CPE: stop using deprecated CPEs, split remap: (#361)

identifiers/hw_family.txt

@@ -45,6 +45,7 @@ Multifunction
 My Book
 NE
 NPort
+NetScaler
 NetVanta
 Netscaler
 Network Audio

identifiers/hw_product.txt

@@ -204,9 +204,12 @@ Mergepoint
 Miniserver
 My Book Live
 N5172B Signal Generator
+NAM
 NAS4Free
 NFVIS
 NPort
+NetScaler Gateway
+NetScaler SDX Gateway
 NetScreen
 NetVR
 Netbox
@@ -332,6 +335,7 @@ iCOM Control Panel
 iDRAC
 iLO
 iLO 3
+iLO 4
 iMac (20/24-inch, Early 2008)
 iMac (21.5-inch, 2017)
 iMac (21.5-inch, Late 2012)

identifiers/os_product.txt

@@ -330,6 +330,7 @@ iDRAC Linux
 iLO
 iLO 2
 iLO 3
+iLO 4
 iOS
 iScale
 im

identifiers/service_product.txt

@@ -125,6 +125,7 @@ ESMTP
 EWS
 Ecelerity Mail Server
 Elastic Load Balancer
+Elastic Load Balancing
 EmWeb
 Email Appliance
 Email Security
@@ -277,7 +278,7 @@ MetaDirectory Server
 Metabase
 Metasploit
 MiniDLNA
-MiniUPnP
+MiniUPnPd
 MobaXterm
 MoinMoin
 Mongoose
@@ -389,6 +390,7 @@ Recursor
 Red Hat Directory Server
 Redmine
 Reflection
+Reflection for Secure IT
 ReflectionX
 RemoteView
 Resin

update_cpes.py

@@ -16,8 +16,17 @@ def parse_cpe_vp_map(file):
     parser = etree.XMLParser(remove_comments=False)
     doc = etree.parse(file, parser)
     namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
-    for cpe_name in doc.xpath("//ns:cpe-list/ns:cpe-item/@name", namespaces=namespaces):
+    for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
+        cpe_name = entry.get("name")
+        if not cpe_name:
+            continue
+
+        # If the entry is deprecated then don't add it to our list of valid CPEs.
+        if entry.get("deprecated"):
+            continue
+
         cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
+
         if cpe_match:
             cpe_type, vendor, product = cpe_match.group(1, 2, 3)
             if cpe_type not in vp_map:
@@ -86,7 +95,11 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
 
     # Everything else depends on a remap of some sort.
     # get the remappings for this one vendor string.
-    vendor_remap = remap.get(vendor, None)
+    vendor_remap = None
+
+    remap_type = remap.get(cpe_type, None)
+    if remap_type:
+        vendor_remap = remap_type.get(vendor, None)
 
     if vendor_remap:
         # If we have product remappings, work that angle next

xml/favicons.xml

@@ -237,6 +237,7 @@
     <param pos="0" name="service.vendor" value="ManageEngine"/>
     <param pos="0" name="service.product" value="ADAudit Plus"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
   </fingerprint>
 
   <fingerprint pattern="^e9d6d23a961ea23a3e961266876e0ffd$">
@@ -1189,7 +1190,7 @@
     <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.certainty" value="0.5"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -1373,6 +1374,7 @@
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
@@ -1389,6 +1391,7 @@
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler Gateway"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
@@ -1581,6 +1584,7 @@
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.product" value="iLO 3"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_3_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:ad93b3973782b03ea62a43bd6602ba8b|d521487f45fa7657450edfd6c16e4a63)$">
@@ -1591,12 +1595,13 @@
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="0" name="hw.product" value="iLO"/>
     <param pos="0" name="hw.certainty" value="0.5"/>
-    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.product" value="iLO"/>
     <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^d11917dc7e651b21f0f75cd0dc309e8a$">

xml/ftp_banners.xml

@@ -404,8 +404,6 @@ more text</example>
     <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
-  <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
-
   <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
     <description>SolarWinds Serv-U with version </description>
     <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
@@ -421,10 +419,10 @@ more text</example>
     <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
     <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
     <param pos="0" name="service.vendor" value="Serv-U"/>
-    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
@@ -436,10 +434,10 @@ more text</example>
     <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
     <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
     <param pos="0" name="service.vendor" value="Serv-U"/>
-    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^Welcom to Serv-U FTP Server$">

