?&quot;.*$">
+    <description>Generic IP Cameras</description>
+    <example>Basic realm=&quot;camera&quot;</example>
+    <example>Basic realm=&quot;IPCamera Login&quot;</example>
+    <example>Basic realm=&quot;Mini Dome IP Camera&quot;</example>
+    <param pos="0" name="hw.device" value="Camera"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(DCS-[^&quot;]+)&quot;.*$">
+    <description>D-Link DCS IP Cameras</description>
+    <example hw.product="DCS-5222LB1">Basic realm=&quot;DCS-5222LB1&quot;</example>
+    <example hw.product="DCS-2530L">Basic realm=&quot;DCS-2530L&quot;</example>
+    <param pos="0" name="hw.vendor" value="D-Link"/>
+    <param pos="0" name="hw.device" value="Camera"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;GoAhead&quot;.*$">
+    <description>GoAhead webserver</description>
+    <example>Basic realm=&quot;GoAhead&quot;</example>
+    <param pos="0" name="service.vendor" value="Oracle"/>
+    <param pos="0" name="service.product" value="GoAhead Webserver"/>
+    <param pos="0" name="service.family" value="GoAhead Webserver"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;kubernetes-master&quot;.*$">
+    <description>Kubernetes master nodes</description>
+    <example>Basic realm=&quot;kubernetes-master&quot;</example>
+    <param pos="0" name="service.vendor" value="Kubernetes"/>
+  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=.SpeedTouch \(([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2})\).$">
     <description>Thomson SpeedTouch xDSL routers</description>
     <param pos="0" name="service.vendor" value="Thomson"/>
@@ -106,6 +172,13 @@
     <param pos="1" name="os.product"/>
     <param pos="2" name="host.mac"/>
   </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest).*realm=&quot;Thomson(?: Gateway)?&quot;.*$">
+    <description>Thomson generic devices</description>
+    <example>Digest realm=&quot;Thomson Gateway&quot;</example>
+    <example>Basic realm=&quot;Thomson&quot;</example>
+    <param pos="0" name="hw.vendor" value="Thomson"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=.(?:SmartAX )?(MT\d+[^ ]*)(?: ADSL Router)?.$">
     <description>Huawei xDSL routers</description>
     <param pos="0" name="service.vendor" value="Huawei"/>
@@ -116,6 +189,21 @@
     <param pos="0" name="os.family" value="MT"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;HuaweiHomeGateway&quot;.*$">
+    <description>Huawei Home Gateway Routers</description>
+    <example>Basic realm=&quot;HuaweiHomeGateway&quot;</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.product" value="Home Gateway"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;EchoLife .*&quot;.*$">
+    <description>Huawei EchoLife Home Gateways</description>
+    <example>Basic realm=&quot;EchoLife Portal de Inicio&quot;</example>
+    <example>Basic realm=&quot;EchoLife Home Gateway&quot;</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
+  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=.WRT54G.$">
     <description>Linksys WRT54G wireless access point
          (dozen of variants of the product)</description>
@@ -142,13 +230,6 @@
     <param pos="0" name="os.device" value="Router"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*Router ([A-Z0-9\-\+]+).*$">
-    <description>TP-LINK SoHo Router</description>
-    <example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
-    <param pos="0" name="os.vendor" value="TP-LINK"/>
-    <param pos="0" name="os.device" value="Router"/>
-    <param pos="1" name="os.product"/>
-  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+).*$">
     <description>TP-LINK SoHo Router</description>
     <example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
@@ -171,6 +252,21 @@
     <param pos="0" name="os.device" value="WAP"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK (.*Router.*)&quot;.*$">
+    <description>TP-LINK Routers</description>
+    <example>Basic realm=&quot;TP-LINK Wireless N Router WR841N&quot;</example>
