recog 2.3.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +17 -0
- data/xml/apache_os.xml +4 -4
- data/xml/ftp_banners.xml +37 -46
- data/xml/h323_callresp.xml +1 -1
- data/xml/http_cookies.xml +26 -58
- data/xml/http_servers.xml +65 -95
- data/xml/http_wwwauth.xml +6 -6
- data/xml/imap_banners.xml +12 -5
- data/xml/ldap_searchresult.xml +2 -2
- data/xml/mysql_banners.xml +3 -3
- data/xml/mysql_error.xml +0 -1
- data/xml/ntp_banners.xml +2 -2
- data/xml/operating_system.xml +0 -1
- data/xml/pop_banners.xml +5 -6
- data/xml/smb_native_os.xml +4 -4
- data/xml/smtp_banners.xml +13 -19
- data/xml/smtp_debug.xml +5 -13
- data/xml/smtp_ehlo.xml +2 -7
- data/xml/smtp_expn.xml +12 -24
- data/xml/smtp_help.xml +22 -62
- data/xml/smtp_noop.xml +5 -9
- data/xml/smtp_quit.xml +3 -7
- data/xml/smtp_rcptto.xml +3 -7
- data/xml/smtp_vrfy.xml +16 -35
- data/xml/snmp_sysdescr.xml +258 -278
- data/xml/snmp_sysobjid.xml +3 -3
- data/xml/ssh_banners.xml +8 -11
- data/xml/x509_subjects.xml +14 -17
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 920e1485b77b016b102fa9dac98a5083466bd25f
|
|
4
|
+
data.tar.gz: a2933977255f0482e2eeaecf0c5fcc03b7da51a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e76194edd0b9a4e6658abfe66afbb4da62cd5ef69bff5c6ead19481ecf14ba858a025f7598e384aa00d93c4fe79958aad4cd58101846c384e9ea29f87b59aba3
|
|
7
|
+
data.tar.gz: 35ca17bafa51461fa4cacc03750154e4cdd56e6e1d9c9053a6c3a6604c217ea2834a2e5195ec65a4eaf87496f09051dfeb6092d67fa2d73f2a73019555f2f832
|
data/lib/recog/version.rb
CHANGED
|
@@ -28,9 +28,18 @@ describe Recog::DB do
|
|
|
28
28
|
expect(db.preference).to be_between(0.10, 0.90)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
fp_descriptions = []
|
|
31
32
|
db.fingerprints.each_index do |i|
|
|
32
33
|
fp = db.fingerprints[i]
|
|
33
34
|
|
|
35
|
+
it "doesn't have a duplicate description" do
|
|
36
|
+
if fp_descriptions.include?(fp.name)
|
|
37
|
+
fail "'#{fp.name}'s description is not unique"
|
|
38
|
+
else
|
|
39
|
+
fp_descriptions << fp.name
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
34
43
|
context "#{fp.name}" do
|
|
35
44
|
param_names = []
|
|
36
45
|
it "has consistent os.device and hw.device" do
|
|
@@ -127,7 +136,15 @@ describe Recog::DB do
|
|
|
127
136
|
expect(fp.tests.length).to be <= 20
|
|
128
137
|
end
|
|
129
138
|
|
|
139
|
+
fp_examples = []
|
|
130
140
|
fp.tests.each do |example|
|
|
141
|
+
it "doesn't have a duplicate examples" do
|
|
142
|
+
if fp_examples.include?(example.content)
|
|
143
|
+
fail "'#{fp.name}' has duplicate example '#{example.content}'"
|
|
144
|
+
else
|
|
145
|
+
fp_examples << example.content
|
|
146
|
+
end
|
|
147
|
+
end
|
|
131
148
|
it "Example '#{example.content}' matches this regex" do
|
|
132
149
|
match = fp.match(example.content)
|
|
133
150
|
expect(match).to_not be_nil, 'Regex did not match'
|
data/xml/apache_os.xml
CHANGED
|
@@ -37,7 +37,7 @@
|
|
|
37
37
|
<param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
|
|
38
38
|
</fingerprint>
|
|
39
39
|
<fingerprint pattern=".*\(Mandrakelinux/.*">
|
|
40
|
-
<description>Mandriva (formerly Mandrake) Linux unknown version</description>
|
|
40
|
+
<description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
|
|
41
41
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
|
42
42
|
<param pos="0" name="os.family" value="Linux"/>
|
|
43
43
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -131,7 +131,7 @@
|
|
|
131
131
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
|
|
132
132
|
</fingerprint>
|
|
133
133
|
<fingerprint pattern=".*\(RHEL\).*">
|
|
134
|
-
<description>Red Hat
|
|
134
|
+
<description>Red Hat Enterprise Linux</description>
|
|
135
135
