mirror of
https://github.com/nmap/nmap.git
synced 2025-12-09 22:21:29 +00:00
Process 132 service fingerprint submissions
This commit is contained in:
dmiller
@@ -301,7 +301,7 @@ match cccam m|^Welcome to the CCcam information client\.\n| p/CCcam DVR card sha
|
||||
|
||||
# http://comments.gmane.org/gmane.comp.security.openvas.users/3189
|
||||
# Also submitted by an Nmap user, but with different data following.
|
||||
match nnsrv m|^\x94\0\0\0\xf4\xff\xff\xff\x01\0\0\0\xff\xff\xff\xff\0\0\0\0\xa5\0\0\0\0\0\0\0| p/C.CURE 800 NNSRV/
|
||||
match nnsrv m|^\x94\0\0\0\xf4\xff\xff\xff\x01\0\0\0\xff\xff\xff\xff\0\0\0\0\xa5\0\0\0\0\0\0\0| p/iStar Driver Service/ i/access control system/ d/security-misc/
|
||||
|
||||
match cddbp m|^201 ([-\w_.]+) CDDBP server v([-\w.]+) ready at .*\r\n| p/freedb cddbp server/ v/$2/ h/$1/
|
||||
|
||||
@@ -1200,7 +1200,7 @@ match ftp m|^220 FreeFlow Accxes FTP server ready\r\n| p/Xerox FreeFlow Accxess
|
||||
match ftp m|^220 [\d.]+ FTP Server \(Apache/([\w._-]+) \(Ubuntu\) (.*)\) ready\.\r\n| p/Apache FTP Protocol Module/ v/$1/ i/Ubuntu; $2/ o/Linux/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/
|
||||
match ftp m|^220 Welcome to This FTP Server\. Service ready for new user\.\r\n214-The following commands are recognised:\r\nUSER\r\nPASS\r\nCWD\r\nQUIT\r\nTYPE\r\nPORT\r\nRETR\r\nSTOR\r\nSTOU\r\nAPPE\r\nRNFR\r\nRNTO\r\nABOR\r\nDELE\r\nCDUP\r\nRMD\r\nMKD\r\nPWD\r\nLIST\r\nNLST\r\nHELP\r\nNOOP\r\nXCUP\r\nXCWD\r\nXPWD\r\nXRMD\r\nXMKD\r\n214 List End\.\r\n| p/Toshiba CTX PBX ftpd/ d/PBX/
|
||||
match ftp m|^220 Wind River FTP server ([\w._-]+) ready\.\r\n| p/Wind River FTP server/ v/$1/ o/VxWorks/ cpe:/a:windriver:ftp_server:$1/ cpe:/o:windriver:vxworks/
|
||||
match ftp m|^220 FTP Server \(ZyWALL (USG \w+)\) \[::ffff:[\d.]+\]\r\n| p/ZyXEL ZyWALL $1 firewall ftpd/ cpe:/h:zyxel:zywall_$1/
|
||||
match ftp m|^220 FTP Server \(ZyWALL (USG \w+)\) \[[a-f:\d.]+\]\r\n| p/ZyXEL ZyWALL $1 firewall ftpd/ cpe:/h:zyxel:zywall_$1/
|
||||
match ftp m|^220 Authentication_Required\r\n| p/glFTPd/ o/Unix/
|
||||
match ftp m|^220 Ftp firmware update utility\r\n| p|D-Link/Comtrend DSL modem ftp firmware update|
|
||||
match ftp m|^550 Permission denied ,please check access control list\r\nPermission denied\.\(Please check access control list\)\r\n| p/DrayTek ADSL router ftpd/
|
||||
@@ -1270,7 +1270,7 @@ match ftp m|^220 o2 MediaCenter FTP Server v([\w._-]+) ready\r\n| p/Astoria Netw
|
||||
match ftp m|^220 MinWin FTP server ready\.\r\n| p/Microsoft MinWin ftpd/ o/Windows 10 IoT/ cpe:/o:microsoft:windows_10:::iot/
|
||||
match ftp m|^220 Welcomd to iCatch FTP Server\r\n| p/iCatch DVR ftpd/ d/media device/
|
||||
match ftp m|^220 PCMan's FTP Server ([\w._-]+) Ready\.\r\n| p/PCMan's FTP Server/ v/$1/ o/Windows/ cpe:/a:pcman%27s_ftp_server_project:pcman%27s_ftp_server:$1/ cpe:/o:microsoft:windows/a
|
||||
match ftp m|^220 FTP Server \((NXC\d+)\) \[::ffff:[\d.]+\]\r\n| p/ZyXEL WLAN controller ftpd/ i/model: $1/ cpe:/h:zyxel:$1/
|
||||
match ftp m|^220 FTP Server \((NXC\d+)\) \[[a-f:\d.]+\]\r\n| p/ZyXEL WLAN controller ftpd/ i/model: $1/ cpe:/h:zyxel:$1/
|
||||
match ftp m|^220 IFT DS ([\w-]+) RAID FTP server ready\.\r\n| p/Infortrend EonStor DS iSCSI host ftpd/ i/model: $1/ d/storage-misc/ cpe:/h:infortrend:esds_$1/
|
||||
match ftp m|^220 Synology FTP server ready\.\r\n| p/Synology DiskStation ftpd/ d/storage-misc/
|
||||
match ftp m|^220-owftpd 1-wire ftp server -- Paul H Alfille\r\n220-Version: (\d[\w._-]*) see http://www\.owfs\.org\r\n220 Service ready for new user\.\r\n| p/OWFS owftpd/ v/$1/ cpe:/a:owfs:owftpd:$1/
|
||||
@@ -1291,7 +1291,7 @@ match ftp m|^220 FUJI XEROX DocuPrint ([A-Z][A-Z\d]+(?: ?[a-zA-Z]{1,2})?)\r\n| p
|
||||
match ftp m|^421 Service not available \(server too busy\)\r\n| p/Fuji Xerox DocuPrint ftpd/ d/printer/
|
||||
match ftp m|^220 ECOSYS (P\d\w+) FTP server\r\n| p/Ecosys $1 ftpd/ d/print server/ cpe:/h:ecosys:$1/
|
||||
match ftp m|^220 FTPVita Server ready\.\n| p/FTPVita ftpd/ d/game console/ cpe:/h:sony:playstation_vita/
|
||||
match ftp m|^220 FTP Server \((UAG\d+)\) \[[\d.]{7,15}\]\r\n| p/ZyXEL $1 Unified Access Gateway ftpd/ d/security-misc/ cpe:/h:zyxel:$1/
|
||||
match ftp m|^220 FTP Server \((UAG\d+)\) \[[a-f:\d.]+\]\r\n| p/ZyXEL $1 Unified Access Gateway ftpd/ d/security-misc/ cpe:/h:zyxel:$1/
|
||||
match ftp m|^220 Software Data Cable (\d[\w._-]*) ready\r\n| p/Software Data Cable ftpd/ v/$1/ o/Android/ cpe:/a:damiapp:software_data_cable:$1/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a
|
||||
match ftp m|^200 Groupcall Xporter - ([\d.]+)\r\n| p/Groupcall Xporter ftpd/ v/$1/ cpe:/a:groupcall:xporter:$1/
|
||||
match ftp m|^220 In-Sight \(R\) ([\w._-]+) Release ([\d.]+) \(\d+\) ready \(([\w._-]+)\)\.\r\n| p/Cognex In-Sight ftpd/ v/$2/ i/component: $1/ d/webcam/ h/$3/ cpe:/a:cognex:in-sight:$2/
|
||||
@@ -1304,6 +1304,7 @@ match ftp m|^220-={61}\r\n220-Welcome\.\r\n220-\r\n220-This is a running (RSX-[\
|
||||
match ftp m|^220 Keil FTP service\r\n| p/Keil Network Component ftpd/ d/specialized/ cpe:/a:keil:network_component/
|
||||
match ftp m|^220 QnUDVCPU FTP server ready\.\r\n| p/Mitsubishi Q-series PLC ftpd/ d/specialized/
|
||||
match ftp m|^220 (FS-\d+MFP\+?) FTP server\r\n| p/Kyocera $1 printer ftpd/ d/printer/ cpe:/h:kyocera:$1/a
|
||||
match ftp m|^220 FTP Server \(([NWAP]{3}\d+[\w-]*)\) \[[a-f:\d.]+\]\r\n| p/ZyXEL $1 WAP ftpd/ d/WAP/ cpe:/h:zyxel:$1/a
|
||||
|
||||
#(insert ftp)
|
||||
|
||||
@@ -1490,8 +1491,7 @@ match http m|^<HTML><BODY><CENTER>Authentication failed</CENTER></BODY></HTML>\r
|
||||
match http m|^HTTP/1\.1 408 Request Timeout\nContent-Length:0\nContent-Type:text/html;charset=UTF-8\n\n$| p/Finchsync PocketPC Synchonizer httpd/
|
||||
match http m|^HTTP/1\.1 200 OK\nServer: NetSupport Gateway/([\d.]+) \(Windows NT\)\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 14\nConnection: Keep-Alive\n\nCMD=HEARTBEAT\n$| p/NetSupport Gateway httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a
|
||||
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\nTransfer-Encoding: chunked\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/Dell DRAC config/ d/remote management/ cpe:/a:allegro:rompager:$1/
|
||||
softmatch http m|^HTTP/1\.1 400 Bad Request\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/a:acme:micro_httpd/a cpe:/o:acme:micro_httpd/
|
||||
softmatch http m|^HTTP/1\.1 408 Request Timeout\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/a:acme:micro_httpd/a cpe:/o:acme:micro_httpd/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/a:acme:micro_httpd/a cpe:/o:acme:micro_httpd/
|
||||
# http://code.google.com/p/free-android-apps/wiki/Project_LocalHTTPD
|
||||
match http m|^HTTP/1\.0 500 Internal Server Error \r\nContent-Type: text/plain\r\nDate: .*\r\n\r\nSERVER INTERNAL ERROR: Invalid ip\.$| p/Local HTTPD/ i/based on NanoHTTPD/ d/phone/
|
||||
match http m|^HTTP/1\.0 400 Bad Request\r\nServer: httpd-impacct/([^\r\n]+)\r\nContent-type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\"><H2>400 Bad Request</H2>\nYour request has bad syntax or is inherently impossible to satisfy\.\n<HR>\n</HTML>\n$| p/thttpd/ v/$1/ i/Asotel Vector 1908 switch http config/ d/switch/ cpe:/a:acme:thttpd:$1/
|
||||
@@ -7951,7 +7951,7 @@ match http m|^HTTP/1\.[01] \d\d\d .*Powered By <a href='http://www\.litespeedtec
|
||||
match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*<script type=\"text/javascript\" src=\"lang_pack/language\.js\"></script>\n\t\t<link type=\"text/css\" rel=\"stylesheet\" href=\"style/[-\w_.]+/style\.css\" />\n\t\t<!--\[if IE\]>|s p/DD-WRT milli_httpd/ i/Linksys WRT54G http config/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
|
||||
|
||||
match http m|^HTTP/1\.1 401 N/A\r\nServer: TP-LINK Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Web Smart Switch\"| p/TP-LINK Web Smart Switch http config/ d/switch/
|
||||
match http m%^HTTP/1\.1 (?:401 (?:|N/A|Unauthorized)|200 OK)\r\nServer: (?:Router|Router Webserver|TP-LINK Router)\r\nConnection: close\r\n(?:Content-Type: text/html\r\n)?WWW-Authenticate: Basic realm=\"TP-LINK (?:Portable |AC\d+ )?Wireless (?:(?:Lite )?(?:N|G) (?:3G(?:/4G)? )?)?(?:Dual Band |Nano )?(?:Gigabit )?(?:AP|Router|Access Point|Range Extender) ([\w /+-]+)\"\r\n% p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/a
|
||||
