From 258c861c0367a427d1fbb8f1aeccf3ae7ba4b224 Mon Sep 17 00:00:00 2001 From: dmiller Date: Fri, 15 May 2015 21:48:31 +0000 Subject: [PATCH] Process 200-ish service fingerprints --- nmap-service-probes | 348 ++++++++++++++++++++++++++++++-------------- 1 file changed, 238 insertions(+), 110 deletions(-) diff --git a/nmap-service-probes b/nmap-service-probes index 66aea9f1c..f7e385c61 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -717,8 +717,8 @@ match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version ([\d.]+)\) match ftp m|^220 OpenFTPD server ready\. .*\.\r\n| p/OpenFTPD/ match ftp m|^220 ([\w._-]+) FTP server \(NetBSD-ftpd 20\w+\) ready\.\r\n| p/NetBSD lukemftpd/ o/NetBSD/ h/$1/ cpe:/o:netbsd:netbsd/ match ftp m|^220-\r\n Your connection logged!\r\n220 ([\w_.-]+) FTP server \(NetBSD-ftpd 200\d+\) ready\.\r\n| p/NetBSD lukemftpd/ i/Connection logged/ h/$1/ -match ftp m|^220 CommuniGate Pro FTP Server ([\d.]+) ready\r\n| p/Communigate Pro ftpd/ v/$1/ -match ftp m|^220 CommuniGate Pro FTP Server ready\r\n| p/Communigate Pro ftpd/ +match ftp m|^220 CommuniGate Pro FTP Server ([\d.]+) ready\r\n| p/Communigate Pro ftpd/ v/$1/ cpe:/a:stalker:communigate_pro:$1/ +match ftp m|^220 CommuniGate Pro FTP Server ready\r\n| p/Communigate Pro ftpd/ cpe:/a:stalker:communigate_pro/ match ftp m|^421 Sorry you are not welcomed on this server\.\r\n$| p/BulletProof ftpd/ i/Banned/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-BulletProof FTP Server ready \.\.\.\r\n| p/BulletProof ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^(?:220.*\r\n)?220 [Ee]valine FTP server \(Version: Mac OS X|s p/Evaline ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a @@ -868,7 +868,7 @@ match ftp m|^220 Blue Coat FTP Service\r\n| p/Blue Coat ftp proxy/ d/security-mi match ftp m|^220 Homer Ftp Server\r\n| p/Homer ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Personal FTP Server ready\r\n| p/Personal FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Personal FTP Professional Server ready\r\n| p/Personal FTPd Professional/ o/Windows/ cpe:/o:microsoft:windows/a -match ftp m|^220-InterVations FileCOPA FTP Server Version ([\d.]+) .*\r\n220 Trial Version\. (\d+) days remaining\r\n| p/InterVations FileCOPA ftpd/ v/$1/ i/Trial: $2 days left/ o/Windows/ cpe:/o:microsoft:windows/a +match ftp m|^220-InterVations FileCOPA FTP Server Version ([\d.]+) .*\r\n220 Trial Version\. (\d+) days remaining\r\n| p/InterVations FileCOPA ftpd/ v/$1/ i/Trial: $2 days left/ o/Windows/ cpe:/a:intervations:filecopa:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 cab Mach4/(\d+) FTP Server ready\.\r\n| p/CAB MACH 4 label printer ftpd/ i/$1 dpi/ d/printer/ match ftp m|^220 cab A4\+/(\d+) FTP Server ready\.\r\n| p/CAB A4+ label printer ftpd/ i/$1 dpi/ d/printer/ match ftp m|^220 (KM[\w+]+) FTP server \(KM FTPD version ([\d.]+)\) ready\.\r\n| p/Konica Minolta $1 ftpd/ v/$2/ d/printer/ cpe:/h:konicaminolta:$1/a @@ -940,8 +940,8 @@ match ftp m|^220 FTP-Backupspace\r\n$| p/STRATO backup ftpd/ match ftp m|^220-.* \(([-\w_.]+)\)\r\n Synchronet FTP Server ([-\w_.]+)-Win32 Ready\r\n| p/Synchronet ftpd/ v/$2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to (DCS-\w+) FTP Server\r\n$| p/D-Link $1 webcam ftpd/ d/webcam/ cpe:/h:dlink:$1/a match ftp m|^220 X5 FTP server \(version ([\d.]+)\) ready\.\r\n| p/Zoom ADSL modem/ i/X5 $1/ d/broadband router/ -match ftp m|^220 zFTPServer v([-\w_.]+), build ([-\d]+)| p/zFTPServer/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a -match ftp m|^220 Welcome to zFTPServer\r\n| p/zFTPServer/ o/Windows/ cpe:/o:microsoft:windows/a +match ftp m|^220 zFTPServer v([-\w_.]+), build ([-\d]+)| p/zFTPServer/ v/$1 build $2/ o/Windows/ cpe:/a:vaestgoeta-data:zftpserver:$1/ cpe:/o:microsoft:windows/a +match ftp m|^220 Welcome to zFTPServer\r\n| p/zFTPServer/ o/Windows/ cpe:/a:vaestgoeta-data:zftpserver/ cpe:/o:microsoft:windows/a match ftp m|^220 FRITZ!BoxWLAN(\d+)(?:\(UI\))? FTP server ready\.\r\n| p/FRITZ!Box WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!BoxFonWLAN(\w+)(?:\(\w+\))? FTP server ready\.\r\n| p/FRITZ!Box Fon WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!Box Fon WLAN (\d+) FTP server ready\.\r\n| p/FRITZ!Box Fon WLAN $1 WAP ftpd/ d/WAP/ @@ -1206,9 +1206,12 @@ match ftp-proxy m|^220-Firewall ftp proxy\. You must login to the proxy first\. # DAZ Studio 4.5, port 27997 match valentinadb m|^dddd\0\0\0\0\0\0\0\x0b| p/Valentina DB/ -match varnish-cli m|^200 206 \n-----------------------------\nVarnish Cache CLI ([\w._-]+)\n-----------------------------\nLinux,([\w._-]+),([^\n]*)\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n\n| p/Varnish Cache CLI/ v/$1/ i/open; $3/ o/Linux $2/ cpe:/a:varnish-cache:varnish:$1/ cpe:/o:linux:linux_kernel:$2/ -# Authentication added in 2.1.0. The version reported was actually 4.0.1 -match varnish-cli m|^107 59 \n[a-z]{32}\n\nAuthentication required\.\n\n| p/Varnish Cache CLI/ v/2.0.6 or earlier/ i/authentication required/ cpe:/a:varnish-cache:varnish/ +match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish HTTP accelerator CLI.\n-----------------------------\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n| p/Varnish Cache CLI/ v/2.1.0 - 2.1.3/ i/open/ cpe:/a:varnish-cache:varnish:2.1/ +# vident field is uname -s,uname -r,uname -m +match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish HTTP accelerator CLI.\n-----------------------------\n([^,]+),([^,]+),[^\n]*\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n| p/Varnish Cache CLI/ v/2.1.4/ o/$1 $2/ cpe:/a:varnish-cache:varnish:2.1.4/ +match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish Cache CLI 1.0\n-----------------------------\n([^,]+),([^,]+),[^\n]*\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n\n| p/Varnish Cache CLI/ v/2.1.5 - 3.0.3/ o/$1 $2/ cpe:/a:varnish-cache:varnish/ +match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish Cache CLI 1.0\n-----------------------------\n([^,]+),([^,]+),[^\n]*\nvarnish-([\w._-]+) revision [0-9a-f]+\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n\n| p/Varnish Cache CLI/ v/$3/ o/$1 $2/ cpe:/a:varnish-cache:varnish:$3/ +match varnish-cli m|^107 59 \n[a-z]{32}\n\nAuthentication required\.\n\n| p/Varnish Cache CLI/ i/authentication required/ cpe:/a:varnish-cache:varnish/ # TODO kerio? #match ftp m|^421 Service not available \(The FTP server is not responding\.\)\n$| v/unknown FTP server//service not responding/ @@ -1407,7 +1410,7 @@ match imap m|^\* OK IMAP4 Server \(IMail ([-.\w]+)\)| p/IMail imapd/ v/$1/ cpe:/ match imap m|^\* OK Merak (\d[-.\w]+) IMAP4rev1 |i p/Merak Mail Server imapd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match imap m|^\* OK ([-.+\w]+) IMAP4rev1 Mercury/32 v(\d[-.\w]+) server ready\.\r\n| p|Mercury/32 imapd| v/$2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match imap m|^\* OK ([-.\w]+) IMAP4 service \(Netscape Messaging Server (\d[-.\w ]+) \(built ([\w ]+)\)\)\r\n| p/Netscape Messaging Server Imapd/ v/$2/ i/built $3/ h/$1/ cpe:/a:netscape:messaging_server:$2/ -match imap m|^\* OK \[CAPABILITY .*\] ([-.\w]+) IMAP4rev1 (20[\w.]+) at | p/UW imapd/ v/$2/ h/$1/ +match imap m|^\* OK \[CAPABILITY .*\] ([-.\w]+) IMAP4rev1 (20[\w.]+) at | p/UW imapd/ v/$2/ h/$1/ cpe:/a:uw:imap_toolkit:$2/ match imap m|^\* OK eXtremail V(\d[-.\w]+) release (\d+) IMAP4 server started\r\n| p/eXtremail IMAP server/ v/$1.$2/ match imap m|^\* OK eXtremail V(\d[-.\w]+) release (\d+) rev(\d+) IMAP4 server started\r\n| p/eXtremail IMAP server/ v/$1.$2.$3/ match imap m|^\* OK ([-.\w]+) NetMail IMAP4 Agent server ready <.*>\r\n| p/Novell NetMail imapd/ o/Unix/ h/$1/ cpe:/a:novell:netmail/ @@ -1428,7 +1431,7 @@ match imap m|^\* OK.*?Courier-IMAP ready\. Copyright 1998-(\d+) Double Precision match imap m|^\* OK \[CAPABILITY IMAP4rev1 .*?Courier-IMAP ready\. Copyright 1998-\d+ Double Precision, Inc\. See COPYING for distribution information\.