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
|
136
136
|
<param pos="0" name="os.family" value="Linux"/>
|
|
137
137
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
|
@@ -206,14 +206,14 @@
|
|
|
206
206
|
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
|
|
207
207
|
</fingerprint>
|
|
208
208
|
<fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
|
|
209
|
-
<description>
|
|
209
|
+
<description>Conectiva Linux</description>
|
|
210
210
|
<param pos="0" name="os.vendor" value="Conectiva"/>
|
|
211
211
|
<param pos="0" name="os.family" value="Linux"/>
|
|
212
212
|
<param pos="0" name="os.product" value="Linux"/>
|
|
213
213
|
<param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
|
|
214
214
|
</fingerprint>
|
|
215
215
|
<fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
|
|
216
|
-
<description>
|
|
216
|
+
<description>Trustix Linux</description>
|
|
217
217
|
<param pos="0" name="os.vendor" value="Trustix"/>
|
|
218
218
|
<param pos="0" name="os.family" value="Linux"/>
|
|
219
219
|
<param pos="0" name="os.product" value="Secure Linux"/>
|
data/xml/ftp_banners.xml
CHANGED
|
@@ -71,9 +71,7 @@
|
|
|
71
71
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
72
72
|
</fingerprint>
|
|
73
73
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
|
74
|
-
<description>
|
|
75
|
-
FTP on HPUX with a PHNE (HP Networking patch) installed
|
|
76
|
-
</description>
|
|
74
|
+
<description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
|
|
77
75
|
<example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
|
|
78
76
|
<param pos="0" name="service.vendor" value="HP"/>
|
|
79
77
|
<param pos="0" name="service.product" value="FTPD"/>
|
|
@@ -85,9 +83,7 @@
|
|
|
85
83
|
<param pos="2" name="service.version"/>
|
|
86
84
|
</fingerprint>
|
|
87
85
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
|
88
|
-
<description>
|
|
89
|
-
WU-FTPD on HPUX with a PHNE (HP Networking patch) installed
|
|
90
|
-
</description>
|
|
86
|
+
<description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
|
|
91
87
|
<example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
|
|
92
88
|
<param pos="0" name="service.vendor" value="Washington University"/>
|
|
93
89
|
<param pos="0" name="service.product" value="WU-FTPD"/>
|
|
@@ -309,9 +305,7 @@ more stuff</example>
|
|
|
309
305
|
<param pos="1" name="service.version"/>
|
|
310
306
|
</fingerprint>
|
|
311
307
|
<fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
|
|
312
|
-
<description>Pure-FTPd versions >= 1.0.14
|
|
313
|
-
Config data can be zero or more of: [privsep] [TLS]
|
|
314
|
-
</description>
|
|
308
|
+
<description>Pure-FTPd versions >= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
|
|
315
309
|
<example>---------- Welcome to Pure-FTPd ----------</example>
|
|
316
310
|
<example>--------- Bienvenido a Pure-FTPd [privsep] [TLS] ----------</example>
|
|
317
311
|
<example>--------- Pure-FTPd [privsep] ----------</example>
|
|
@@ -373,7 +367,7 @@ more text</example>
|
|
|
373
367
|
<param pos="2" name="host.name"/>
|
|
374
368
|
</fingerprint>
|
|
375
369
|
<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
|
|
376
|
-
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
|
370
|
+
<description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
|
|
377
371
|
<example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
|
|
378
372
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
|
379
373
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
|
@@ -611,10 +605,7 @@ more text</example>
|
|
|
611
605
|
<example>NRG MP 3350 FTP server (7.05) ready.</example>
|
|
612
606
|
<example>NRG MP C3500 FTP server (5.17) ready.</example>
|
|