match http m%^HTTP/1\.1 (?:401 (?:|N/A|Unauthorized)|200 OK)\r\nServer: (?:Router|Router Webserver|TP-LINK Router)\r\nConnection: close\r\n(?:Content-Type: text/html\r\n)?WWW-Authenticate: Basic realm=\"TP-LINK (?:Portable |AC\d+ )?(?:Wireless|WiFi) (?:(?:Lite )?(?:N|G) (?:3G(?:/4G)? )?)?(?:Dual Band |Nano )?(?:Gigabit )?(?:AP|Router|Access Point|Range Extender) ([\w /+-]+)\"\r\n% p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/a
|
||||
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm="TP-LINK Wireless Entertainment Adapter ([^"]+)"| p/TP-LINK $1 wireless adapter http config/ cpe:/h:tp-link:$1/
|
||||
match http m|^HTTP/1\.1 401 N/A\r\nServer: TP-LINK Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"TP-LINK Router ([\w+-]+)\"\r\n| p/TP-LINK $1 router httpd/ d/broadband router/ cpe:/h:tp-link:$1/a
|
||||
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"TP-LINK SOHO Router (R[\w/]+)\"| p/TP-LINK $1 WAP http config/ d/WAP/ cpe:/h:tp-link:$1/
|
||||
@@ -7962,6 +7962,7 @@ match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close
|
||||
match http m|^HTTP/1\.1 401 N/A\r\nServer: Router Webserver\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Wireless \w+ Router (WRN\w+)\"\r\n| p/Intelbras $1 WAP http config/ i/manufacturer TP-LINK/ d/WAP/ cpe:/h:intelbras:$1/
|
||||
match http m%^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps AV\d+(?: WiFi| Wireless(?: N)?) Powerline Extender (WPA[\w._-]+)\"\r\n% p/TP-LINK $1 powerline extender http config/ d/WAP/ cpe:/h:tp-link:$1/
|
||||
match http m%^HTTP/1\.1 401 N/A\r\nServer: Router\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"\d+Mbps AV\d+(?: Nano| Gigabit)? Powerline Extender (PA[\w._-]+)\"\r\n% p/TP-LINK $1 powerline extender http config/ d/switch/ cpe:/h:tp-link:$1/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: Router Webserver\r\nConnection: close\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm="TP-LINK AV\d+(?: Gigabit)? Powerline(?: ac)? WiFi Extender (TL-\w+)"\r\n| p/TP-LINK $1 powerline WiFi extender http config/ d/WAP/ cpe:/h:tp-link:$1/
|
||||
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: Terayon/([\d.]+)\r\nContent-type: text/html\r\n\r\n<html><head><title>Cable Modem Information Center</title>| p/Terayon cable modem http config/ v/$1/ d/broadband router/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Tornado/([-\w_.]+)\r\n| p/Puakma Tornado httpd/ v/$1/
|
||||
@@ -8683,7 +8684,7 @@ match http m|^HTTP/1\.0 200 OK\r\n.*Date: \d\d\d\d-\d\d-\d\d [^\r\n]*\r\n.*Serve
|
||||
match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Communicator Jablotron (\w+)\"\r\n\r\n| p/Jablotron $1 alarm http control/ d/security-misc/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(ES-\w+) at [^"]*\"\r\n.*Server: Allegro-Software-RomPager/([\w.]+)\r\n|s p/Allegro RomPager/ v/$2/ i/ZyXEL $1 switch http config/ d/switch/ cpe:/a:allegro:rompager:$2/ cpe:/h:zyxel:$1/a
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: uhttpd/([\w._-]+)\r\n.*<title>NETGEAR Router ([\w._-]+) </title>|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
|
||||
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: uhttpd/([\w._-]+).*WWW-Authenticate: Basic realm=\"NETGEAR (\w+)\"\r\n|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
|
||||
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: uhttpd/([\w._-]+).*WWW-Authenticate: Basic realm=\"NETGEAR ([\w-]+)\"\r\n|s p/uhttpd/ v/$1/ i/Netgear $2 WAP http config/ d/WAP/ cpe:/h:netgear:$2/a
|
||||
match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Serv-U/([\w._-]+)\r\n| p/Rhinosoft Serv-U httpd/ v/$1/ cpe:/a:serv-u:serv-u:$1/
|
||||
match http m|^HTTP/1\.1 302 Redirection\r\nServer: BlueIris-HTTP/([\d.]+)\r\n| p/BlueIris/ v/$1/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\n.*WWW-Authenticate: basic realm=\"Protected area\"\r\n.*<title>401 Unauthorized</title>\n.*<!-- Padding: \n #############################################\n|s p/Breach ModSecurity Apache monitor httpd/
|
||||
@@ -9322,7 +9323,7 @@ match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POG
|
||||
# VMware vSphere (VMware workstation 8.0.2 build-591240)
|
||||
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .* GMT\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 0\r\n\r\n$| p/VMware VirtualCenter Web service/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nDate: .* GMT\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n<link href=\"/manimg/[^/]+/main\.css| p/ISPManager billing system httpd/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: ispmgrses5=; path=/; HttpOnly\r\nSet-Cookie: ispmgrlang5=[^:]*:(..); path=/; expires=.* ([A-Z0-9+-]+)\r\n| p/ISPManager billing system httpd/ v/5/ i/lang: $1; time zone: $2/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nExpires: 0\r\nSet-Cookie: ispmgrses5=; path=/; HttpOnly(?:; expires=.*)?\r\nSet-Cookie: ispmgrlang5=[^:]*:(..); path=/; expires=.* ([A-Z0-9+-]+)\r\n| p/ISPManager billing system httpd/ v/5/ i/lang: $1; time zone: $2/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"realm\"\r\nContent-Length: 0\r\n\r\n$| p/PoolServerJ http config/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nDate: .* GMT\r\nServer: Synaccess \r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n<html>\r\n<head>\r\n <title>Remote Power Management System By Synaccess</title>\r\n| p/Synaccess NP-16 or NP-1601D power management system httpd/ d/power-misc/
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nServer: Unknown\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2\.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL / was not found on this server\.<P>\n</BODY></HTML>\n$| p/Allot NetEnforcer AC-5000 load balancer/ d/load balancer/ cpe:/h:allot:netenforcer_ac-5000/
|
||||
@@ -9774,6 +9775,7 @@ match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Vu
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nContent-Length: 1164\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n| p/Oracle WebLogic admin httpd/ cpe:/a:oracle:weblogic_server/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4\.01 Transitional//EN\" \"http://www\.w3\.org/TR/html4/loose\.dtd\">\r\n<!-- this page must have 520 bytes or more, ie is a wonderfull program -->| p/Siemens Gigaset C610 VoIP Phone http admin/ d/VoIP phone/ cpe:/h:siemens:gigaset_c610/a
|
||||
match http m|^HTTP/1\.1 400 Bad Request\r\nSERVER: HDHomeRun/([\w._-]+)\r\n| p/SiliconDust HDHomeRun set top box http admin/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nServer: HDHomeRun/([\d.]+)\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n| p/SiliconDust HDHomeRun set top box streaming httpd/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/
|
||||
match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-type: text/html\r\nContent-Length: 97\r\nWWW-Authenticate: Digest qop=\"auth\", stale=false, algorithm=MD5, realm=\"(ECOR[\w_-]+)\", nonce=\"\d+\"\r\nConnection: keep-alive\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>401 Unauthorized</H1></BODY></HTML>\n| p/EverFocus $1 DVR http viewer/ d/media device/ cpe:/h:everfocus:$1/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Raumfeld Renderer\r\nConnection: close\r\nContent-Type: audio/x-flac\r\n| p/Raumfeld Connector audio streaming httpd/ d/media device/ cpe:/h:teufel:raumfeld_connector/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, WEBACCESS/([\w._-]+), (DIR-\w+) Ver ([\w._-]+)\r\n| p/D-Link SharePort web access/ v/$1/ i/model $2, version $3/ d/storage-misc/ o/Linux/ cpe:/a:d-link:shareport_web_access:$1/ cpe:/h:d-link:$2/ cpe:/o:linux:linux_kernel/a
|
||||
@@ -9955,7 +9957,7 @@ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r
|
||||
match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTTPD\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm="USER LOGIN"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>\nAuthorization required\.\n</BODY></HTML>\n| p/LimitlessLED smart lightbulb bridge httpd/ d/specialized/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: \d+\r\n\r\n<HTML>\n<HEAD>\n<script type="text/javascript" src="/WebLanguage\.js"></script>\n<script>\nd=document;\nd\.write\("<title>"\+Login0104\+"</title>"\);\n</script>\n<link rel="icon" href="/dlink\.ico" type="image/x-icon" />| p/D-Link DES-1100 switch http config/ d/switch/ cpe:/h:dlink:des-1100/a
