Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sonar / CPE updates #279

Merged
merged 9 commits into from
Jul 23, 2020
Merged

Sonar / CPE updates #279

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
40381f7
Sonar / CPE updates
tsellers-r7 Jul 22, 2020
21abf32
Filezilla is Windows only
tsellers-r7 Jul 22, 2020
75ec4ae
Add CPEs to SSH
tsellers-r7 Jul 22, 2020
0983bb6
More HTTP CPEs
tsellers-r7 Jul 22, 2020
e2bde8e
DNS updates
tsellers-r7 Jul 22, 2020
317b99c
SMTP..
tsellers-r7 Jul 22, 2020
1ff4937
more smtp
tsellers-r7 Jul 22, 2020
8035cf1
pop
tsellers-r7 Jul 22, 2020
6dcbdfe
IMAP
tsellers-r7 Jul 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion identifiers/hw_family.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,4 @@ iPad
iPad Air
iPad Pro
iPad mini
iPhone
iPhone
2 changes: 1 addition & 1 deletion identifiers/hw_product.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,4 +325,4 @@ iPhone X
iPhone XR
iPhone XS
iPhone XS Max
vManage
vManage
2 changes: 1 addition & 1 deletion identifiers/service_product.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,7 @@ Symantec Endpoint Protection Manager
Symantec Mail Security for SMTP
Symantec Messaging Gateway
TBS FTP Server
TCP/IP
TCPIP POP server
TUX Web Server
TeamCity
Expand Down Expand Up @@ -554,4 +555,3 @@ vsFTPd
vsFTPd Extended
z/OS FTP Server
zFTPServer
TCP/IP
51 changes: 47 additions & 4 deletions xml/ftp_banners.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
<example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
<example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
more stuff</example>
<param pos="0" name="service.fvendor" value="PureFTPd"/>
<param pos="0" name="service.family" value="Pure-FTPd"/>
<param pos="0" name="service.product" value="Pure-FTPd"/>
<param pos="1" name="service.version"/>
Expand All @@ -374,43 +375,77 @@ more stuff</example>
<example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
more text</example>
<param pos="1" name="pureftpd.config"/>
<param pos="0" name="service.vendor" value="PureFTPd"/>
<param pos="0" name="service.family" value="Pure-FTPd"/>
<param pos="0" name="service.product" value="Pure-FTPd"/>
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
</fingerprint>

<fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
<description>Basic Pure-FTPd banner, no version</description>
<example>Welcome to Pure-FTPd</example>
<example>Pure-FTPd.</example>
<param pos="0" name="service.vendor" value="PureFTPd"/>
<param pos="0" name="service.family" value="Pure-FTPd"/>
<param pos="0" name="service.product" value="Pure-FTPd"/>
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
</fingerprint>

<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
<description>Older Pure-FTPd versions</description>
<example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
<example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
more text</example>
<param pos="0" name="service.vendor" value="PureFTPd"/>
<param pos="0" name="service.family" value="Pure-FTPd"/>
<param pos="0" name="service.product" value="Pure-FTPd"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
</fingerprint>

<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
<description>Serv-U (only runs on Windows)</description>
<!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->

<fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
<description>SolarWinds Serv-U with version </description>
<example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
<param pos="0" name="service.vendor" value="SolarWinds"/>
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
<param pos="0" name="service.family" value="Serv-U"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
</fingerprint>

<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
<description>Serv-U Serv-U with version on Windows</description>
<example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
<example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
<example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
<param pos="0" name="service.vendor" value="Rhino Software"/>
<param pos="0" name="service.vendor" value="Serv-U"/>
<param pos="0" name="service.product" value="Serv-U"/>
<param pos="0" name="service.family" value="Serv-U"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
</fingerprint>

<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
<description>Serv-U Serv-U with version </description>
<example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
<example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
<param pos="0" name="service.vendor" value="Serv-U"/>
<param pos="0" name="service.product" value="Serv-U"/>
<param pos="0" name="service.family" value="Serv-U"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
</fingerprint>

<fingerprint pattern="^Welcom to Serv-U FTP Server$">
<description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
<example>Welcom to Serv-U FTP Server</example>
</fingerprint>

<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
<description>zftpserver (only runs on Windows)</description>
<example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
Expand All @@ -427,23 +462,28 @@ more text</example>
<description>vsFTPd (Very Secure FTP Daemon)</description>
<example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
<example service.version="2.0.5">(vsFTPd 2.0.5)</example>
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
<param pos="0" name="service.family" value="vsFTPd"/>
<param pos="0" name="service.product" value="vsFTPd"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
<param pos="2" name="host.name"/>
</fingerprint>

<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
<description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
<example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
<param pos="0" name="service.family" value="vsFTPd"/>
<param pos="0" name="service.product" value="vsFTPd"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
</fingerprint>

<fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
<description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
<example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
<param pos="0" name="service.family" value="vsFTPd"/>
<param pos="0" name="service.product" value="vsFTPd Extended"/>
<param pos="1" name="service.version"/>
Expand All @@ -453,8 +493,10 @@ more text</example>
<description>vsFTPd (Very Secure FTP Daemon) error message</description>
<example>OOPS: vsftpd: root is not mounted.</example>
<example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
<param pos="0" name="service.family" value="vsFTPd"/>
<param pos="0" name="service.product" value="vsFTPd"/>
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
</fingerprint>

<fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
Expand All @@ -463,6 +505,7 @@ more text</example>
<example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
<example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
<example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
<param pos="0" name="service.vendor" value="Filezilla-Project"/>
Copy link
Contributor Author

@tsellers-r7 tsellers-r7 Jul 22, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no NIST issued CPE value for the Filezilla FTP server. This change just aligns with vendor value with the vendor in the existing NIST CPEs for the client.

