diff --git a/CHANGELOG b/CHANGELOG index 19676a96d..573ef2e1b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added ike-version and a new ike library by Jesper Kückelhahn. Thanks + also go to Roy Hills, who allowed the use of the signature database from + the ike-scan tool. + o [NSE] Fixed various NSEDoc bugs found by David Matousek. o [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and diff --git a/nselib/data/ike-fingerprints.lua b/nselib/data/ike-fingerprints.lua new file mode 100644 index 000000000..24400a3e9 --- /dev/null +++ b/nselib/data/ike-fingerprints.lua @@ -0,0 +1,2464 @@ +local table = require 'table' + +--[[ + This is compiled list of known IKE vendor IDs. + + Most of the VIDs have been copied from ike-scan with permission from + the original author, Roy Hills, so a big 'thank you' is in order. + -- http://www.nta-monitor.com/wiki/index.php/Ike-scan_Documentation + + Unknown ids: + ab926d9ee113a0219557fcc54e52865c (Citrix NetScaler ?) + 5062b335bc20db32c0d54465a2f70100 (fortigate ?) + 4f4540454371496d7a684644 (linksys ?) + 9436e8d67174ef9aed068d5ad5213f187a3f8ba6000000160000061e (Netscreen 5XP running ScreenOS 4.0.r3) + +]] + +author = "Jesper Kueckelhahn" +license = "Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified" + + +fingerprints = {}; + +-------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- +-- Vendor ID Fingerprints +-------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- + + + +-------------------------------------------------------------------------------- +-- Avaya +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Avaya', + version = nil, + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^4485152d18b6bbcc0be8a8469579ddcc' +}); + + + +-------------------------------------------------------------------------------- +-- Checkpoint +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = '4.1 Base', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f00000001000000020000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = '4.1 SP1', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f00000001000000030000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = '4.1 SP2-SP6', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f0000000100000fa20000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NG Base', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f00000001000013880000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NG FP1', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f00000001000013890000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NG FP2', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138a0000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NG FP3', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138b0000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NG AI R54', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138c0000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NG AI R55', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d0000000000000000........' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = 'NGX', + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d........00000000........' +}); + +-- Catch all Checkpoint +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Checkpoint VPN-1 / Firewall-1', + version = nil, + ostype = nil, + devicetype = 'VPN', + cpe = nil, + fingerprint = '^f4ed19e0c114eb516faaac0ee37daf2807b4381f' +}); + + + +-------------------------------------------------------------------------------- +-- Cisco +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Cisco VPN Concentrator 3000', + version = '3.0.0', + ostype = 'pSOS+', + devicetype = 'VPN', + cpe = 'cpe:/h:cisco:concentrator', + fingerprint = '^1f07f70eaa6514d3b0fa96542a500300' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Cisco VPN Concentrator 3000', + version = '3.0.1', + ostype = 'pSOS+', + devicetype = 'VPN', + cpe = 'cpe:/h:cisco:concentrator', + fingerprint = '^1f07f70eaa6514d3b0fa96542a500301' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Cisco VPN Concentrator 3000', + version = '3.0.5', + ostype = 'pSOS+', + devicetype = 'VPN', + cpe = 'cpe:/h:cisco:concentrator', + fingerprint = '^1f07f70eaa6514d3b0fa96542a500305' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Cisco VPN Concentrator 3000', + version = '4.0.7', + ostype = 'pSOS+', + devicetype = 'VPN', + cpe = 'cpe:/h:cisco:concentrator', + fingerprint = '^1f07f70eaa6514d3b0fa96542a500407' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Cisco VPN Concentrator 3000', + version = nil, + ostype = 'pSOS+', + devicetype = 'VPN', + cpe = 'cpe:/h:cisco:concentrator', + fingerprint = '^1f07f70eaa6514d3b0fa96542a......' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Cisco', + version = nil, + ostype = 'IOS', + devicetype = 'VPN', + cpe = 'cpe:/h:cisco', + fingerprint = '^3e984048' +}); + + + +-------------------------------------------------------------------------------- +-- Fortinet +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Fortinet FortiGate', + version = nil, + ostype = nil, + devicetype = 'Network Security Appliance', + cpe = 'cpe:/h:fortinet:fortigate', + fingerprint = '^1d6e178f6c2c0be284985465450fe9d4' +}); + + + +-------------------------------------------------------------------------------- +-- FreeS/WAN +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.00', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.00', + fingerprint = '^4f45486b7d44784d42676b5d' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.01', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.01', + fingerprint = '^4f457c4f547e6e615b426e56' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.02', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.02', + fingerprint = '^4f456c6b44696d7f6b4c4e60' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.03', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.03', + fingerprint = '^4f45566671474962734e6264' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.04', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.04', + fingerprint = '^4f45704f736579505c6e5f6d' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.05', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.05', + fingerprint = '^4f457271785f4c7e496f4d54' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Linux FreeS/WAN', + version = '2.06', + ostype = 'Linux', + devicetype = nil, + cpe = 'cpe:/a::freeswan:2.06', + fingerprint = '^4f457e4c466e5d427c5c6b52' +}); + + + +-------------------------------------------------------------------------------- +-- Juniper +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = 'SSG-550M', + ostype = 'NetScreen OS 6.20', + devicetype = 'Firewall/VPN', + cpe = 'cpe:/h:juniper:ssg-550m:6.20', + fingerprint = '^2c9d7e81995b9967d23f571ac641f9348122f1cc1200000014060000' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper NetScreen', + version = 'NS-5GT', + ostype = 'NetScreen OS', + devicetype = 'Firewall/VPN', + cpe = 'cpe:/h:juniper:ns-5gt', + fingerprint = '^166f932d55eb64d8e4df4fd37e2313f0d0fd8451' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = 'NS-5GT', + ostype = 'NetScreen OS', + devicetype = 'Firewall/VPN', + cpe = 'cpe:/h:juniper:ns-5gt', + fingerprint = '^4a4340b543e02b84c88a8b96a8af9ebe77d9accc' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = 'NS-5XP', + ostype = 'NetScreen OS', + devicetype = 'Firewall/VPN', + cpe = 'cpe:/h:juniper:ns-5xp', + fingerprint = '^299ee8289f40a8973bc78687e2e7226b532c3b76' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = 'NS-5XP', + ostype = 'NetScreen OS', + devicetype = 'Firewall/VPN', + cpe = 'cpe:/h:juniper:ns-5xp', + fingerprint = '^64405f46f03b7660a23be116a1975058e69e8387' +}); + + +-- 9436e8d67174ef9aed068d5ad5213f187a3f8ba6000000160000061e (Netscreen 5XP running ScreenOS 4.0.r3) ? +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = 'NS-5XP', + ostype = 'NetScreen OS', + devicetype = 'Firewall/VPN', + cpe = 'cpe:/h:juniper:ns-5xp', + fingerprint = '^9436e8d67174ef9aed068d5ad5213f187a3f8ba6' +}); + + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^3a15e1f3cf2a63582e3ac82d1c64cbe3b6d779e7' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^47d2b126bfcd83489760e2cf8c5d4d5a03497c15' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^699369228741c6d4ca094c93e242c9de19e7b7c6' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^8c0dc6cf62a0ef1b5c6eabd1b67ba69866adf16a' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^92d27a9ecb31d99246986d3453d0c3d57a222a61' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^9b096d9ac3275a7d6fe8b91c583111b09efed1a0' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^bf03746108d746c904f1f3547de24f78479fed12' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^c2e80500f4cc5fbf5daaeed3bb59abaeee56c652' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^c8660a62b03b1b6130bf781608d32a6a8d0fb89f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^f885da40b1e7a9abd17655ec5bbec0f21f0ed52e' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^2a2bcac19b8e91b426107807e02e7249569d6fd3' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^a35bfd05ca1ac0b3d2f24e9e82bfcbff9c9e52b5' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Juniper', + version = nil, + ostype = 'NetScreen OS', + devicetype = nil, + cpe = nil, + fingerprint = '^4865617274426561745f4e6f74696679386b0100' -- (HeartBeat_Notify + 386b0100) +}); + + +-------------------------------------------------------------------------------- +-- KAME/racoon/IPSec Tools (for linux/BSD) +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'KAME/racoon/IPsec Tools', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^7003cbc1097dbe9c2600ba6983bc8b35' +}); + + + +-------------------------------------------------------------------------------- +-- Mac OS X +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Apple ', + version = nil, + ostype = 'Mac OS X', + devicetype = nil, + cpe = 'cpe:/a:apple:macosx', + fingerprint = '^4d6163204f53582031302e78' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Apple ', + version = nil, + ostype = 'Mac OS X', + devicetype = nil, + cpe = 'cpe:/a:apple:macosx', + fingerprint = '^4df37928e9fc4fd1b3262170d515c662' +}); + + + +-------------------------------------------------------------------------------- +-- Microsoft +-- http://msdn.microsoft.com/en-us/library/cc233476.aspx +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows 2000', + ostype = 'Windows 2000', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:2000', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000002' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows XP', + ostype = 'Windows XP', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:XP', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000003' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows Server 2003', + ostype = 'Windows Server 2003', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:server2003', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000004' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows Vista', + ostype = 'Windows Vista', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:vista', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000005' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows Server 2008', + ostype = 'Windows Server 2008', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:server2008', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000006' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows 7', + ostype = 'Windows 7', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:7', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000007' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows Server 2008 R2', + ostype = 'Windows Server 2008 R2', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:server2008r2', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000008' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows 8', + ostype = 'Windows 8', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:8', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000009' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows Server 2012', + ostype = 'Windows Server 2012', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows:server2012', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46100000010' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Microsoft', + version = 'Windows', + ostype = 'Windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e46.........' +}); + + + +-------------------------------------------------------------------------------- +-- Nortel Contivity / Nortel VPN router +-- The last byte might be a version ? +-- From ike-scan: +--- 00000004, 00000005, 00000007, 00000009, 0000000a +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Nortel', + version = 'Contivity / VPN router', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^424e4553000000..' +}); + + + +-------------------------------------------------------------------------------- +-- OpenPGP +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'OpenPGP', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4f70656e504750' +}); + + + +-------------------------------------------------------------------------------- +-- Openswan +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Openswan', + version = '2.2.0', + ostype = 'Linux 2.x', + devicetype = nil, + cpe = 'cpe:/o:linux:kernel:2.x', + fingerprint = '^4f4548724b6e5e68557c604f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Openswan', + version = '2.3.0', + ostype = 'Linux 2.x', + devicetype = nil, + cpe = 'cpe:/o:linux:kernel:2.x', + fingerprint = '^4f4572696f5c77557f746249' +}); + + + +-------------------------------------------------------------------------------- +-- SafeNet +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SafeNet', + version = '8.0.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^47bbe7c993f1fc13b4e6d0db565c68e5010201010201010310382e302e3020284275696c6420313029000000' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SafeNet Remote', + version = '9.0.