|
||||
match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm="Admin"\r\n\r\nPassword Error\.| p/D-Link DP-301P+ print server httpd/ d/print server/ cpe:/h:d-link:dp-301p/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\n\r\n<SCRIPT language="javascript">\r\nvar logonInfo = new Array\(\r\n\t0,/\*\xb4\xed\xce\xf3\xc0\xe0\xd0\xcd, 0:\xce\xde\xb4\xed\xce\xf3;1:\xd3\xc3\xbb\xa7\xc3\xfb\xbb\xf2\xd5\xdf\xc3\xdc\xc2\xeb\xb4\xed\xce\xf3;2:\xb8\xc3\xd3\xc3\xbb\xa7\xb2\xbb\xd4\xca\xd0\xed\xb5\xc7\xc2\xbc;3:\xb8\xc3\xd3\xc3\xbb\xa7\xb5\xc7\xc2\xbc\xca\xfd\xd2\xd1\xc2\xfa\.;4\xb5\xc7\xc2\xbc\xd3\xc3\xbb\xa7\xca\xfd\xd2\xd1\xc2\xfa\xa3\xac\xd7\xee\xb6\xe0\xd6\xbb\xc4\xdc\xd4\xca\xd0\xed16\xb8\xf6\xd3\xc3\xbb\xa7\xcd\xac\xca\xb1\xb5\xc7\xc2\xbc;5\xd3\xc3\xbb\xa7\xbb\xe1\xbb\xb0\xb3\xac\xca\xb1\*/\r\n\t0,0\);| p/TP-LINK Easy Smart switch admin httpd/ d/switch/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\n\r\n<SCRIPT language="javascript">\r\nvar logonInfo = new Array\(\r\n\t\d,/\*\xb4\xed\xce\xf3\xc0\xe0\xd0\xcd, 0:\xce\xde\xb4\xed\xce\xf3;1:\xd3\xc3\xbb\xa7\xc3\xfb\xbb\xf2\xd5\xdf\xc3\xdc\xc2\xeb\xb4\xed\xce\xf3;2:\xb8\xc3\xd3\xc3\xbb\xa7\xb2\xbb\xd4\xca\xd0\xed\xb5\xc7\xc2\xbc;3:\xb8\xc3\xd3\xc3\xbb\xa7\xb5\xc7\xc2\xbc\xca\xfd\xd2\xd1\xc2\xfa\.;4\xb5\xc7\xc2\xbc\xd3\xc3\xbb\xa7\xca\xfd\xd2\xd1\xc2\xfa\xa3\xac\xd7\xee\xb6\xe0\xd6\xbb\xc4\xdc\xd4\xca\xd0\xed16\xb8\xf6\xd3\xc3\xbb\xa7\xcd\xac\xca\xb1\xb5\xc7\xc2\xbc;5\xd3\xc3\xbb\xa7\xbb\xe1\xbb\xb0\xb3\xac\xca\xb1\*/\r\n\t0,0\);| p/TP-LINK Easy Smart switch admin httpd/ d/switch/
|
||||
# http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
|
||||
match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nConnection: Close\r\n\r\n(?:<!-T0004->\r\n)?<HTML>\r\n<HEAD>\r\n<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="TEXT/HTML">\r\n<TITLE></TITLE>\r\n</HEAD>\r\n<BODY BGCOLOR=#FFFFFF>\r\n<SCRIPT LANGUAGE=JavaScript>\r\n\tdocument\.location\.href="system30\.htm";\r\n</script>\r\n</BODY>\r\n</HTML>| p/KCodes NetUSB http interface/ cpe:/o:kcodes:netusb/
|
||||
match http m|^HTTP/1\.0 302 Found\r\nLocation: https:///\r\nContent-Type: text/html\r\nContent-Length: 136\r\n\r\n<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="https:///">https:///</a></p></body></html>| p/Aruba AirWave httpd/ cpe:/a:arubanetworks:airwave/
|
||||
@@ -9974,8 +9976,6 @@ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: application/x-gzi
|
||||
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: siyou server\r\nTransfer-Encoding: chunked\r\n\r\n[a-f\d]+\r\n| p/D-LINK siyou httpd/ d/broadband router/
|
||||
match http m|^HTTP/1\.1 404 ERROR\r\nConnection: close\r\nContent-Length: 9\r\n\r\nNot Found$| p/Spotify spotilocal http API/
|
||||
match http m|^HTTP/1\.1 404 ERROR\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: 15\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nmissing method\n$| p/Spotify spotilocal http API/
|
||||
# version strings show up sometimes, but not reliable and not reflecting actual firmware version.
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nEtag: "\d+:[a-f\d]+"\r\nCONTENT-LENGTH: \d+\r\nCACHE-CONTROL: max-age=0\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n <title></title>| p/Amcrest IP camera http interface/ d/webcam/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nServer: httpserver\r\nData: (.* GMT)\r\nLast Modified: \1\r\n\r\n| p/Zmodo webcam http interface/ d/webcam/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: CNIX HTTP Server 1\.0\r\nContent-Type: text/html\r\nPragma:no-cache\r\nExpires:-1\r\nCache-Control:no-cache;no-store;must-revalidate\r\nTransfer-Encoding: chunked\r\n\r\n| p/Siemens LOGO! 8 PLC httpd/ d/specialized/ cpe:/h:siemens:logo8/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: -1\r\n\r\n<html>\n<head>\n<title>Redirect to Login</title>\n<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">\n<link rel="stylesheet" type="text/css" href="/style\.css">\n| p/Netgear ProSafe Gigabit Web Managed (Plus) switch httpd/ d/switch/
|
||||
@@ -10077,6 +10077,7 @@ match http m|^HTTP/1\.1 200 OK\r\nContent-Type:text/html\r\nExpires: Thu, 1 Jan
|
||||
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\nExpires:[smtwf].*\r\n\r\n<!DOCTYPE html>\n<script>\nvar g_Lan=\d+,g_level=\d+,g_year=\d+,g_title='([^']+)';| p/TP-LINK $1 switch http admin/ d/switch/ cpe:/h:tp-link:$1/a
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html\r\nCache-Control:no-cache\r\nPragma:no-cache\r\nExpires:[smtwf].*\r\n\r\n<script>\nvar logonInfo = new Array\(\n\d+,\n0,0\);\nvar g_Lan = \d+;\nvar g_year=\d\d\d\d;| p/TP-LINK switch http admin/ d/switch/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<title>replace</title>\n| p/Huawei WAP http admin/ d/WAP/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCACHE-CONTROL: no-cache\r\nDate: .*\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">\r\n<link rel="icon" type="image/icon" href="/favicon\.ico"/>\n<title>(H\w+)</title>\n| p/Huawei $1 WAP http admin/ d/WAP/ cpe:/h:huawei:$1/a
|
||||
match http m|^HTTP/1\.1 302 Object Moved\r\nLocation: /vpn/index\.html\r\n(?:Set-Cookie: NSC_[^\r\n]+\r\n)*?Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure\r\n| p/Citrix NetScaler SSL VPN/ d/security-misc/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: PDR-M800/1\.0\r\nDate: .*\r\nContent-Type: text/plain\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nTransfer-Encoding: chunked\r\n(?:Set-Cookie: CMSID=[a-f\d]+\r\n)?WWW-Authenticate: Digest realm="Control", domain="PDVR M800"| p/Sanyo M800 DVR http admin/ d/webcam/ cpe:/h:sanyo:m800/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: ENP-PSNA-WEB/([\d.]+)\r\nWWW-Authenticate: Basic realm="Welcome to PSNA Web/SNMP Agent\. Please use IE5\.0 or higher\. "\r\n| p|Emerson Network Power PSNA Web/SNMP Agent| v/$1/ d/power-misc/ cpe:/h:emersonnetworkpower:psna_web/
|
||||
@@ -10138,7 +10139,7 @@ match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .* GMT\r\nServer: darkhttpd/(\d[\w._-
|
||||
match http m%^HTTP/1\.1 401 Unauthorized\r\nServer: Aragorn\r\nWWW-Authenticate: Basic realm="(Mitel|Aastra) (\w+(?: CT)?)"\r\n% p/$1 $2 VoIP phone http admin/ d/VoIP phone/ cpe:/h:$1:$2/
|
||||
match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Digest realm="Use 'live' as User Name in order to log in to the respective level",nonce="[a-f0-9]{32}",opaque="",stale=FALSE,algorithm=MD5,qop="auth"\r\n\r\n| p/Bosch DINION IP Bullet 5000 webcam http admin/ d/webcam/ cpe:/h:bosch:ip_bullet_5000/
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Webbit\r\nDate: .* ([A-Z]+)\r\nContent-Length: 0\r\n\r\n| p/Webbit httpd/ i/time zone: $1/ cpe:/a:joewalnes:webbit/
|
||||
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\n.*<title>DD-WRT \(build (\d+)\) - Info</title>|s p/DD-WRT milli_httpd/ i/build $1/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
|
||||
match http m|^HTTP/1\.0 200 Ok\r\nContent-Type: text/html\r\nServer: httpd\r\n.*<title>[^<]* \(build (\d+)\) - Info</title>|s p/DD-WRT milli_httpd/ i/build $1/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a
|
||||
# Estos MetaDirectory, but version is not for MetaDirectory
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: ESTOS WebServer/([\d.]+)\r\n| p/Estos GMBH webserver/ v/$1/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: IP Speaker Web interface\r\nContent-type: text/html\r\nContent-length: \d+\r\nConnection: close\r\n\r\n.*<title>IP Speaker ([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})([a-f\d]{2}) at |s p/Advanced Network Devices IP Speaker web interface/ i/MAC: $1:$2:$3:$4:$5:$6/ d/media device/ cpe:/a:advanced_network_devices:ip_speaker/
|
||||
@@ -10161,7 +10162,10 @@ match http m|^HTTP/1\.0 4\d\d .*\r\nConnection: close\r\nContent-Length: \d+\r\n
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: Burp Collaborator https://burpcollaborator\.net/\r\nX-Collaborator-Version: ([\d.]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n| p/Burp Collaborator/ v/$1/ cpe:/a:portswigger:burp_suite/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: IP Webcam Server ([\d.]+)\r\nCache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0\r\nPragma: no-cache\r\nExpires: -1\r\n| p/IP Webcam Android app/ v/$1/ d/phone/ cpe:/a:com.pas:webcam:$1/