Update: I have reached out to NIST about assigning a CPE. I was able to find 6 related CVEs.

<param pos="0" name="service.family" value="FileZilla FTP Server"/>
<param pos="0" name="service.product" value="FileZilla FTP Server"/>
<param pos="1" name="service.version"/>
Expand Down
48 changes: 44 additions & 4 deletions xml/http_servers.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -828,8 +828,9 @@
<example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
<param pos="0" name="service.vendor" value="SolarWinds"/>
<param pos="0" name="service.family" value="Serv-U"/>
<param pos="0" name="service.product" value="FTP Server"/>
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
</fingerprint>

<fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
Expand Down Expand Up @@ -1151,18 +1152,29 @@
<fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
<description>Glassfish with version information</description>
<example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
<param pos="0" name="service.vendor" value="Sun"/>
<param pos="0" name="service.vendor" value="Oracle"/>
This conversation was marked as resolved.
Show resolved Hide resolved
<param pos="0" name="service.product" value="GlassFish Server"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
</fingerprint>

<fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
<description>Glassfish Open Source Edition with version information</description>
<example service.version="4.1.2">GlassFish Server Open Source Edition 4.1.2</example>
<example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
<param pos="0" name="service.vendor" value="Sun"/>
<param pos="0" name="service.vendor" value="Oracle"/>
<param pos="0" name="service.product" value="GlassFish Server"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
</fingerprint>

<fingerprint pattern="^Oracle GlassFish Server ([\d.]+)$">
<description>Oracle GlassFish Server</description>
<example service.version="3.1.2.14">Oracle GlassFish Server 3.1.2.14</example>
<param pos="0" name="service.vendor" value="Oracle"/>
<param pos="0" name="service.product" value="GlassFish Server"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
</fingerprint>

<fingerprint pattern="^GlassFish$">
Expand Down Expand Up @@ -1367,9 +1379,11 @@
<example>Lighttpd</example>
<example service.version="1.4.16">lighttpd/1.4.16</example>
<example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
<param pos="0" name="service.vendor" value="lighttpd"/>
<param pos="0" name="service.product" value="lighttpd"/>
<param pos="0" name="service.family" value="lighttpd"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:lighttpd:lighttpd:{service.version}"/>
</fingerprint>

<fingerprint pattern="^nginx$">
Expand Down Expand Up @@ -1596,6 +1610,18 @@
<param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
</fingerprint>

<fingerprint pattern="^SAP J2EE Engine$">
<description>SAP NetWeaver Application Server Java - without version</description>
<example>SAP J2EE Engine</example>
<param pos="0" name="service.vendor" value="SAP"/>
<param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
<param pos="0" name="service.family" value="NetWeaver"/>
<param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:-"/>
<param pos="0" name="service.component.vendor" value="SAP"/>
<param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
<param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
</fingerprint>

<fingerprint pattern="^SAP NetWeaver Application Server$">
<description>SAP NetWeaver Application Server without version</description>
<example>SAP NetWeaver Application Server</example>
Expand Down Expand Up @@ -2430,10 +2456,11 @@
<description>A small HTTP server</description>
<example>mini_httpd/1.14 23jun2000</example>
<example>mini_httpd/1 23jun2000</example>
<param pos="0" name="service.vendor" value="ACME Laboratories"/>
<param pos="0" name="service.vendor" value="ACME"/>
<param pos="0" name="service.product" value="mini_httpd"/>
<param pos="0" name="service.family" value="mini_httpd"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:{service.version}"/>
</fingerprint>

<fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
Expand Down Expand Up @@ -2594,8 +2621,10 @@
<example service.version="0.93.15">Boa/0.93.15 (with Intersil Extensions)</example>
<example service.version="0.92p">Boa/0.92p OS-9 Version</example>
<example service.version="0.93.15">Boa/0.93.15</example>
<param pos="0" name="service.vendor" value="Boa"/>
<param pos="0" name="service.product" value="Boa"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:boa:boa:{service.version}"/>
</fingerprint>

<!-- HiSilicon is OEMd by a number of DVR manufacturers -->
Expand Down Expand Up @@ -3870,4 +3899,15 @@
<param pos="0" name="hw.device" value="Broadband router"/>
</fingerprint>

<fingerprint pattern="^IX Series IX21\d\d \(magellan-sec\) Software, Version ([^, ]+), (?:MAINTENANCE )?RELEASE SOFTWARE$">
<description>NEC Univerge Router - enterprise class with VPN, UTM, etc</description>
<example>IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
<example>IX Series IX2105 (magellan-sec) Software, Version 9.6.12A, MAINTENANCE RELEASE SOFTWARE</example>
<param pos="0" name="hw.vendor" value="NEC"/>
<param pos="0" name="hw.product" value="Univerge"/>
<param pos="1" name="hw.version"/>
<param pos="0" name="hw.device" value="Router"/>
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:univerge:{hw.version}"/>
</fingerprint>

</fingerprints>