recog 2.3.23 → 3.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a185ae988081b761341e8b8799c23feb5eb2ab85c2da2ce63fffe4f2d7ddcac3
-  data.tar.gz: 89e4ab65e87d190c3ea276d18771edd9c6fc75cb5a0863440be61d165ae5b80c
+  metadata.gz: ca2e3909b1b60418e80721625975ab8025e8dcaaaee59754dccb128b25661f00
+  data.tar.gz: 68be49a8c47fc1bb2b6a0f64d02c18a8fc29b67ee60b62060542be2216979e5c
 SHA512:
-  metadata.gz: ff83575470bf78d4e5a5c464e0dfeb12ac310ecc856fde6919bf3f7a5e3ba9b69d2be479f9a0cab4cc2c03f7babb6f21673d7015d5cf3182587f86ab3f45f0cf
-  data.tar.gz: 68a7dad6b6cbafc8dac0ac46a0ae7aab6f64c0095c314fa126da107f05b3befff3e4f9f2af41836aa96437746dceeb17718927acc824d842cb9f4a56b234da34
+  metadata.gz: 2e0f749e0a8b313a8ba9845c39aa72ce08108e4c5b4e3785d689ae9e726aeb72b31b23da6e1e4610fff4dcd1caad966ee9578ab887a425cf2f414ee377b7b001
+  data.tar.gz: 7714d9bca0d70f27efd756460f0f167a46c69ee45c38da8a70bdfb5271256decb92375c8281efe67529e5b7e3a897b3e3e2fc20b7a62075b12db9abf940635a6

data/LICENSE

@@ -1,5 +1,5 @@
 Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Source: https://github.com/rapid7/recog
+Source: https://github.com/rapid7/recog-ruby
 
 Files: *
 Copyright: 2014, Rapid7, Inc.

data/README.md

@@ -1,41 +1,50 @@
-# Recog: A Recognition Framework
+# Recog-Ruby: A Recognition Framework
 
 [![Gem Version](https://badge.fury.io/rb/recog.svg)](http://badge.fury.io/rb/recog)
-[![Build Status](https://travis-ci.org/rapid7/recog.svg?branch=master)](https://travis-ci.org/rapid7/recog)
+[![CI Workflow](https://github.com/rapid7/recog-ruby/actions/workflows/ci.yml/badge.svg)](https://github.com/rapid7/recog-ruby/actions/workflows/ci.yml)
 
 
-Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, snmp system description fields, and a whole lot more.
+Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, SNMP system description fields, and a whole lot more.
 
-Recog is open source, please see the [LICENSE](https://raw.githubusercontent.com/rapid7/recog/master/LICENSE) file for more information.
+The Recog-Ruby repository contains the Ruby language implementation of the Recog recognition framework library and the [Recog](https://github.com/rapid7/recog) content, XML fingerprint files, as a git submodule. That makes it easy to develop, test, and use the contained fingerprints.
+
+Recog-Ruby is open source, please see the [LICENSE](LICENSE) file for more information.
 
 ## Table of Contents
 
+1. [Repository split](#repository-split)
 1. [Installation](#installation)
 1. [Maturity](#maturity)
 1. [Fingerprints](#fingerprints)
 1. [Contributing](#contributing)
 
+## Repository split
+
+On March 31, 2022, the Recog content - XML fingerprint files and utilities - were split from the Recog framework library implementation. The original [Recog](https://github.com/rapid7/recog) repository now contains the Recog content and the [Recog-Ruby](https://github.com/rapid7/recog-ruby) repository contains the Ruby language implementation. The Recog content is included in Recog-Ruby as a git submodule and is nested under the `recog` directory. All post-split Recog gem versions equal or greater than 3.0.0 will: 1. contain the XML fingerprint directory under the `recog` directory, and 2. only include the `recog_match` tool since the other tools are focused on fingerprint management.
+
+[^back to top](#recog-ruby-a-recognition-framework)
+
 ## Installation
 
-Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (2.31+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.
+In order to use the included Ruby code, a recent version of Ruby (2.31+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.
 
 ```shell
-$ git clone git@github.com:rapid7/recog.git
-$ cd recog
+$ git clone --recurse-submodules git@github.com:rapid7/recog-ruby.git
+$ cd recog-ruby
 $ bundle install
 ```
 
-[^back to top](#recog-a-recognition-framework)
+[^back to top](#recog-ruby-a-recognition-framework)
 
 ## Maturity
 
-Please note that while the XML fingerprints themselves are quite stable and well-tested, the Ruby codebase in Recog is still fairly new and subject to change quickly. Please contact us (research[at]rapid7.com) before leveraging the Recog code within any production projects.
+Please note that while the XML fingerprints themselves are quite stable and well-tested, the Ruby codebase is still fairly new and subject to change quickly. Please contact us (research[at]rapid7.com) before leveraging the Recog code within any production projects.
 
-[^back to top](#recog-a-recognition-framework)
+[^back to top](#recog-ruby-a-recognition-framework)
 
 ## Fingerprints
 
-The fingerprints within Recog are stored in XML files, each of which is designed to match a specific protocol response string or field. For example, the file [ssh_banners.xml](https://github.com/rapid7/recog/blob/master/xml/ssh_banners.xml) can determine the os, vendor, and sometimes hardware product by matching the initial SSH daemon banner string.
+The fingerprints within [Recog](https://github.com/rapid7/recog) are stored in XML files, each of which is designed to match a specific protocol response string or field. For example, the file [ssh_banners.xml](https://github.com/rapid7/recog/blob/master/xml/ssh_banners.xml) can determine the os, vendor, and sometimes hardware product by matching the initial SSH daemon banner string.
 
 A fingerprint file consists of an XML document like the following:
 
@@ -69,12 +78,12 @@ The `param` elements contain a `pos` attribute, which indicates what capture fie
 
 The `example` string can be base64 encoded to permit the use of unprintable characters.  To signal this to Recog an `_encoding` attribute with the value of `base64` is added to the `example` element.  Based64 encoded text that is longer than 80 characters may be wrapped with newlines as shown below to aid in readability.
 
-````xml
+```xml
 <example _encoding="base64">
   dGllczGEAAAAlQQWMS4yLjg0MC4xMTM1NTYuMS40LjgwMAQuZGF0YS5yZW1vdmVkLjCEAAAAK
   AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATc=
 </example>
-````
+```
 
 Additionally, examples can be placed in a directory with the same base name as the XML file, in the same directory as the XML file:
 
@@ -93,12 +102,12 @@ They can then be loaded using the `_filename` attribute:
 
 This is useful for long examples.
 
-[^back to top](#recog-a-recognition-framework)
+[^back to top](#recog-ruby-a-recognition-framework)
 
 ## Contributing
 
-The users and maintainers of Recog would greatly appreciate any contributions
+The users and maintainers of Recog-Ruby would greatly appreciate any contributions
 you can make to the project. For guidelines and instructions please see
 [CONTRIBUTING.MD](CONTRIBUTING.md)
 
-[^back to top](#recog-a-recognition-framework)
+[^back to top](#recog-ruby-a-recognition-framework)

data/Rakefile

@@ -2,7 +2,7 @@ require "bundler/gem_tasks"
 
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new do |t|
-    t.pattern = "spec/**/*_spec.rb"
+    t.pattern = ['spec/**/*_spec.rb', 'recog/spec/**/*_spec.rb']
 end
 
 require 'yard'
@@ -11,12 +11,5 @@ YARD::Rake::YardocTask.new do |t|
     t.files = ['lib/**/*.rb', '-', 'README.md']
 end
 