|
||||
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/
|
||||
# version strings show up sometimes, but not reliable and not reflecting actual firmware version.
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nDate: .* GMT\r\nLast-Modified: .* GMT\r\nEtag: "\d+:[a-f\d]+"\r\nCONTENT-LENGTH: \d+\r\nCACHE-CONTROL: max-age=0\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n <title></title>| p/Amcrest IP camera http interface/ d/webcam/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?(?:CACHE-CONTROL: max-age=0\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd">\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\n(?:Date: .*\r\nLast-Modified: .*\r\nEtag: "\d+:[\da-f]+"\r\n)?CONTENT-LENGTH: \d+\r\n(?:P3P: CP=CAO PSA OUR\r\n)?(?:CACHE-CONTROL: max-age=0\r\n)?CONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html(?: PUBLIC "-//W3C//DTD XHTML 1\.0 Strict//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd")?>\r\n<html> *\r\n *<head>\r\n *<title>| p/Dahua webcam httpd/ d/webcam/
|
||||
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONNECTION: close\r\nCONTENT-LENGTH: \d+\r\nCONTENT-TYPE: text/html\r\n\r\n\xef\xbb\xbf<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1\.0 Strict//EN\" \"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html> \r\n<head>\r\n<title>WEB SERVICE</title>| p/ADT Home Security web management interface/ d/security-misc/
|
||||
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /admin/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Netasq firewall http admin/ d/firewall/
|
||||
@@ -10227,7 +10231,7 @@ match http m|^HTTP/1\.1 400 \r\nContent-Type: application/json\r\nContent-Length
|
||||
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\n403 Forbidden| p/McAfee AntiVirus/ cpe:/a:mcafee:antivirus_engine/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: .*\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nContent-Type: text/xml; charset=utf-8\r\nContent-Length: \d+\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n<\?xml version="1\.0"\?>\r\n<\?xml-stylesheet type="text/xsl" href="/file/xsl/[^/>]*\.xsl"\?>\r\n| p/ClearSCADA/ v/2017/ cpe:/a:schneider_electric:scada_expert_clearscada:2017/
|
||||
match http m|^HTTP/1\.1 200 \r\nX-AREQUESTID: [\dx]+\r\n.*\n<meta name="application-name" content="JIRA" data-name="jira" data-version="([\d.]+)">|s p/Atlassian JIRA/ v/$1/ cpe:/a:atlassian:jira:$1/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[^;]*;Path=.*\r\nConnection: close\r\n\r\n\n\n\n\n\n\n\n\n\n\n\n\n\n<html>\n<head>\n\n<link href="/graycss/common_min\.css" rel="stylesheet" type="text/css">\n\n\t<title>Cyberoam SSL VPN Portal</title>| p/Cyberoam SSL VPN/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\n(?:X-Frame-Options: SAMEORIGIN\r\n)?Content-Type: text/html; charset=UTF-8\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Length: \d+\r\nSet-Cookie: JSESSIONID=[^;]*;Path=.*\r\nConnection: close\r\n\r\n\n\n\n\n\n\n\n\n\n\n\n\n\n<html>\n<head>\n\n<link href="/graycss/common_min\.css" rel="stylesheet" type="text/css">\n\n\t<title>Cyberoam SSL VPN Portal</title>| p/Cyberoam SSL VPN/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=31536000\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: .*\r\nDate: .*\r\n\r\n<!DOCTYPE html>\n<html lang="en" ng-app="portainer">| p/Portainer Docker UI/ cpe:/a:portainer:portainer/
|
||||
# ESXi 6.5.0
|
||||
match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: DENY\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01//EN" "http://www\.w3\.org/TR/html4/strict\.dtd">\n\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf8">\n <meta http-equiv="refresh" content="0;URL='/ui'"/>\n</head>\n</html>\n| p/VMware ESXi Web UI/ cpe:/o:vmware:esxi/
|
||||
@@ -10249,7 +10253,45 @@ match http m|^HTTP/1\.1 400 Invalid request\r\n| p/ThinLinc VSM xmlrpc/ cpe:/a:c
|
||||
match http m|^HTTP/1\.1 404 NOT FOUND\r\nServer: InterDialog\r\nConnection: close\r\nDate: .* India Standard Time\r\nCache-Control: private\r\nContent-Length: 14\r\nContent-type: text\r\n\r\nPage Not Found| p/Teckinfo InterDialog UCCS/ cpe:/a:teckinfo:interdialog_uccs/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: httpd/2\.0\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<HTML><HEAD><script>top\.location\.href='/Main_Login\.asp';</script>\n</HEAD></HTML>\n| p/ASUS WRT http admin/ cpe:/o:asus:wrt_firmware/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=bridgeworks[a-f\d]+; path=/\r\nDate: .*\r\nServer: Mordac/([\d.]+)\r\n| p/Bridgeworks iSCSI-to-SAS bridge http ui/ v/$1/ d/storage-misc/
|
||||
match http m|^HTTP/1\.0 302 Found\r\nLocation: /login\r\nSet-Cookie: wdcpsessionID=[a-f\d]{32};| p/WDLinux Control Panel/ cpe:/a:wdlinux:wdcp/
|
||||
match http m|^HTTP/1\.1 \d\d\d \r\nDate:[^ ].*\r\nServer:AprisaSR Web Server\r\n| p/4RF Aprisa SR smart radio httpd/ d/specialized/ cpe:/h:4rf:aprisa_sr/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: lwIP/([\d.]+) \(http://www\.sics\.se/~adam/lwip/\)\r\nContent-type: text/html\r\n\r\n<!-- Copyright \(c\) \d\d\d\d TDSi Ltd\. All rights reserved\. -->\r\n<html>\r\n<head>\r\n<meta http-equiv="content-type" content="text/html;charset=ISO-8869-1">\r\n<title>TDSi Ethernet to Serial Module</title>| p/TDSi Ethernet to Serial bridge/ i/lwIP $1/ cpe:/a:lwip_project:lwip:$1/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: CJServer/1\.1\r\nSet-Cookie: JSESSIONID=[A-F\d]+; Path=/; HttpOnly\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n\r\n\r\n\r\n\r\n<html>\r\n<body>\r\n\r\n\r\n<form action="/_common/servlet/wap/login\?null" method="post">\r\n<p>([^<]+)</p>| p/WebCTRL building automation http ui/ i/site: $1/ cpe:/a:automatedlogic:webctrl/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: CJServer/1\.1\r\nSet-Cookie: JSESSIONID=[A-F\d]+; Path=/; HttpOnly\r\n| p/WebCTRL building automation http ui/ cpe:/a:automatedlogic:webctrl/
|
||||
|
||||
match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nContent-Type: .*\r\nServer: ghs\r\n| p/Google httpd/
|
||||
match http m|^HTTP/1\.1 302 Found\r\nX-DNS-Prefetch-Control: off\r\nX-Frame-Options: SAMEORIGIN\r\n(?:Strict-Transport-Security: max-age=\d+; includeSubDomains\r\n)?X-Download-Options: noopen\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nLocation: /signin\r\nVary: Accept\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nset-cookie: connect\.sid=| p/Xen Orchestra/ i/Node.js Express middleware/ cpe:/a:nodejs:node.js/ cpe:/a:vates:xen_orchestra/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: Tektronix/WVR 7100\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n<html>\r\n\r\n<head>\r\n<title>Tektronix (W\w+) Remote Interface</title>| p/Tektronix $1 waveform monitor http ui/ cpe:/h:tektronix:$1/
|
||||
match http m|^HTTP/1\.1 403 Forbidden\r\nContent-Length: 70\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD></HEAD><BODY>Error detected by Host Server</BODY></HTML> \r\n\r\n| p/BMC MainView Explorer/ cpe:/a:bmc:mainview_explorer/
|
||||
match http m|^HTTP/1\.1 400 Bad Request\r\nCONTENT-TYPE: text/html; charset=utf-8\r\nCONTENT-LENGTH: 92\r\nCONNECTION: CLOSE\r\n\r\n<html><head><title>Server Error</title></head><body><h1>400 Bad Request\r\n</h1></body></html>| p/Bastec BAS2 building automation system http ui/ cpe:/a:bastec:bas2/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html; charset=.*\r\nDATE: .*\r\nCACHE-CONTROL: NO-CACHE\r\nTRANSFER-ENCODING: CHUNKED\r\nSET-COOKIE: SESSION_ID=[A-F\d]{16}\r\nCONNECTION: CLOSE\r\n\r\n| p/Bastec BAS2 building automation system http ui/ cpe:/a:bastec:bas2/
|
||||
