Service Location Protocol version 2 specified by RFC 2608. Partially
implemented by srvloc.lua library. Probe checks for
service:service-agent, which should be implemented by all Service Agents
(servers). Match line only matches version 2, since I don't have any
other versions to test. Expect we will get more service fingerprints to
clarify.
Changed two existing match lines to softmatches as they were triggering against messages instructing the client to change protocols to SSL. This was preventing nmap from checking the service on SSL as it though a match was found. See http://seclists.org/nmap-dev/2013/q1/280
Debian can also run on the FreeBSD kernel. I changed o/Linux/ to o/Unix/
and added the debian_kfreebsd CPE to most match lines that mentioned
Debian. I excepted a few that said explicitly "Debian GNU/Linux".
This reflects a deprecation in the official CPE dictionary, which seems
to have happened on 2012-03-08.
<cpe-item deprecation_date="2012-03-08T20:00:15.120Z" deprecated_by="cpe:/o:linux:linux_kernel:2.6.0" deprecated="true" name="cpe:/o:linux:kernel:2.6.0">
<title xml:lang="en-US">Linux Kernel 2.6.0</title>
<meta:item-metadata modification-date="2012-03-08T20:00:15.120Z" status="DRAFT" deprecated-by-nvd-id="35565" nvd-id="91585" />
</cpe-item>
Generally, when we know the specific name of a web server, for example,
running on an embedded system, we prefer to list the server itself in
p// and v//, and the hardware in i//, like so:
match m|| p/thttpd/ v/$1/ i/Foobar 2000 ADSL router http config/
But it's very common that match lines instead look like this:
match m|| p/Foobar 2000 ADSL router http config/ i/thttpd $1/
This commit fixes many of these, with assistance from sv-tidy.
sv-tidy complains:
8487: can't parse m regex (bad character range): |^HTTP/1\.0 405 Method Not Allowed\r\nServer: Membase Server ([\w-.]+)\r\nPragma:|
8488: can't parse m regex (bad character range): |^HTTP/1\.0 405 Method Not Allowed\r\nServer: Couchbase Server ([\w-.]+)\r\nPragma:|
Barracuda HTTP filter - adjustment to match more versions
GlobalScape CuteFTP sshd - additional match line
Cisco ASA WebVPN - additional match line
VMware View - additional match line
Bomgar Remote Access - new product detection
Sybase SQLAnywhere httpd - new product detection, version string