-require 'cucumber'
-require 'cucumber/rake/task'
-
-Cucumber::Rake::Task.new(:features) do |t|
-    t.cucumber_opts = "features --format pretty"
-end
-
 task :default => [ :tests, :yard ]
-task :tests => [ :spec, :features ]
+task :tests => [ :spec ]

data/lib/recog/db_manager.rb

@@ -5,7 +5,7 @@ class DBManager
 
   attr_accessor :path, :databases
 
-  DefaultDatabasePath = File.expand_path( File.join( File.dirname(__FILE__), "..", "..", "xml") )
+  DefaultDatabasePath = File.expand_path(File.join(File.expand_path(__dir__), ["..", "..", "recog", "xml"]))
 
   def initialize(path = DefaultDatabasePath)
     self.path = path

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.23'
+  VERSION = '3.0.1'
 end

data/{bin → recog/bin}/recog_match

@@ -1,6 +1,5 @@
 #!/usr/bin/env ruby
 
-$:.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")))
 require 'optparse'
 require 'ostruct'
 require 'recog'

data/{xml → recog/xml}/dhcp_vendor_class.xml

@@ -108,16 +108,16 @@
 
   <fingerprint pattern="^Aruba\s(JL\d+A)\s(\d+[A-Z]?)\S+\sSwitch(?:\sdslforum.org)?$">
     <description>HP Aruba Network Switch</description>
-    <example hw.product="JL075A" hw.family="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
-    <example hw.product="JL253A" hw.family="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
-    <example hw.product="JL256A" hw.family="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
-    <example hw.product="JL258A" hw.family="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
-    <example hw.product="JL357A" hw.family="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
-    <param pos="0" name="hw.device" value="Switch"/>
-    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
-    <param pos="1" name="hw.product"/>
-    <param pos="2" name="hw.family"/>
+    <example hw.model="JL075A" hw.product="3810M">Aruba JL075A 3810M-16SFP+-2-slot Switch</example>
+    <example hw.model="JL253A" hw.product="2930F">Aruba JL253A 2930F-24G-4SFP+ Switch dslforum.org</example>
+    <example hw.model="JL256A" hw.product="2930F">Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch</example>
+    <example hw.model="JL258A" hw.product="2930F">Aruba JL258A 2930F-8G-PoE+-2SFP+ Switch</example>
+    <example hw.model="JL357A" hw.product="2540">Aruba JL357A 2540-48G-PoE+-4SFP+ Switch</example>
     <param pos="0" name="os.vendor" value="Aruba Networks"/>
+    <param pos="0" name="hw.vendor" value="Aruba Networks"/>
+    <param pos="2" name="hw.product"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="0" name="hw.device" value="Switch"/>
   </fingerprint>
 
   <fingerprint pattern="^AXIS,(?:PTZ Dome )?Network Camera,(.*),([\d\.]+)$">

data/{xml → recog/xml}/favicons.xml

@@ -1287,10 +1287,11 @@
     <param pos="0" name="hw.certainty" value="0.5"/>
   </fingerprint>
 
-  <fingerprint pattern="^c60ea375c39d1ab273c4d1bee717287a|9052ab290483b0bd75c05b857c182bba$">
+  <fingerprint pattern="^c60ea375c39d1ab273c4d1bee717287a|9052ab290483b0bd75c05b857c182bba|3acbef1d83ac34f19a2631d6c1a4ac57$">
     <description>Synology DSM</description>
     <example>c60ea375c39d1ab273c4d1bee717287a</example>
     <example>9052ab290483b0bd75c05b857c182bba</example>
+    <example>3acbef1d83ac34f19a2631d6c1a4ac57</example>
     <param pos="0" name="hw.vendor" value="Synology"/>
     <param pos="0" name="hw.family" value="DiskStation"/>
     <param pos="0" name="hw.device" value="NAS"/>
@@ -2030,4 +2031,65 @@
     <param pos="0" name="hw.vendor" value="Eltex"/>
   </fingerprint>
 
