CPE Updates (#267)

* Fixup: Normalize descriptions

* Update CPEs

* Address Netscaler OS

* MySQL: add some debian matches

.gitignore

@@ -6,6 +6,9 @@ pkg/
 
 /Gemfile.lock
 
+#Python specific
+venv
+
 # IDE specific
 .vscode/
 .idea

cpe-remap.yaml

@@ -1,4 +1,6 @@
 mappings:
+  alpine:
+    vendor: alpinelinux
   apache:
     vendor: apache
     products:
@@ -45,10 +47,17 @@ mappings:
     vendor: ibm
     products:
       lotus_domino: lotus_domino_server
+      os/400: os_400
+      z/os: z\/os
+  jamf:
+    products:
+      jamf_pro: jamf
   juniper:
     vendor: juniper
     products:
       junos_os: junos
+  kibana:
+    vendor: elasticsearch
   linux:
     vendor: linux
     products:
@@ -94,6 +103,11 @@ mappings:
     vendor: paloaltonetworks
     products:
       pa_firewall: pan-os
+  parallels:
+    products:
+      plesk: parallels_plesk_panel
+  plesk:
+    vendor: parallels
   proftpd_project:
     vendor: proftpd
   realvnc_ltd.:
@@ -113,6 +127,13 @@ mappings:
     vendor: sun
     products:
       solaris: sunos
+  tandberg:
+    vendor: cisco
+  tightvnc:
+    products:
+      desktop: tightvnc
+  ubiquiti:
+    vendor: ui
   ubuntu:
     vendor: canonical
     products:

update_cpes.py

@@ -67,7 +67,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                 if not fp_type in params:
                     params[fp_type] = {}
                 if name in params[fp_type]:
-                    raise ValueError('Duplicated fingerprint named {} in {}'.format(name, fingerprint.attrib['pattern']))
+                    raise ValueError('Duplicated fingerprint named {} in fingerprint {} in file {}'.format(name, fingerprint.attrib['pattern'], xml_file))
                 params[fp_type][name] = param
 
 

xml/dns_versionbind.xml

@@ -154,7 +154,7 @@
     <param pos="0" name="os.product" value="Zentyal"/>
   </fingerprint>
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9\+deb8u[\w~\.]+-Debian$">
-    <description>ISC BIND: Debian Jessie</description>
+    <description>ISC BIND: Debian 8.0 (jessie)</description>
     <example service.version="9.9.5">9.9.5-9+deb8u11-Debian</example>
     <example service.version="9.9.5">9.9.5-9+deb8u6A~4.2.0.201702281603-Debian</example>
     <param pos="0" name="service.vendor" value="ISC"/>
@@ -169,7 +169,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
   </fingerprint>
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9wheezy\w+-Debian$">
-    <description>ISC BIND: Debian Wheezy</description>
+    <description>ISC BIND: Debian 7.0 (wheezy)</description>
     <example service.version="9.9.5">9.9.5-9wheezy1-Debian</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
@@ -403,7 +403,7 @@
   </fingerprint>
   <fingerprint pattern="^Nominum Vantio ([\d.]+) \(build (\d+)\)$">
     <description>Nominum Vantio CacheServe, with build</description>
-    <example service.version.version="114872">Nominum Vantio 5.4.5.1 (build 114872)</example>
+    <example service.version="5.4.5.1" service.version.version="114872">Nominum Vantio 5.4.5.1 (build 114872)</example>
     <param pos="0" name="service.vendor" value="Nominum"/>
     <param pos="0" name="service.family" value="Vantio"/>
     <param pos="0" name="service.product" value="CacheServe"/>
@@ -734,14 +734,12 @@
   </fingerprint>
   <fingerprint pattern="^dnsmasq-pi-hole-(.*)$">
     <description>dnsmasq: pi-hole</description>
-    <example os.vendor="Pi-hole" service.vendor="Thekelleys" service.family="Dnsmasq" service.product="Dnsmasq" os.version="2.80" os.cpe23="cpe:/a:pi-hole:pi-hole:2.80" service.cpe23="cpe:/a:thekelleys:dnsmasq:-">dnsmasq-pi-hole-2.80</example>
-    <param pos="0" name="os.vendor" value="Pi-hole"/>
-    <param pos="0" name="service.vendor" value="Thekelleys"/>
-    <param pos="0" name="service.family" value="Dnsmasq"/>
-    <param pos="0" name="service.product" value="Dnsmasq"/>
-    <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/a:pi-hole:pi-hole:{os.version}"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:-"/>
+    <example service.version="2.80">dnsmasq-pi-hole-2.80</example>
+    <param pos="0" name="service.vendor" value="Pi-hole"/>
+    <param pos="0" name="service.family" value="Pi-hole"/>
+    <param pos="0" name="service.product" value="Pi-hole"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pi-hole:pi-hole:{service.version}"/>
   </fingerprint>
   <fingerprint pattern="^Q9-[^\-]-(.*)$">
     <description>Quad9 Resolver</description>

xml/ftp_banners.xml

@@ -323,6 +323,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="service.vendor" value="ProFTPD Project"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
@@ -763,23 +764,23 @@ more text</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
     <description>VxWorks on Tenor MultiPath with version information</description>
-    <example os.version="5.4.2"><![CDATA[<38785ca0>  Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
+    <example os.version="5.4.2">&lt;38785ca0&gt;  Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
     <description>VxWorks with Secure NetLinx</description>
     <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^ADC iScale$">
     <description>ADC iScale</description>
@@ -1549,5 +1550,5 @@ more text</example>
     <param pos="0" name="hw.product" value="Home Controller"/>
     <param pos="0" name="os.vendor" value="ELAN"/>
     <param pos="0" name="os.family" value="Linux"/>
-  </fingerprint>  
+  </fingerprint>
 </fingerprints>