\r\n| p/Courier IMAP4rev1 imapd/ match imap m|^\* OK CommuniGate Pro IMAP Server ([-.\w]+) at ([-.\w]+) ready\r\n$| p/CommuniGate Pro imapd/ v/$2/ h/$1/ # W-Imapd-SSL v2001adebian-6 -match imap m|^\* OK \[CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS STARTTLS AUTH=LOGIN\](\S+) IMAP4rev1 ([-.\w]+) at| p/UW imapd/ v/$2/ h/$1/ +match imap m|^\* OK \[CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS STARTTLS AUTH=LOGIN\](\S+) IMAP4rev1 ([-.\w]+) at| p/UW imapd/ v/$2/ h/$1/ cpe:/a:uw:imap_toolkit:$2/ match imap m|^\* OK Domino IMAP4 Server Release (\d[-.\w ]+) +ready +(.*)\r\n| p/Lotus Domino imapd/ v/$1/ i/date: $2/ cpe:/a:ibm:lotus_domino:$1/ match imap m|^\* OK Domino IMAP4 Server Build V([\w_]+ Beta \w+) ready .*\r\n| p/Lotus Domino imapd/ v/$1/ cpe:/a:ibm:lotus_domino:$1/ match imap m|^\* BYE Domino IMAP4 Server Unable to authenticate session\.| p/Lotus Domino imapd/ i/Unable to connect/ cpe:/a:ibm:lotus_domino/ @@ -1453,7 +1456,7 @@ match imap m|^\* OK The Microsoft Exchange IMAP4 service is ready\.\r\n| p/Micro match imap m|^\* OK IMAP4rev1 Server DeskNow \(DeskNow ([\w._-]+)\) ready\r\n| p/DeskNow imapd/ v/$1/ -match imap m|^\* OK \[CAPABILITY (?:IMAP4 )?IMAP4REV1 .*IMAP4rev1 (200\d\.[-.\w]+) at| p/UW imapd/ v/$1/ +match imap m|^\* OK \[CAPABILITY (?:IMAP4 )?IMAP4REV1 .*IMAP4rev1 (200\d\.[-.\w]+) at| p/UW imapd/ v/$1/ cpe:/a:uw:imap_toolkit:$1/ match imap m|^\* OK (?:\[CAPABILITY IMAP4[^\]]*?\] )?([-.\w]+) Cyrus IMAP4? v([-.\w\+]+) server ready\r\n| p/Cyrus imapd/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match imap m|^\* OK (?:\[CAPABILITY IMAP4[^\]]*?\] )?([-.\w]+) Cyrus IMAP4? v([-.\w\+]+) server ready\r\n| p/Cyrus imapd/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match imap m|^\* OK ([-.\w]+) Cyrus IMAP4 v([-.\w\+]+)-Red Hat [-.\w\+]+ server ready\r\n| p/Cyrus imapd/ v/$2/ i/RedHat/ o/Linux/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ cpe:/o:redhat:linux/ @@ -1501,14 +1504,14 @@ match imap m|^\* OK .* GoMail V([-\w_.]+) IMAP4rev1| p/GoMail mass mailing plugi match imap m|^\* OK IMAP4 ready! [-\w_.]+ Winmail Mail Server MagicWinmail Extend IMAP 101\r\n| p/Winmail imapd/ o/Windows/ cpe:/o:microsoft:windows/a match imap m|^\* OK ([-\w_.]+) IMAP4rev1 Mailtraq \(([\d.]+)\) ready\r\n| p/Mailtraq imapd/ v/$2/ o/Windows/ h/$1/ cpe:/a:mailtraq:mailtraq:$2/ cpe:/o:microsoft:windows/a match imap m|^\* OK ([-\w_.]+) CallPilot IMAP4rev1 v([\d.]+) server ready\.?\r\n| p/Nortel CallPilot imapd/ v/$2/ d/telecom-misc/ h/$1/ -match imap m|^\* OK ([-\w_.]+) Zimbra IMAP4rev1 service ready\r\n| p/Zimbra imapd/ h/$1/ -match imap m|^\* OK ([-\w_.]+) Zimbra IMAP4rev1 server ready\r\n| p/Zimbra imapd/ h/$1/ +match imap m|^\* OK ([-\w_.]+) Zimbra IMAP4rev1 service ready\r\n| p/Zimbra imapd/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ +match imap m|^\* OK ([-\w_.]+) Zimbra IMAP4rev1 server ready\r\n| p/Zimbra imapd/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ match imap m|^\* OK ([-\w_.]+) DKIMAP4 IMAP Server\r\n| p/DBOX DKIMAP4 imapd/ h/$1/ match imap m|^\* OK IMAP Module of ArGoSoft Mail Server Pro for WinNT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft Pro imapd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match imap m|^\* OK ArGoSoft Mail Server IMAP Module v\.([\w._-]+) at | p/ArGoSoft imapd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match imap m|^\* OK ([-\w_.]+) running Eudora Internet Mail Server X ([\d.]+)\r\n| p/Eudora Internet Mail Server X imapd/ v/$2/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a match imap m|^\* OK ([-\w_.]+) running EIMS X ([\w.]+)\r\n| p/Eudora Internet Mail Server X imapd/ v/$2/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a -match imap m|^\* OK MERCUR IMAP4-Server \(v([\w.]+) \w+\) for Windows ready| p/Atrium Software's Mercur imapd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a +match imap m|^\* OK MERCUR IMAP4-Server \(v([\w.]+) \w+\) for Windows ready| p/Mercur imapd/ v/$1/ o/Windows/ cpe:/a:atrium:mercur:$1/ cpe:/o:microsoft:windows/a match imap m|^\* OK WebSTAR Mail ready\r\n| p/WebSTAR imapd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match imap m|^\* OK \[CAPABILITY IMAP4rev1[\w+= -]*\] Atmail IMAP4 Server ready\. See COPYING for distribution information\.\r\n| p/Atmail imapd/ match imap m|^\* OK Dovecot DA ready\.\r\n| p/Dovecot DirectAdmin imapd/ cpe:/a:directadmin:directadmin/ cpe:/a:dovecot:dovecot/ @@ -1521,7 +1524,7 @@ match imap m|^\* OK Hi This is the IMAP SSL Server .*\r\n| p/Lotus Domino secure match imap m|^\* OK TeamXchange IMAP4rev1 server \(([\w._-]+)\) ready\.\r\n| p/TeamXchange imapd/ h/$1/ match imap m|^\* OK \[CAPABILITY IMAP4REV1[^\]]*?\] ([-.\w]+) IMAP4rev1 Citadel ([-.\w]+) ready\r\n| p/Citadel imapd/ v/$2/ h/$1/ cpe:/a:citadel:ux:$2/ match imap m|^\* BYE Domino IMAP4 Server Configured for SSL Connections only\. Please reconnect using SSL Port (\d+), .*\r\n| p/Lotus Domino imapd/ i/SSL-only; imaps on port $1/ cpe:/a:ibm:lotus_domino/ -match imap m|^\* OK Kerio Connect ([\w._ -]+) IMAP4rev1 server ready\r\n| p/Kerio Connect imapd/ v/$1/ +match imap m|^\* OK Kerio Connect ([\w._ -]+) IMAP4rev1 server ready\r\n| p/Kerio Connect imapd/ v/$1/ cpe:/a:kerio:connect:$1/ match imap m|^\* OK ([\w._-]+) IMAP4rev1 Server PMDF V([\w._-]+) at | p/PMDF imapd/ v/$2/ o/OpenVMS/ h/$1/ cpe:/o:hp:openvms/a match ssl/imap m|^\* BYE Fatal error: tls_init\(\) failed\r\n| p/Cyrus imapd/ cpe:/a:cmu:cyrus_imap_server/ match imap m|^\* OK VisNetic\.MailServer\.v([\w._-]+) IMAP4rev1 .*\r\n| p/VisNetic MailServer imapd/ v/$1/ @@ -1585,6 +1588,8 @@ match intranetchat m|^\d+\0FORWARD\0\x0b\xc2c\x0c\xc1a\x9f@| p/Intranet Chat Ser match ipmi-advertiserd m|^\x0e\0\0\0\0\0\0$| p/SuperMicro IPMI advertiserd/ d/remote management/ cpe:/o:supermicro:intelligent_platform_management_firmware/ +match ipremote m|^IPremote - w([\d.]+)\r\n\0\0\0\0| p/IPsoft IPremote/ v/$1/ cpe:/a:ipsoft:ipremote:$1/ + match ipsi m|^\0\x0f\0/([\w._-]+)\0| p/Avaya $1 IPSI version/ d/PBX/ # Port 9200: http://support.lexmark.com/index?page=content&id=FA642 @@ -1738,6 +1743,9 @@ match jboss-remoting m|^\0\0\0.\0\0.([\w.-]+)$| p/JBoss Remoting/ i/JBoss manage # http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdwp-spec.html match jdwp m|^JDWP-Handshake$| p/Java Debug Wire Protocol/ +# Null probe hack +match jenkins-listener m|^Unrecognized protocol: .*\r\n$| p/Jenkins TcpSlaveAgentListener/ cpe:/a:cloudbees:jenkins/ + # Samsung ML-2850 port 2000 match jetdirect m|^ $| p/JetDirect/ d/printer/ @@ -1777,11 +1785,12 @@ match litecoin-jsonrpc m|^HTTP/1\.1 403 Forbidden\r\n.*Server: litecoin-json-rpc match lmtp m|^220 ([-.\w]+) LMTP Cyrus v(\d[-.\w]+) ready\r\n| p/Cyrus Imap Daemon lmtpd/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match lmtp m|^220 ([\w._-]+) Cyrus LMTP Murder v([\w._-]+) server ready\r\n| p/Cyrus lmtpd Murder/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ +match lmtp m|^220 ([\w._-]+) Cyrus LMTP v([\w._+-]+) server ready\r\n| p/Cyrus Imap Daemon lmtpd/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match lmtp m|^220 ([-\w_.]+) LMTP Cyrus v([\d.]+)-Red Hat [\d.-]+ ready\r\n| p/Cyrus Imap Daemon lmtpd/ v/$2/ i/on Red Hat/ o/Linux/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ cpe:/o:linux:linux_kernel/a match lmtp m|^220 ([-\w_.]+) DBMail LMTP service ready to rock\r\n| p/DBMail lmtpd/ h/$1/ match lmtp m|^220 DSPAM LMTP ([-\w_.]+) Ready\r\n| p/DSPAM lmtpd/ v/$1/ -match lmtp m|^220 ([\w._-]+) Zimbra LMTP ready\r\n| p/Zimbra lmtpd/ h/$1/ -match lmtp m|^220 ([\w._-]+) Zimbra LMTP (?:server )?ready\r\n| p/Zimbra lmtpd/ h/$1/ +match lmtp m|^220 ([\w._-]+) Zimbra LMTP ready\r\n| p/Zimbra lmtpd/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ +match lmtp m|^220 ([\w._-]+) Zimbra LMTP (?:server )?ready\r\n| p/Zimbra lmtpd/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ match logevent m|^\x01\*Nsure Audit Novell NetWare \[\w+:\w+\]\r\n| p/Nsure Audit logeventd/ o/NetWare/ cpe:/a:novell:nsure_audit/ cpe:/o:novell:netware/a @@ -1968,7 +1977,10 @@ match minisql m|^.