match http m|^HTTP/1\.1 400 Bad Request\r\nServer: \(null\)\r\nDate: .*\r\nContent-Type: text/html\r\nContent-Length: \d\d\d\r\n| p/D-Link WAP http ui/ d/WAP/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: application/json\r\nDate: .*\r\nContent-Length: 114\r\n\r\n\{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":\["/1\.0"\]\}\n| p/LXD container manager REST API/ cpe:/a:canonical:lxd/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\n\n\n\n<!DOCTYPE html>\n<html>\n<head>\n <title>Kafka Manager</title>\n .* versions: \{[^}]*"kafka-manager":"([\d.]+)"|s p/Kafka Manager/ v/$1/ cpe:/a:yahoo:kafka_manager:$1/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nDate: .*\r\n\r\n<HTML>\r\n<BODY>\r\n<center><font size=6>Reports Server '([^']+)' \(PID: \d+, Version: ([\d.]+)\)</font></center><br>\r\n<center><font size=4>Uptime: (\d[^(]+) \(| p/UCS R-Keeper hospitality system/ v/$2/ i/uptime: $3/ h/$1/ cpe:/a:ucs:r-keeper:$2/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nContent-Length: 76\r\nAccess-Control-Allow-Headers: Content-Type\r\nAllow: POST\r\nAccess-Control-Allow-Origin: \*\r\nDate: .*\r\nConnection: close\r\n\r\n\{"jsonrpc":"2\.0","error":\{"code":-32602,"message":"Unauthorized"\},"id":null\}| p/Popcorn Time JSONRPC/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: AquaController ([\d.]+)\r\nWWW-Authenticate: Basic realm="\."\r\n| p/Neptune Systems AquaController aquarium monitor httpd/ v/$1/ d/specialized/
|
||||
match http m|^HTTP/1\.1 403 Forbidden\r\nDate: .*\r\nServer: \r\nContent-Length: 10\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\nForbidden\.| p/Proofpoint Email Protection/
|
||||
match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm="XBMC"\r\nConnection: close\r\nDate: .*\r\n\r\n| p|Kodi/XBMC http ui|
|
||||
match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n<title>(DGS-\w+)</title>\n| p/D-Link $1 http admin/ cpe:/h:d-link:$1/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: SESSIONID=-1 \r\nServer: Easy File Management Web Server v([\d.]+)\r\n| p/Easy File Management Web Server/ v/$1/ o/Windows/ cpe:/a:efs:easy_file_management_web_server:$1/ cpe:/o:microsoft:windows/a
|
||||
match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length:\d+ +\r\n\r\n\n<html>\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4\.01 Transitional//EN"> \n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=UTF8" >\n<title>VoIP</title>\n<script language="JavaScript" type="text/javascript" src='language/info_(\w+)\.js'| p/Crystalmedia VoIP adapter/ i/language: $1/ d/VoIP adapter/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Allow-Origin: http://.*\r\nDate: .*\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<!DOCTYPE html>\n<html ng-app="ts3soundboard-bot" ng-controller="base">\n<head>\n<title>SinusBot</title>| p/SinusBot TS3 bot http ui/
|
||||
match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nServer: 2wire Gateway BDC\r\n| p/AT&T 2wire Gateway router http admin/ d/broadband router/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<!DOCTYPE html> \r\n<meta http-equiv="X-UA-Compatible"/>\r\n<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />\r\n<meta name="viewport" content="width=device-width, initial-scale=1\.0, maximum-scale=1\.0, minimum-scale=1\.0, user-scalable=no"/>\r\n<html>\r\n<head>\r\n\t<meta name="author" content="Dave Jensen" />\r\n\t<meta name="keywords" content="LANDESK, Remote Control" />| p/LANDesk html5 remote management httpd/
|
||||
match http m|^HTTP/1\.1 405 Method Not Allowed\r\nAllow: OPTIONS\r\nContent-Type: application/json\r\nContent-Length: 63\r\nDate: .*\r\nConnection: close\r\n\r\n\{"code":"MethodNotAllowedError","message":"GET is not allowed"\}| p/Storj jsonrpc/
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: [aA](rgos\d+?) Server\r\nContent-type: text/html; charset=iso-8859-1\r\n\r\n<\?xml version="1\.0" encoding="iso-8859-1"\?>\n| p/Henry A$1 biometric access control/ d/security-misc/
|
||||
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: ATCOM-IP-Phone\r\nDate: \w{3} \w{3} [ \d]\d \d\d:\d\d:\d\d \d\d\d\d\r\n| p/ATCOM VoIP phone web ui/ d/VoIP phone/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n\d+;\r\n<html lang="en">\r\n<head>\r\n <meta charset="utf-8">\r\n <title>Amazon Dash: Device Info</title>| p/Amazon Dash Button http ui/
|
||||
match http m|^HTTP/1\.1 302 Found\r\nLocation: http://0\.0\.0\.0/login_security\.html\r\nContent-Length: 0\r\nServer: WebServer/1\.0 UPnP/1\.0\r\n\r\n| p/TP-LINK TD-8901N ADSL modem http admin/ d/broadband router/ cpe:/h:tp-link:td-8901n/a
|
||||
match http m|^HTTP/1\.0 307 Temporary Redirect\r\nLocation: /containers/\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html; charset=utf-8\r\n\r\n<a href="/containers/">Temporary Redirect</a>\.| p|Golang net/http server| i/Google cAdvisor/ cpe:/a:golang:go/ cpe:/a:google:cadvisor/
|
||||
# 4.1.0
|
||||
match http m|^HTTP/1\.1 301 Moved Permanently\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nLocation: http://([\w_.-]+)\.local/myconnect/\r\nX-UA-Compatible: IE=edge\r\n\r\n| p/AirStash WiFi flash drive http ui/ d/storage-misc/ h/$1/
|
||||
match http m|^HTTP/1\.1 401 Authorization Required\r\nConnection: close\r\nWWW-Authenticate: Basic realm="[A-F\d]+"\r\nContent-Type: text/html\r\n\r\n<HTML><BODY><H1>Server Requires Authentication</H1></BODY></HTML>\r\n| p/EyezOn Envisalink network module httpd/ d/security-misc/ cpe:/a:eyezon:envisalink/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1\.0 Transitional//EN" "http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\.dtd">\n<html xmlns="http://www\.w3\.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xml:lang="en" lang="en">\n <head>\n <meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n <!--\n ShellInABox| p/ShellInABox/ cpe:/a:shellinabox_project:shellinabox/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: Payara Server +([\d. ]+)(?: #badassfish)?\r\nX-Powered-By: Servlet/([\d.]+) JSP/([\d.]+) \(Payara Server.* Java/Oracle Corporation/([\d.]+)\)\r\n| p/Payara Server httpd/ v/$1/ i/Servlet $2; JSP $3; Java $4/ cpe:/a:oracle:jre:$4/ cpe:/a:payara:payara:$1/
|
||||
# Sometimes it's not Oracle Java
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: Payara Server +([\d. ]+)(?: #badassfish)?\r\nX-Powered-By: Servlet/([\d.]+) JSP/([\d.]+) \(Payara Server.* Java/([^/]+)(?: Corporation)?/([\d.]+)\)\r\n| p/Payara Server httpd/ v/$1/ i/Servlet $2; JSP $3; $4 Java $5/ cpe:/a:payara:payara:$1/
|
||||
#(insert http)
|
||||
|
||||
# APACHE
|
||||
@@ -10418,7 +10460,7 @@ match http m|^HTTP/1\.0 [345]\d\d .*\r\nDate: [^\r\n]*\r\nServer: [^\r\n]*\r\nCo
|
||||
match http m|^HTTP/1\.0 [345]\d\d .*\r\nDate: [^\r\n]*\r\nServer: [^\r\n]*\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n.*\r\n<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n<title>[^<]*</title>\n<style type="text/css"><!--\nbody \{ background-color: white; color: black; font-family: 'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; \}|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
|
||||
match http m|^HTTP/1.1 [126-9]\d\d .*\r\nServer: OpenBSD httpd\r\n|s p/OpenBSD httpd/ cpe:/a:openbsd:httpd/
|
||||
match http m|^HTTP/1\.[01] \d\d\d .*\r\nDate: .*\r\n(?:Connection: close\r\n)?Server: CE_E\r\n| p/Cisco Expressway E/ cpe:/a:cisco:expressway_software/
|
||||
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Play! Framework;([\d.]+);(\w+)\r\n| p/Play Framework/ v/$1/ i/$2/ cpe:/a:zenexity:play_framework:$1/
|
||||
match http m|^HTTP/1\.[01] \d\d\d .*\r\nServer: Play! Framework;([\d.]+);(\w+)\r\n|s p/Play Framework/ v/$1/ i/$2/ cpe:/a:zenexity:play_framework:$1/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: IBM Mobile Connect\r\n|s p/IBM Lotus Mobile Connect/ cpe:/a:ibm:lotus_mobile_connect/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Wave World Wide Web Server \(W4S\) v([\d.]+)\r\n| p/Brocade Wave httpd/ v/$1/ i/NOS REST API/ cpe:/a:brocade:wave_world_wide_web_server:$1/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: MQX HTTPSRV/[\d.]+ - Freescale Embedded Web Server v([\d.]+)\r\n| p/Freescale MQX embedded httpd/ v/$1/ o/MQX RTOS/ cpe:/o:freescale:mqx/
|
||||
@@ -10476,6 +10518,8 @@ match http m|^HTTP/1\.[01] \d\d\d (?:(?!\r\n\r\n).)*\r\nServer: Motion/([\d.]+)(
|
||||
match http m|^HTTP/1\.1 \d\d\d (?:(?!\r\n\r\n).)*\r\nServer: Simple-DNS-Plus/([\d.]+)\r\n|s p/Simple DNS Plus HTTP API/ v/$1/ cpe:/a:jh_software:simple_dns_plus:$1/
|
||||
match http m|^HTTP/1\.1 \d\d\d (?:(?!\r\n\r\n).)*\r\nServer: Vidat V7/(\d[\w._-]*) \(([^)]+)\)\r\n|s p/Vidat V7 httpd/ v/$1/ o/$2/ cpe:/a:vidat_consulting:v7:$1/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: PowerStudio v(\d[\w.]*)\r\n| p/Circutor PowerStudio/ v/$1/ cpe:/a:circutor:powerstudio:$1/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: servX\r\n| p/Hilscher servX httpd/ cpe:/a:hilscher:servx/
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nserver: WebSEAL/(\d[\w.]*)\r\n|s p/IBM WebSEAL/ v/$1/ cpe:/a:ibm:webseal:$1/