+    <example>Basic realm=&quot;TP-LINK Gigabit Broadband VPN Router R600VPN&quot;</example>
+    <example>Basic realm=&quot;TP-LINK Wireless Lite N Router WR740N/WR741ND&quot;</example>
+    <param pos="0" name="hw.vendor" value="TP-Link"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK IP-Camera&quot;.*$">
+    <description>TP-LINK IP-Cameras</description>
+    <example>Basic realm=&quot;TP-LINK IP-Camera&quot;</example>
+    <param pos="0" name="hw.vendor" value="TP-Link"/>
+    <param pos="0" name="hw.device" value="Camera"/>
+  </fingerprint>
   <fingerprint pattern="(?i)^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;.*$">
     <description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
     <example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
@@ -226,6 +322,24 @@
     <param pos="0" name="os.device" value="Switch"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;SERCOMM CPE Authentication&quot;.*$">
+    <description>Assorted Sercomm CPE devices</description>
+    <example>Digest realm="SERCOMM CPE Authentication"</example>
+    <param pos="0" name="hw.vendor" value="Sercomm"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TiVo DVR&quot;.*$">
+    <description>Tivo DVR</description>
+    <example>Digest realm=&quot;TiVo DVR&quot;</example>
+    <param pos="0" name="hw.vendor" value="Tivo"/>
+    <param pos="0" name="hw.family" value="DVR"/>
+    <param pos="0" name="hw.device" value="DVR"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;UBEE&quot;.*$">
+    <description>Ubee Cable Modems</description>
+    <example>Digest qop=&quot;auth&quot;, realm=&quot;Ubee&quot;, nonce=&quot;1544738973&quot;</example>
+    <param pos="0" name="hw.vendor" value="Ubee"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+  </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) realm=&quot;XDB&quot;$">
     <description>Web server providing web services for Oracle's XML DB.</description>
     <example>Basic realm="XDB"</example>
@@ -233,6 +347,27 @@
     <param pos="0" name="service.product" value="XML DB"/>
     <param pos="0" name="service.family" value="Oracle"/>
   </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpe@zte.com&quot;.*$">
+    <description>Assorted ZTE CPE devices</description>
+    <example>Digest realm=&quot;cpe@zte.com&quot;</example>
+    <param pos="0" name="hw.vendor" value="ZTE"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;ZXHN (\S+)&quot;.*$">
+    <description>ZTE ZXHN router</description>
+    <example>Basic realm=&quot;ZXHN H108L&quot;</example>
+    <param pos="0" name="hw.vendor" value="ZTE"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.family" value="ZXHN"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(ZXV\S* \S+)&quot;.*$">
+    <description>ZTE ZXV router</description>
+    <example hw.product="ZXV10 W300">Basic realm=&quot;ZXV10 W300&quot;</example>
+    <param pos="0" name="hw.vendor" value="ZTE"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.family" value="ZXV"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
   <!-- a variety of headers we currently just ignore -->
   <fingerprint pattern="(?i)^NTLM$">
     <description>Ignore NTLM-only</description>
@@ -243,9 +378,13 @@
     <description>Ignore Negotiate-only</description>
     <example>Negotiate</example>
   </fingerprint>
-  <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;null&quot;">
-    <description>Ignore null</description>
+  <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:/|\.|null|/?index.html?)?&quot;">
+    <description>Ignore null/empty/period/index.</description>
     <example>Basic realm="null"</example>
+    <example>Basic realm="."</example>
+    <example>Basic realm=""</example>
+    <example>Basic realm="/"</example>
+    <example>Basic realm="index.html"</example>
   </fingerprint>
   <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)&quot;.*$">
     <description>Ignore realms with an IPv4 address</description>