\0\0\x000:23:([\d.]+)\n$|s p/Mini SQL/ v/$1/ # Calculating: perl -MPOSIX -le 'print ctime(0x5FFFFFFF)' match nagios-nsca m|^.{128}[\x52-\x5F]...$|s p/Nagios NSCA/ -match nbd m|^NBDMAGIC\0\0B| p/Network Block Device/ +match nbd m|^NBDMAGIC\0\0B\x02\x81\x86\x12S| p/Network Block Device/ i/old handshake/ cpe:/a:wouter_verhelst:nbd/ +# see nbd/proto.txt +match nbd m|^NBDMAGICIHAVEOPT\0\0| p/Network Block Device/ v/2.9.17/ i/new handshake/ cpe:/a:wouter_verhelst:nbd:2.9.17/ +match nbd m|^NBDMAGICIHAVEOPT\0\x01| p/Network Block Device/ i/new handshake/ cpe:/a:wouter_verhelst:nbd/ match ncacn_http m|^ncacn_http/([\d.]+)$| p/Microsoft Windows RPC over HTTP/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a # NCD Thinstar 300 running NCD Software 2.31 build 6 @@ -2045,7 +2057,7 @@ match nntp m|^502 ([-\w_.]+): Transfer permission denied to [\d.]+ - [-\w_.@]+ \ match nntp m|^200 ([-\w_.]+) - colobus ([\d.]+) ready - \(posting ok\)\.\r\n| p/Colobus nntpd/ v/$2/ i/posting ok/ h/$1/ match nntp m|^200 Welcome to .* \(Typhoon v([\d.]+)\)\r\n| p/Typhoon nntpd/ v/$1/ match nntp m|^200 +Kerio MailServer ([\w._-]+) +NNTP server ready\r\n| p/Kerio MailServer nntpd/ v/$1/ -match nntp m|^200 Kerio Connect ([\w._-]+) NNTP server ready\r\n| p/Kerio Connect nntpd/ v/$1/ +match nntp m|^200 Kerio Connect ([\w._-]+) NNTP server ready\r\n| p/Kerio Connect nntpd/ v/$1/ cpe:/a:kerio:connect:$1/ match nntp m|^200 NewsCache ([-\w_.]+), accepting NNRP commands\r\n| p/Newscache nntp cache/ v/$1/ match nntp m|^200 ([\w._-]+) Cyrus NNTP v([\w._-]+) server ready, posting allowed\r\n| p/Cyrus nntpd/ v/$2/ i/posting ok/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match nntp m|^200 ([-\w_.]+) ready for action \(Mailtraq ([\d.]+)/NNTP\)\r\n| p/Mailtraq nntpd/ v/$2/ o/Windows/ h/$1/ cpe:/a:mailtraq:mailtraq:$2/ cpe:/o:microsoft:windows/a @@ -2120,8 +2132,9 @@ match pioneers m|^version report\n| p/Pioneers game server/ match pioneers-meta m|^welcome to the pioneers-meta-server version ([\d.]+)\n| p/Pioneers game meta server/ v/$1/ # UW POP2 server on Linux 2.4.18 -match pop2 m|^\+ POP2 ([\w._-]+) v([\w._-]+) server ready\r\n$| p/UW POP2 server/ v/$2/ h/$1/ -match pop2 m|^\+ POP2 ([\w._-]+) ([\w._-]+) server ready\r\n$| p/UW POP2 server/ v/$2/ h/$1/ +match pop2 m|^\+ POP2 \[[\d.]+\] v([\w._-]+) server ready\r\n$| p/UW POP2 server/ v/$1/ cpe:/a:uw:imap_toolkit:$1/ +match pop2 m|^\+ POP2 ([\w._-]+)(?: \[[\d.]+\])? v([\w._-]+) server ready\r\n$| p/UW POP2 server/ v/$2/ h/$1/ cpe:/a:uw:imap_toolkit:$2/ +match pop2 m|^\+ POP2 ([\w._-]+) ([\w._-]+) server ready\r\n$| p/UW POP2 server/ v/$2/ h/$1/ cpe:/a:uw:imap_toolkit:$2/ # Novell Groupwise 6.0.1 match pop3 m|^\+OK GroupWise POP3 server ready\r\n$| p/Novell GroupWise pop3d/ o/Unix/ cpe:/a:novell:groupwise/ @@ -2251,9 +2264,9 @@ match pop3 m|^\+OK\r\n$| p/Openwall popa3d/ match pop3 m|^\+OK ([-.\w]+) MultiNet POP3 Server Process V(\S+) at| p/DEC OpenVMS MultiNet pop3d/ v/$2/ h/$1/ match pop3 m|^\+OK <.*>, MercuryP/NLM v(\d[-.\w]+) ready.\r\n$| p/Mercury POP3 server/ v/$1/ o/NetWare/ cpe:/o:novell:netware/a match pop3 m|^\+OK Microsoft Windows POP3 Service Version 1.0 <| p/Microsoft Windows 2003 POP3 Service/ v/1.0/ o/Windows 2000/ cpe:/o:microsoft:windows_2000/ -match pop3 m|^\+OK POP3 ([-.\w]+) v?(200\d\w?\.[-.\w]+) server ready\r\n| p/UW Imap pop3d/ v/$2/ h/$1/ -match pop3 m|^\+OK POP3 v?([\d.]+) server ready <[\w.]+@([-\w_.]+)>\r\n| p/UW Imap pop3d/ v/$1/ h/$2/ -match pop3 m|^\+OK POP3 \[([-\w_.]+)\] v([\d.]+) server ready\r\n| p/UW Imap pop3d/ v/$2/ h/$1/ +match pop3 m|^\+OK POP3 ([-.\w]+) v?(200\d\w?\.[-.\w]+) server ready\r\n| p/UW Imap pop3d/ v/$2/ h/$1/ cpe:/a:uw:imap_toolkit:$2/ +match pop3 m|^\+OK POP3 v?([\d.]+) server ready <[\w.]+@([-\w_.]+)>\r\n| p/UW Imap pop3d/ v/$1/ h/$2/ cpe:/a:uw:imap_toolkit:$1/ +match pop3 m|^\+OK POP3 \[([-\w_.]+)\] v([\d.]+) server ready\r\n| p/UW Imap pop3d/ v/$2/ h/$1/ cpe:/a:uw:imap_toolkit:$2/ match pop3 m|^\+OK POP3 server ready <\w{11}>\r\n$| p/WebSTAR pop3 server/ match pop3 m|^\+OK Kerio MailServer (\d[-.\w]+) POP3 server ready <([-.\w@:]+)>\r\n$| p/Kerio MailServer POP3 Server/ v/$1/ i/$2/ match pop3 m|^\+OK Kerio MailServer (\d[-.\w]+) POP3 server ready <| p/Kerio MailServer POP3 Server/ v/$1/ @@ -2279,7 +2292,6 @@ match pop3 m|^\+OK ([-\w_.]+) POP3 WorkgroupMail ([\d.]+) .*\r\n| p/WorkgroupMai match pop3 m|^\+OK POP3 server ready \(LSMTP v([\w.]+)\) <[\w.]+@([-\w_.]+)>\r\n| p/LSMTP pop3d/ v/$1/ h/$2/ match pop3 m|^\+OK ([-\w_.]+) Mirapoint POP3 ([\d.]+) server ready\r\n| p/Mirapoint RazorGate pop3d/ v/$2/ h/$1/ match pop3 m|^\+OK K9 - ([\d.]+) - http://keir\.net ready <[\w.]+>\r\n| p/K9 pop3d from keir.net/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a -match pop3 m|^\+OK MERCUR POP3-Server \(v([\d.]+) \w+\) for Windows NT ready <[\d.]+@([-\w_.]+)>\r\n| p/MERCUR pop3d/ v/$1/ o/Windows NT/ h/$2/ cpe:/o:microsoft:windows_nt/a match pop3 m|^\+OK POP3 server ready QuickMail Pro Server for MacOS ([\d.]+) <[\w.]+@([-\w_.]+)>\r\n| p/QuickMail Pro pop3d/ v/$1/ o/Mac OS/ h/$2/ cpe:/o:apple:mac_os/a match pop3 m|^\+OK ready\r\n| p/602LAN Suite pop3/ o/Windows/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK DvISE Mail Access Server Server ready \(Tobit Software, Germany\)\r\n| p/Tobit DvISE pop3d/ @@ -2316,7 +2328,7 @@ match pop3 m|^\+OK POP3 FTGate6 server ready <[\d.]+@([\w._-]+)>\r\n| p/Floosiet match pop3 m|^\+OK DBOX POP3 Server ([\d.]+) ready\r\n| p/DBOX TCL pop3d/ v/$1/ match pop3 m|^\+OK POP3 on WinWebMail \[([\d.]+)\] ready\. http://www\.winwebmail\.com\r\n| p/WinWebMail pop3d/ v/$1/ o/Windows/ cpe:/h:winwebmail:winwebmail_server:$1/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK ([-\w_.]+) POP3 Server Version ([\d.]+) Copyright \d{4} International Messaging Associates\r\n| p/IMA pop3d/ v/$2/ h/$1/ -match pop3 m|^\+OK MERCUR POP3-Server \(v([-\w_.]+) \w+\) for Windows ready <[\d.]+@([-\w_.]+)>\r\n| p/Atrium Software's Mercur pop3d/ v/$1/ o/Windows/ h/$2/ cpe:/o:microsoft:windows/a +match pop3 m|^\+OK MERCUR POP3-Server \(v([\w._-]+) [\w=]+\) for Windows(?: NT)? ready <[\d.]+@([-\w_.]+)>\r\n| p/Mercur pop3d/ v/$1/ o/Windows/ h/$2/ cpe:/a:atrium:mercur:$1/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK 4D Mail ([-\w_.]+) ready <| p/WebSTAR 4D pop3d/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match pop3 m|^\+OK ([-\w_.]+) POP3 ([-\w_.()]+) w/IMAP client at| p/SCO pop3d/ v/$2/ o/SCO UNIX/ h/$1/ cpe:/o:sco:sco_unix/a match pop3 m|^\+OK Server Ready\r\n| p/Cisco VPN 3000 Concentrator pop3d/ d/security-misc/ cpe:/o:cisco:vpn_3000_concentrator_series_software/ @@ -2334,7 +2346,7 @@ match pop3 m|^\+OK POP3 server ([-\w_.]+) ready <[\d.]+@[-\w_.]+>\r\n| p/BVRP So match pop3 m|^\+OK ([-\w_.]+) POP3 Server \(Version ([\w.]+)\) ready at <.*>\r\n| p/BSD-based in.pop3d/ v/$2/ h/$1/ match pop3 m|^\+OK popd-([\d.]+) ready \r\n| p/FreeBSD popd/ v/$1/ match pop3 m|^\+OK POP3 server at ([-\w_.]+) ready <[\d.]+@| p/FirstClass pop3d/ h/$1/ -match pop3 m|^\+OK POP3 Server OK <[\d.]+@([-\w_.]+)>\r\n| p/Communigate Pro pop3d/ h/$1/ +match pop3 m|^\+OK POP3 Server OK <[\d.]+@([-\w_.]+)>\r\n| p/Communigate Pro pop3d/ h/$1/ cpe:/a:stalker:communigate_pro/ match pop3 m|^-ERR Permission denied - closing connection\.\r\n$| p/Classic Hamster pop3d/ i/Permission denied/ o/Windows/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK ([-\w_.]+) <[\d.]+@[-\w_.]+>\r\n| p/IA MailServer pop3d/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK <[\d.]+@([-\w_.]+)>\r\n| p/qmail pop3d/ h/$1/ @@ -2359,7 +2371,7 @@ match pop3 m|^\+OK Dovecot DA ready\. <[\w._=-]+@([\w._-]+)>\r\n| p/Dovecot Dire match pop3 m|^\+OK Dovecot DA ready\.\r\n| p/Dovecot DirectAdmin pop3d/ cpe:/a:directadmin:directadmin/ cpe:/a:dovecot:dovecot/ match pop3 m|^Unable to open trace file \"/var/spool/popper/| p/popper pop3d/ i/Misconfigured/ match pop3 m|^\+OK SocketMail v ([-\w_.]