|
||||
|
||||
# Put this at the end because it's not a server, but a backend.
|
||||
match http m|^HTTP/1\.1 \d\d\d .*\r\nX-Powered-By: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n|s p/Java Servlet/ v/$1/ i/JSP $2/ cpe:/a:oracle:jsp:$2/
|
||||
@@ -10780,10 +10824,11 @@ match http-proxy m|^HTTP/1\.0 30[12] .*\r\nLocation: https?:///[^\r\n]*\r\nServe
|
||||
match http-proxy m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nEtag: "[a-f\d]{40}"\r\nContent-Type: text/html; charset=UTF-8\r\nServer: Protegrity Cloud Gateway ([\d.]+)\r\n\r\nProtegrity Cloud Gateway ([\w._-]+)<BR>| p/Protegrity Cloud Gateway/ v/$1/ h/$2/ cpe:/a:protegrity:cloud_gateway:$1/
|
||||
match http-proxy m|^HTTP/1\.1 502 Bad Gateway\r\n.*\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2\.0//EN">\r\n<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body bgcolor="white">\r\n<h1>502 Bad Gateway</h1>\r\n<p>The proxy server received an invalid response from an upstream server\. Sorry for the inconvenience\.<br/>\r\nPlease report this message and include the following information to us\.<br/>\r\nThank you very much!</p>\r\n<table>\r\n<tr>\r\n<td>URL:</td>\r\n<td>[^<]*</td>\r\n</tr>\r\n<tr>\r\n<td>Server:</td>\r\n<td>([^<]+)</td>\r\n</tr>\r\n<tr>\r\n<td>Date:</td>\r\n<td>[^<]+</td>\r\n</tr>\r\n</table>\r\n<hr/>Powered by Tengine</body>\r\n</html>\r\n$|s p/Tengine http proxy/ h/$1/ cpe:/a:alibaba:tengine/
|
||||
match http-proxy m|^HTTP/1\.0 404 Not Found\r\nServer: BigIP\r\nConnection: close\r\n| p/F5 BIG-IP load balancer/ d/load balancer/
|
||||
match http-proxy m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 53\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\nThe service is not available\. Please try again later\.$| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
|
||||
match http-proxy m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 5\d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\nThe service is not available\. Please try again later\.| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
|
||||
match http-proxy m|^HTTP/1\.0 302 Found\r\nLocation: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="[^"]+">here</a></p></body></html>| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
|
||||
match http-proxy m|^HTTP/1\.0 501 Not Implemented\r\nContent-Type: text/html\r\nContent-Length: 28\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\nThis method may not be used\.| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
|
||||
match http-proxy m|^HTTP/1\.0 501 Not Implemented\r\nContent-Type: text/html\r\nContent-Length: 2\d\r\nExpires: now\r\nPragma: no-cache\r\nCache-control: no-cache,no-store\r\n\r\nThis method may not be used\.| p/Pound http reverse proxy/ cpe:/a:apsis:pound/
|
||||
match http-proxy m|^HTTP/1\.0 403 Forbidden\r\nConnection: close\r\nContent-Length: 51\r\nContent-type: text/html\r\n\r\nAccess denied: authentication configuration missing| p/Smoothwall http proxy/ d/firewall/ cpe:/o:smoothwall:smoothwall/
|
||||
match http-proxy m|^HTTP/1\.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm="Hola Unblocker"\r\nDate: .*\r\nConnection: close\r\n\r\n| p/Hola Unblocker http proxy/
|
||||
|
||||
match http-proxy m|^HTTP/1\.0 200 OK\r\n\r\n$| p/sslstrip/
|
||||
|
||||
@@ -11385,6 +11430,7 @@ match upnp m=^HTTP/1\.1 200 OK\r.*\nS(?:erver|ERVER): Mac_OS_X-([^-]+)-(\d.[\w._
|
||||
match upnp m|^HTTP/1\.1 412 Failed\r\nServer: WINDOWS UPnP/([\d.]+) Intel MicroStack/([\d.]+)\r\nContent-Length: 0\r\n\r\n| p/Intel Developer Tools for UPnP upnpd/ v/$2/ i/UPnP $1/ o/Windows/ cpe:/a:intel:developer_tools_for_upnp:$2/ cpe:/o:microsoft:windows/a
|
||||
match upnp m|^HTTP/1\.1 200 OK\r\nDate: Sun, 31 Jul 2016 13:02:01 GMT\r\nServer: Linux/([ix][\w_]+) UPnP/([\d.]+) SST/1\.0 /\r\n| p/LG SST Device upnpd/ i/UPnP $2; arch: $1/
|
||||
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDLNADeviceName\.lge\.com: %5bLG%5d%20webOS%20TV%20([\w-]+)\r\nDate: .*\r\nServer: Linux/i686 UPnP/([\d,.]+) DLNADOC/([\d.]+) LGE WebOS TV/Version ([\d.]+)\r\n| p/LG WebOS TV upnpd/ i/model: $1; WebOS $4; UPnP $SUBST(2,",","."); DLNADOC $3/ d/media device/ o/Linux/ cpe:/h:lg:$1/ cpe:/o:linux:linux_kernel/a
|
||||
match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Neptune/([\d.]+)\r\nDLNADeviceName\.lge\.com: %5bTV%5d%5bLG%5d([\w-]+)\r\n| p/Platinum upnpd/ i/LG TV model: $2; Neptune $1/ d/media device/ o/Linux/ cpe:/a:plutinosoft:neptune:$1/ cpe:/a:plutinosoft:platinum/ cpe:/h:lg:$2/ cpe:/o:linux:linux_kernel/a
|
||||
match upnp m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/xml; charset="utf-8"\r\nServer: Mac OS X, UPnP/([\d.]+), Elgato EyeConnect/([\d.]+)\r\n\r\n<\?xml version="1\.0" encoding="utf-8"\?>\n.*<friendlyName>EyeConnect \(([\w._-]+)\)</friendlyName>|s p/Elgato EyeConnect media server upnpd/ v/$2/ i/UPnP $1/ o/OS X/ h/$3/ cpe:/a:elgato:eyeconnect:$2/ cpe:/o:apple:mac_os_x/a
|
||||
match upnp m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml\r\nDate: [^\r\n]*\r\nExpires: [^\r\n]*\r\nLast-Modified: [^\r\n]*\r\nPragma: no-cache\r\nServer: WebServer/1\.0 UPnP/([\d.]+)\r\n\r\n<\?xml version="1\.0"\?>\n.*<manufacturer>ZTE</manufacturer>\n.*<modelName>([^<]+)</modelName>|s p/ZTE $2 router upnpd/ i/UPnP $1/ d/broadband router/ cpe:/h:zte:$2/a
|
||||
match upnp m|^HTTP/1\.0 500 Internal Server Error\r\nSERVER: Unspecified, UPnP/([\d.]+), SoftAtHome\r\n| p/SoftAtHome upnpd/ i/UPnP $1/
|
||||
@@ -11676,7 +11722,7 @@ match http m|^HTTP/1\.1 302 Found\r\nLocation: https?:///home\.htm\r\nContent-Le
|
||||
match http m|^HTTP/1\.0 400\r\nContent-Type: text/html\r\n\r\n<hr><pre><font size=\+2><b>\nError\. Unsupported method\.\n</b></font>| p/Small Home Server httpd/ o/Windows/ cpe:/o:microsoft:windows/a
|
||||
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request \(ERR_INVALID_REQ\)</TITLE></HEAD><BODY><H1>400 Bad Request</H1><BR>ERR_INVALID_REQ<HR><B>AR7 Webserver</B>| p/AR7 embedded httpd/
|
||||
match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>400 Bad Request \(ERR_INVALID_REQ\)</TITLE></HEAD><BODY><H1>400 Bad Request</H1><BR>ERR_INVALID_REQ<HR><B>Webserver</B>| p/AVM FRITZ!Box WLAN 7170 WAP http config/ d/WAP/
|
||||
match http m|^HTTP/0\.0 200 OK\nPragma: no-cache\nContent-Type: text/html; charset=iso-8859-1\nContent-Length: 63\n\n<html><body>ERROR ERR_INVALID_REQ<hr>Bad Request</body></html>\n| p/AVM FRITZ!Box 7300-series WAP http config/ d/WAP/
|
||||
match http m|^HTTP/[10]\.0 200 OK\nPragma: no-cache\nContent-Type: text/html; charset=iso-8859-1\nContent-Length: 63\n\n<html><body>ERROR ERR_INVALID_REQ<hr>Bad Request</body></html>\n| p/AVM FRITZ!Box 7300-series WAP http config/ d/WAP/
|
||||
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nServer: Cisco AWARE ([\w._-]+)\r\n| p/Cisco ASA AWARE http config/ v/$1/ d/firewall/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nx-responding-server: ([\w._-]+)\r\nX-dmUser: (.*)\r\nMS-Author-Via: DAV\r\n| p/CrushFTP DAV httpd/ i/User $2/ h/$1/ cpe:/a:crushftp:crushftp/
|
||||
@@ -11743,6 +11789,8 @@ match http m|^HTTP/1\.1 400 Page not found\r\nServer: Go[aA]head(?:-Webs)?/([\d.
