Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Project Sonar: Moxa and misc #280

Merged
merged 10 commits into from
Aug 2, 2020
+372 −19
Merged

Project Sonar: Moxa and misc #280

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7f80bce
Project Sonar: Moxa and misc
tsellers-r7 Jul 30, 2020
92f8ada
Moxa updates, tweaks
tsellers-r7 Jul 30, 2020
bd6c299
Moxa: EDR banner
tsellers-r7 Jul 30, 2020
ecc4d75
more banners
tsellers-r7 Jul 31, 2020
352b25d
moar moxa, moar misc
tsellers-r7 Jul 31, 2020
f1844d3
D-Link tweaks
tsellers-r7 Jul 31, 2020
f5f8668
mini_httpd tweak
tsellers-r7 Jul 31, 2020
ed5ab41
Mikrotik / SurgeFTP
tsellers-r7 Aug 1, 2020
29dbdb2
Mikrotik, misc
tsellers-r7 Aug 1, 2020
476d2c4
fix typo
tsellers-r7 Aug 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 20 additions & 6 deletions xml/ftp_banners.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,9 +506,10 @@ more text</example>
<example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
<example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
<param pos="0" name="service.vendor" value="Filezilla-Project"/>
<param pos="0" name="service.family" value="FileZilla FTP Server"/>
<param pos="0" name="service.product" value="FileZilla FTP Server"/>
<param pos="0" name="service.family" value="FileZilla FTP"/>
<param pos="0" name="service.product" value="FileZilla Server"/>
<param pos="1" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows"/>
Expand Down Expand Up @@ -1339,7 +1340,7 @@ more text</example>
<param pos="0" name="os.product" value="Tru64 Unix"/>
<param pos="1" name="host.name"/>
<param pos="2" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
</fingerprint>
This conversation was marked as resolved.
Show resolved Hide resolved

<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
Expand All @@ -1362,9 +1363,11 @@ more text</example>
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
</fingerprint>

<fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
<description>MikroTik w/o hostname</description>
<example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
<fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
<description>MikroTik with description</description>
<example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
<example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
<example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
<param pos="0" name="os.vendor" value="MikroTik"/>
<param pos="0" name="os.product" value="RouterOS"/>
<param pos="1" name="os.version"/>
Expand Down Expand Up @@ -1769,4 +1772,15 @@ more text</example>
<param pos="0" name="os.device" value="Printer"/>
</fingerprint>

<fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
<description>NetWin SurgeFTP</description>
<example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
<example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
<param pos="0" name="service.vendor" value="NetWin"/>
<param pos="0" name="service.product" value="SurgeFTP"/>
<param pos="2" name="service.version"/>
<param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
<param pos="1" name="host.name"/>
</fingerprint>

</fingerprints>
20 changes: 20 additions & 0 deletions xml/html_title.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,26 @@
<fingerprints matches="html_title" database_type="service" preference="0.90">
<!-- HTML Title elements found in HTTP response bodies are matched against these patterns to fingerprint HTTP servers. -->

<fingerprint pattern="^301 Moved Permanently$">
<description>301 Moved Permanently - generic -- assert nothing.</description>
<example>301 Moved Permanently</example>
</fingerprint>

<fingerprint pattern="^400 Bad Request$">
<description>400 Bad Request - generic -- assert nothing.</description>
<example>400 Bad Request</example>
</fingerprint>

<fingerprint pattern="^401 Unauthorized$">
<description>401 Unauthorized - generic -- assert nothing.</description>
<example>401 Unauthorized</example>
</fingerprint>

<fingerprint pattern="^404 Not Found$">
<description>404 Not Found - generic -- assert nothing.</description>
<example>404 Not Found</example>
</fingerprint>

<fingerprint pattern="^Index of /">
<description>Apache HTTPD indexes</description>
<example>Index of /</example>
Expand Down
92 changes: 90 additions & 2 deletions xml/http_servers.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2457,7 +2457,7 @@
</fingerprint>

<fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
<description>A small HTTP server</description>
<description>ACME mini_httpd with version and date</description>
<example>mini_httpd/1.14 23jun2000</example>
<example>mini_httpd/1 23jun2000</example>
<param pos="0" name="service.vendor" value="ACME"/>
Expand Down Expand Up @@ -3494,12 +3494,57 @@
<param pos="0" name="os.device" value="Router"/>
</fingerprint>

<fingerprint pattern="Linux, WEBACCESS/1.0, (DIR-\d+\w*) Ver (\S+)$">
<description>D-Link DIR-XXX Router - WEBACCESS variant</description>
<example hw.product="DIR-850L">Linux, WEBACCESS/1.0, DIR-850L Ver 1.09</example>
<example os.version="1.14WW">Linux, WEBACCESS/1.0, DIR-850L Ver 1.14WW</example>
<example os.version="1.04">Linux, WEBACCESS/1.0, DIR-645 Ver 1.04</example>
<param pos="0" name="hw.vendor" value="D-Link"/>
<param pos="1" name="hw.product"/>
<param pos="0" name="hw.device" value="Router"/>
<param pos="0" name="os.vendor" value="D-Link"/>
<param pos="2" name="os.version"/>
<param pos="0" name="os.device" value="Router"/>
</fingerprint>