+) SocketMail POP3 Server Ready\r\n| p/SocketMail pop3d/ v/$1/ -match pop3 m|^\+OK ([\w._-]+) (?:POP3 Service )?Zimbra POP3 server ready\r\n| p/Zimbra pop3d/ h/$1/ +match pop3 m|^\+OK ([\w._-]+) (?:POP3 Service )?Zimbra POP3 server ready\r\n| p/Zimbra pop3d/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ match pop3 m|^\+OK TMSOFT POP3 Server v([\w._-]+) ready <\w+>\r\n| p/TMSOFT pop3d/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK POP3D\(\*\) Server PMDFV([\w._-]+) at .* <\w+@([\w._-]+)>\r\n| p/PMDF pop3d/ v/$1/ o/OpenVMS/ h/$2/ cpe:/o:hp:openvms/a match pop3 m|^\+OK POP3D\(\*\) Server PMDFV([\w._-]+) at .* \(APOP disabled\)\r\n| p/PMDF pop3d/ v/$1/ o/OpenVMS/ cpe:/o:hp:openvms/a @@ -2369,7 +2381,7 @@ match pop3 m|^\+OK Pop3 ready\.\r\n| p/Dovecot pop3d/ cpe:/a:dovecot:dovecot/ # embyte match pop3 m|^\+OK E-POST POP3 Server \(([^\)]+)| p/E-Post POP3 Server/ v/$1/ match pop3 m|^\+OK ([\w._-]+) Cyrus POP3 v([\w._-]+)-OS X Server ([\w._-]+):\t9L1 server ready <[\d.]+@[\w._-]+>\r\n$| p/Cyrus pop3d/ v/$2/ i/OS X Server $3/ o/Mac OS X/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ cpe:/o:apple:mac_os_x/a -match pop3 m|^\+OK Kerio Connect ([\w._ -]+) POP3 server ready <[\d.]+@([\w._-]+)>\r\n$| p/Kerio Connect pop3d/ v/$1/ h/$2/ +match pop3 m|^\+OK Kerio Connect ([\w._ -]+) POP3 server ready <[\d.]+@([\w._-]+)>\r\n$| p/Kerio Connect pop3d/ v/$1/ h/$2/ cpe:/a:kerio:connect:$1/ match pop3 m|^\+OK Welcome NewsGator Online Services POP3 Server version ([\w._-]+)\r\n$| p/NewsGator Enterprise Server pop3d/ v/$1/ match pop3 m|^-ERR \[SYS/PERM\] Fatal error: tls_init\(\) failed\r\n| p/Cyrus pop3d/ cpe:/a:cmu:cyrus_imap_server/ match pop3 m|^\+OK Quick 'n Easy Mail Server ready\r\n| p/Quick 'n Easy pop3d/ o/Windows/ cpe:/o:microsoft:windows/a @@ -2384,6 +2396,7 @@ match pop3 m|^\+OK 200\r\n| p/Brother MFC-7360N pop3d/ d/printer/ match pop3 m|^\+OK Welcome to the SLnet POP3 Service\r\n| p/SeattleLab SLMail pop3d/ o/Windows/ cpe:/o:microsoft:windows/a match pop3 m|^\+OK ([\w.-]+) POP3 server \(DeskNow\) ready \r\n| p/DeskNow pop3d/ h/$1/ match pop3 m|^\+OK ([\w.-]+) Service ready <\d+\.\d+@[\w.-]+>\r\n| p/Gattaca pop3d/ h/$1/ +match pop3 m|^-ERR access from your network is denied\r\n$| p/Communigate Pro pop3d/ i/access denied/ cpe:/a:stalker:communigate_pro/ match pop3-proxy m|^\+OK POP3 AnalogX Proxy (\d[-.\w]+) \(Release\) ready\.\n$| p/AnalogX POP3 proxy/ v/$1/ cpe:/a:analogx:proxy:$1/ match pop3-proxy m|^\+OK CCProxy (\S+) POP3 Service Ready\r\n| p/CCProxy pop3d/ v/$1/ @@ -2441,9 +2454,10 @@ match pop3pw m|^200 Stalker Internet Password Server ready\. V\.([\w.]+)\r\n| p/ match pop3pw m|^550 Login failed - already \d+/\d+ users connected sorry \(use G_CON_PERIP_EXCEPT to bypass\) \(IP=[\d.]+\)\r\n| p/Qualcomm poppassd/ i/Maximum users connected/ match pop3pw m|^200 hello and welcome to SchoolsNET SINA poppassd \[([-\d.]+)\]\r\n| p/SINA pop3pw/ v/$1/ match pop3pw m|^200 Post\.Office v([\d.]+) password server ready\r\n| p/Post.Office pop3pw/ v/$1/ -match pop3pw m|^200 MERCUR Password service for Windows NT ready\r\n| p/Atrium Software's Mercur pop3pw/ o/Windows/ cpe:/o:microsoft:windows/a +match pop3pw m|^200 MERCUR Password service for Windows NT ready\r\n| p/Mercur pop3pw/ o/Windows/ cpe:/a:atrium:mercur/ cpe:/o:microsoft:windows/a match pop3pw m|^200 hello\r\n| p/SLMail pop3pw/ o/Windows/ cpe:/o:microsoft:windows/a match pop3pw m|^200 Ok, \"modusMail Mail Management Server ready\" <[\d.]+@\(null\)>\r\n| p/ModusMail poppassd/ o/Windows/ cpe:/o:microsoft:windows/a +match pop3pw m|^500 access from your network is denied\r\n$| p/Communigate Pro pop3pw/ i/access denied/ cpe:/a:stalker:communigate_pro/ # RFC 1939 suggests for the timestamp softmatch pop3 m|^\+OK [^<]+ <[\d.]+@([\w.-]+)>\r\n$| h/$1/ @@ -2578,6 +2592,7 @@ match saprouter m|^\0\0\0.NI_RTERR\0.\0\0\xff\xff\xff\xfb\0\0\0.\*ERR\*\x001\0co match scalix-ual m|^\x02\x1c50\x1c\x03\0\0\0\0$| p/Scalix UAL/ match scanager m|^\*\*\* ITSO_DB_FAIL \*\*\* invalid request\r\n| p/Indiana University Scanager DB/ +match serial m|^\nAccess to serial port port01 via unauthorised telnet is not allowed\n\n| p/Opengear serial port unauthenticated access/ i/disabled/ d/remote management/ match servicetags m|^I/O error : Permission denied\n$| p/Sun service tags/ cpe:/a:sun:service_tags/ # This sdmsvc was matching HP printers. May be bogus, so removed. @@ -2603,6 +2618,7 @@ softmatch sieve m|^\"IMPLEMENTATION\" \"([^"])\"\r\n\"SIEVE\" \"| p/sieved/ i/$1 match sftp m|^\+Shiva SFTP Service\0$| p/Shiva LanRover SFTP service/ match sgms m|^SGMS Scheduler SGMS (\d+) ([\d.]+) .*\n>| p/Sonicwall Viewpoint SGMSd/ v/$2/ i/SGMS protocol $1/ d/firewall/ +match sguil m|^SGUIL-([\w._-]+) OPENSSL ENABLED\r\n$| p/Sguil/ v/$1/ cpe:/a:sguil:sguil:$1/ match shaiya m|^\xc7\x00\x01\xa1\x00\x40\x80.{192}$|s p/Shaiya game server/ @@ -2957,7 +2973,7 @@ match smtp m|^220 ([\w_.-]+) Epiphany CME SMTP Server Version ([\d.]+) ready at match smtp m|^220 ([\w_.-]+) \(\w+\) Welcome to Nemesis ESMTP server\r\n| p/Nemesis smtpd/ h/$1/ match smtp m|^220 BEJY V([\w._-]+) SMTP ([\w._-]+) \(c\) \d+-\d+ by BebboSoft, Stefan \"Bebbo\" Franke, all rights reserved ready\r\n$| p/BEJY smtpd/ v/$2/ i/BEJY $1/ match smtp m|^220 Welcome NGOS SMTP Server version ([\w._-]+)\r\n$| p/NewsGator Enterprise Server smtpd/ v/$1/ -match smtp m|^220 ([\w._-]+) Kerio Connect ([\w._ -]+) ESMTP ready\r\n| p/Kerio Connect smtpd/ v/$2/ h/$1/ +match smtp m|^220 ([\w._-]+) Kerio Connect ([\w._ -]+) ESMTP ready\r\n| p/Kerio Connect smtpd/ v/$2/ h/$1/ cpe:/a:kerio:connect:$2/ match smtp m|^220 Service ready (KMBT[0-9A-F]+) smtpd\r\n| p/Konica Minolta printer smtpd/ h/$1/ match smtp m|^220 Service ready M052 smtpd\r\n| p/Konica Minolta C360 printer smtpd/ cpe:/h:konicaminolta:c360/a match smtp m|^220 ([\w._-]+) running IBM VM SMTP Level (\d+) on | p/IBM VM smtpd/ v/Level $2/ h/$1/ @@ -2986,9 +3002,11 @@ match smtp m|^220 MacGyver SMTP Ready\.\r\n| p/Perl Net::SMTP::Server/ v/1.1/ i/ match smtp m|^220 ([\w._-]+) SMTP server ready \(MgSMTP ([\w._-]+)\)\r\n| p/MgSMTP/ v/$2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match smtp m|^220 ([\w._-]+) SMTP IceWarp ([\w._-]+);| p/IceWarp smtpd/ v/$2/ h/$1/ cpe:/a:icewarp:mail_server:$2/ match smtp m|^554-([\w._-]+) \(\w+\) Nemesis ESMTP Service not available\r\n| p/Nemesis smtpd/ i/blacklisted/ h/$1/ -match smtp m|^421 4\.3\.2 Server license expired\r\n| p/Kerio Connect or MailServer smtpd/ i/license expired/ +match smtp m|^421 4\.3\.2 Server license expired\r\n| p/Kerio Connect or MailServer smtpd/ i/license expired/ cpe:/a:kerio:connect/ match smtp m|^220 totemomail SMTP Server ready [\w, :]+ ([+-]\d\d\d\d) \([A-Z]*\)\r\n| p/totemomail Encryption Gateway smtpd/ i/time zone: $1/ match smtp m|^220 ([\w._-]+) ESMTP Service \(IBM Domino Release ([ \w._-]+)\) ready at .* ([-+]\d+)\r\n| p/IBM Domino smtpd/ v/$2/ i/time zone: $3/ h/$1/ cpe:/a:ibm:lotus_domino:$2/ +match smtp m|^220 ([\w._-]+) ESMTP Smtpd; [\w, :]+ ([-+]\d\d\d\d)\r\n| p/FortiMail smtpd/ i/time zone: $2/ h/$1/ cpe:/a:fortinet:fortimail/ +match smtp m|^554-([\w._-]+)\r\n554 Your access to this mail system has been rejected due to the sending MTA's poor reputation\. If you believe that this failure is in error, please contact the intended recipient via alternate means\.\r\n| p/IronPort mail appliance smtpd/ i/access denied/ h/$1/ #(insert smtp) @@ -3048,6 +3066,8 @@ match smtp-proxy m|^421 service temporarily unavailable, closing match smtp-proxy m|^554 No SMTPd here\r\n| p/SonicWALL Email Security smtp proxy/ i/blacklisted/ match smtp-proxy m|^554 5\.7\.1 You are not allowed to connect\.