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^47bbe7c993f1fc13b4e6d0db565c68e5010201010201010310392e302e3120284275696c6420313229000000' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SafeNet Remote', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^47bbe7c993f1fc13b4e6d0db565c68e5' +}); + + + +-------------------------------------------------------------------------------- +-- SonicWall +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SonicWall', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5b362bc820f60001' -- SonicWall 3060 ? +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SonicWall', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5b362bc820f60003' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SonicWall', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5b362bc820f60006' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SonicWall', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5b362bc820f60007' -- (Maybe NSA?, SonicOS Enhanced 4.2?) +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SonicWall', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^404bf439522ca3f6' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SonicWall', + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^da8e937880010000' -- (Maybe TZ 170) +}); + + + +-------------------------------------------------------------------------------- +-- SSH IPSec Express +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 1.1.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^fbf47614984031fa8e3bb6198089b223' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 1.1.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^1952dc91ac20f646fb01cf42a33aee30' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 1.1.2', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^e8bffa643e5c8f2cd10fda7370b6ebe5' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 1.2.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^c1111b2dee8cbc3d620573ec57aab9cb' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 2.0.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^7f21a596e4e318f0b2f4944c2384cb84' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 2.1.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^2836d1fd2807bc9e5ae30786320451ec' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 2.1.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^a68de756a9c5229bae66498040951ad5' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 2.1.2', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^3f2372867e237c1cd8250a75559cae20' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 3.0.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^0e58d5774df602007d0b02443660f7eb' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 3.0.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^f5ce31ebc210f44350cf71265b57380f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 4.0.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^f64260af2e2742daddd56987068a99a0' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 4.0.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^7a54d3bdb3b1e6d923892064be2d981c' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 4.1.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^9aa1f3b43472a45d5f506aeb260cf214' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 4.1.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^89f7b760d86b012acf263382394d962f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 4.2.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^6880c7d026099114e486c55430e7abee' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 5.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^b037a21aceccb5570f602546f97bde8c' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 5.0.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^2b2dad97c4d140930053287f996850b0' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 5.1.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^45e17f3abe93944cb202910c59ef806b' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'IPSec Express 5.1.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5925859f7377ed7816d2fb81c01fa551' +}); + + +-------------------------------------------------------------------------------- +-- SSH QuickSec +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'QuickSec 0.9.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^37eba0c4136184e7daf8562a77060b4a' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'QuickSec 1.1.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5d72925e55948a9661a7fc48fdec7ff9' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'QuickSec 1.1.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^777fbf4c5af6d1cdd4b895a05bf82594' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'QuickSec 1.1.2', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^2cdf08e712ede8a5978761267cd19b91' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'QuickSec 1.1.3', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^59e454a8c2cf02a34959121f1890bc87' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'QuickSec 2.1.0', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^8f9cc94e01248ecdf147594c284b213b' +}); + + + +-------------------------------------------------------------------------------- +-- SSH Sentinel +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'Sentinel', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^054182a07c7ae206f9d2cf9d2432c482' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'Sentinel 1.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^b91623e693ca18a54c6a2778552305e8' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'Sentinel 1.2', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^5430888de01a31a6fa8f60224e449958' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'Sentinel 1.3', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^7ee5cb85f71ce259c94a5c731ee4e752' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'Sentinel 1.4', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^63d9a1a7009491b5a0a6fdeb2a8284f0' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'SSH Communications Security', + version = 'Sentinel 1.4.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^eb4b0d96276b4e220ad16221a7b2a5e6' +}); + + + +-------------------------------------------------------------------------------- +-- Stonegate +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'StoneSoft', + version = 'StoneGate', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^c573b056d7faca36c2fba28374127cbf' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'StoneSoft', + version = 'StoneGate', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^baeb239037e17787d730eed9d95d48aa' +}); + + + +-------------------------------------------------------------------------------- +-- strongSwan +-- http://www.strongswan.org/ +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.3.6', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^882fe56d6fd20dbc2251613b2ebe5beb' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.2.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^2d1f406118fbd5d28474791ffa00488a' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.2.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^2a517d0d23c37d08bce7c292a0217b39' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.2.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^bab253f4cb10a8108a7c927c56c87886' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.2.