+  <fingerprint pattern="^1ecd8df7909afd77188cee9c33042c55$">
+    <description>WatchGuard Fireware XTM web interface</description>
+    <example>1ecd8df7909afd77188cee9c33042c55</example>
+    <param pos="0" name="service.vendor" value="WatchGuard"/>
+    <param pos="0" name="service.product" value="Fireware XTM"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
+    <param pos="0" name="os.vendor" value="WatchGuard"/>
+    <param pos="0" name="os.product" value="Fireware"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^20197040d99f50747a953d163fef982e$">
+    <description>WSO2 Carbon - service-oriented platform for WSO2 products</description>
+    <example>20197040d99f50747a953d163fef982e</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Carbon"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^e562faa1b6f61ff53762e59d738b8fc0$">
+    <description>openHAB - open-source home automation</description>
+    <example>e562faa1b6f61ff53762e59d738b8fc0</example>
+    <param pos="0" name="service.vendor" value="openHAB"/>
+    <param pos="0" name="service.product" value="openHAB"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:openhab:openhab:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ff66cb4b6922631e08d1538b361a2d2b$">
+    <description>Home Assistant - open-source home automation</description>
+    <example>ff66cb4b6922631e08d1538b361a2d2b</example>
+    <param pos="0" name="service.vendor" value="Home-Assistant"/>
+    <param pos="0" name="service.product" value="Home-Assistant"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:home-assistant:home-assistant:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^7d33656392385d5ce695db69c7736608$">
+    <description>Alentis Electronics NetPing PDU web interface</description>
+    <example>7d33656392385d5ce695db69c7736608</example>
+    <param pos="0" name="os.vendor" value="Alentis Electronics"/>
+    <param pos="0" name="os.product" value="NetPing Firmware"/>
+    <param pos="0" name="os.device" value="Power Device"/>
+    <param pos="0" name="hw.vendor" value="Alentis Electronics"/>
+    <param pos="0" name="hw.product" value="NetPing"/>
+    <param pos="0" name="hw.device" value="Power Device"/>
+  </fingerprint>
+
+  <fingerprint pattern="^e174f317b4491295c63e5bc9d9b6115b|cd2461f62d76fbbc905fa15160c0788f|37fdaeebc861719280205e7107b78d52$">
+    <description>dotCMS Content Management Platform</description>
+    <example>e174f317b4491295c63e5bc9d9b6115b</example>
+    <example>cd2461f62d76fbbc905fa15160c0788f</example>
+    <example>37fdaeebc861719280205e7107b78d52</example>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
+
 </fingerprints>

data/{xml → recog/xml}/html_title.xml

@@ -438,9 +438,14 @@
     <example>Fireware XTM User Authentication</example>
     <param pos="0" name="service.vendor" value="WatchGuard"/>
     <param pos="0" name="service.product" value="Fireware XTM"/>
+    <param pos="0" name="service.device" value="Firewall"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
+    <param pos="0" name="service.component.vendor" value="nginx"/>
+    <param pos="0" name="service.component.product" value="nginx"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:f5:nginx:-"/>
     <param pos="0" name="os.vendor" value="WatchGuard"/>
     <param pos="0" name="os.product" value="Fireware"/>
+    <param pos="0" name="os.device" value="Firewall"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
   </fingerprint>
 
@@ -3838,6 +3843,48 @@
     <param pos="0" name="hw.family" value="Vigor"/>
   </fingerprint>
 
+  <fingerprint pattern="^WSO2 API Manager|\[Publisher Portal\]WSO2 APIM$">
+    <description>WSO2 API Manager</description>
+    <example>WSO2 API Manager</example>
+    <example>[Publisher Portal]WSO2 APIM</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="API Manager"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:api_manager:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^WSO2 Management Console$">
+    <description>WSO2 Identity Server</description>
+    <example>WSO2 Management Console</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Identity Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:identity_server:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^WSO2 Enterprise Integrator \(WSO2 EI\)$">
+    <description>WSO2 Enterprise Integrator</description>
+    <example>WSO2 Enterprise Integrator (WSO2 EI)</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Enterprise Integrator"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:enterprise_integrator:-"/>
+    <param pos="0" name="service.component.vendor" value="WSO2"/>
+    <param pos="0" name="service.component.product" value="Carbon"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:wso2:carbon:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^dotCMS Content Management Platform$">
+    <description>dotCMS Content Management Platform</description>
+    <example>dotCMS Content Management Platform</example>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
+
   <!-- Specific Eltex fingerprints to enable CPE generation -->
 