\r\n| p/Symantec Messaging Gateway/ i/blacklisted/ cpe:/a:symantec:messaging_gateway/ match smtp-proxy m|^220 ([\w._-]+) GWAVA Proxy Copyright \(c\) \d\d\d\d GWAVA, Inc\. All rights reserved\. Ready\r\n| p/GWAVA Proxy smtpd/ h/$1/ +match smtp-proxy m|^220 ([\w._-]+) -- E-MailRelay V([\w._-]+) -- Service ready\r\n| p/E-MailRelay smtp proxy/ v/$2/ h/$1/ cpe:/a:graeme_walker:emailrelay:$2/ +match smtp-proxy m|^554 5\.7\.1 Access denied\r\n$| p/Kerio Connect smtp proxy/ i/access denied/ cpe:/a:kerio:connect/ match fw1-topology m|^[QY]\0\0\0$| p/Check Point FireWall-1 Topology/ d/firewall/ cpe:/a:checkpoint:firewall-1/ match fw1-pslogon m|^\0\0\0\x02\0\0\0\x02$| p/Check Point FireWall-1 Policy Server logon/ d/firewall/ cpe:/a:checkpoint:firewall-1/ @@ -3287,8 +3307,9 @@ match ssh m|^SSH-([\d.]+)-SSHTroll| p/SSHTroll ssh honeypot/ i/protocol $1/ match ssh m|^SSH-([\d.]+)-AudioCodes\n| p/AudioCodes MP-124 SIP gateway sshd/ i/protocol $1/ d/VoIP adapter/ cpe:/h:audiocodes:mp-124/ match ssh m|^SSH-([\d.]+)-WRQReflectionForSecureIT_([\w._-]+) Build ([\w._-]+)\r\n| p/WRQ Reflection for Secure IT sshd/ v/$2 build $3/ i/protocol $1/ match ssh m|^SSH-([\d.]+)-Nand([\w._-]+)\r\n| p/Nand sshd/ v/$2/ i/protocol $1/ -match ssh m|^SSH-([\d.]+)-SSHD-CORE-([\w._-]+)-ATLASSIAN([\w._-]*)\r\n| p/Apache Mina sshd/ v/$2-ATLASSIAN$3/ i/Atlassian Stash; protocol $1/ -match ssh m|^SSH-([\d.]+)-GerritCodeReview_([\w._-]+) \(SSHD-CORE-([\w._-]+)\)\r\n| p/Apache Mina sshd/ v/$3/ i/Gerrit Code Review $2; protocol $1/ +match ssh m|^SSH-([\d.]+)-SSHD-CORE-([\w._-]+)-ATLASSIAN([\w._-]*)\r\n| p/Apache Mina sshd/ v/$2-ATLASSIAN$3/ i/Atlassian Stash; protocol $1/ cpe:/a:apache:sshd:$2/ +match ssh m|^SSH-([\d.]+)-GerritCodeReview_([\w._-]+) \(SSHD-CORE-([\w._-]+)\)\r\n| p/Apache Mina sshd/ v/$3/ i/Gerrit Code Review $2; protocol $1/ cpe:/a:apache:sshd:$3/ +match ssh m|^SSH-([\d.]+)-SSHD-CORE-([\w._-]+)\r\n| p/Apache Mina sshd/ v/$2/ i/protocol $1/ cpe:/a:apache:sshd:$2/ match ssh m|^SSH-([\d.]+)-Plan9\r?\n| p/Plan 9 sshd/ i/protocol $1/ o/Plan 9/ cpe:/o:belllabs:plan_9/a match ssh m|^SSH-2\.0-CISCO_WLC\n| p/Cisco WLC sshd/ d/remote management/ match ssh m|^SSH-([\d.]+)-([\w._-]+) sshlib: ([78]\.\d+\.\d+\.\d+)\r\n| p/MoveIT DMZ sshd/ v/$3/ i/sshlib $2; protocol $1/ @@ -3309,6 +3330,8 @@ match ssh m|^SSH-([\d.]+)-ConfD-([\w._-]+)\r\n| p/ConfD sshd/ v/$2/ i/protocol $ match ssh m|^SSH-([\d.]+)-SERVER_([\d.]+)\r\n| p/FoxGate switch sshd/ v/$2/ i/protocol $1/ match ssh m|^SSH-2\.0-Server\r\n| p/AirTight WIPS sensor sshd/ i/protocol 2.0/ match ssh m|^SSH-([\d.]+)-EchoSystem_Server_([\w._-]+)\r\n| p/EchoSystem sshd/ v/$2/ i/protocol $1/ cpe:/a:echo360:echosystem:$2/ +match ssh m|^SSH-([\d.]+)-FileCOPA\r\n| p/FileCOPA sftpd/ i/protocol $1/ o/Windows/ cpe:/a:intervations:filecopa/ cpe:/o:microsoft:windows/a +match ssh m|^SSH-([\d.]+)-PSFTPd\. Secure FTP Server ready\r\n| p/PSFTPd/ i/protocol $1/ o/Windows/ cpe:/a:pleis:psftpd/ cpe:/o:microsoft:windows/a softmatch ssh m|^SSH-([\d.]+)-| i/protocol $1/ @@ -3352,7 +3375,7 @@ match synergy m|^\0\0\0\x0bSynergy\0\x01\0| p/Synergy KVM/ i/plaintext/ match kvm m|^\0\0\0\x0b\0| p/Raritan KVM/ match kvm m|^LFB 1\.0[56]$| p/IBM BladeCenter KVM/ # Encrypted, very general fingerprint must come after more-specific plaintext matches -match synergy m|^\0\0\0\x0b.{11}$| p/Synergy KVM switch/ v/>1.4.11/ i/encrypted/ +match synergy m|^\0\0\0\x0b.{11}$|s p/Synergy KVM switch/ v/>1.4.11/ i/encrypted/ match RemoteMouse m|^SIN 17osx nop nopwd \d+$|s p/Remote Mouse/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match RemoteMouse m|^SIN 17win nop nopwd \d+$|s p/Remote Mouse/ o/Windows/ cpe:/o:microsoft:windows/a @@ -3925,7 +3948,7 @@ match telnet m|^AD6680 Gateway Software\r\n[-\w_]+ \(MAC ([\w:]+)\)\r\n| p/Net match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\r([\d.]+)\r\n\rLinux ([-\w_.]+) on a armv4tl \([\d:]+\)\r\n\r([-\w_.]+) login:| p/AXIS webcam telnetd/ v/$1/ i/Linux $2/ d/webcam/ o/Linux/ h/$3/ cpe:/o:linux:linux_kernel:$2/a match telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\r\nHP ProLiant BL p-Class C-GbE2 Interconnect Switch A\.\r\n| p/HP ProLiant switch telnetd/ d/switch/ match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Netgear DM111 ADSL2\+ Modem \r\nSoftware Version: ([-\w_.]+)\r\nLogin name:| p/Netgear DM111 broadband router telnetd/ v/$1/ d/broadband router/ cpe:/h:netgear:dm111/a -match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\r\nPrecise/RTCS v([\d.]+) Telnet server\r\n\r\0\r\nService Port Manager Active\r\0\r\n Ends Session\r\0\r\n| p/Liebert OpenComms remote management telnetd/ v/$1/ d/remote management/ +match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\r\nPrecise/RTCS v([\d.]+) Telnet server\r\n\r\0\r\nService Port Manager Active\r\0\r\n Ends Session\r\0\r\n| p/Precise RTCS telnetd/ v/$1/ i/Liebert OpenComms remote management/ d/remote management/ o/MQX RTOS/ cpe:/o:precise:mqx:$1/ match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\n\r\n\*+\r\n\* Welcome to Print Server \*\r\n\* +Telnet Console +\*\r\n\*+\r\n\r\nServer Name : ([\w._-]+)\0\0\0\0\0\0\r\nServer Model : 2U1P Print Server\0+\r\nF/W Version : ([\w._-]+).*\r\nMAC Address : ([\w ]+)| p/Xterasys 2U1P print server telnetd/ v/$2/ i/name $1; MAC $3/ d/print server/ match telnet m|^\xff\xfb\x01\xff\xfb\x03\r\nScarlet One\r\nFirmware version: ([-\w_.]+)\r\nScarlet\r\n\r\nPlease login:| p/Scarlet One telnetd/ i/Firmware $1/ d/VoIP adapter/ match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfd\x1f\xff\xfd\x18\r\ntelnet session telnet\d+ on /dev/ptyb\d+(?:\r\n)?\r\n\r\nlogin: | p/Extreme Networks switch telnetd/ d/switch/ @@ -4263,7 +4286,7 @@ match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfb\0\xff\xfd\0Auto-sensing\.\.\.\r match telnet m|^\xff\xfd\x03\xff\xfb\x03\xff\xfd\x01\xff\xfb\x01\r\n\r\r\n\r\n\r\nUser Name:| p/Cisco SG300-28p switch telnetd/ d/switch/ cpe:/h:cisco:sg300-28p/ match telnet m|^\xff\xfb\x01\r\nWelcome to DXLINK-HDMI-RX v([\w._-]+) Copyright AMX LLC \d\d\d\d\r\n\r\n>| p/AMX DXLink HDMI receiver telnetd/ v/$1/ d/media device/ match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03Login: | p/MPR-L8 3G mobile router telnetd/ d/WAP/ -match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\r\nRTCS v([\w._-]+) Telnet server\r\npress Ctrl-L to enable/disable debug output\r\0\r\n\r\0\r\nService Port Manager Active\r\0\r\n Ends Session\r\0\r\n| p/RTCS telnetd/ v/$1/ i/Emerson Network Power Liebert NXC UPS/ cpe:/h:emersonnetworkpower:liebert_nxc/ +match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\r\nRTCS v([\w._-]+) Telnet server\r\npress Ctrl-L to enable/disable debug output\r\0\r\n\r\0\r\nService Port Manager Active\r\0\r\n Ends Session\r\0\r\n| p/Precise RTCS telnetd/ v/$1/ i/Emerson Network Power Liebert NXC UPS/ o/MQX RTOS/ cpe:/h:emersonnetworkpower:liebert_nxc/ cpe:/o:precise:mqx:$1/ match telnet m|^\x1b\[2J\x1b\[36m\x1b\[1mEmbedded Data Systems Telnet Server ([\w._-]+)\x1b\[0m\r\nLogin: | p/Embedded Data Systems Ethernet-to-1-wire telnetd/ v/$1/ d/bridge/ match telnet m|^Welcome to the DS2 command line processor\r\nUsername: | p/Dedicated Micros Digital Sprite 2 DVR telnetd/ d/media device/ match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\n Welcome to Zhone Technologies\r\n Model: ZNID-GPON-([\w._-]+) Router\r\n Release: S([\w._-]+)\r\n\r\nCopyright \(C\) \d+-\d+ by Zhone Technologies\. All Rights Reserved\.\r\nConfidential, Unpublished Property of Zhone Technologies\.\r\nRights Reserved Under the Copyright Laws of the United States\.\r\n\r\nLogin: | p/Zhone zNID GPON $1 router telnetd/ v/$2/ d/router/ cpe:/h:zhone:znid_gpon_$1/ @@ -4316,14 +4339,15 @@ match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\x1fPacketFront termin match telnet m|^\xff\xfc\x01\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfb\x18\xff\xfd\x1f\xff\xfb\x1f\xff\xfb\"\xff\xfb\x05\r\n\r\nOne60L G\.SHDSL PPPoEoA\r\n\r\nUsername:| p/One60L G.SHDSL modem telnetd/ d/broadband router/ match telnet m|^\r\n\(c\) Copyright 20\d\d, Extron Electronics, ([^,]+), V([\d.]+), ([\d-]+)\r\n| p/Extron $1 telnetd/ v/$2/ i/part number $3/ match telnet m=^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\rSTMicroelectronics Base Distribution version ([\d.]