<fingerprint pattern="Linux, HTTP/1.1, (DIR-\d+\w*) Ver (\S+)$">
<description>D-Link DIR-XXX Router - HTTP variant</description>
<example hw.product="DIR-815" os.version="1.04">Linux, HTTP/1.1, DIR-815 Ver 1.04</example>
<param pos="0" name="hw.vendor" value="D-Link"/>
<param pos="1" name="hw.product"/>
<param pos="0" name="hw.device" value="Router"/>
<param pos="0" name="os.vendor" value="D-Link"/>
<param pos="2" name="os.version"/>
<param pos="0" name="os.device" value="Router"/>
</fingerprint>

<fingerprint pattern="Linux, WEBACCESS/1.0, (DSL-\d+\w*) Ver (\S+)$">
<description>D-Link DSL-XXX Router - WEBACCESS variant</description>
<example hw.product="DSL-2890AL" os.version="AU_1.02.10">Linux, WEBACCESS/1.0, DSL-2890AL Ver AU_1.02.10</example>
<example hw.product="DSL-2890AL" os.version="1.01">Linux, WEBACCESS/1.0, DSL-2890AL Ver 1.01</example>
<param pos="0" name="hw.vendor" value="D-Link"/>
<param pos="1" name="hw.product"/>
<param pos="0" name="hw.device" value="Router"/>
<param pos="0" name="os.vendor" value="D-Link"/>
<param pos="2" name="os.version"/>
<param pos="0" name="os.device" value="Router"/>
</fingerprint>

<fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
<description>D-Link generic</description>
<example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
<param pos="0" name="hw.vendor" value="D-Link"/>
</fingerprint>

<fingerprint pattern="^alphapd/(\d\.[\d.]+)$">
<description>D-Link alphapd - likely DCS series cameras</description>
<example service.version="2.1.8">alphapd/2.1.8</example>
<param pos="0" name="hw.vendor" value="D-Link"/>
<param pos="0" name="service.vendor" value="D-Link"/>
<param pos="0" name="service.product" value="alphapd"/>
<param pos="1" name="service.version"/>
</fingerprint>

<fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
<description>TP-Link WAP UPnP Server</description>
<example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
Expand Down Expand Up @@ -3907,7 +3952,7 @@

<fingerprint pattern="^IX Series IX21\d\d \(magellan-sec\) Software, Version ([^, ]+), (?:MAINTENANCE )?RELEASE SOFTWARE$">
<description>NEC Univerge Router - enterprise class with VPN, UTM, etc</description>
<example>IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
<example hw.version="10.2.20">IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
<example>IX Series IX2105 (magellan-sec) Software, Version 9.6.12A, MAINTENANCE RELEASE SOFTWARE</example>
<param pos="0" name="hw.vendor" value="NEC"/>
<param pos="0" name="hw.product" value="Univerge"/>
Expand All @@ -3916,4 +3961,47 @@
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:univerge:{hw.version}"/>
</fingerprint>

<fingerprint pattern="^Caddy$">
<description>CaddyServer Caddy - golang based httpd</description>
<example>Caddy</example>
<param pos="0" name="service.vendor" value="CaddyServer"/>
<param pos="0" name="service.product" value="Caddy"/>
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
</fingerprint>

<fingerprint pattern="^MoxaHttp/(\d\.\d)$">
<description>Moxa devices - service used on multiple families of devices</description>
<example service.version="2.3">MoxaHttp/2.3</example>
<example>MoxaHttp/2.2</example>
<example>MoxaHttp/1.0</example>
<param pos="0" name="service.vendor" value="Moxa"/>
<param pos="0" name="service.product" value="httpd"/>
<param pos="1" name="service.version"/>
<param pos="0" name="hw.vendor" value="Moxa"/>
<param pos="0" name="os.vendor" value="Moxa"/>
</fingerprint>

<fingerprint pattern="^proxygen-bolt$">
<description>Facebook Proxygen httpd software</description>
<example>proxygen-bolt</example>
<param pos="0" name="service.vendor" value="Facebook"/>
<param pos="0" name="service.product" value="Proxygen"/>
<param pos="0" name="service.cpe23" value="cpe:/a:facebook:proxygen:-"/>
</fingerprint>

<!-- This is a version of ACME mini_httpd where the value 'mini_httpd' has been
replaced with a UUID in the Server header AND body of the response. It
is likely vendor or product specific.
-->

<fingerprint pattern="^[a-f\d]{7,8}-[a-f\d]{3,4}-[a-f\d]{3,4}-[a-f\d]{3,4}-[a-f\d]{10,12}$">
<description>ACME mini_httpd with randomized Server header</description>
<example>a74b7cd4-4a4e-4115-7a48-1c7ebb4ae45b</example>
<example>f09f73f0-cac6-422-3660-32ac658c5ae7</example>
<example>f24ddd9c-e2a6-23c-ec95-4563173bbe</example>
<param pos="0" name="service.vendor" value="ACME"/>
<param pos="0" name="service.product" value="mini_httpd"/>
<param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
</fingerprint>