613
607
|
<example>NRG MP 171 FTP server (9.02.1) ready.</example>
|
|
614
|
-
<example>NRG MP 3350 FTP server (7.05) ready.</example>
|
|
615
608
|
<example>NRG MP C2550 FTP server (8.25) ready.</example>
|
|
616
|
-
<example>NRG MP C2800 FTP server (8.25) ready.</example>
|
|
617
|
-
<example>NRG MP C3500 FTP server (5.17) ready.</example>
|
|
618
609
|
<example>NRG MP C3500 FTP server (5.19) ready.</example>
|
|
619
610
|
<example>NRG MP C4000 FTP server (8.30) ready.</example>
|
|
620
611
|
<example>NRG MP C4500 FTP server (5.14) ready.</example>
|
|
@@ -662,34 +653,31 @@ more text</example>
|
|
|
662
653
|
<param pos="1" name="os.product"/>
|
|
663
654
|
</fingerprint>
|
|
664
655
|
<fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
665
|
-
<description>Lexmark
|
|
666
|
-
<example>ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
|
|
656
|
+
<description>Lexmark printer with MAC address</description>
|
|
657
|
+
<example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
|
|
667
658
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
668
659
|
<param pos="0" name="os.device" value="Printer"/>
|
|
669
660
|
<param pos="1" name="host.mac"/>
|
|
670
|
-
<param pos="2" name="os.product"/>
|
|
671
661
|
<param pos="3" name="os.version"/>
|
|
672
662
|
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
673
663
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
674
664
|
<param pos="2" name="hw.product"/>
|
|
675
665
|
</fingerprint>
|
|
676
666
|
<fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
677
|
-
<description>Lexmark
|
|
678
|
-
<example
|
|
667
|
+
<description>Lexmark printer with OS version</description>
|
|
668
|
+
<example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
|
|
679
669
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
680
670
|
<param pos="0" name="os.device" value="Printer"/>
|
|
681
|
-
<param pos="1" name="os.product"/>
|
|
682
671
|
<param pos="2" name="os.version"/>
|
|
683
672
|
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
684
673
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
685
674
|
<param pos="1" name="hw.product"/>
|
|
686
675
|
</fingerprint>
|
|
687
676
|
<fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
688
|
-
<description>Lexmark
|
|
689
|
-
<example
|
|
677
|
+
<description>Lexmark printer</description>
|
|
678
|
+
<example hw.product="X500">Lexmark X500 FTP server ready</example>
|
|
690
679
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
691
680
|
<param pos="0" name="os.device" value="Printer"/>
|
|
692
|
-
<param pos="1" name="os.product"/>
|
|
693
681
|
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
694
682
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
695
683
|
<param pos="1" name="hw.product"/>
|
|
@@ -772,21 +760,21 @@ more text</example>
|
|
|
772
760
|
<param pos="2" name="os.version"/>
|
|
773
761
|
</fingerprint>
|
|
774
762
|
<fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
|
|
775
|
-
<description>MPI Technologies Linkcom Express FTP Server</description>
|
|
776
|
-
<example>LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
|
|
777
|
-
<param pos="0" name="
|
|
778
|
-
<param pos="0" name="
|
|
779
|
-
<param pos="0" name="
|
|
780
|
-
<param pos="1" name="
|
|
763
|
+
<description>MPI Technologies Linkcom Express FTP Server with os version</description>
|
|
764
|
+
<example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
|
|
765
|
+
<param pos="0" name="hw.vendor" value="MPI Technologies"/>
|
|
766
|
+
<param pos="0" name="hw.family" value="LinkCom Xpress"/>
|
|
767
|
+
<param pos="0" name="hw.device" value="Print server"/>
|
|
768
|
+
<param pos="1" name="hw.product"/>
|
|