+)\r\n\rLinux/sh4 (2\.\d+\.\d+|3\.\d+).*\r\n\r\r\n\rsh-([\d.]+)# = p/STMicroelectronics Base Distribution telnetd/ v/$1/ i/open; sh-$3/ o/Linux $2/ cpe:/o:linux:linux_kernel:$2/a -match telnet m|^\xff\xfc\x01\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfb\x18\xff\xfd\x1f\xff\xfb\x1f\xff\xfb\"\xff\xfb\x05\n\*{17} User Access Login \*{20}\r\n\r\nUser:| p/TP-LINK TL-SG2008 telnetd/ d/switch/ -match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n[ _\r\n\x7c\.',-]+Arago Project http://arago-project\.org VS240HD\r\n\r\r\n\rArago ([\d.]+) VS240HD\r\n\r\r\n\r\r\nVS240HD login: | p/Arago Project telnetd/ v/$1/ i/Synology VS240HD/ d/storage-misc/ +match telnet m|^\xff\xfc\x01\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfb\x18\xff\xfd\x1f\xff\xfb\x1f\xff\xfb\"\xff\xfb\x05\n\*{17} User Access Login \*{20}\r\n\r\nUser:| p/TP-LINK TL-SG2008 telnetd/ d/switch/ cpe:/h:tp-link:tl-sg2008/a +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n[ _\r\n\x7c\.',-]+Arago Project http://arago-project\.org ([\w._ -]+)\r\n\r\r\n\rArago ([\d.]+) [\w._ -]+\r\n\r\r\n\r\r\n[\w._ -]+ login: | p/Arago Project telnetd/ v/$2/ i/device: $1/ cpe:/a:arago-project:arago:$2/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n[ _\r\n\x7c\.',-]+Arago Project http://arago-project\.org ([\w._ -]+)\r\n\r\r\n\rArago ([\d.]+) [\w._ -]+\r\n\r\r\n\r\r\n[\w._ -]+ login: | p/Arago Project telnetd/ v/$2/ i/device: $1/ cpe:/a:arago-project:arago:$2/ match telnet m|^\xff\xfb\x01\xff\xfb\x03Grandstream (GXW\w+) \( Boot:[\d.]+ Loader:[\d.]+ App:([\d.]+) HW: [\w.]+ \) Command Shell\r\nPassword: | p/Grandstream $1 telnetd/ v/$2/ d/VoIP phone/ cpe:/h:grandstream:$1/a match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03\r\nSession code: | p/Get Console Airconsole serial adapter/ d/bridge/ match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03 {19}={22}\r\r\n {20}Welcome to ZXDSL ([\w._-]+)\r\r\n {19}={22}\r\r\n\r\r\nZTE Inc\., Software Release ZXDSL \1V([\w._-]+)\r\r\n\r\r\nLogin: | p/ZTE ZXDSL $1 telnetd/ v/$2/ d/broadband router/ cpe:/h:zte:zxdsl_$1/a match telnet m|^\xff\xfb\x01\xff\xfb\x03\x1b\[2J\x1b\[4;26HUsername: \x1b\[7;1m\[ \]\x1b\[0m\x1b\[5;26HPassword: \[ \*{15} \]\x1b\[23;1H\x1b\[2KEnter text, press or when complete\.\x1b\[14;26HEnter Username: | p/Avaya ERS 5600-series telnetd/ d/switch/ match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfd\x03\xff\xfd\x01Welcome to QualityView Ipcam \r\n\r\nUsername: | p/QualityView IPcam telnetd/ d/webcam/ -match telnet m|^\xff\xfd'| p/Reynolds ERAccess telnetd/ +match telnet m|^\xff\xfd'| p/Netkit telnet-ssl telnetd/ cpe:/a:netkit:telnet-ssl/ match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfd\x03\xff\xfd\x01 Product of HUACAM\r\n \r\n\r\nUsername: | p/Huacam telnetd/ d/webcam/ match telnet m|^\n\nNexia Home Intelligence Bridge Version ([\w._-]+), \d+/\d+/\d+ \(Z-Wave ([\w._-]+)\)\r\n| p/Nexia Home Intelligence Bridge telnetd/ v/$1/ i/Z-Wave $2/ match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01>$| p/Lantronix Evolution OS telnetd/ @@ -4334,6 +4358,21 @@ match telnet m|^\xff\xfb\x05\n\r\nNickname\.\r\n| p/Eggdrop IRC bot DCC/ match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\rNVS\r\n\rLinux (2\.\d+\.\d+)(?:[\w._-]+)? on a armv\w+ \(\d\d:\d\d:\d\d\)\r\n\r([\w._-]+) login: | p/Network Video Streamer telnetd/ i/model: $2/ d/media device/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/ # FireBrick FB2700 match telnet m|^\xff\xfb\x01\xff\xfd\x1f\xff\xfd\x03\xff\xfb\x03\xff\xfd\0\xff\xfb\0\xff\xfd\x18\x1b\[2K\r\0Username: | p/FireBrick telnetd/ d/firewall/ +match telnet m|^\xff\xfb\x01\xff\xfd\x1f\xff\xfb\x03\r\n\x1b\[22m\x1b\[37m\x1b\[25m\x1b\[40m\x1b\[1;1f\x1b\[0J\r\n\r\n\x1b\[22m\x1b\[30m\x1b\[25m\x1b\[43m ={65} \r\n KpyM Telnet/SSH Server - fully functional unregistered version\. \r\n Order registration key at http://www\.kpym\.com/ {19}\r\n The registered version does not display this notice\. {13}\r\n ={65} \r\n\r\n| p|KpyM Telnet/SSH Server telnetd| i/unregistered/ cpe:/a:kpym:kpym_telnet_ssh_server/ +match telnet m|^\xff\xfb\x01\xff\xfb\x03Username : | p/Technicolor TG582n WAP telnetd/ d/WAP/ cpe:/h:technicolor:tg582n/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\nlogin: | p/Swann DVR telnetd/ +match telnet m|^\n\rIP phone -122M : CLI\n\rLogin : | p/Funkwerk IP50 VoIP phone telnetd/ d/VoIP phone/ cpe:/h:funkwerk:ip50/a +match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Modem Digital xDSL DSLink ([\w-]+)\r\nLogin: | p/Opticom DSLink $1 DSL modem telnetd/ d/broadband router/ cpe:/h:opticom:dslink_$1/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\r Welcome to the LTIB Embedded Linux Environment\r\n\r\r\n\r\r\n\rP2020DS login: | p/LTIB Embedded Linux Environment telnetd/ i/P2020 Development System/ o/Linux/ cpe:/a:stuart_hughes:ltib/ cpe:/h:freescale:p2020ds/ cpe:/o:linux:linux_kernel/a +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03Grandstream (\w+) Command Shell Copyright 2006-20\d\d\r\nPassword: | p/Grandstream $1 VoIP phone telnetd/ d/VoIP phone/ cpe:/h:grandstream:$1/a +match telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x03\xff\xfd\x1f\r\nlogin: | p/Patton SmartNode 4638 VoIP adapter telnetd/ d/VoIP adapter/ o/SmartWare/ cpe:/h:patton:sn4638/ cpe:/o:patton:smartware/ +match telnet m|^\xff\xfb\x03\xff\xfd\x03\xff\xfb\x01\r\nPrecise/RTCS v([\w._-]+) Telnet server\r\n\x1b\[0m\x1b\[2J\x1b\[1;1H\x1b\[\?25l\x1b\[0;30;47m\x1b\[0;34;47m\*{80}\r\0\r\n\* {78}\*\r\0\r\n\*{80}\r\0\r\n\* {12}Remote Status {13}\* {12}Remote Control {13}\*\r\0\r\n\*{80}\r\0\r\n\* Exciter #: | p/Precise RTCS telnetd/ v/$1/ i/Harris FlexStar HDx-FM broadcast exciter/ o/MQX RTOS/ cpe:/h:harris:flexstar_hdx-fm/ cpe:/o:precise:mqx:$1/ +match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03(TD-\w+) [\d.]+ DSL Modem Router\r\nLogin: | p/TP-LINK $1 WAP telnetd/ d/WAP/ cpe:/h:tp-link:$1/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n\r\n\r Welcome to Intermec Printer\r\n\r\r\n\r\d+-(\w+)-\w+ login: | p/Intermec $1 printer telnetd/ d/printer/ cpe:/h:intermec:$1/a +match telnet m|^\xff\xfb\x01\xff\xfd\x1f\r\n#-{71}\r\n# SAMSUNG ELECTRONICS CO\., LTD\. Login\r\n#-{71}\r\n\r\n\r\rlogin: | p/Samsung Ubigate router telnetd/ d/router/ +match telnet m|^\r\r\nWarning: Telnet is not a secure protocol, and it is recommended to use Stelnet\.\r\n\r\nLogin authentication\r\n\r\n\r\nUsername:\xff\xfb\x01\xff\xfb\x01\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f| p/Huawei switch telnetd/ d/switch/ +match telnet m|^Welcome to \"([^"]+)\" running WEBSERVER on host \"([\w.-]+)\"| p/WebCTRL diagnostic telnetd/ i/site: $1/ h/$2/ cpe:/a:automatedlogic:webctrl/ +match telnet m|^\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03NetComm ADSL\d*\+? Router\r\nLogin: | p/NetComm ADSL router telnetd/ d/broadband router/ #(insert telnet) @@ -4342,7 +4381,7 @@ match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\nPassword: match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03Login: | p/Pirelli VDSL router telnetd/ d/broadband router/ match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\nusername:| p/TP-LINK ADSL2+ router telnetd/ d/WAP/ # This one also matches Netgear CG3000-25TAUS -match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n\(none\) login: | p/Q-SEE DVR telnetd/ +match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfb\x01\xff\xfb\x03\r\r\n\(none\) login: | p/security DVR telnetd/ i/many brands/ match telnet-proxy m|^nodnsquery/[\d.]+ is not authorized to use the telnet proxy\r\n| p/Gauntlet telnet proxy/ match telnet-proxy m|^Eingabe Servername\[:Port\] : | p/JanaServer telnet proxy/ i/German/ @@ -4434,6 +4473,7 @@ match vnc m|^RFB 103\.006\n| p/Microsoft Virtual Server remote control/ o/Window match vnc m|^ISD 001\.000\n$| p/iTALC/ match vnc m|^.