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^9f68901325a972894335302a9531ab9f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.11', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^b7bd9f2f978e3259a7aa9f7a1396ad6c' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.10', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^bf3a89ae5bef8e72d44dac8bb88d7d5f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.9', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^78fdd287def01a3f074b5369eab4fd1c' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.8', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^66a2045507c119da78a4666259cdea48' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.7', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^ea840aa4dfc9712d6c32b5a16eb329a3' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.6', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^d19683368af4b0edc21ccde982b1d1b0' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.5', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^bf0fbf7306ebb7827042d893539886e2' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.4', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^312f9cb1a6b90e19de7528c904ac3087' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^5849ab6d8beabd6e4d09e5a3b88c089a' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^15a1ace7ee52fddfef04f928db2dd134' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^d3f1c488c368175d5f40a8f5ca5f5e12' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.1.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^4794cef6843422980d1a3d06af41c5cd' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.7', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^ab0746221cc8fd0d5238f73a9b3da557' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.6', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^4c90136946577b51919d8d9a6b8e4a9f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.5', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^dd180d21e5ce655a768ba32211dd8ad9' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.4', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^1ef283f83549b5ff9608b6d634f84d75' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^b181b18e114fc209b3c6e26c3a80718e' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^77e8eea6f556a499de3ffe7f7f95661c' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^9dbbafcf1db0dd595ae065294003ad3e' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '4.0.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^2ce9c946a4c879bf11b50b76cc5692cb' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.8', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^8c4a3bcb729b11f703d22a5b39640ca8' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.7', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^3a0d4e7ca4e492ed4dfe476d1ac6018b' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.6', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^fe3f49706e26a9fb36a87bfce9ea36ce' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.5', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^4c7efa31b39e510432a317570d97bbb9' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.4', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^76c72bfd398424dd001b86d0012fe061' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^fb4641ad0eeb2a34491d15f4eff51063' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^299932277b7dfe382ce23465333a7d23' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^e37f2d5ba89a62cd202ee27dac06c8a8' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.8.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^32f0e9b9c06dfe8c9ad5599a636971a1' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.7.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^7f50cc4ebf04c2d9da73abfd69b77aa2' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.7.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^a194e2aaddd0bafb95253dd96dc733eb' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.7.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^8134878582121785ba65ea345d6ba724' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.7.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^07fa128e4754f9447b1dd46374eef360' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.6.4', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^b927f95219a0fe3600dba3c1182ae55f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.6.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^b2860e7837f711bef3d0eeb106872ded' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.6.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^5b1cd6fe7d050eda6c93871c107db3d2' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.6.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^66afbc12bbfe6ce108b1f69f4bc917b7' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.6.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^3f3266499ffdbd85950e702298062844' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.7', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^1f4442296b83d7e33a8b45209ba0e590' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.6', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^3c5eba3d8564928e32ae43c3d9924dee' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.5', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^3f267ed621ada7ee6c7d8893ccb0b14b' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.4', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^7a6bf5b7df89642a75a78ef7d657c1c0' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^df5b1f0f1d5679d9f8512b16c55a6065' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^861ce5eb72164b190e9e629a31cf4901' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^9a4a4648f60f8eda7cfcbfe271ee5b7d' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.5.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^9eb3d907ed7ada4e3cbcacb917abc8e4' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.4.4', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^485a70361b4433b31dea1c6be0df243e' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.4.3', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^982b7a063a33c143a8eadc88249f6bcc' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.4.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^e7a3fd0c6d771a8f1b8a86a4169c9ea4' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.4.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^75b0653cb281eb26d31ede38c8e1e228' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.4.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^e829c88149bab3c0cee85da60e18ae9b' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.3.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^42a4834c92ab9a7777063afa254bcb69' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.3.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^f697c1afcc2ec8ddcdf99dc7af03a67f' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.3.