   <fingerprint pattern="^Eltex - NTP-RG-1402G$">

data/{xml → recog/xml}/http_cookies.xml

@@ -697,6 +697,25 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^adscsrf=">
+    <description>ManageEngine ADSelfService Plus</description>
+    <example>adscsrf=cffff6b5-bd68-4c35-92ef-e45127e68289;path=/;priority=high</example>
+    <param pos="0" name="service.vendor" value="ManageEngine"/>
+    <param pos="0" name="service.product" value="ADSelfService Plus"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adselfservice_plus:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(dmid|opvc|sitevisitscookie)=">
+    <description>dotCMS Content Management Platform</description>
+    <example cookie="dmid">dmid=dcd46b93-54ab-4a43-a023-99154f879c3e; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
+    <example cookie="opvc">opvc=9e6302af-896a-40ae-a330-22655ee22c5f; Path=/; HttpOnly; SameSite=Strict</example>
+    <example cookie="sitevisitscookie">sitevisitscookie=1; Max-Age=153792000; Expires=Thu, 18-Mar-2027 21:28:37 GMT; Path=/; HttpOnly; SameSite=Strict</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="dotCMS"/>
+    <param pos="0" name="service.product" value="dotCMS"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:dotcms:dotcms:-"/>
+  </fingerprint>
+
   <!--
         Ignore various cookies that are very generic cookies for session IDs
         that are not necessarily indicative of any particular

data/{xml → recog/xml}/http_servers.xml

@@ -2991,6 +2991,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:boa:boa:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Hydra/([\d.]+)(?: GnuTLS/([\d.]+))?$">
+    <description>Hydra - high performance multi threaded HTTP web server</description>
+    <example service.version="0.1.8">Hydra/0.1.8</example>
+    <example service.version="0.1.8" service.component.version="2.12.23">Hydra/0.1.8 GnuTLS/2.12.23</example>
+    <param pos="0" name="service.vendor" value="Hydra Project"/>
+    <param pos="0" name="service.product" value="Hydra"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:hydra_project:hydra:{service.version}"/>
+    <param pos="0" name="service.component.vendor" value="GNU"/>
+    <param pos="0" name="service.component.product" value="GnuTLS"/>
+    <param pos="2" name="service.component.version"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:gnu:gnutls:{service.component.version}"/>
+  </fingerprint>
+
   <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
 
   <fingerprint pattern="^Cross Web Server$">
@@ -3038,9 +3052,10 @@
     <param pos="0" name="service.product" value="2wire"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:(?:\d{1,3}\.){3}\d{1,3}):\d{1,4}$">
+  <fingerprint pattern="^(?:(?:\d{1,3}\.){3}\d{1,3}):\d{1,5}$">
     <description>A banner consisting of an IPv4 address and port -- assert nothing.</description>
     <example>192.168.0.4:9999</example>
+    <example>192.168.0.5:65535</example>
     <param pos="0" name="hw.certainty" value="0.0"/>
     <param pos="0" name="os.certainty" value="0.0"/>
     <param pos="0" name="service.certainty" value="0.0"/>
@@ -3158,6 +3173,15 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Microsoft-Azure-Application-Gateway\/(v\d+)$">
+    <description>Microsoft Azure Application Gateway</description>
+    <example service.version="v2">Microsoft-Azure-Application-Gateway/v2</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Azure"/>
+    <param pos="0" name="service.product" value="Azure Application Gateway"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
   <fingerprint pattern="^gSOAP/([\d\.]+)$">
     <description>gSOAP</description>
     <example service.version="2.7">gSOAP/2.7</example>
@@ -3167,6 +3191,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:genivia:gsoap:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^AliyunOSS$">
+    <description>Alibaba Cloud Object Storage Service (OSS)</description>
+    <example>AliyunOSS</example>
+    <param pos="0" name="service.vendor" value="Alibaba"/>
+    <param pos="0" name="service.family" value="Cloud"/>
+    <param pos="0" name="service.product" value="Object Storage Service"/>
+  </fingerprint>
+
   <!-- Apple QuickTime streaming server -->
 