</fingerprints>
39 changes: 39 additions & 0 deletions xml/imap_banners.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,45 @@
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
</fingerprint>

<fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
<description>Dovecot Secure IMAP Server - Ubuntu variant</description>
<example>Dovecot (Ubuntu) ready.</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="0" name="os.vendor" value="Ubuntu"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
</fingerprint>

<fingerprint pattern="^Dovecot \(Debian\) ready\.$">
<description>Dovecot Secure IMAP Server - Debian variant</description>
<example>Dovecot (Debian) ready.</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="0" name="os.vendor" value="Debian"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
</fingerprint>

<fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
<description>Dovecot Secure IMAP Server - Raspbian variant</description>
<example>Dovecot (Raspbian) ready.</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="0" name="os.vendor" value="Raspbian"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="hw.product" value="Raspberry Pi"/>
</fingerprint>

<fingerprint pattern="^Courier-IMAP ready. Copyright \d+-\d+">
<description>Courier MTA IMAP</description>
<example>Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information.</example>
Expand Down
57 changes: 55 additions & 2 deletions xml/pop_banners.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,13 +180,55 @@

<fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
<description>Dovecot Secure POP Server</description>
<example>Dovecot ready.</example>
<example>Dovecot DA ready.</example>
<example host.name="foo.bar.baz">Dovecot ready. &lt;fea.13865d.5f06b0a4.DuIvzQI4DAGR9MurahIGJw==@foo.bar.baz&gt;</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="1" name="host.name"/>
</fingerprint>

<fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
<description>Dovecot Secure POP Server - Ubuntu variant</description>
<example>Dovecot (Ubuntu) ready.</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="0" name="os.vendor" value="Ubuntu"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
</fingerprint>

<fingerprint pattern="^Dovecot \(Debian\) ready\.$">
<description>Dovecot Secure POP Server - Debian variant</description>
<example>Dovecot (Debian) ready.</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="0" name="os.vendor" value="Debian"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
</fingerprint>

<fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
<description>Dovecot Secure POP Server - Raspbian variant</description>
<example>Dovecot (Raspbian) ready.</example>
<param pos="0" name="service.vendor" value="Dovecot"/>
<param pos="0" name="service.family" value="Dovecot"/>
<param pos="0" name="service.product" value="Dovecot"/>
<param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
<param pos="0" name="os.vendor" value="Raspbian"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="hw.product" value="Raspberry Pi"/>
</fingerprint>

<fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
<description>VMware Zimbra POP</description>
<example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
Expand Down Expand Up @@ -303,6 +345,19 @@
<param pos="1" name="service.version"/>
</fingerprint>

<fingerprint pattern="^Welcome to MailEnable POP3 Server$">
<description>MailEnable POP3</description>
<example>Welcome to MailEnable POP3 Server</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
<param pos="0" name="service.vendor" value="MailEnable"/>
<param pos="0" name="service.family" value="Mail Server"/>
<param pos="0" name="service.product" value="MailEnable"/>
<param pos="0" name="service.cpe23" value="cpe:/a:mailenable:mailenable:-"/>
</fingerprint>

<!--
; Mandrake 8.1 - uses UW IMAP
; +OK POP3 mandrake81-f540k v2000.70mdk server ready
Expand Down Expand Up @@ -332,7 +387,6 @@
// +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
// +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
// +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
// +OK Welcome to MailEnable POP3 Server
// +OK GroupWise POP3 server ready
// +OK POP3 AnalogX Proxy 4.14 (Release) ready.
// +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
Expand Down Expand Up @@ -473,7 +527,6 @@
+OK studiovisuals.com POP3 Server (Version 1.020h) ready.
+OK themeekermall.com POP3 Server (Version 1.020h) ready.
+OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
+OK Welcome to MailEnable POP3 Server
+OK X1 NT-POP3 Server 2436681011.monstercommercesites.com (IMail 7.15 560907-1)
+OK X1 NT-POP3 Server Calvin-Serv (IMail 8.22 1107-1)
+OK X1 NT-POP3 Server chealsea.com.cn (IMail 8.15 16990-1)
Expand Down
2 changes: 1 addition & 1 deletion xml/snmp_sysdescr.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2403,7 +2403,7 @@ Copyright (c) 1995-2005 by Cisco Systems
<param pos="2" name="hw.product"/>
<param pos="3" name="os.version"/>
<param pos="4" name="os.version.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
</fingerprint>

<fingerprint pattern="^(\S+) (.*?) Digital UNIX V(\S+)\s+\(Rev\. ([^\)]+)\).*TCP/IP$">
Expand Down
2 changes: 1 addition & 1 deletion xml/ssh_banners.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2063,7 +2063,7 @@
<param pos="0" name="os.vendor" value="HP"/>
<param pos="0" name="os.family" value="Unix"/>
<param pos="0" name="os.product" value="Tru64 Unix"/>
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:-"/>
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:-"/>
</fingerprint>

<fingerprint pattern="^ROSSSH$">
Expand Down
Loading