data/xml/mdns_device-info_txt.xml

@@ -257,6 +257,18 @@
     <param pos="0" name="hw.product" value="MacBook Pro (13-inch, 2016, Two Thunderbolt 3 ports)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
   </fingerprint>
+  <fingerprint pattern="^model=MacBookPro12,1$">
+    <description>MacBook Pro (Retina, 13-inch, Early 2015)</description>
+    <example>model=MacBookPro12,1</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+    <param pos="0" name="hw.family" value="MacBook Pro"/>
+    <param pos="0" name="hw.product" value="MacBook Pro (Retina, 13-inch, Early 2015)"/>
+    <param pos="0" name="hw.device" value="Laptop"/>
+  </fingerprint>
   <fingerprint pattern="^model=MacBookPro11,4$">
     <description>MacBook Pro (Retina, 15-inch, Mid 2015)</description>
     <example>model=MacBookPro11,4</example>
@@ -342,6 +354,18 @@
     <param pos="0" name="hw.product" value="MacBook (Retina, 12-inch, 2017)"/>
     <param pos="0" name="hw.device" value="Laptop"/>
   </fingerprint>
+  <fingerprint pattern="^model=MacBookPro9,2$">
+    <description>MacBook Pro (13-inch, Mid 2012)</description>
+    <example>model=MacBookPro9,2</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+    <param pos="0" name="hw.family" value="MacBook Pro"/>
+    <param pos="0" name="hw.product" value="MacBook Pro (13-inch, Mid 2012)"/>
+    <param pos="0" name="hw.device" value="Laptop"/>
+  </fingerprint>
   <fingerprint pattern="^model=MacBook9,1$">
     <description>MacBook (Retina, 12-inch, Early 2016)</description>
     <example>model=MacBook9,1</example>
@@ -429,7 +453,7 @@
     <param pos="0" name="hw.device" value="Tablet"/>
   </fingerprint>
   <fingerprint pattern="^model=J12[78]AP$">
-    <description>iPad Pro (9.7-inch))</description>
+    <description>iPad Pro (9.7-inch)</description>
     <example>model=J127AP</example>
     <param pos="0" name="os.vendor" value="Apple"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
@@ -440,6 +464,18 @@
     <param pos="0" name="hw.product" value="iPad Pro (9.7-inch)"/>
     <param pos="0" name="hw.device" value="Tablet"/>
   </fingerprint>
+  <fingerprint pattern="^model=J121AP$">
+    <description>iPad Pro (12.9-inch)</description>
+    <example>model=J121AP</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
+    <param pos="0" name="os.family" value="iOS"/>
+    <param pos="0" name="os.product" value="iOS"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+    <param pos="0" name="hw.family" value="iPad Pro"/>
+    <param pos="0" name="hw.product" value="iPad Pro (12.9-inch)"/>
+    <param pos="0" name="hw.device" value="Tablet"/>
+  </fingerprint>
   <!-- iPad -->
   <fingerprint pattern="^model=J71[ts]AP$">
     <description>iPad (5th generation)</description>
@@ -466,6 +502,18 @@
     <param pos="0" name="hw.product" value="iPad Air"/>
     <param pos="0" name="hw.device" value="Tablet"/>
   </fingerprint>
+  <fingerprint pattern="^model=J8[12]AP$">
+    <description>iPad Air 2</description>
+    <example>model=J81AP</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
+    <param pos="0" name="os.family" value="iOS"/>
+    <param pos="0" name="os.product" value="iOS"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+    <param pos="0" name="hw.family" value="iPad Air"/>
+    <param pos="0" name="hw.product" value="iPad Air 2"/>
+    <param pos="0" name="hw.device" value="Tablet"/>
+  </fingerprint>
   <!-- iPad mini -->
   <fingerprint pattern="^model=J8[567]AP$">
     <description>iPad mini 2</description>