   <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Panther">
@@ -4502,6 +4534,14 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^fasthttp$">
+    <description>FastHTTP - Fast HTTP package for Go</description>
+    <example>fasthttp</example>
+    <param pos="0" name="service.vendor" value="FastHTTP Project"/>
+    <param pos="0" name="service.product" value="FastHTTP"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:fasthttp_project:fasthttp:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^MoxaHttp/(\d\.\d)$">
     <description>Moxa devices - service used on multiple families of devices</description>
     <example service.version="2.3">MoxaHttp/2.3</example>
@@ -4754,5 +4794,38 @@
     <param pos="0" name="hw.device" value="VoIP Gateway"/>
   </fingerprint>
 
+  <fingerprint pattern="^WSO2 Carbon Server$">
+    <description>WSO2 Carbon - service-oriented platform for WSO2 products</description>
+    <example>WSO2 Carbon Server</example>
+    <param pos="0" name="service.vendor" value="WSO2"/>
+    <param pos="0" name="service.product" value="Carbon"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:wso2:carbon:-"/>
+    <param pos="0" name="service.component.vendor" value="Apache"/>
+    <param pos="0" name="service.component.product" value="Tomcat"/>
+    <param pos="0" name="service.component.family" value="Tomcat"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^ballerina(?:\/([\d.]+(?:-[a-zA-Z0-9.-]+)?))?$">
+    <description>Ballerina - programming language HTTP module</description>
+    <example>ballerina</example>
+    <example service.version="0.991.0">ballerina/0.991.0</example>
+    <example service.version="0.982.1-SNAPSHOT">ballerina/0.982.1-SNAPSHOT</example>
+    <param pos="0" name="service.vendor" value="Ballerina"/>
+    <param pos="0" name="service.product" value="Ballerina"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:ballerina:ballerina:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^((?:Mini|ZTE) web server) ([\d.]+) ZTE corp \d{4}\.$">
+    <description>Assorted ZTE CPE device web server</description>
+    <example service.product="Mini web server" service.version="1.0">Mini web server 1.0 ZTE corp 2005.</example>
+    <example service.product="ZTE web server" service.version="1.0">ZTE web server 1.0 ZTE corp 2015.</example>
+    <param pos="0" name="service.vendor" value="ZTE"/>
+    <param pos="1" name="service.product"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="hw.vendor" value="ZTE"/>
+  </fingerprint>
 
 </fingerprints>

data/{xml → recog/xml}/http_wwwauth.xml

@@ -680,6 +680,19 @@
     <param pos="0" name="os.device" value="Router"/>
   </fingerprint>
 
+  <fingerprint pattern="(?i)^Basic realm=&quot;NetPing \d+/PWR-220\s*v\d+/(?:ETH|SMS|GSM(?:3G)?)&quot;">
+    <description>Alentis Electronics NetPing PDU</description>
+    <example>Basic realm="NetPing 2/PWR-220v2/SMS"</example>
+    <example>Basic realm="NetPing 2/PWR-220 v12/ETH"</example>
+    <example>Basic realm="NetPing 4/PWR-220v3/SMS"</example>
+    <param pos="0" name="os.vendor" value="Alentis Electronics"/>
+    <param pos="0" name="os.product" value="NetPing Firmware"/>
+    <param pos="0" name="os.device" value="Power Device"/>
+    <param pos="0" name="hw.vendor" value="Alentis Electronics"/>
+    <param pos="0" name="hw.product" value="NetPing"/>
+    <param pos="0" name="hw.device" value="Power Device"/>
+  </fingerprint>
+
   <!-- a variety of headers we currently just ignore -->
 
   <fingerprint pattern="(?i)^NTLM$">