|
||||
match http m|^HTTP/1\.1 200 OK\r\n(?:connection: .*\r\n)?(?:content-length: \d+\r\n)?content-type: text/html(?:; charset=UTF-8)?\r\n(?:transfer-encoding: .*\r\n)?\r\n| p/ocaml-cohttp/ cpe:/a:mirageos:ocaml-cohttp/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nServer: AvigilonOnvifNvt/([\d.]+)\r\n| p/Avigilon webcam ONVIF NVT/ v/$1/ d/webcam/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nHTTP/1\.1\r\nServer: Loxone Miniserver ([\w._-]+)/([\d.]+) UPnP/([\d.]+)\r\n| p/Loxone Miniserver home automation httpd/ v/$2/ i/name: $1; UPnP $3/ d/specialized/
|
||||
match http m|^HTTP/1\.0 204 \r\ncontent-type: text/html\r\ncontent-length: 0\r\n\r\n| p/Tablo Network TV tuner/ d/media device/
|
||||
match http m|^HTTP/1\.1 501 Method Not Implemented\r\nContent-Type: text/plain\r\nContent-Length: 12\r\n\r\nError: 501\r\n| p/Televes CoaxData coax-to-Ethernet bridge/ d/bridge/
|
||||
|
||||
match http-proxy m|^HTTP/1\.1 503 Service Unavailable\r\ndate: .*\r\nconnection: close\r\n\r\n<html><body><pre><h1>Service unavailable</h1></pre></body></html>\n| p/HTTP Replicator proxy/
|
||||
match http-proxy m|^HTTP/1\.1 400 Bad Request\r\n.*This is a WebSEAL error message template file\.|s p/IBM WebSEAL reverse http proxy/ d/proxy server/
|
||||
@@ -11776,7 +11824,7 @@ match upnp m|^HTTP/1\.1 501 Not Implemented\r\nContent-Type: text/html\r\nConnec
|
||||
|
||||
match vnc-http m|^HTTP/1\.1 200\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nSet-Cookie: UBRWID=[A-F0-9]+\r\nAccess-Control-Allow-Origin: \*\r\nConnection: Keep-Alive\r\n\r\n\xef\xbb\xbf<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<title>ThinVNC</title>\r\n| p/ThinVNC/
|
||||
|
||||
match webdav m|^HTTP/1\.1 200 OK\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=[^;]+; path=/\r\nPragma: no-cache\r\nx-responding-server: ([\w._-]+)\r\nX-dmUser: username\r\nMS-Author-Via: DAV\r\nAllow: GET, HEAD, OPTIONS, PUT, POST, COPY, PROPFIND, DELETE, LOCK, MKCOL, MOVE, PROPPATCH, UNLOCK, ACL, TRACE\r\nDAV: 1,2, access-control, <http://apache\.org/dav/propset/fs/1>\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/CrushFTP httpd/ h/$1/ cpe:/a:crushftp:crushftp/
|
||||
match webdav m|^HTTP/1\.1 200 OK\r\nSet-Cookie: mainServerInstance=; path=/(?:; secure)?\r\n(?:Set-Cookie: currentAuth=[^;]*; path=/(?:; secure)?\r\n)?Set-Cookie: CrushAuth=[^;]+; path=/(?:; secure; HttpOnly)?\r\nPragma: no-cache\r\nx-responding-server: ([\w._-]+)\r\nX-dmUser: username\r\nMS-Author-Via: DAV\r\nAllow: | p/CrushFTP httpd/ h/$1/ cpe:/a:crushftp:crushftp/
|
||||
match webdav m|^HTTP/1\.1 200 OK\r\n.*Server: cPanel\r\nPersistent-Auth: false\r\nCache-Control: no-cache[^\r\n]*\r\nConnection: Keep-Alive\r\nVary: Accept-Encoding\r\nAllow: [A-Z, ]+\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nDAV: 1, 2\r\nKeep-Alive: timeout=15, max=96\r\nMS-Author-Via: DAV\r\n\r\n|s p/cPanel webdav/ o/Linux/ cpe:/o:linux:linux_kernel/a
|
||||
|
||||
softmatch caldav m|^HTTP/1\.[01] 200 OK\r\n.*DAV: [^\r\n]*calendar.*\r\nAllow:|s
|
||||
@@ -13396,7 +13444,7 @@ match afarianotify m|^\0\0\x017<AfariaNotify version=\"([\w._-]+)\"><Client name
|
||||
|
||||
match ajp13 m|^\0\0\0\x01\0\x0cUnauthorized| p/Oracle Containers for J2EE/ i/unauthorized/ cpe:/a:oracle:containers_for_j2ee/
|
||||
|
||||
match bmc-tmart m=^\x15uBMC TM ART Version ([\w._-]+, Build \d+ from [\d-]+), Copyright \? [\d-]+ BMC Software, Inc\. \| All Rights Reserved\.= p/BMC Transaction Management Application Response Time/ v/$1/
|
||||
match bmc-tmart m=^\x15uBMC TM ART Version ([\w._-]+, Build \d+ from [\d-]+), Copyright \? [\d-]+ BMC Software, Inc\. \| All Rights Reserved\.= p/BMC Transaction Management Application Response Time/ v/$1/ cpe:/a:bmc:transaction_management_application_response_time:$1/
|
||||
|
||||
match brassmonkey m|^\x08\0\0\0\0\0\x08\x01\0\0\t\0$| p/Brass Monkey controller service/
|
||||
|
||||
@@ -13859,6 +13907,7 @@ match X11 m|^\x01\0\x0b\0\0.....\0\0\0\0.*The X\.Org Group\0|s p|Xvnc X11/VNC pr
|
||||
match X11 m|^\x01\0\x0b\0\0......\0\0\0.*Moba/X\0|s p/MobaXterm/ o/Windows/ cpe:/a:mobatek:mobaxterm/ cpe:/o:microsoft:windows/a
|
||||
|
||||
match X11 m|^\x01\0\x0b\0\0\0\x4C\0\xA0\xE0\x63\x02\0\0| i/open/
|
||||
softmatch X11 m|^\x01\0\x0b\0\0......\0\0\0.|s
|
||||
|
||||
match xfs m|^\0\0\x02\0\0\0\x01\0\x04\0\0\0\0\r([\w._-]+):\d+\0\x07\0\0\0\0 \x10\0,\x1a\0\0X\.Org Foundation\x01\n\x01\0\x05\0\0\0\xe6\xbf\xc0\xb5\0\0\0\0\0\0\0\0$| p/X.Org xfs font server/ h/$1/ cpe:/a:x:x.org_x11/
|
||||
|
||||
@@ -13947,6 +13996,7 @@ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nCache-Contro
|
||||
match http m|^HTTP/1\.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 188\r\nContent-Type: text/html\r\n\r\n<P align=\"center\"><STRONG><FONT color=\"#ff3333\">GSCSERVER DEFAULT HANDLER - FILE NOT FOUND</P><BR><P align=\"center\">REQUESTED FILE = nice%20ports%2C/tri%6eity\.txt%2ebak</FONT></STRONG></P>$| p/Geutebrueck GeViControl video surveillance http admin/ d/security-misc/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nServer: Apache\r\nContent-Length: 43\r\n\r\n<h3>No site configured at this address</h3>$| p/Metasploit reverse_http stager/
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\n.*Expires: Thu, 01-Jan-1970 00:00:00 GMT\r\n.*<title>VMware vCloud Director</title>|s p/VMware vCloud Director/ cpe:/a:vmware:vcloud_director/
|
||||
match http m|^HTTP/1\.1 404 [^\r\n]*\r\nContent-Type: text/html;charset=.*<h3>Apache Tomcat/([\d.]+)</h3></body></html>$|s p/Apache Tomcat/ v/$1/ cpe:/a:apache:tomcat:$1/a
|
||||
match http m|^HTTP/1\.1 404 /nice%20ports%2C/Tri%6Eity\.txt%2ebak\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: wifi-security-server\r\n\r\n<html><head><title>Apache Tomcat - Error report</title>| p/Apache Tomcat/ cpe:/a:apache:tomcat/a
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: LG ROAP Server\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache, must-revalidate\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: application/atom\+xml; charset=utf-8\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?><envelope><ROAPError>401</ROAPError><ROAPErrorDetail>Unauthorized</ROAPErrorDetail></envelope>$| p/LG Smart TV Rights Object Acquisition Protocol/ d/media device/
|
||||
match http m|^HTTP/1\.1 200 OK\r.*\nX-Powered-By: (Servlet/[\d.]+ JSP/[\d.]+) \(Oracle GlassFish Server ([\d.]+) Java/Oracle Corporation/([\d.]+)\)\r.*\nX-Powered-By: (JSF/[\d.]+)\r\n|s p/Oracle GlassFish application server/ v/$2/ i|$1 $4 Java/$3| cpe:/a:oracle:glassfish_server:$2/
|
||||
@@ -13962,7 +14012,7 @@ match http m|^HTTP/1\.1 503 DNS error for hostname nice%20ports%2C: Name or serv
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\r\n<head>\r\n<title>(SPA\d\d\d[\w._-]*) Configuration Utility</title>| p/Cisco $1 http config/ d/VoIP phone/ cpe:/h:cisco:$1/a