781
769
|
<param pos="2" name="os.version"/>
|
|
782
770
|
</fingerprint>
|
|
783
771
|
<fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
|
|
784
772
|
<description>MPI Technologies Linkcom Express FTP Server</description>
|
|
785
|
-
<example>LinkCom Xpress EIO PRO 10</example>
|
|
786
|
-
<param pos="0" name="
|
|
787
|
-
<param pos="0" name="
|
|
788
|
-
<param pos="0" name="
|
|
789
|
-
<param pos="1" name="
|
|
773
|
+
<example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
|
|
774
|
+
<param pos="0" name="hw.vendor" value="MPI Technologies"/>
|
|
775
|
+
<param pos="0" name="hw.family" value="LinkCom Xpress"/>
|
|
776
|
+
<param pos="0" name="hw.device" value="Print server"/>
|
|
777
|
+
<param pos="1" name="hw.product"/>
|
|
790
778
|
</fingerprint>
|
|
791
779
|
<fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
|
|
792
780
|
<description>IBM Infoprint FTP</description>
|
|
@@ -813,7 +801,7 @@ more text</example>
|
|
|
813
801
|
<param pos="2" name="os.version"/>
|
|
814
802
|
</fingerprint>
|
|
815
803
|
<fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
|
|
816
|
-
<description>Gestetner Printer FTP</description>
|
|
804
|
+
<description>Gestetner Printer FTP - short banner</description>
|
|
817
805
|
<example>Gestetner MPC2500</example>
|
|
818
806
|
<param pos="0" name="os.vendor" value="Ricoh"/>
|
|
819
807
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
@@ -842,12 +830,15 @@ more text</example>
|
|
|
842
830
|
</fingerprint>
|
|
843
831
|
<fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
|
|
844
832
|
<description>Lexmark ProXXX Series of Printers</description>
|
|
845
|
-
<example>ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
|
833
|
+
<example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
|
846
834
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
847
835
|
<param pos="0" name="os.device" value="Printer"/>
|
|
848
836
|
<param pos="0" name="os.family" value="Pro Series"/>
|
|
849
837
|
<param pos="1" name="host.mac"/>
|
|
850
|
-
<param pos="
|
|
838
|
+
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
839
|
+
<param pos="0" name="hw.family" value="Pro Series"/>
|
|
840
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
|
841
|
+
<param pos="2" name="hw.product"/>
|
|
851
842
|
</fingerprint>
|
|
852
843
|
<fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
|
|
853
844
|
<description>Lexmark Forms Printer</description>
|
|
@@ -864,9 +855,9 @@ more text</example>
|
|
|
864
855
|
<param pos="2" name="hw.product"/>
|
|
865
856
|
</fingerprint>
|
|
866
857
|
<fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
|
867
|
-
<description>Toshiba Printer</description>
|
|
858
|
+
<description>Toshiba e-STUDIO Printer with MAC address</description>
|
|
868
859
|
<example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
|
|
869
|
-
<example>ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
860
|
+
<example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
870
861
|
<param pos="0" name="os.vendor" value="Toshiba"/>
|
|
871
862
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
872
863
|
<param pos="0" name="os.product" value="e-STUDIO"/>
|
|
@@ -877,7 +868,7 @@ more text</example>
|
|
|
877
868
|
<param pos="0" name="hw.product" value="e-STUDIO"/>
|
|
878
869
|
</fingerprint>
|
|
879
870
|
<fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
|
880
|
-
<description>Toshiba Printer</description>
|
|
871
|
+
<description>Toshiba e-STUDIO Printer</description>
|
|
881
872
|
<example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
882
873
|
<param pos="0" name="os.vendor" value="Toshiba"/>
|
|
883
874
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