{27}\x16\x20\xe4\xb0\x95\x63\x29\x78\xdb\x6e\x35\x92$|s p/Ultr@VNC/ cpe:/a:ultravnc:ultravnc/ match vnc m|^RFB 240\.6\n\0\x02$| p/BRemote VNC/ +match vnc m|^RFB 009\.123\n| p/ATEN KVM-over-IP VNC/ d/remote management/ softmatch vnc m|RFB \d\d(\d)\.\d\d\d\n| i/protocol $1/ @@ -4446,6 +4486,9 @@ match vtun m|^VTUN server ver \(.*\) (\d[-.\w /]+)\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0 match vhcs m|^250 OK moleSoftware VHCS2 Server Welcomes You !\r\n| p/moleSoftware virtual hosting control system/ o/Linux/ cpe:/o:linux:linux_kernel/a +# "rel20" +match warcraft m|^\0\x30WORLD OF WARCRAFT CONNECTION - SERVER TO CLIENT\0\0'BE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0.....| p/MaNGOS worldserver/ cpe:/a:getmangos:mangos/ + match weather m|^TrueWeather\r\n\r\n>| p/TrueWeather Desktop Weather Authority server/ # http://www.3w.net/lan/faq.html match websense-eim m|^\x96\xfeS\xab$| p/Websense EIM/ @@ -4608,8 +4651,9 @@ match xml-print m|^.\x2f\0\0\0(Lexmark \w+)\0|s p/$1 printer XML printing/ d/pri # http://www.brainz.co.kr/product/infra_05.php match zenius-sms m|^Zenius SMS Agent V([\w. ]+) \(zagent-\w+-sparc\) 1400\r\n\0\0\0\0\0\0\0\0\0\0| p/Brainz Zenius Server Management System Agent/ v/$1/ i/SPARC/ -match zeo m|^\0\0\0\x04Z(\d)0(\d)$| p/Zope Enterprise Objects service/ i/ZODB $1.$2/ cpe:/a:zope:zope:$1.$2/ -match zeo m|^\0\0\0\x04Z(\d)([1-9]\d)$| p/Zope Enterprise Objects service/ i/ZODB $1.$2/ cpe:/a:zope:zope:$1.$2/ +match zeo m|^\0\0\0\x04Z(\d)0(\d)$| p/Zope Enterprise Objects service/ i/ZODB $1.$2/ cpe:/a:zope:zope:$1.$2/ cpe:/a:zope:zope_enterprise_objects/ +match zeo m|^\0\0\0\x04Z(\d)([1-9]\d)$| p/Zope Enterprise Objects service/ i/ZODB $1.$2/ cpe:/a:zope:zope:$1.$2/ cpe:/a:zope:zope_enterprise_objects/ +match zeo-monitor m|^ZEO monitor server version ([\w._-]+)\n.*\n\nStorage: \d+\nServer started: ([\w: ]+)\n| p/Zope Enterprise Objects monitor server/ v/$1/ i/server started: $2/ cpe:/a:zope:zope_enterprise_objects:$1/ # https://publib.boulder.ibm.com/infocenter/zos/v1r12/index.jsp?topic=%2Fcom.ibm.zos.r12.halc001%2Fmccic.htm match zos-commserver m|^EZY1315E \d\d/\d\d/\d\d \d\d:\d\d:\d\d INVALID TRANID=\r\n\r\n PARTNER INET ADDR=[\d.]+ PORT= \d+ | p|IBM z/OS Communications Server| @@ -4630,6 +4674,9 @@ match minebuilder m|^\0\0\0\x1a\x01$| p/Minebuilder game server/ match landesk-rc m|^.{264}$|s p/LANDesk remote management/ cpe:/a:landesk:landesk_management_suite/ softmatch telnet m=^(?:\xff(?:[\xfb-\xfe].|\xf0|\xfa..))+[\0-\x7f]= +# Null probe hack; these seem to come in response to random probes +softmatch kerberos-sec m|^\0\0\0[\x40-\x90]~[\x3e-\x8e]\x30[\x3c-\x8c]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z|s i/server time: $1-$2-$3 $4:$5:$6Z/ + ##############################NEXT PROBE############################## Probe TCP GenericLines q|\r\n\r\n| @@ -5004,7 +5051,7 @@ match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nContent-Type: t match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Piolink Switch\r\n| p/Piolink ADC/ match http m|^HTTP/1\.1 501\r\nX-AV-Server-Info: av=\"5\.:0\"; cn=\"Sony Corporation\"; mn=\"([^"]+)\"; mv=\"([^"]+)\"\r\nX-AV-Physical-Unit-Info: pa=\"\1\"\r\nConnection: close\r\n| p/Sony $1 AV reciever http info/ v/$2/ d/media device/ cpe:/h:sony:$1:$2/ match http m|^HTTP/1\.1 200 OK\nContent-Type: text/html; charset=UTF-8\nContent-Length: \d+\n\n\n\r\n \r\n \r\n \r\n \r\n\r\n| p/Adobe cross-domain policy/ i/Snom 870 VoIP phone; domain: $1; ports: $2/ d/VoIP phone/ cpe:/h:snom:870/ @@ -5964,12 +6012,12 @@ match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*\s*([\w. match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*<title>\s*(?:HP )?(?:\w+\s+)?ProCurve ([\w._-]+) Switch|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $2 http config/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$2/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: eHTTP v([\w._-]+)\r\n.*WWW-Authenticate: Basic realm=\"HP ([-.\w]+)\"\r\n\r\n|s p/eHTTP/ v/$1/ i/HP $2 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:$2/a cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: eHTTP v([\w._-]+)\r\n.*WWW-Authenticate: Basic realm=\"ProCurve (J\w+)\"\r\n\r\n|s p/eHTTP/ v/$1/ i/HP ProCurve Switch $2 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_$2/ cpe:/o:hp:procurve_switch_software/ -match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 115\r\nCache-Control: no-cache\r\nSet-Cookie: sessionId =[\w=]+;postId=\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Refresh\"\r\ncontent=\"1;url=html/login\.html\">\r\n</head>\r\n\r\n<body>\r\n</body>\r\n</html>\r\n$| p/eHTTP/ v/$1/ i/HP 5406zl switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:5406zl/ -match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 115\r\nCache-Control: no-cache\r\nSet-Cookie: sessionId =[\w=]+;postId=; path=/;\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Refresh\"\r\ncontent=\"1;url=html/login\.html\">\r\n</head>\r\n\r\n<body>\r\n</body>\r\n</html>\r\n$| p/eHTTP/ v/$1/ i/HP 5406zl switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:5406zl/ # HP ProCurve 1810G - 24 GE, P.2.2, eCos-2.0, CFE-2.1 match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\r\n <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.0 Transitional//EN\">\n<HTML>\n<HEAD>\n <TITLE>Login| p/HP ProCurve Switch 1810G http config/ d/switch/ cpe:/h:hp:procurve_switch_1810g/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*HP Virtual Stack\n\n|s p/eHTTP/ v/$1/ i/HP ProCurve Switch 2626 http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:procurve_switch_2626/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 115\r\nCache-Control: no-cache\r\nSet-Cookie: sessionId =;path=/; postId=[^;]+; \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n| p/eHTTP/ v/$1/ i/HP 2530 switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ cpe:/h:hp:2530/ +# 5406zl, 2920-POE+ +match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\n.*Set-Cookie: sessionId =\w|s p/eHTTP/ v/$1/ i/HP switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/ match http m|^HTTP/1\.[01] \d\d\d .*Server: Sun-ONE-Application-Server/([\w._-]+)\r\n|s p/Sun ONE Application Server/ v/$1/ cpe:/a:sun:one_application_server:$1/ @@ -6725,7 +6773,7 @@ match http m|^HTTP/1\.0 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"HP ISEE @| match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Simple java\r\n.*hp OpenView storage area manager - GUI download|s p/Simple java httpd/ i/HP OpenView Storage Area Manager http config/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Micro-Web\r\nContent-type: text/html\r\n\r\n\r\n\r\n HP StorageWorks MSL Tape Library Management Console \n| p/Micro-Web/ i/HP StorageWorks MSL Tape Library http config/ d/storage-misc/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: RapidLogic/([\d.]+)\r\n.*\n\nSwitch Explorer\n|s p/RapidLogic httpd/ v/$1/ i/Fabric switch http config/ d/switch/ cpe:/a:rapidlogic:httpd:$1/ -match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Mono-XSP Server/([\d.]+) Unix\r\n| p/Mono-XSP .NET httpd/ v/$1/ o/Unix/ +match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Mono-XSP Server/([\d.]+) Unix\r\n| p/Mono-XSP .NET httpd/ v/$1/ o/Unix/ cpe:/a:mono:xsp:$1/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n| p/Karrigell Python httpd/ i/SimpleHTTP $1; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Cougar ([\d.]+)\r\n|s p/VideoLAN Server streaming media/ i/Cougar $1/ match http m|^HTTP/1\.0 404 Not found\r\n.*Error 404.*VideoLAN|s p/VideoLAN Server streaming media/ @@ -7242,15 +7290,16 @@ match http m|^HTTP/1\.[01] \d\d\d .*Powered By IVM Answering Attendant| p/IVM Answering Attendant httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.0 302 Found\r\nContent-Length: 0\r\nConnection: Close\r\nContent-Type: text/html\r\nLocation: /search\?site=[-\w_.]+&client=[-\w_.]+&| p/GoogleMini Search Appliance httpd/ @@ -7392,14 +7441,15 @@ match http m|^HTTP/1\.0 302 FOUND\r\nServer: PasteWSGIServer/([-\w_.]+) Python/( match http m|^HTTP/1\.0 200 OK\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\n.*Welcome to Pylons!|s p/PasteWSGIServer/ v/$1/ i/Pylons web framework; Python $2/ cpe:/a:python:python:$2/ match http m|^HTTP/1\.0 200 OK\r\nServer: PasteWSGIServer/([-\w_.]+) Python/([-\w_.]+)\r\n.*
