From cd3d4eb3dd2867a2a10961f656cd987618035323 Mon Sep 17 00:00:00 2001
From: doug <doug@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 4 Feb 2009 02:10:53 +0000
Subject: [PATCH] New SSH submissions from nmapsubmit-svfp-020309.mbx

Made some of the OpenSSH lines more general to cover more of the combinations of patchsets distros use
---
 nmap-service-probes | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/nmap-service-probes b/nmap-service-probes
index 8d9aa0733..c685ec8ab 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -1943,6 +1943,7 @@ match ssh m|^SSH-([\d.]+)-([\w.]+) VShell\r?\n| p/VanDyke VShell/ v/$2/ i/protoc
 match ssh m|^SSH-([\d.]+)-([\w.]+) \(beta\) VShell\r?\n| p/VanDyke VShell/ v/$2 beta/ i/protocol $1/
 match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD (\d[-.\w]+)\r?\n/ p/Bitvise WinSSHD/ v/$3/ i/sshlib $2; protocol $1/ o/Windows/
 match ssh m/^SSH-([.\d]+)-(\d[-.\w]+) sshlib: WinSSHD\r?\n/ p/Bitvise WinSSHD/ i/sshlib $2; protocol $1; server version hidden/ o/Windows/
+match ssh m|^SSH-([.\d]+)-([\w-_.]+) FlowSsh: WinSSHD ([\w-_.]+)\r\n| p/Bitvise WinSSHD/ i/FlowSsh $2; protocol $1/ v/$3/ o/Windows/
 # Cisco VPN 3000 Concentrator
 # Cisco VPN Concentrator 3005 - Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.B Jun 20 2003
 match ssh m/^SSH-([.\d]+)-OpenSSH\r?\n$/ p/OpenSSH/ i/protocol $1/ d/terminal server/
@@ -1997,6 +1998,10 @@ match ssh m|^SSH-([.\d]+)-paramiko_([\w-_.]+)\r?\n| p/Paramiko Python sshd/ v/$2
 match ssh m|^SSH-([\d.]+)-USHA SSHv([\w-_.]+)\r?\n| p/ConnectUPS SNMP card sshd/ v/$2/ i/protocol $1/ d/remote management/
 match ssh m|^SSH-2\.0-SSH_0\.2\r?\n$| p/3com WAP sshd/ d/WAP/ v/0.2/ i/protocol 2.0/
 match ssh m|^SSH-([\d.]+)-CoreFTP-([\w-_.]+)\r?\n| p/CoreFTP sshd/ v/$2/ i/protocol $1/
+match ssh m|^SSH-([\d.]+)-RomSShell_([\w-_.]+)\r\n| p/AllegroSoft RomSShell sshd/ v/$2/ i/protocol $1/
+match ssh m|^SSH-([\d.]+)-IFT SSH server BUILD_VER\n| p/Sun StorEdge 3511 sshd/ i/IFT SSH/ d/storage-misc/
+match ssh m|^Could not load host key\. Closing connection\.\.\.$| p/Cisco switch sshd/ i/misconfigured/ o/IOS/ d/switch/
+match ssh m|^SSH-([\d.]+)-WS_FTP-SSH_([\w-_.]+)\r\n| p/WS_FTP sshd/ i/protocol $1/ v/$2/ o/Windows/
 
 # These are strange ones. These routers pretend to be OpenSSH, but don't do it that well (see the \r):
 match ssh m|^SSH-2\.0-OpenSSH\r?\n| p/Linksys WRT45G modified dropbear sshd/ i/protocol 2.0/ d/router/
@@ -2006,6 +2011,7 @@ match ssh m|^SSH-2\.0-OpenSSH_3\.6p1\r?\n| p|D-Link/Netgear DSL router modified
 match ssh m|^SSH-([\d.]+)-([\d.]+) F-Secure SSH Windows NT Server\r?\n| p/F-Secure WinNT sshd/ v/$2/ i/protocol $1/ o/Windows/
 match ssh m|^SSH-([\d.]+)-([\d.]+) dss F-SECURE SSH\r?\n| p/F-Secure sshd/ v/$2/ i/dss-only; protocol $1/
 match ssh m|^SSH-([\d.]+)-([\d.]+) F-SECURE SSH.*\r?\n| p/F-Secure sshd/ v/$2/ i/protocol $1/
+match ssh m|^SSH-([\d.]+)-ReflectionForSecureIT_([-\w_.]+) - Process Software MultiNet\r\n| p/WRQ Reflection for Secure IT sshd/ v/$2/ i/OpenVMS MultiNet; protocol $1/ o/OpenVMS/
 match ssh m|^SSH-([\d.]+)-ReflectionForSecureIT_([-\w_.]+)\r?\n| p/WRQ Reflection for Secure IT sshd/ v/$2/ i/protocol $1/
 