@@ -923,7 +914,7 @@ more text</example>
|
|
|
923
914
|
<param pos="1" name="hw.product"/>
|
|
924
915
|
</fingerprint>
|
|
925
916
|
<fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
|
|
926
|
-
<description>Kyocera
|
|
917
|
+
<description>Kyocera Printer with version string</description>
|
|
927
918
|
<example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
|
|
928
919
|
<example hw.product="FS-C2026MFP+">FS-C2026MFP+ FTP server</example>
|
|
929
920
|
<example hw.product="FS-1128MFP">FS-1128MFP FTP server</example>
|
|
@@ -935,9 +926,9 @@ more text</example>
|
|
|
935
926
|
<param pos="1" name="hw.product"/>
|
|
936
927
|
</fingerprint>
|
|
937
928
|
<fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
|
|
938
|
-
<description>Kyocera
|
|
939
|
-
<example>FS-1370DN FTP server</example>
|
|
940
|
-
<example>FS-C5015N FTP server.</example>
|
|
929
|
+
<description>Kyocera Printer</description>
|
|
930
|
+
<example os.product="FS-1370DN">FS-1370DN FTP server</example>
|
|
931
|
+
<example hw.product="FS-C5015N">FS-C5015N FTP server.</example>
|
|
941
932
|
<param pos="0" name="os.vendor" value="Kyocera"/>
|
|
942
933
|
<param pos="0" name="os.device" value="Printer"/>
|
|
943
934
|
<param pos="0" name="os.family" value="FS"/>
|
|
@@ -1019,7 +1010,7 @@ more text</example>
|
|
|
1019
1010
|
<param pos="1" name="hw.product"/>
|
|
1020
1011
|
</fingerprint>
|
|
1021
1012
|
<fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
|
|
1022
|
-
<description>Konica Minolta FTP Server</description>
|
|
1013
|
+
<description>Konica Minolta FTP Server - w/o version</description>
|
|
1023
1014
|
<example>KONICA MINOLTA FTP server ready.</example>
|
|
1024
1015
|
<param pos="0" name="os.device" value="Printer"/>
|
|
1025
1016
|
<param pos="0" name="os.vendor" value="Konica Minolta"/>
|
|
@@ -1032,7 +1023,7 @@ more text</example>
|
|
|
1032
1023
|
</fingerprint>
|
|
1033
1024
|
<fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
|
|
1034
1025
|
<description>Konica Minolta FTP Server</description>
|
|
1035
|
-
<example>KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
|
|
1026
|
+
<example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
|
|
1036
1027
|
<example>KM23BF0A FTP server (KM FTPD version 1.00) ready.</example>
|
|
1037
1028
|
<example>KM23CBDB FTP server (KM FTPD version 1.00) ready.</example>
|
|
1038
1029
|
<example>KM23E608 FTP server (KM FTPD version 1.00) ready.</example>
|
|
@@ -1092,7 +1083,7 @@ more text</example>
|
|
|
1092
1083
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
|
|
1093
1084
|
</fingerprint>
|
|
1094
1085
|
<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
|
1095
|
-
<description>Digital/Compaq/HP Tru64 Unix</description>
|
|
1086
|
+
<description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
|
|
1096
1087
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
|
|
1097
1088
|
<param pos="0" name="os.vendor" value="HP"/>
|
|
1098
1089
|
<param pos="0" name="os.family" value="Unix"/>
|
data/xml/h323_callresp.xml
CHANGED
|
@@ -565,7 +565,7 @@
|
|
|
565
565
|
<param pos="2" name="service.version"/>
|
|
566
566
|
</fingerprint>
|
|
567
567
|
<fingerprint pattern="^0xb500(?:4c54|600d)\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
568
|
-
<description>Lucent Technologies H.323 Server</description>
|
|
568
|
+
<description>Lucent Technologies H.323 Server - variant 1</description>
|
|
569
569
|
<param pos="0" name="service.vendor" value="Lucent Technologies"/>
|
|
570
570
|
<param pos="1" name="service.product"/>
|
|
571
571
|
<param pos="2" name="service.version"/>
|
data/xml/http_cookies.xml
CHANGED
|
@@ -5,11 +5,7 @@
|
|
|
5
5
|
servers.