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^b8f92b2fa2d3fe5fe158344bda1cc6ae' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.2.2', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^99dc7cc823376b3b33d04357896ae07b' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.2.1', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^d9118b1e9de5efced9cc9d883f2168ff' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'strongSwan', + version = '2.2.0', + ostype = nil, -- Linux, Android, FreeBSD, Mac OS X + devicetype = nil, + cpe = nil, + fingerprint = '^85b6cbec480d5c8cd9882c825ac2c244' +}); + + + +-------------------------------------------------------------------------------- +-- Symantec +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Symantec', + version = 'Raptor 8.1', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^526170746f7220506f77657256706e20536572766572205b56382e315d' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Symantec', + version = 'Raptor', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^526170746f7220506f77657256706e20536572766572' +}); + + + +-------------------------------------------------------------------------------- +-- Timestep +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Timestep', + version = 'SGW 1520 315 2.01E013', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^54494d455354455020312053475720313532302033313520322e303145303133' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'Timestep', + version = 'VPN Gateway', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^54494d4553544550' +}); + + + +-------------------------------------------------------------------------------- +-- ZyXEL +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'vendor', + vendor = 'ZyXEL', + version = 'ZyWALL router', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^b858d1addd08c1e8adafea150608aa4497aa6cc8' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'ZyXEL', + version = 'Zywall', -- Zyxel Zywall 2 / Zywall 30w / Zywall 70 + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^625027749d5ab97f5616c1602765cf480a3b7d0b' +}); + +table.insert(fingerprints, { + category = 'vendor', + vendor = 'ZyXEL', + version = 'ZyWALL USG', + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^f758f22668750f03b08df6ebe1d0' +}); + + + +-------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- +-- Attribute: Misc fingerprints +-- not directly usable for fingerprinting +-- but can be used for guessing +-------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- + + +-------------------------------------------------------------------------------- +-- Microsoft +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^621b04bb09882ac1e15935fefa24aeee', + text = 'GSSAPI' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^1e2b516905991c7d7c96fcbfb587e461', + text = 'MS NT5 ISAKMPOAKLEY' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^ad2c0dd0b9c32083ccba25b8861ec455', + text = 'A GSS-API Authentication Method for IKE' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^b46d8914f3aaa3f2fedeb7c7db2943ca', + text = 'A GSS-API Authentication Method for IKE\\n' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^26244d38eddb61b3172a36e3d0cfb819', + text = 'Microsoft Initial-Contact' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^fb1de3cdf341b7ea16b7e5be0855f120', + text = 'MS-Negotiation Discovery Capable' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^e3a5966a76379fe707228231e5ce8652', + text = 'IKE CGA version 1' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^214ca4faffa7f32d6748e5303395ae83', + text = 'MS-MamieExists' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = 'Microsoft', + version = nil, + ostype = 'windows', + devicetype = nil, + cpe = 'cpe:/o:microsoft:windows', + fingerprint = '^72872B95FCDA2EB708EFE322119B4971', + text = 'NLBS_PRESENT' +}); + + + +-------------------------------------------------------------------------------- +-- Other stuff +-------------------------------------------------------------------------------- +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^12f5f28c457168a9702d9fe274cc0100', + text = 'Cisco Unity' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4048b7d56ebce88525e7de7f00d6c2d3', + text = 'IKE FRAGMENTATION' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^afcad71368a1f1c96b8696fc77570100', + text = 'Dead Peer Detection v1.0' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^afcad71368a1f1c96b8696fc7757....', + text = 'Dead Peer Detection' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^09002689dfd6b712', + text = 'XAUTH' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^325df29a2319f2dd', + text = 'draft-krywaniuk-ipsec-antireplay-00' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^325df29a2319f2dd', + text = 'draft-krywaniuk-ipsec-antireplay-00' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^8db7a41811221660', + text = 'draft-ietf-ipsec-heartbeats-00' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^50760f624c63e5c53eea386c685ca083', + text = 'ESPThruNAT' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^c40fee00d5d39ddb1fc762e09b7cfea7', + text = 'Testing NAT-T RFC' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4a131c81070358455c5728f20e95452f', + text = 'RFC 3947 NAT-T' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^810fa565f8ab14369105d706fbd57279', + text = 'RFC XXXX' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4865617274426561745f4e6f74696679', + text = 'Heartbeat Notify' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4df37928e9fc4fd1b3262170d515c662', + text = 'draft-ietf-ipsec-nat-t-ike' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4485152d18b6bbcd0be8a8469579ddcc', + text = 'draft-ietf-ipsec-nat-t-ike-00' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^16f6ca16e4a4066d83821a0f0aeaa862', + text = 'draft-ietf-ipsec-nat-t-ike-01' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^90cb80913ebb696e086381b5ec427b1f', + text = 'draft-ietf-ipsec-nat-t-ike-02\\n' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^cd60464335df21f87cfdb2fc68b6a448', + text = 'draft-ietf-ipsec-nat-t-ike-02' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^7d9419a65310ca6f2c179d9215529d56', + text = 'draft-ietf-ipsec-nat-t-ike-03' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^9909b64eed937c6573de52ace952fa6b', + text = 'draft-ietf-ipsec-nat-t-ike-04' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^80d0bb3def54565ee84645d4c85ce3ee', + text = 'draft-ietf-ipsec-nat-t-ike-05' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^4d1e0e136deafa34c4f3ea9f02ec7285', + text = 'draft-ietf-ipsec-nat-t-ike-06' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^439b59f8ba676c4c7737ae22eab8f582', + text = 'draft-ietf-ipsec-nat-t-ike-07' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^8f8d83826d246b6fc7a8a6a428c11de8', + text = 'draft-ietf-ipsec-nat-t-ike-08' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^42ea5b6f898d9773a575df26e7dd19e1', + text = 'draft-ietf-ipsec-nat-t-ike-09' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^ba290499c24e84e53a1d83a05e5f00c9', + text = 'IKE Challenge-Response' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^0d33611a5d521b5e3c9c03d2fc107e12', + text = 'IKE Challenge-Response-2' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^ad3251042cdc4652c9e0734ce5de4c7d', + text = 'IKE Challenge-Response Revised' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^13f11823f966fa91900f024ba66a86ba', + text = 'IKE Challenge-Response Revised-2' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^27bab5dc01ea0760ea4e3190ac27c0d0', + text = 'draft-stenberg-ipsec-nat-traversal-01' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^6105c422e76847e43f9684801292aecd', + text = 'draft-stenberg-ipsec-nat-traversal-02' +}); + +table.insert(fingerprints, { + category = 'attribute', + vendor = nil, + version = nil, + ostype = nil, + devicetype = nil, + cpe = nil, + fingerprint = '^6a7434c19d7e36348090a02334c9c805', + text = 'draft-huttunen-ipsec-esp-in-udp-00.txt' +}); + + + +-------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- +-- vid_order: +-- By examining the ordering of the VIDs, some assumptions can be made +-- Currently only has support for Cisco + + +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = nil, + ostype = 'IOS 12.3/12.4', + devicetype = nil, + cpe = 'cpe:/o:cisco:ios:12.3-12.4', + fingerprint = '^12f5f28c457168a9702d9fe274cc0100afcad71368a1f1c96b8696fc77570100................................09002689dfd6b712' + -- Cisco Unity, Dead Peer Detection v1.0, junk, XAUTH +}); + +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = nil, + ostype = 'PIX OS 6.0/6.1', + devicetype = nil, + cpe = 'cpe:/o:cisco:pix:6.0-6.1', + fingerprint = '^112f5f28c457168a9702d9fe274cc0100afcad71368a1f1c96b8696fc77570100................................' + -- Cisco Unity, Dead Peer Detection, junk +}); + +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = nil, + ostype = 'PIX OS 6.2.x', + devicetype = nil, + cpe = 'cpe:/o:cisco:pix:6.2.x', + fingerprint = '^09002689dfd6b71212f5f28c457168a9702d9fe274cc0100afcad71368a1f1c96b8696fc77570100................................' + -- XAUTH, Cisco Unity, Dead Peer Detection, junk +}); + +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = nil, + ostype = 'PIX OS 6.3.x', + devicetype = nil, + cpe = 'cpe:/o:cisco:pix:6.3.x', + fingerprint = '^09002689dfd6b712afcad71368a1f1c96b8696fc7757010012f5f28c457168a9702d9fe274cc0100................................' + -- XAUTH, Dead Peer Detection v1.0, Cisco Unity, junk +}); + +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = nil, + ostype = 'PIX OS 7.0.x', + devicetype = nil, + cpe = 'cpe:/o:cisco:pix:7.0.x', + fingerprint = '^12f5f28c457168a9702d9fe274cc010009002689dfd6b712afcad71368a1f1c96b8696fc775701004048b7d56ebce88525e7de7f00d6c2d3c00000001f07f70eaa6514d3b0fa96542a......' + --Cisco Unity, XAUTH, Dead Peer Detection v1.0, IKE Fragmentation, Cisco VPN Concentrator +}); + +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = nil, + ostype = 'PIX OS 7.1 or later', + devicetype = nil, + cpe = 'cpe:/o:cisco:pix:7.1_or_later', + fingerprint = '^12f5f28c457168a9702d9fe274cc010009002689dfd6b7124048b7d56ebce88525e7de7f00d6c2d3c00000001f07f70eaa6514d3b0fa96542a......' + -- Cisco Unity, XAUTH, IKE Fragmentation, Cisco VPN Concentrator +}); + +--[[ Probably too +table.insert(fingerprints, { + category = 'vid_ordering', + vendor = 'Cisco', + version = 'PIX OS 5.x OR IOS 12.0-12.2', + ostype = 'PIX OS / IOS', + devicetype = nil, + cpe = 'cpe:/o:cisco', + fingerprint = '^................................', + -- 'random' VID, but fixed length +}); +]] + + + +-------------------------------------------------------------------------------- +-------------------------------------------------------------------------------- +-- header_ordering: +-- For possible future use + +--- Cisco +-- 1: SA, VID, VID, VID, VID, KeyExchange, ID, Nonce, Hash +-- 2: SA, KeyExchange, Nonce, ID, Hash, VID, VID, VID, VID, VID, VID +-- 3: SA, KeyExchange, Nonce, ID, Hash, VID, VID, VID, VID, VID + +--- Checkpoint +-- 1: SA, VID (Main) +-- 2: SA, KeyExchange, Nonce, ID, VID, Hash (Aggressive) + +--- SonicWall +-- 1: SA, VID (Main) +-- 2: SA, KeyExchange, Nonce, ID, VID, Hash (Aggressive) + +--- Juniper +-- 1: SA, VID, VID, VID +-- 2: SA, VID, VID, VID, VID, VID + +--- Zyxel +-- 1: SA, VID, VID, VID, VID, VID, VID, VID, VID (Zyxel USG 100) +-- 2: SA, VID, VID, VID, VID, VID, VID, VID, VID, VID (Zyxel USG 100) +-- 3: SA, VID, VID (Zyxel USG 200, ZyWall) +-- 4: SA, KeyExchenge, Nonce, ID, Hash, VID, VID, Notification (Zyxel USG 300) +-- 5: SA, VID (???) diff --git a/nselib/ike.lua b/nselib/ike.lua new file mode 100644 index 000000000..d14821880 --- /dev/null +++ b/nselib/ike.lua @@ -0,0 +1,516 @@ +local _G = require "_G" +local nmap = require "nmap" +local stdnse = require "stdnse" +local table = require "table" +local math = require "math" +local io = require "io" + + +description = [[ +A very basic IKE library. + +The current funcionality includes: + 1. Generating a Main or Aggressive Mode IKE request packet with a variable amount of transforms and a vpn group. + 2. Sending a packet + 3. Receiving the response + 4. Parsing the response for VIDs + 5. Searching for the VIDs in 'ike-fingerprints.lua' + 6. returning a parsed info table + +This library is meant for extension, which could include: + 1. complete parsing of the response packet (might allow for better fingerprinting) + 2. adding more options to the request packet + vendor field (might give better fingerprinting of services, e.g. Checkpoint) + 3. backoff pattern analyses + ... + +An a implementation resembling 'ike-scan' could be built. +]] + + +_ENV = stdnse.module("ike", stdnse.seeall) + +author = "Jesper Kueckelhahn" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"discovery", "safe"} + +local authentication= { ["psk"]="80030001", ["rsa"] ="80030003", ["Hybrid"] = "8003FADD", ["XAUTH"] = "8003FDE9"} +local enc_methods = { ["des"]="80010001", ["3des"]="80010005", ["aes/128"]="80010007/800E0080", ["aes/192"]="80010007/800E00C0", ["aes/256"]="80010007/800E0100" } +local hash_algo = { ["md5"]="80020001", ["sha1"]="80020002"} +local group_desc = { ["768"]="80040001", ["1024"]="80040002", ["1536"]="80040005"} +local exchange_mode = { ["Main"] = "02", ["Aggressive"]= "04"} +local protocol_ids = { ["tcp"] = "06", ["udp"]= "11"} + + +-- Response packet types +local response_exchange_type = { + ["02"] = "Main", + ["04"] = "Aggressive", + ["05"] = "Informational" +} + +-- Payload names +local payloads = { + ["00"] = "None", + ["01"] = "SA", + ["03"] = "Transform", + ["04"] = "Key Exchange", + ["05"] = "ID", + ["08"] = "Hash", + ["0A"] = "Nonce", + ["0D"] = "VID" +} + + +-- Load the fingerprint file +-- (located in: nselib/data/ike-fingerprints.lua) +-- +local function load_fingerprints() + local file, filename_full, fingerprints + + -- Check if fingerprints are cached + if(nmap.registry.ike_fingerprints ~= nil) then + stdnse.print_debug(1, "ike: Loading cached fingerprints") + return nmap.registry.ike_fingerprints + end + + -- Try and find the file + -- If it isn't in Nmap's directories, take it as a direct path + filename_full = nmap.fetchfile('nselib/data/ike-fingerprints.lua') + + -- Load the file + stdnse.print_debug(1, "ike: Loading fingerprints: %s", filename_full) + local env = setmetatable({fingerprints = {}}, {__index = _G}); + file = loadfile(filename_full, "t", env) + if( not(file) ) then + stdnse.print_debug(1, "ike: Couldn't load the file: %s", filename_full) + return false, "Couldn't load fingerprint file: " .. filename_full + end + file() + fingerprints = env.fingerprints + + -- Check there are fingerprints to use + if(#fingerprints == 0 ) then + return false, "No fingerprints were loaded after processing ".. filename + end + + return true, fingerprints +end + + +-- generate a random hex-string of length 'length' +-- +local function generate_random(length) + local rnd = "" + + for i=1, length do + rnd = rnd .. string.format("%.2X", math.random(255)) + end + return rnd +end + + +-- convert a string to a hex-string (of the ASCII representation) +-- +local function convert_to_hex(id) + local hex_str = "" + + for c in