|
||||
match http m|^HTTP/1\.0 \d\d\d \r\n.*\r\nserver: CubeCoders-McMyAdmin/IAWS\r\n.*<p id=\"verinfo\">McMyAdmin Enterprise - Web Backend v([\d.]+)</p>|s p/CubeCoders McMyAdmin Enterprise Minecraft control panel/ v/$1/
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/plain\r\nDate: .*\r\nConnection: close\r\n\r\nCannot GET /nice%20ports%2C/Tri%6Eity\.txt%2ebak| p/Express.js httpd/
|
||||
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nCACHE-CONTROL: no-cache\r\nContent-Length: 257\r\n\r\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<title>replace</title>\n<body>\n<script language=\"JavaScript\" type=\"text/javascript\">\nvar pageName = '/';\nwindow\.location\.replace\(pageName\);\n</script>\n</head>\n</body>\n</html>\n| p/Huawei E5172 router http admin/ d/broadband router/ cpe:/h:huawei:e5172/a
|
||||
match http m|^HTTP/1\.1 200 OK\r\nDate: .* GMT\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nCACHE-CONTROL: no-cache\r\nContent-Length: \d+\r\n\r\n<html>\n<head>\n<[Mm][Ee][Tt][Aa] http-equiv=\"Content-Type\" content=\"text/html; charset=[Uu][Tt][Ff]-8\"(?: /)?>\r?\n<title>replace</title>\n<body>\n<script language=\"JavaScript\" type=\"text/javascript\">\nvar pageName = '/';\n| p/Huawei router http admin/ d/broadband router/
|
||||
match http m|^HTTP/1\.1 401 Unauthorized\r\nAccept-Ranges: bytes\r\nContent-Length: 0\r\nWww-Authenticate: Basic realm="([^"]+)"\r\nSet-Cookie: com\.apple\.servermgrd=.*\r\nDate: .*\r\n\r\n| p/Apple Server Admin/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a
|
||||
# FIXME: wrong cpe?
|
||||
match http m|^HTTP/1\.1 404 /nice%20ports%2C/Tri%6Eity\.txt%2ebak\r\nX-FRAME-OPTIONS: SAMEORIGIN\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: DSM\r\n\r\n<html><head><title>JBoss Web/([\w._-]+) - JBWEB000064: Error report</title>| p/JBoss Web/ v/$1/ i/Vormetric Data Security Manager/ d/security-misc/ cpe:/a:redhat:jboss_enterprise_web_platform:$1/ cpe:/h:vormetric:data_security_manager/
|
||||
@@ -13970,6 +14020,7 @@ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/plain; charset=utf-8
|
||||
# hp2530
|
||||
match http m|^HTTP/1\.0 200 OK\r\nServer: eHTTP v([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n| p/eHTTP/ v/$1/ i/HP switch http config/ d/switch/ cpe:/a:ehttp:ehttp:$1/
|
||||
match http m|^HTTP/1\.1 404 Not Found\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n<html>\n <head>\n <title>Cisco SPA Configuration</title>\r\n| p/Cisco SPA IP phone http config/ d/VoIP phone/
|
||||
match http m|^HTTP/1\.0 302 Moved Temporarily\r\nLocation: \.\./index\.html\r\nServer: NET-DK/([\d.]+)\r\nDate: .*\r\nConnection: close\r\nSet-Cookie: sessionToken=\d+; path=/;\r\n\r\n| p/NET-DK httpd/ v/$1/ i/Compal CH7465LG-ZG cable modem/ d/broadband router/ cpe:/h:compal:ch7465lg-zg/a
|
||||
|
||||
match http m|^HTTP/1\.0 404 Not Found\r\n(?:(?!</head>).)*<style>\nbody \{ background-color: #fcfcfc; color: #333333; margin: 0; padding:0; \}\nh1 \{ font-size: 1\.5em; font-weight: normal; background-color: #9999cc; min-height:2em; line-height:2em; border-bottom: 1px inset black; margin: 0; \}\nh1, p \{ padding-left: 10px; \}\ncode\.url \{ background-color: #eeeeee; font-family:monospace; padding:0 2px;\}\n</style>|s p/PHP cli server/ v/5.5 or later/ cpe:/a:php:php/
|
||||
match http m|^HTTP/1\.0 404 Not Found\r\n(?:(?!</head>).)*<style>\nbody \{ background-color: #ffffff; color: #000000; \}\nh1 \{ font-family: sans-serif; font-size: 150%; background-color: #9999cc; font-weight: bold; color: #000000; margin-top: 0;\}\n</style>|s p/PHP cli server/ v/5.4/ cpe:/a:php:php:5.4/
|
||||
@@ -14267,7 +14318,8 @@ match ssl/http m|^HTTP/1\.1 501 Not Implemented\r\nConnection: close\r\nServer:
|
||||
# The SIPOptionsProbe can trigger a response out of psyBNC
|
||||
match irc-proxy m|^Login failed\. Disconnecting\.\r\n$| p/psyBNC/ i/Login Failed/
|
||||
|
||||
match upnp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: UPnP/([\w._-]+), DLNADOC/([\w._-]+), Platinum/([\w._-]+)\r\n\r\n| p/XBMC UPnP/ i/Platinum $3; DLNADOC $2; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/
|
||||
match upnp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: UPnP/([\w._-]+), DLNADOC/([\w._-]+), Platinum/([\w._-]+)\r\n\r\n| p/Platinum upnpd/ v/$3/ i/XBMC; DLNADOC $2; UPnP $1/ o/Linux/ cpe:/a:plutinosoft:platinum:$3/ cpe:/o:linux:linux_kernel/
|
||||
match upnp m|^HTTP/1\.1 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nServer: Linux/(\w+) UPnP/([\d.]+) DLNADOC/([\d.]+) Platinum/([\d.]+)\r\n\r\n| p/Platinum unpnd/ v/$4/ i/arch: $1; UPnP $2; DLNADOC $3/ o/Linux/ cpe:/a:plutinosoft:platinum:$4/ cpe:/o:linux:linux_kernel/a
|
||||
match upnp m|^HTTP/1\.1 501 Unimplemented\r\nServer: unspecified, UPnP/([\w._-]+), unspecified\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/Cisco-Linksys E4200 WAP upnpd/ i/UPnP $1/ cpe:/h:cisco:e4200/
|
||||
|
||||
# TODO: enumerate version differences between these two?
|
||||
@@ -15380,8 +15432,10 @@ Probe TCP informix q|\0\x94\x01\x3c\0\0\0\x64\0\x65\0\0\0\x3d\0\x06IEEEM\0\0lsql
|
||||
rarity 8
|
||||
ports 1526,9088-9100
|
||||
|
||||
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([A-Z]\:[^/]*)\0\0t\0\x08\x01Y\0\x06\x01Y\0\0\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ o/Windows/ h/$1/ cpe:/a:ibm:informix_dynamic_server:11.50/ cpe:/o:microsoft:windows/a
|
||||
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([^\\]*)\0\0t\0\x08\0\0\x03\xe9\0\0\x03\xe9\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ h/$1/ cpe:/a:ibm:informix_dynamic_server:11.50/
|
||||
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.-]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([A-Z]\:[^/]*)\0\0t\0\x08\x01Y\0\x06\x01Y\0\0\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ o/Windows/ h/$1/ cpe:/a:ibm:informix_dynamic_server:11.50/ cpe:/o:microsoft:windows/a
|
||||
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.-]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([^\\]*)\0\0t\0\x08\0\0\x03\xe9\0\0\x03\xe9\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ h/$1/ cpe:/a:ibm:informix_dynamic_server:11.50/
|
||||
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.-]+\0k\0\0\0\0\0\x03..\0\0\0\0\0.([^\0]+)\0\0.[^\0]*\0\0.([A-Z]\:[^/]*)\0| p/Informix Dynamic Server/ i/Path: $2/ o/Windows/ h/$1/ cpe:/a:ibm:informix_dynamic_server/ cpe:/o:microsoft:windows/a
|
||||
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.-]+\0k\0\0\0\0\0\x03..\0\0\0\0\0.([^\0]+)\0\0.[^\0]*\0\0.([^\\]*)\0| p/Informix Dynamic Server/ i/Path: $2/ h/$1/ cpe:/a:ibm:informix_dynamic_server/
|
||||
|
||||
##############################NEXT PROBE##############################
|
||||
# The DRDA protocol is used by both Informix and DB2
|
||||
|
||||
Reference in New Issue
Block a user