|
|
6
6
|
-->
|
|
7
7
|
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
|
|
8
|
-
<description>
|
|
9
|
-
Adobe (Macromedia) ColdFusion uses various cookies.
|
|
10
|
-
See http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17915&sliceId=1
|
|
11
|
-
and http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17919&sliceId=2
|
|
12
|
-
</description>
|
|
8
|
+
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
|
13
9
|
<param pos="1" name="cookie"/>
|
|
14
10
|
<param pos="0" name="service.vendor" value="Adobe"/>
|
|
15
11
|
<param pos="0" name="service.family" value="ColdFusion"/>
|
|
@@ -72,19 +68,21 @@
|
|
|
72
68
|
<param pos="0" name="service.product" value="Proxy"/>
|
|
73
69
|
</fingerprint>
|
|
74
70
|
<fingerprint pattern="^(CAKEPHP)=.*">
|
|
75
|
-
<description>CakePHP http://www.cakephp.org/</description>
|
|
71
|
+
<description>CakePHP - http://www.cakephp.org/</description>
|
|
76
72
|
<param pos="1" name="cookie"/>
|
|
77
73
|
<param pos="0" name="service.family" value="PHP"/>
|
|
78
74
|
<param pos="0" name="service.product" value="CakePHP"/>
|
|
79
75
|
</fingerprint>
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
http://www.cisco.com/warp/public/117/AP_cookies.html
|
|
83
|
-
|
|
76
|
+
<!--
|
|
77
|
+
For the following two Cisco Content Service Switch fingerprints:
|
|
84
78
|
The cookie value breaks down to [box-id][service-id][timeout-value]
|
|
85
79
|
unfortunately, there's no separator so it's hard to tell what the
|
|
86
80
|
actual break is between the pieces of data.
|
|
87
|
-
|
|
81
|
+
|
|
82
|
+
http://www.cisco.com/warp/public/117/AP_cookies.html
|
|
83
|
+
-->
|
|
84
|
+
<fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
|
|
85
|
+
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
|
88
86
|
<param pos="1" name="cookie"/>
|
|
89
87
|
<param pos="2" name="host.id"/>
|
|
90
88
|
<param pos="3" name="host.ip"/>
|
|
@@ -93,13 +91,7 @@
|
|
|
93
91
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
|
94
92
|
</fingerprint>
|
|
95
93
|
<fingerprint pattern="^(ARPT)=.*">
|
|
96
|
-
<description>Cisco 11000 Series Content Service Switch (CSS)
|
|
97
|
-
http://www.cisco.com/warp/public/117/AP_cookies.html
|
|
98
|
-
|
|
99
|
-
The cookie value breaks down to [box-id][service-id][timeout-value]
|
|
100
|
-
unfortunately, there's no separator so it's hard to tell what the
|
|
101
|
-
actual break is between the pieces of data.