 # SCS
@@ -2019,20 +2025,22 @@ match ssh m|^sshd2\[\d+\]: .*\r\nSSH-(\d[\d.]+)-(\d[-.\w]+) SSH Secure Shell \((
 match ssh m/^SSH-([.\d]+)-(\d+\.\d+\.[-.\w]+)/ p/SCS sshd/ v/$2/ i/protocol $1/
 
 # OpenSSH
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) Debian-(\S*maemo\S*)\r?\n| p/OpenSSH/ v/$2 Debian $1/ i/Nokia Maemo tablet; protocol $1/ o/Linux/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)[ -]Debian[ -]([^\r\n]ubuntu[\d.]+)\r?\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol $1/ o/Linux/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)[ -]{1,2}Debian[ -]([^\r\n]+)\r?\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol $1/ o/Linux/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) FreeBSD-([\d]+)\r?\n| p/OpenSSH/ v/$2/ i/FreeBSD $3; protocol $1/ o/FreeBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) FreeBSD localisations (\d+)\r?\n| p/OpenSSH/ v/$2/ i/FreeBSD $3; protocol $1/ o/FreeBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([-\w.]+) FreeBSD-openssh-portable-([\w.,]+)\r?\n| p/OpenSSH/ v/$2/ i/protocol $1/ o/FreeBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([-\w.]+) FreeBSD-openssh-portable-overwrite-base| p/OpenSSH/ v/$2/ i/protocol $1; overwrite base SSH/ o/FreeBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([-\w.]+) FreeBSD-openssh-gssapi-| p/OpenSSH/ v/$2/ i/gssapi; protocol $1/ o/FreeBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) miniBSD-([\d]+)\r?\n| p/OpenSSH/ v/$2/ i/MiniBSD $3; protocol $1/ o/MiniBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) NetBSD_Secure_Shell-([\d]+)\r?\n| p/OpenSSH/ v/$2/ i/NetBSD $3; protocol $1/ o/NetBSD/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)_Mikrotik_v([\d.]+)\r?\n| p/OpenSSH/ v/$2 mikrotik $3/ i/protocol $1/ d/router/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) in RemotelyAnywhere ([\d.]+)\r?\n| p/OpenSSH/ v/$2/ i/RemotelyAnywhere $3; protocol $1/ o/Windows/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)\+CAN-2004-0175\r?\n| p/OpenSSH/ v/$2+CAN-2004-0175/ i/protocol $1/
-match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+) NCSA_GSSAPI_20040818 KRB5\r?\n| p/OpenSSH/ v/$2 NCSA_GSSAPI_20040818 KRB5/ i/protocol $1/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) Debian-(\S*maemo\S*)\r?\n| p/OpenSSH/ v/$2 Debian $1/ i/Nokia Maemo tablet; protocol $1/ o/Linux/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+)[ -]Debian[ -_]([^\r\n]ubuntu[\d.]+)\r?\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol $1/ o/Linux/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+)[ -]{1,2}Debian[ -_]([^\r\n]+)\r?\n| p/OpenSSH/ v/$2 Debian $3/ i/protocol $1/ o/Linux/