string.gmatch(id, ".") do + hex_str = hex_str .. string.format("%X", c:byte()) + end + return hex_str +end + + +-- Extract Payloads +local function extract_payloads(packet) + + -- packet only contains HDR + if packet:len() < 61 then return {} end + + local np = packet:sub(33,34) -- next payload + local index = 61 -- starting point for search + local ike_headers = {} -- ike headers + local payload = '' + + -- loop over packet + while payloads[np] ~= "None" and index <= packet:len() do + payload_length = tonumber("0x"..packet:sub(index, index+3)) * 2 + payload = string.lower(packet:sub(index+4, index+payload_length-5)) + + -- debug + if payloads[np] == 'VID' then + stdnse.print_debug(2, 'IKE: Found IKE Header: %s: %s - %s', np, payloads[np], payload) + else + stdnse.print_debug(2, 'IKE: Found IKE Header: %s: %s', np, payloads[np]) + end + + -- Store payload + if ike_headers[payloads[np]] == nil then + ike_headers[payloads[np]] = {payload} + else + table.insert(ike_headers[payloads[np]], payload) + end + + -- find the next payload type + np = packet:sub(index-4, index-3) + + -- jump to the next payload + index = index + payload_length + end + return ike_headers + +end + + + + +-- Search the fingerprint database for matches +-- This is a (currently) divided into two parts +-- 1) version detection based on single fingerprints +-- 2) version detection based on the order of all vendor ids +-- +-- NOTE: the second step currently only has support for CISCO devices +-- +-- Input is a table of collected vendor-ids, output is a table +-- with fields: +-- vendor, version, name, attributes (table), guess (table), os +local function lookup(vendor_ids) + if vendor_ids == {} or vendor_ids == nil then return {} end + + -- concat all vids to one string + local all_vids = '' + for _,vid in pairs(vendor_ids) do all_vids = all_vids .. vid end + + -- the results + local info = { + vendor = nil, + attribs = {}, + } + + local status, fingerprints + status, fingerprints = load_fingerprints() + + if status then + + -- loop over the vendor_ids returned in ike request + for _,vendor_id in pairs(vendor_ids) do + + -- loop over the fingerprints found in database + for _,row in pairs(fingerprints) do + + if vendor_id:find(row.fingerprint) then + + -- if a match is found, check if it's a version detection or attribute + if row.category == 'vendor' then + + -- Only store the first match + if info.vendor == nil then + + -- the fingerprint contains information about the VID + info.vendor = row + + local debug_string = '' + if row.vendor ~= nil then debug_string = debug_string .. row.vendor .. ' ' end + if row.version ~= nil then debug_string = debug_string .. row.version end + + stdnse.print_debug(2, "IKE: Fingerprint: %s matches %s", vendor_id, debug_string) + end + + elseif row.category == 'attribute' then + info.attribs[ #info.attribs + 1] = row + stdnse.print_debug(2, "IKE: Attribute: %s matches %s", vendor_id, row.text) + break + end + end + end + end + end + + + --------------------------------------------------- + -- Search for the order of the vids + -- Uses category 'vid_ordering' + --- + + -- search in the 'vid_ordering' category + local debug_string = '' + for _,row in pairs(fingerprints) do + + if row.category == 'vid_ordering' and all_vids:find(row.fingerprint) then + + -- Use ordering information if there where no vendor matches from prevoius step + if info.vendor == nil then + info.vendor = row + + -- Debugging info + debug_string = '' + if info.vendor.vendor ~= nil then debug_string = debug_string .. info.vendor.vendor .. ' ' end + if info.vendor.version ~= nil then debug_string = debug_string .. info.vendor.version .. ' ' end + if info.vendor.ostype ~= nil then debug_string = debug_string .. info.vendor.ostype end + stdnse.print_debug(2, 'IKE: No vendor match, but ordering match found: %s', debug_string) + + return info + + -- Update OS based on ordering + elseif info.vendor.vendor == row.vendor then + info.vendor.ostype = row.ostype + + -- Debugging info + debug_string = '' + if info.vendor.vendor ~= nil then debug_string = debug_string .. info.vendor.vendor .. ' to ' end + if row.ostype ~= nil then debug_string = debug_string .. row.ostype end + stdnse.print_debug(2, 'IKE: Vendor and ordering match. OS updated: %s', debug_string) + + return info + + -- Only print debugging information if conflicting information is detected + else + -- Debugging info + debug_string = '' + if info.vendor.vendor ~= nil then debug_string = debug_string .. info.vendor.vendor .. ' vs ' end + if row.vendor ~= nil then debug_string = debug_string .. row.vendor end + stdnse.print_debug(2, 'IKE: Found an ordering match, but vendors do not match. %s', debug_string) + + end + end + end + + return info +end + + +-- Handle a response packet +-- A very limited response parser +-- Currently only the VIDs are extracted +-- This could be made more advanced to +-- allow for fingerprinting via the order +-- of the returned headers +--- +function response(packet) + local resp = { ["mode"] = "", ["info"] = nil, ['vids']={}, ['success'] = false } + + if packet:len() > 38 then + + -- extract the return type + local resp_type = response_exchange_type[packet:sub(37,38)] + local ike_headers = {} + + -- simple check that the type is something other than 'Informational' + -- as this type does not include VIDs + if resp_type ~= "Informational" then + resp["mode"] = resp_type + + ike_headers = extract_payloads(packet) + + -- Extract the VIDs + resp['vids'] = ike_headers['VID'] + + -- search for fingerprints + resp["info"] = lookup(resp['vids']) + + -- indicate that a packet 'useful' packet was returned + resp['success'] = true + end + end + + return resp +end + + +-- Send a request +-- The 'packet' argument must be generated by the function 'request' +-- and is a hex string +-- +function send_request( host, port, packet ) + + local socket = nmap.new_socket() + local s_status, r_status, data, i, hexstring + + -- send the request packet + socket:set_timeout(1000) + socket:bind(nil, port.number) + socket:connect(host, port, "udp") + s_status,_ = socket:send(bin.pack("H", packet)) + + -- receive answer + if s_status then + r_status, data = socket:receive_lines(1) + + if r_status then + i, hexstring = bin.unpack("H" .. data:len(), data) + socket:close() + return response(hexstring) + else + socket:close() + end + else + socket:close() + end + + return {} +end + +-- Create the aggressive part of a packet +-- Aggressive mode includes the user-id, so the +-- length of this has to be taken into account +-- +local function generate_aggressive(port, protocol, id, diffie) + local hex_port = string.format("%.4X", port) + local hex_prot = protocol_ids[protocol] + local id_len = string.format("%.4X", 8 + id:len()) + + -- get length of key data based on diffie + local key_length + if diffie == 1 then + key_length = 96 + elseif diffie == 2 then + key_length = 128 + end + + + return "" .. + -- Key Exchange + "0a00" .. -- Next payload (Nonce) + string.format("%04X", key_length+4) .. -- Length (132-bit) + generate_random(key_length) .. -- Random key data + + -- Nonce + "0500" .. -- Next payload (Identification) + "0018" .. -- Length (24) + generate_random(20) .. -- Nonce data + + -- Identification + "0000" .. -- Next Payload (None) + id_len .. -- Payload length (id + 8) + "03" .. -- ID Type (USER_FQDN) + hex_prot .. -- Protocol ID (UDP) + hex_port .. -- Port (500) + convert_to_hex(id) -- Id Data (as hex) +end + + +-- Create the transform +-- AES encryption needs an extra value to define the key length +-- Currently only DES, 3DES and AES encryption is supported +-- +local function generate_transform(auth, encryption, hash, group, number, total) + local key_length, trans_length, aes_enc, sep + local next_payload, payload_number + + -- handle special case of aes + if encryption:sub(1,3) == "aes" then + trans_length = "0028" + aes_enc = enc_methods[encryption] + sep = aes_enc:find("/") + enc = aes_enc:sub(1,sep-1) + key_length = aes_enc:sub(sep+1, aes_enc:len()) + else + trans_length = "0024" + key_length = "" + enc = enc_methods[encryption] + end + + -- check if there are more transforms + if number == total then + next_payload = "0000" -- none + else + next_payload = "0300" -- transform + end + + -- set the payload number + payload_number = string.format("%.2X", number) + + return "" .. + next_payload .. -- Next payload + trans_length .. -- Transform length (36-bit) + payload_number .. -- Transform number + "01" .. -- Transform ID (IKE) + "0000" .. -- spacers ? + enc .. -- Encryption algorithm + hash_algo[hash] .. -- Hash algorithm + authentication[auth].. -- Authentication method + group_desc[group] .. -- Group Description + key_length .. -- only set for aes + "800b0001" .. -- Life type (seconds) + "000c000400007080" -- Life duration (28800) +end + + +-- Generate multiple transforms +-- Input nust be a table of complete transforms +-- +local function generate_transforms(transform_table) + local transforms = "" + + for i,t in pairs(transform_table) do + transforms = transforms .. generate_transform(t.auth, t.encryption, t.hash, t.group, i, #transform_table) + end + + return transforms +end + + +-- Create a request packet +-- Support for multiple transforms, which minimizes the +-- the amount of traffic/packets needed to be sendt +-- +function request(port, proto, mode, transforms, diffie, id) + local payload_after_sa, str_aggressive, l, l_sa, l_pro + local number_transforms, transform_string + + transform_string = generate_transforms(transforms) + number_transforms = string.format("%.2X", #transforms) + + -- check for aggressive vs Main mode + if mode == "Aggressive" then + str_aggressive = generate_aggressive(port, proto, id, diffie) + payload_after_sa = "0400" + else + str_aggressive = "" + payload_after_sa = "0000" + end + + -- calculate lengths + l = string.format("%.8X", 48 + transform_string:len()/2 + str_aggressive:len()/2) + l_sa = string.format("%.4X", 20 + transform_string:len()/2) + l_pro = string.format("%.4X", 8 + transform_string:len()/2) + + + -- Build the packet + local packet = "" .. + generate_random(8) .. -- Initiator cookie + "0000000000000000" .. -- Responder cookie + "01" .. -- Next payload (SA) + "10" .. -- Version + exchange_mode[mode] .. -- Exchange type + "00" .. -- Flags + "00000000" .. -- Message id + l .. -- packet length + + + --# Security Association + payload_after_sa .. -- Next payload (Key exchange, if aggressive mode) + l_sa .. -- Length (56-bit) + "00000001" .. -- IPSEC + "00000001" .. -- Situation + + --## Proposal + "0000" .. -- Next payload (None) + l_pro .. -- Payload length + "01" .. -- Proposal number + "01" .. -- Protocol ID (ISAKMP) + "00" .. -- SPI Size + number_transforms .. -- Proposal transforms + + --### Transform + transform_string .. -- transform + + -- Aggressive mode + str_aggressive + + return packet +end + + +return _ENV \ No newline at end of file diff --git a/scripts/ike-version.nse b/scripts/ike-version.nse new file mode 100644 index 000000000..3ce1dbec1 --- /dev/null +++ b/scripts/ike-version.nse @@ -0,0 +1,125 @@ +local nmap = require "nmap" +local stdnse = require "stdnse" +local shortport = require "shortport" +local table = require "table" +local ike = require "ike" + + +description=[[ + Get information from an IKE service. + Tests the service with both Main and Aggressive Mode. + Sends multiple transforms in a single request, so currently, + only two packets are sent to the host. +]] + + +--- +-- @output +-- PORT STATE SERVICE REASON VERSION +-- 500/udp open isakmp udp-response Cisco VPN Concentrator 3000 4.0.7 +-- Service Info: OS: pSOS+; Device: VPN; CPE: cpe:/h:cisco:concentrator +--- + + +author = "Jesper Kueckelhahn" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"default", "discovery", "safe", "version"} + +portrule = shortport.port_or_service(500, "isakmp", "udp") + + +-- Test different methods for getting version +-- +local function get_version(host, port) + local packet, version, t + local auth = {"psk", "rsa", "Hybrid", "XAUTH"} + local encryption = {"des", "3des", "aes/128", "aes/192", "aes/256"} + local hash = {"md5", "sha1"} + local group = {"768", "1024", "1536"} + + + -- generate transforms + t = {} + for h,a in pairs(auth) do + for i,e in pairs(encryption) do + for j,h in pairs(hash) do + for k,g in pairs(group) do + table.insert(t, { ['auth'] = a, ['encryption'] = e, ['hash'] = h, ['group'] = g}); + end + end + end + end + + + -- try aggressive mode (diffie hellman group 2) + local diffie = 2 + stdnse.print_debug(1, "Sending Aggressive mode packet ...") + packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, 'vpngroup') + version = ike.send_request(host, port, packet) + if version.success then + return version + end + stdnse.print_debug(1, "Aggressive mode (dh 2) failed") + + -- try aggressive mode (diffie hellman group 1) + diffie = 1 + stdnse.print_debug(1, "Sending Aggressive mode packet ...") + packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, 'vpngroup') + version = ike.send_request(host, port, packet) + if version.success then + return version + end + stdnse.print_debug(1, "Aggressive mode (dh 1) failed") + + -- try aggressive mode (diffie hellman group 2, no id) + -- some checkpoint devices respond to this + local diffie = 2 + stdnse.print_debug(1, "Sending Aggressive mode packet ...") + packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, '') + version = ike.send_request(host, port, packet) + if version.success then + return version + end + stdnse.print_debug(1, "Aggressive mode (dh 2, no id) failed") + + -- try main mode + stdnse.print_debug(1, "Sending Main mode packet ...") + packet = ike.request(port.number, port.protocol, 'Main', t, '') + version = ike.send_request(host, port, packet) + if version.success then + return version + end + stdnse.print_debug(1, "Main mode failed") + + stdnse.print_debug(1, "Version detection not possible") + return false +end + + +action = function( host, port ) + local ike_response = get_version(host, port) + + if ike_response then + + -- Extra information found in the response. Kept for future reference. + -- local mode = ike_response['mode'] + -- local vids = ike_response['vids'] + + local info = ike_response['info'] + if info.vendor ~= nil then + port.version.product = info.vendor.vendor + port.version.version = info.vendor.version + port.version.ostype = info.vendor.ostype + port.version.devicetype = info.vendor.devicetype + table.insert(port.version.cpe, info.vendor.cpe) + + nmap.set_port_version(host, port, "hardmatched") + nmap.set_port_state(host, port, "open") + end + end + stdnse.print_debug(1, "Version: %s", port.version.product ) + return +end + + +