|
|
102
|
-
</description>
|
|
94
|
+
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
|
103
95
|
<param pos="1" name="cookie"/>
|
|
104
96
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
105
97
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
|
@@ -125,9 +117,7 @@
|
|
|
125
117
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
|
126
118
|
</fingerprint>
|
|
127
119
|
<fingerprint pattern="^(st8id)=.*">
|
|
128
|
-
<description>Citrix Application Protection System, Enterprise
|
|
129
|
-
http://support.citrix.com/article/CTX109330
|
|
130
|
-
</description>
|
|
120
|
+
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
|
131
121
|
<param pos="1" name="cookie"/>
|
|
132
122
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
|
133
123
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
|
@@ -142,19 +132,14 @@
|
|
|
142
132
|
<param pos="0" name="os.product" value="NetScaler"/>
|
|
143
133
|
</fingerprint>
|
|
144
134
|
<fingerprint pattern="^(EktGUID|ecm)=.*">
|
|
145
|
-
<description>Ektron CMS400.net
|
|
146
|
-
http://www.ektron.com/developers/cms400kb.cfm?id=2174
|
|
147
|
-
</description>
|
|
135
|
+
<description>Ektron CMS400.net</description>
|
|
148
136
|
<param pos="1" name="cookie"/>
|
|
149
137
|
<param pos="0" name="service.vendor" value="Ektron"/>
|
|
150
138
|
<param pos="0" name="service.family" value="CMS400.NET"/>
|
|
151
139
|
<param pos="0" name="service.product" value="CMS400.NET"/>
|
|
152
140
|
</fingerprint>
|
|
153
141
|
<fingerprint pattern="^(BIGipServer([^=]+))=.*">
|
|
154
|
-
<description>F5 BIG-IP LTM
|
|
155
|
-
http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
|
|
156
|
-
http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
|
|
157
|
-
</description>
|
|
142
|
+
<description>F5 BIG-IP LTM - Server variant</description>
|
|
158
143
|
<param pos="1" name="cookie"/>
|
|
159
144
|
<param pos="2" name="loadbalancer.poolname"/>
|
|
160
145
|
<param pos="0" name="service.vendor" value="F5"/>
|
|
@@ -163,10 +148,7 @@
|
|
|
163
148
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
|
164
149
|
</fingerprint>
|
|
165
150
|
<fingerprint pattern="^(BigIPCookie)=.*">
|
|
166
|
-
<description>F5 BIG-IP LTM
|
|
167
|
-
http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
|
|
168
|
-
http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
|
|
169
|
-
</description>
|
|
151
|
+
<description>F5 BIG-IP LTM</description>
|
|
170
152
|
<param pos="1" name="cookie"/>
|
|
171
153
|
<param pos="0" name="service.vendor" value="F5"/>
|
|
172
154
|
<param pos="0" name="service.family" value="BIG-IP"/>
|
|
@@ -174,9 +156,7 @@
|
|
|
174
156
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
|
175
157
|
</fingerprint>
|
|
176
158
|
<fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
|
|
177
|
-
<description>HAProxy
|
|
178
|
-
http://haproxy.1wt.eu/download/1.2/doc/architecture.txt
|
|
179
|
-
</description>
|
|
159
|
+
<description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
|
|
180
160
|
<param pos="1" name="cookie"/>
|
|
181
161
|
<param pos="2" name="host.name"/>
|
|
182
162
|
<param pos="0" name="service.family" value="HAProxy"/>
|
|
@@ -185,7 +165,7 @@
|
|
|
185
165
|
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
|
|
186
166
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
|
187
167
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
|
188
|
-
|
|
168
|
+
</description>
|
|
189
169
|
<param pos="1" name="cookie"/>
|
|
190
170
|
<param pos="2" name="junction.name"/>
|
|
191
171
|
<param pos="3" name="junction.cookie"/>
|
|
@@ -196,32 +176,27 @@
|
|
|
196
176
|
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
|
|
197
177
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
|
198
178
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
|
199
|
-
|
|
179
|
+
</description>
|
|
200
180
|
<param pos="1" name="cookie"/>
|
|
201
181
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
202
182
|
<param pos="0" name="service.family" value="Tivoli"/>
|
|
203
183
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
|
204
184
|
</fingerprint>
|
|
205
185
|
<fingerprint pattern="^(IBMCBR)=.*">
|
|
206
|
-
<description>IBM WebSphere Load Balancer
|
|
207
|
-
http://www-306.ibm.com/software/webservers/appserv/doc/v51/ec/infocenter/edge/LBguide.htm
|
|
208
|
-
</description>
|
|
186
|
+
<description>IBM WebSphere Load Balancer</description>
|
|
209
187
|
<param pos="1" name="cookie"/>