+match ssh m|^SSH-([\d.]+)-OpenSSH_[\w.]+-FC-([\w-.]+)\.fc(\d+)\r\n| p/OpenSSH/ v/$2 Fedora/ i/Fedora Core $3; protocol $1/ o/Linux/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) FreeBSD-([\d]+)\r?\n| p/OpenSSH/ v/$2/ i/FreeBSD $3; protocol $1/ o/FreeBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) FreeBSD localisations (\d+)\r?\n| p/OpenSSH/ v/$2/ i/FreeBSD $3; protocol $1/ o/FreeBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) FreeBSD-openssh-portable-([\w.,]+)\r?\n| p/OpenSSH/ v/$2/ i/protocol $1/ o/FreeBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) FreeBSD-openssh-portable-overwrite-base| p/OpenSSH/ v/$2/ i/protocol $1; overwrite base SSH/ o/FreeBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) FreeBSD-openssh-gssapi-| p/OpenSSH/ v/$2/ i/gssapi; protocol $1/ o/FreeBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) FreeBSD\n| p/OpenSSH/ v/$2/ i/protocol $1/ o/FreeBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) miniBSD-([\d]+)\r?\n| p/OpenSSH/ v/$2/ i/MiniBSD $3; protocol $1/ o/MiniBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) NetBSD_Secure_Shell-([\w-_.]+)\r?\n| p/OpenSSH/ v/$2/ i/NetBSD $3; protocol $1/ o/NetBSD/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-.]+)_Mikrotik_v([\d.]+)\r?\n| p/OpenSSH/ v/$2 mikrotik $3/ i/protocol $1/ d/router/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) in RemotelyAnywhere ([\d.]+)\r?\n| p/OpenSSH/ v/$2/ i/RemotelyAnywhere $3; protocol $1/ o/Windows/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+)\+CAN-2004-0175\r?\n| p/OpenSSH/ v/$2+CAN-2004-0175/ i/protocol $1/
+match ssh m|^SSH-([\d.]+)-OpenSSH_([\w-_.]+) NCSA_GSSAPI_20040818 KRB5\r?\n| p/OpenSSH/ v/$2 NCSA_GSSAPI_20040818 KRB5/ i/protocol $1/
 match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+)-(hpn[\dv]+)\r?\n| p/OpenSSH/ v/$2-$3/ i/protocol $1/
 match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+\+sftpfilecontrol-v[\d.]+-hpn\w+)\r?\n| p/OpenSSH/ v/$2/ i/protocol $1/
 match ssh m|^SSH-([\d.]+)-OpenSSH_([\w.]+-hpn) NCSA_GSSAPI_\d+ KRB5\r?\n| p/OpenSSH/ v/$2/ i/protocol $1; kerberos support/
@@ -2608,6 +2616,7 @@ match telnet m|^Sorry, already connected\.\r\n$| p|Slirp PPP/SLIP-on-terminal em
 match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfb\x01\xff\xfb\x03\r\nCopperJet ([\w-_.]+) RouterPlus .*\r\nFirmware version: ([\w-_. ]+)\r\nAllied Data Technologies\r\n\r\nPlease login: | p/Allied Data CopperJet $1 telnetd/ v/$2/ d/broadband router/
 match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03ASUS500ROUTER login: | p/ASUS WL-500g WAP telnetd/ d/WAP/
 match telnet m|^\n\rMordor MUD\n\r  Mordor v([\w-_.]+)\n\rProgrammed by:\n\r  Brooke Paul, Paul Telford & John P\. Freeman\n\r| p/Mordor MUD telnetd/ v/$1/
+match telnet m|^\xff\xfd\x01\xff\xfd\x1f\xff\xfd!\xff\xfb\x01\xff\xfb\x03.*Firmware Version: ([\w-_.]+)\r\n\rBuilt: .*\r\n\rOA Bay Number:  \d+ \r\n\rOA Role: .*\r\n\r([\w-_.]+) login:|s p/HP BladeSystem Onboard Administrator telnetd/ i/FW $1/ h/$2/ d/remote management/
 
 match telnet-proxy m|^nodnsquery/[\d.]+ is not authorized to use the telnet proxy\r\n| p/Gauntlet telnet proxy/
 match telnet-proxy m|^Eingabe Servername\[:Port\] : | p/JanaServer telnet proxy/ i/German/