data/xml/sip_banners.xml

@@ -94,6 +94,13 @@
     <param pos="1" name="hw.model"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
+  <fingerprint pattern="EnGenius_Router$">
+    <description>EnGenius DuraFon IP Phone</description>
+    <example>EnGenius_Router</example>
+    <param pos="0" name="hw.vendor" value="enGenius"/>
+    <param pos="0" name="hw.product" value="DuraFon"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+  </fingerprint>
   <fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
     <description>Media5 Corporation SIP Stack</description>
     <example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
@@ -134,12 +141,22 @@
     <param pos="1" name="hw.product"/>
     <param pos="2" name="hw.version"/>
   </fingerprint>
-  <fingerprint pattern="^ZXHN (H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
+  <fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
+    <description>ZTE ZXDSL router</description>
+    <example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
+    <param pos="0" name="hw.vendor" value="ZTE"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.family" value="ZXDSL"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
     <description>ZTE ZXHN router</description>
     <example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
     <example hw.product="H367N" hw.version="1.0.4">ZXHN H367N/V1.0.4</example>
     <example hw.product="H218N" hw.version="1.02.01">ZXHN H218N/V1.02.01</example>
     <example hw.product="H208N" hw.version="1.0.2T02">ZXHN H208N/V1.0.2T02</example>
+    <example hw.product="H368N" hw.version="1.10.00T10">H368N/V1.10.00T10</example>
     <param pos="0" name="hw.vendor" value="ZTE"/>
     <param pos="0" name="hw.device" value="Router"/>
     <param pos="0" name="hw.family" value="ZXHN"/>

data/xml/sip_user_agents.xml

@@ -55,4 +55,73 @@
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
+    <description>Mitel SIP Phones</description>
+    <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
+    <param pos="0" name="hw.vendor" value="Mitel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="3" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Mitel Border GW/(\S+)$">
+    <description>Mitel SIP Gateway</description>
+    <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
+    <param pos="0" name="hw.vendor" value="Mitel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="Border GW"/>
+    <param pos="1" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
+    <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
+    <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
+    <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
+    <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
+    <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
+    <example hw.version="4.0.8.1608" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.version"/>
+    <param pos="4" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
+    <description>Polycom RealPresence Trio Phones</description>
+    <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
+    <example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
+    <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.family" value="RealPresence"/>
+    <param pos="0" name="hw.product" value="RealPresence Trio {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="3" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
+    <description>Polycom HDX Video Conferencing</description>
+    <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
+    <example hw.model="4000" hw.product="HDX 4000" hw.version="3.1.0">PolycomHDX4000/3.1.0</example>
+    <example hw.model="7000" hw.product="HDX 7000" hw.version="3.0.2.1-17007">Polycom HDX 7000 HD (Release - 3.0.2.1-17007)</example>
+    <example hw.model="8000" hw.product="HDX 8000" hw.version="3.1.7">PolycomHDX8000HD/3.1.7</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="HDX"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="HDX {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
+    <description>Polycom RealPresence Group Video Conferencing</description>
+    PolycomRealPresenceGroup700/6.2.0
+    <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="RealPresence Group"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="RealPresence Group {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
 </fingerprints>