xml/html_title.xml

@@ -44,6 +44,7 @@
     <param pos="0" name="service.vendor" value="Amazon"/>
     <param pos="0" name="service.family" value="CloudFront"/>
     <param pos="0" name="service.product" value="CloudFront Load Balancer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:amazon:amazon_cloudfront:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Microsoft Azure Web App - Error 404$">
@@ -965,11 +966,12 @@
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="0" name="hw.product" value="iLO"/>
-    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.product" value="iLO"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^HP Integrated Lights-Out 2$">
@@ -978,24 +980,38 @@
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="0" name="hw.product" value="iLO"/>
-    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="0" name="os.family" value="iLO"/>
     <param pos="0" name="os.product" value="iLO 2"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_2_firmware:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^(iLO \d+)$">
-    <description>HP Integrated Lights-Out 3+</description>
-    <example hw.product="iLO 3" os.product="iLO 3">iLO 3</example>
-    <example hw.product="iLO 4" os.product="iLO 4">iLO 4</example>
+  <fingerprint pattern="^iLO 3$">
+    <description>HP Integrated Lights-Out 3</description>
+    <example>iLO 3</example>
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="HP"/>
-    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.product" value="iLO 3"/>
     <param pos="0" name="os.vendor" value="HP"/>
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="0" name="os.family" value="iLO"/>
-    <param pos="1" name="os.product"/>
+    <param pos="0" name="os.product" value="iLO 3"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_3_firmware:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^iLO 4$">
+    <description>HP Integrated Lights-Out 4</description>
+    <example>iLO 4</example>
+    <param pos="0" name="hw.device" value="Lights Out Management"/>
+    <param pos="0" name="hw.vendor" value="HP"/>
+    <param pos="0" name="hw.product" value="iLO 4"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.device" value="Lights Out Management"/>
+    <param pos="0" name="os.family" value="iLO"/>
+    <param pos="0" name="os.product" value="iLO 4"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_4_firmware:-"/>
   </fingerprint>
 
   <fingerprint pattern="^HPE SimpliVity OmniStack$">
@@ -1223,7 +1239,6 @@
     <param pos="0" name="os.device" value="Switch"/>
     <param pos="0" name="os.product" value="MDS 9000"/>
     <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:mds_9000:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^Stealthwatch Management Console$">
@@ -1277,7 +1292,7 @@
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.device" value="Wireless Controller"/>
     <param pos="0" name="os.product" value="Wireless LAN Controller"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.device" value="Wireless Controller"/>
     <param pos="0" name="hw.product" value="Wireless LAN Controller"/>
@@ -1695,10 +1710,11 @@
   </fingerprint>
 
   <fingerprint pattern="^Login - OpenStack Dashboard$">
-    <description>OpenStack Dashboard</description>
+    <description>OpenStack Horizon Dashboard</description>
     <example>Login - OpenStack Dashboard</example>
     <param pos="0" name="service.vendor" value="OpenStack"/>
-    <param pos="0" name="service.product" value="Dashboard"/>
+    <param pos="0" name="service.product" value="Horizon"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:openstack:horizon:-"/>
   </fingerprint>
 
   <fingerprint pattern="^splunkd$">
@@ -1815,7 +1831,7 @@
     <example>ManageEngine OpManager</example>
     <param pos="0" name="service.vendor" value="ManageEngine"/>
     <param pos="0" name="service.product" value="OpManager"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:manageengine:opmanager:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_opmanager:-"/>
   </fingerprint>
 
   <fingerprint pattern="^ManageEngine Desktop Central 9$">
@@ -1831,6 +1847,7 @@
     <example>ManageEngine ADAudit Plus</example>
     <param pos="0" name="service.vendor" value="ManageEngine"/>
     <param pos="0" name="service.product" value="ADAudit Plus"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(ScanFront \d.+)Web Menu$">
@@ -1889,11 +1906,17 @@
     <param pos="0" name="os.family" value="NetScaler"/>
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
     <param pos="0" name="service.product" value="NetScaler"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
+    <param pos="0" name="hw.vendor" value="Citrix"/>
+    <param pos="0" name="hw.family" value="NetScaler"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+    <param pos="0" name="hw.product" value="NetScaler Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Netscaler Gateway$">
@@ -1903,11 +1926,17 @@
     <param pos="0" name="os.family" value="NetScaler"/>
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
     <param pos="0" name="service.product" value="NetScaler Gateway"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler_gateway:-"/>
+    <param pos="0" name="hw.vendor" value="Citrix"/>
+    <param pos="0" name="hw.family" value="NetScaler"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+    <param pos="0" name="hw.product" value="NetScaler Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Citrix (?:NetScaler SDX|ADC SDX)$">
@@ -1922,6 +1951,11 @@
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>
     <param pos="0" name="service.product" value="NetScaler SDX Gateway"/>
+    <param pos="0" name="hw.vendor" value="Citrix"/>
+    <param pos="0" name="hw.family" value="NetScaler"/>
+    <param pos="0" name="hw.device" value="Network Management Device"/>
+    <param pos="0" name="hw.product" value="NetScaler SDX Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_sdx:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Citrix NetScaler Insight Center$">
@@ -2492,7 +2526,7 @@
     <param pos="0" name="os.device" value="Lights Out Management"/>
     <param pos="0" name="os.vendor" value="Oracle"/>
     <param pos="0" name="os.family" value="ILOM"/>
-    <param pos="0" name="os.product" value="Integrated Lights Out Manager firmware"/>
+    <param pos="0" name="os.product" value="ILOM"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
   </fingerprint>
 

xml/http_cookies.xml

@@ -12,6 +12,7 @@
     <param pos="0" name="service.vendor" value="CloudFlare"/>
     <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
     <param pos="0" name="service.family" value="CloudFlare"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=.*$">
@@ -198,7 +199,7 @@
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
     <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -222,6 +223,7 @@
     <param pos="0" name="os.family" value="NetScaler"/>
     <param pos="0" name="os.device" value="Network Management Device"/>
     <param pos="0" name="os.product" value="NetScaler"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="NetScaler"/>
     <param pos="0" name="service.device" value="Network Management Device"/>