|
|
210
188
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
211
189
|
<param pos="0" name="service.family" value="WebSphere"/>
|
|
212
190
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
|
213
191
|
</fingerprint>
|
|
214
192
|
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
|
|
215
|
-
<description>Joom!Fish http://www.joomfish.net
|
|
216
|
-
</description>
|
|
193
|
+
<description>Joom!Fish http://www.joomfish.net/</description>
|
|
217
194
|
<param pos="1" name="cookie"/>
|
|
218
195
|
<param pos="0" name="service.family" value="Joom!Fish"/>
|
|
219
196
|
<param pos="0" name="service.product" value="Joom!Fish"/>
|
|
220
197
|
</fingerprint>
|
|
221
198
|
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
|
|
222
|
-
<description>Microsoft Commerce Server
|
|
223
|
-
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
|
224
|
-
</description>
|
|
199
|
+
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
|
225
200
|
<param pos="1" name="cookie"/>
|
|
226
201
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
227
202
|
<param pos="0" name="service.family" value="Commerce Server"/>
|
|
@@ -231,9 +206,8 @@
|
|
|
231
206
|
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
|
|
232
207
|
<description>Microsoft IIS (ASP.NET)
|
|
233
208
|
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
|
234
|
-
http://support.microsoft.com/kb/899918
|
|
235
209
|
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
|
236
|
-
|
|
210
|
+
</description>
|
|
237
211
|
<param pos="1" name="cookie"/>
|
|
238
212
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
239
213
|
<param pos="0" name="service.family" value="IIS"/>
|
|
@@ -266,7 +240,7 @@
|
|
|
266
240
|
<param pos="0" name="service.product" value="Webserver"/>
|
|
267
241
|
</fingerprint>
|
|
268
242
|
<fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
|
|
269
|
-
<description>PHP http://www.php.net/ref.session</description>
|
|
243
|
+
<description>PHP - http://www.php.net/ref.session</description>
|
|
270
244
|
<param pos="1" name="cookie"/>
|
|
271
245
|
<param pos="0" name="service.vendor" value="PHP"/>
|
|
272
246
|
<param pos="0" name="service.family" value="PHP"/>
|
|
@@ -305,8 +279,7 @@
|
|
|
305
279
|
</fingerprint>
|
|
306
280
|
-->
|
|
307
281
|
<fingerprint pattern="^(NSES40Session)=.*">
|
|
308
|
-
<description>Netscape Enterprise Server (subsequently iPlanet Web Server,
|
|
309
|
-
Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
|
282
|
+
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
|
310
283
|
<param pos="1" name="cookie"/>
|
|
311
284
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
312
285
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
|
@@ -315,8 +288,7 @@
|
|
|
315
288
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
|
316
289
|
</fingerprint>
|
|
317
290
|
<fingerprint pattern="^(gx_session_id|JROUTE)=.*">
|
|
318
|
-
<description>Sun Java System Application Server (formerly iPlanet Application Server,
|
|
319
|
-
Sun ONE Application Server)</description>
|
|
291
|
+
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
|
320
292
|
<param pos="1" name="cookie"/>
|
|
321
293
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
322
294
|
<param pos="0" name="service.family" value="Java System Application Server"/>
|
|
@@ -338,9 +310,7 @@
|
|
|
338
310
|
<param pos="0" name="service.product" value="NetTracker"/>
|
|
339
311
|
</fingerprint>
|
|
340
312
|
<fingerprint pattern="^(__utm[a-z])=.*">
|
|
341
|
-
<description>Urchin Tracking Module
|
|
342
|
-
http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425
|
|
343
|
-
</description>
|
|
313
|
+
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
|
344
314
|
<param pos="1" name="cookie"/>
|
|
345
315
|
<param pos="0" name="service.vendor" value="Google"/>
|
|
346
316
|
<param pos="0" name="service.family" value="Urchin"/>
|
|
@@ -374,9 +344,7 @@
|
|
|
374
344
|
<param pos="0" name="service.product" value="Zope"/>
|
|
375
345
|
</fingerprint>
|
|
376
346
|
<fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
|
|
377
|
-
<description>
|
|
378
|
-
http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm
|
|
379
|
-
</description>
|
|
347
|
+
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
|
380
348
|
<param pos="1" name="cookie"/>
|
|
381
349
|
<param pos="2" name="service.version"/>
|
|
382
350
|
<param pos="0" name="service.vendor" value="Oracle"/>
|