data/xml/snmp_sysdescr.xml

@@ -702,7 +702,7 @@
    </fingerprint>
    -->
   <fingerprint pattern="^DEFINITY ONE Release (\S+) Agent$">
-    <description>Avaya Definity One media, voicemail, VOIP server</description>
+    <description>Avaya Definity One media, voicemail, VoIP server</description>
     <example>DEFINITY ONE Release 3 Agent</example>
     <param pos="0" name="os.vendor" value="Avaya"/>
     <param pos="0" name="os.product" value="Definity One"/>
@@ -1358,7 +1358,7 @@
     <example>TANDBERG MPS-MCU</example>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.product" value="MPS-MCU"/>
-    <param pos="0" name="os.device" value="VOIP"/>
+    <param pos="0" name="os.device" value="VoIP"/>
   </fingerprint>
   <fingerprint pattern="^Cisco Adaptive Security Appliance Version (\d+\.\d+\(\d+\)\d*)">
     <description>Cisco Adaptive Security Appliance</description>
@@ -1379,7 +1379,7 @@
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.family" value="760 Series"/>
     <param pos="0" name="os.product" value="761"/>
-    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.device" value="Broadband router"/>
     <param pos="1" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^Cisco Systems, Inc\./VPN 3000 Concentrator(?: Series)? Version (\S+) built.*$">
@@ -4411,7 +4411,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <example>Netopia R9100 v4.8.2</example>
     <param pos="0" name="os.vendor" value="Netopia"/>
     <param pos="0" name="os.family" value="Netopia"/>
-    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.device" value="Broadband router"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
@@ -5644,13 +5644,13 @@ Copyright (c) 1995-2005 by Cisco Systems
                               SHORETEL
    =======================================================================-->
   <fingerprint pattern="^ShoreGear (\S+)$">
-    <description>Shoretel ShoreGear VOIP Switch</description>
+    <description>Shoretel ShoreGear VoIP Switch</description>
     <example>ShoreGear 60/12</example>
     <example>ShoreGear T1</example>
     <param pos="0" name="os.certainty" value="0.9"/>
     <param pos="0" name="os.vendor" value="Shoretel"/>
     <param pos="0" name="os.family" value="ShoreGear"/>
-    <param pos="0" name="os.device" value="VOIP"/>
+    <param pos="0" name="os.device" value="VoIP"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
   <!--======================================================================
@@ -5716,12 +5716,12 @@ Copyright (c) 1995-2005 by Cisco Systems
                               SIEMENS
    =======================================================================-->
   <fingerprint pattern="^SNMP agent for HiPath 3000.*V(\S+)$">
-    <description>Siemens HiPath 3000 VOIP system</description>
+    <description>Siemens HiPath 3000 VoIP system</description>
     <example>SNMP agent for HiPath 3000 V3/V4</example>
     <example>SNMP agent for HiPath 3000/5000 V5.x</example>
     <example>SNMP agent for HiPath 3000 V3.x</example>
     <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="VOIP"/>
+    <param pos="0" name="os.device" value="VoIP"/>
     <param pos="0" name="os.product" value="HiPath 3000"/>
     <param pos="1" name="os.version"/>
   </fingerprint>
@@ -5757,7 +5757,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <example>HiPath optiPoint 400 Economy HFA</example>
     <example>HiPath optiPoint 400 Standard HFA</example>
     <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="VOIP"/>
+    <param pos="0" name="os.device" value="VoIP"/>
     <param pos="0" name="os.family" value="HFA"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
@@ -5766,7 +5766,7 @@ Copyright (c) 1995-2005 by Cisco Systems
     <example>optiPoint 410 phone</example>
     <example>optiPoint 600 office</example>
     <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="VOIP"/>
+    <param pos="0" name="os.device" value="VoIP"/>
     <param pos="0" name="os.family" value="optiPoint"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
@@ -6553,20 +6553,20 @@ Copyright (c) 1995-2005 by Cisco Systems
     <example>Prestige 642R-13</example>
     <param pos="0" name="os.vendor" value="ZyXEL"/>
     <param pos="0" name="os.product" value="Prestige 642R-13"/>
-    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.device" value="Broadband router"/>
   </fingerprint>
   <fingerprint pattern="^Prestige 660ME-61$">
     <description>ZxXEL Prestige 660ME-61 ADSL router</description>
     <example>Prestige 660ME-61</example>
     <param pos="0" name="os.vendor" value="ZyXEL"/>
     <param pos="0" name="os.product" value="Prestige 660ME-61"/>
-    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.device" value="Broadband router"/>
   </fingerprint>
   <fingerprint pattern="^Prestige 650R-T3$">
     <description>ZxXEL Prestige 650R-T3 ADSL router</description>
     <example>Prestige 650R-T3</example>
     <param pos="0" name="os.vendor" value="ZyXEL"/>
     <param pos="0" name="os.product" value="Prestige 650R-T3"/>
-    <param pos="0" name="os.device" value="Broadband Router"/>
+    <param pos="0" name="os.device" value="Broadband router"/>
   </fingerprint>
 </fingerprints>