|s p/PasteWSGIServer/ v/$1/ i/Bazaar loggerhead httpd; Python $2/ cpe:/a:python:python:$2/ -match http m|^HTTP/1\.1 200 OK\r\n.*Server: NessusWWW\r\n.*Content-Length: 5955\r\n.*ETag: \"e6f27b4d0bc325a6ddf5125b5f86e585\"\r\n.*\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\r\n\r\n\r\n\r\n\r\nSELECTserver: License Manager\r\n|s p/SELECTserver license manager httpd/ match http m|^HTTP/1\.0 200 Document follows\r\nDate: .*\r\nServer: WebminServer\r\n| p/WebminServer httpd/ -match http m|^HTTP/1\.1 200 OK.*\* Zimbra Collaboration Suite Web Client\n|s p/Zimbra http config/ -match http m|^HTTP/1\.1 302 Found\r\n.*\r\nLocation: https://[\d.:]+/zimbraAdmin\r\n|s p/Zimbra admin http config/ +match http m|^HTTP/1\.1 200 OK.*\* Zimbra Collaboration Suite Web Client\n|s p/Zimbra http config/ cpe:/a:zimbra:zimbra_collaboration_suite/ +match http m|^HTTP/1\.1 302 Found\r\n.*\r\nLocation: https://[\d.:]+/zimbraAdmin\r\n|s p/Zimbra admin http config/ cpe:/a:zimbra:zimbra_collaboration_suite/ match http m|^HTTP/1\.1 \d\d\d .*\r\nWWW-Authenticate: Basic realm=\"CANOPY ([-\w]+)\"\r\n|s p/Motorola Canopy WAP http config/ i/MAC $1/ d/WAP/ match http m|^HTTP/1\.0 200 Document follows\nMIME-Version: 1\.0\nServer: Java Cell Server\n.*dCache service|s p/dCache httpd/ i/Distributed Storage Node/ d/storage-misc/ match http m|^HTTP/1\.0 200 OK\r\nDate:.*\r\nServer: HighPoint Raidman WebServer/([-.\w\d]+)\r\nAccept-Ranges: bytes\r\n| p/HighPoint Raidman web config http/ v/$1/ d/storage-misc/ @@ -7707,9 +7757,8 @@ match http m|^HTTP/1\.0 200 .*BPA430 Web Configuration Pages\r\n|s p/ADH-Web httpd/ i/Dedicated Micros Digital Sprite 2 DVR http config/ d/media device/ match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"FR114W\"\r\nContent-type: text/html\r\n\r\n401 Unauthorized| p/NetGear FR114W WAP http config/ d/WAP/ match http m|^HTTP/1\.0 200 .*\r\nServer: Mbedthis-Appweb/([\w._-]+)\r\n.*Openstage IP Phone User.*\r\n\r\nVMware Server 2|s p/VMware Server http config/ v/2/ cpe:/a:vmware:server:2/ @@ -8004,8 +8053,8 @@ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\n\n\n\nNetwork Camera Viewer|s p/iCanWebServer/ v/$1/ d/webcam/ -match http m|^HTTP/1\.1 302 Found\r\n.*Location: https://([\w._-]+):(\d+)/zimbra/\r\n|s p/Zimbra http config/ i/redirect to https on port $2/ h/$1/ -match http m|^HTTP/1\.1 302 Found\r\nExpires: .*\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nContent-Language: en-US\r\nLocation: https://([\w._-]+)/zimbra/\?zinitmode=http\r\nContent-Length: 0\r\n\r\n$| p/Zimbra http config/ i/redirect to https/ h/$1/ +match http m|^HTTP/1\.1 302 Found\r\n.*Location: https://([\w._-]+):(\d+)/zimbra/\r\n|s p/Zimbra http config/ i/redirect to https on port $2/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ +match http m|^HTTP/1\.1 302 Found\r\nExpires: .*\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nContent-Language: en-US\r\nLocation: https://([\w._-]+)/zimbra/\?zinitmode=http\r\nContent-Length: 0\r\n\r\n$| p/Zimbra http config/ i/redirect to https/ h/$1/ cpe:/a:zimbra:zimbra_collaboration_suite/ match http m|^HTTP/1\.0 400 String index out of range: -1\r\nContent-Type: text/html\r\n\r\n$| p/Bluecat Networks Proteus IPAM or Enterasys Dragon IDS http config/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 302 Found\r\ncontent-type: text/html;charset=utf8\r\ncache-control: no-cache\r\ncontent-length: 0\r\nlast-modified: .*\r\ndate: .*\r\nconnection: close\r\nlocation: /login\?continue=%2f\r\n\r\n$| p/Alterator remote management httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 403 Forbidden\r\n.*\r\nServer: Alfred/([\d.]+)\r\n|s p/Alfred RenderMan control httpd/ v/$1/ @@ -8026,7 +8075,7 @@ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ZNC - http://znc\.sourceforge\.net\ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: ZNC - http://znc\.in\r\n|s p/ZNC IRC bouncer http config/ v/0.097 or later/ match http m|^HTTP/1\.0 403 Access Denied\r\n\r\nWeb Access is not enabled\.\r\n$| p/ZNC IRC bouncer http config/ i/not enabled/ match http m|^HTTP/1\.0 404 \r\nDate: .*\r\nServer: XMLD HTTPServer/([\d.]+)\r\n\r\n$| p/XMLD HTTPServer/ v/$1/ i/Citrix XML Service/ -match http m|^HTTP/1\.0 200 OK\r\n.*Server: Mono\.WebServer2/([\w._-]+) Unix\r\nX-AspNet-Version: ([\d.]+)\r\n|s p/Mono.WebServer2/ v/$1/ i/MonoDoc httpd; ASP.NET $2/ o/Unix/ cpe:/a:microsoft:asp.net:$2/ +match http m|^HTTP/1\.0 200 OK\r\n.*Server: Mono\.WebServer2/([\w._-]+) Unix\r\nX-AspNet-Version: ([\d.]+)\r\n|s p/Mono.WebServer2/ v/$1/ i/MonoDoc httpd; ASP.NET $2/ o/Unix/ cpe:/a:mono:xsp:$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\n.*WWW-Authenticate: Basic realm=\"Cayman-([\w]+)\"\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n| p/Allegro RomPager/ v/$2/ i/Cayman $1 DSL router/ d/broadband router/ cpe:/a:allegro:rompager:$2/ match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 26 Oct 1995 00:00:00 GMT\r\n.*Server: Allegro-Software-RomPager/([\w._-]+)\r\n.*
\*{60}
\* WARNING ALERT: AUTHORIZED USERS ONLY! +\*
\* +\*
\* All activities conducted on this system may be monitored \*
|s p/Allegro RomPager/ v/$1/ i/NetIron XMR 4000 router http config/ d/router/ cpe:/a:allegro:rompager:$1/
 match http m|^HTTP/1\.0 401 Unauthorized\r\n.*Server: 2NAS_LIGHT\r\n|s p/2NAS_LIGHT/
@@ -8108,7 +8157,7 @@ match http m|^\n501 Method Not Implemented\n\n500 Internal server error\n\n
500 Internal server error
\n
\n
M3 Business Engine ServerView
\n\n$| p/M3 Business Engine ServerView httpd/ v/$1/
 match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError accessing ''\r\n$| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/
 # TODO: hunt down line number/version number correlations
@@ -8143,7 +8192,6 @@ match http m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Le
 match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\n\r\n$| p/IDentifier NameTracer Pro httpd/
 match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 155\r\nConnection: close\r\n.*<FortiClient Download Portal|s p/FortiClient firewall http config/ d/firewall/
 match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n \n\n [\w._-]+  \n\n\n\n| p/Fortinet SSL VPN/ d/security-misc/
+# Netasq/Stormshield
+match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /auth/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Stormshield firewall admin httpd/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
+# Despite the 1.4 server header, this can be anything from 1.4 to 2.0:
+match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"\d\d\d\d-\d+\"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Sun-Java-System/Web-Services-Pack-1\.4\r\nConnection: close\r\n\r\n\n\nJava Web Services Developer Pack ([\d.]+)| p/Java Web Services Developer Pack/ v/$1/ cpe:/a:sun:jwsdp:$1/
+match http m|^HTTP/1\.0 301 Moved Permanently\r\nHTTP/1\.0 400 Bad Request\r\n| p/Huawei S5700-series switch httpd/ d/switch/
+match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: switch\r\nDate: [a-z,0-9: ]+ GMT\r\nContent-Length: \d\d?\r\nConnection: Close\r\n\r\n| p/Huawei S5700-series switch httpd/ d/switch/
+match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(TV-IP\w+)\"\r\n\r\n| p/alphapd httpd/ i/TrendNet $1 IP camera/ d/webcam/ cpe:/h:trendnet:$1/
+match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n\r\n| p/alphapd httpd/ i/D-Link $1 IP camera/ d/webcam/ cpe:/h:d-link:$1/
+match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n   | p/ATEN CN8000 KVM http admin/ cpe:/h:aten:cn8000/
+match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\n\n\n  \n