data/xml/telnet_banners.xml

@@ -986,7 +986,7 @@
       Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
     </example>
     <param pos="0" name="os.vendor" value="Flowpoint"/>
-    <param pos="0" name="hw.device" value="Broadband Router"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
     <param pos="0" name="hw.product" value="DSL router"/>
     <param pos="1" name="hw.model"/>
     <param pos="2" name="os.version"/>
@@ -999,7 +999,7 @@
       MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
     </example>
     <param pos="0" name="os.vendor" value="Conexant"/>
-    <param pos="0" name="hw.device" value="Broadband Router"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
     <param pos="1" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^VxWorks login:">

data/xml/upnp_banners.xml

@@ -1,6 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- UPnP Server headers are matched against these patterns to fingerprint UPnP servers. -->
 <fingerprints matches="ssdp_header.server" protocol="ssdp" database_type="service" preference="0.70">
-  <!-- UPnP Server headers are matched against these patterns to fingerprint UPnP servers. -->
+  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
+    <description>AVM FRITZ! devices of various types</description>
+    <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="FRITZ!Box"/>
+    <param pos="2" name="os.product"/>
+    <param pos="3" name="os.version"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
   <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
     <description>Linux MiniUPnPd UPnP Server</description>
     <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
@@ -446,6 +455,11 @@
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.device" value="Router"/>
   </fingerprint>
+  <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
+    <description>D-Link generic</description>
+    <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
+    <param pos="0" name="hw.vendor" value="D-Link"/>
+  </fingerprint>
   <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
     <description>TP-Link WAP UPnP Server</description>
     <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -531,6 +545,38 @@
     <param pos="1" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
   </fingerprint>
+  <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
+    <description>Loxone Miniserver Smart Home</description>
+    <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
+    <param pos="0" name="hw.vendor" value="Loxone"/>
+    <param pos="0" name="hw.product" value="Miniserver"/>
+    <param pos="0" name="hw.device" value="Building Automation"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
+    <description>Mikrotik RouterOS</description>
+    <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
+    <param pos="0" name="os.vendor" value="MikroTik"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="os.family" value="RouterOS"/>
+    <param pos="0" name="os.product" value="RouterOS"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
+    <description>Roku with a version</description>
+    <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
+    <param pos="0" name="hw.vendor" value="Roku"/>
+    <param pos="0" name="hw.product" value="Roku"/>
+    <param pos="0" name="hw.device" value="Media Server"/>
+    <param pos="1" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
+    <description>Roku without a version</description>
+    <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
+    <param pos="0" name="hw.vendor" value="Roku"/>
+    <param pos="0" name="hw.product" value="Roku"/>
+    <param pos="0" name="hw.device" value="Media Server"/>
+  </fingerprint>
   <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
     <description>Xbox Media Center UPnP Server</description>
     <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -541,4 +587,24 @@
     <param pos="0" name="service.product" value="XBMC"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+  <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
+    <description>Synology DiskStation NAS with IP</description>
+    <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
+    <param pos="0" name="hw.vendor" value="Synology"/>
+    <param pos="0" name="hw.family" value="DiskStation"/>
+    <param pos="0" name="hw.device" value="NAS"/>
+    <param pos="0" name="os.device" value="NAS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="DSM"/>
+    <param pos="0" name="os.vendor" value="Synology"/>
+    <param pos="1" name="host.ip"/>
+  </fingerprint>
+  <fingerprint pattern="Synology/DSM/(\S+)$">
+    <description>Synology DiskStation NAS with hostname</description>
+    <example host.name="stuff">Synology/DSM/stuff</example>
+    <param pos="0" name="hw.vendor" value="Synology"/>
+    <param pos="0" name="hw.family" value="DiskStation"/>
+    <param pos="0" name="hw.device" value="NAS"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
 </fingerprints>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.1.36
+  version: 2.1.37
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-12 00:00:00.000000000 Z
+date: 2018-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec