# Nmap service detection probe list -*- mode: fundamental; -*- # $Id$ # # This is a database of custom probes and expected responses that the # Nmap Security Scanner ( http://nmap.org ) uses to # identify what services (eg http, smtp, dns, etc.) are listening on # open ports. Contributions to this database are welcome. # Instructions for obtaining and submitting service detection fingerprints can # be found in the Nmap Network Scanning book and online at # http://nmap.org/book/vscan-community.html # # This collection of probe data is (C) 1998-2010 by Insecure.Com # LLC. It is distributed under the Nmap Open Source license as # provided in the COPYING file of the source distribution or at # http://nmap.org/data/COPYING . Note that this license # requires you to license your own work under a compatible open source # license. If you wish to embed Nmap technology into proprietary # software, we sell alternative licenses (contact sales@insecure.com). # Dozens of software vendors already license Nmap technology such as # host discovery, port scanning, OS detection, and version detection. # For more details, see http://nmap.org/book/man-legal.html # # For details on how Nmap version detection works, why it was added, # the grammar of this file, and how to detect and contribute new # services, see http://nmap.org/book/vscan.html. # The Exclude directive takes a comma separated list of ports. # The format is exactly the same as the -p switch. Exclude T:9100-9107 # This is the NULL probe that just compares any banners given to us ##############################NEXT PROBE############################## Probe TCP NULL q|| # Wait for at least 6 seconds for data. It used to be 5, but some # smtp services have lately been instituting an artificial pause (see # FEATURE('greet_pause') in Sendmail, for example) totalwaitms 6000 match 1c-server m|^S\xf5\xc6\x1a{| p/1C:Enterprise business management server/ match 4d-server m|^\0\0\0H\0\0\0\x02.[^\0]*\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$|s p/4th Dimension database server/ match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ v/$1/ i/for mail client preference sharing/ match acarsd m|^g\0\0\0\x1b\0\0\0\0\0\0\0acarsd\t([\w._-]+)\tAPI-([\w._-]+)\)\0\0\0\x06\x05\0\0\0\0\0\0<\?xml | p/acarsd/ v/$1/ i/API $2/ cpe:/a:acarsd:acarsd:$1/ match acmp m|^ACMP Server Version ([\w._-]+)\r\n| p/Aagon ACMP Inventory/ v/$1/ match activemq m|^\0\0\0.\x01ActiveMQ\0\0\0|s p/Apache ActiveMQ/ cpe:/a:apache:activemq/ # Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing # my ipaq it disappears when you remove the ipaq.) match activesync m|^.\0\x01\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0.*\0\0\0$|s p/Microsoft ActiveSync/ o/Windows/ cpe:/a:microsoft:activesync/ cpe:/o:microsoft:windows/a match activesync m|^\(\0\0\0\x02\0\0\0\x03\0\0\0\+\0\0\x003\0\0\0\0\0\0\0\x04\0\0`\x01\0\0\xff\0\0\0\0\0\0\0\0\0\0\0$|s p/Citrix ActiveSync/ o/Windows/ cpe:/o:microsoft:windows/a match adabas-d m|^Adabas D Remote Control Server Version ([\d.]+) Date [\d-]+ \(key is [0-9a-f]+\)\r\nOK> | p/Adabas D database remote control/ v/$1/ match adobe-crossdomain m|^\0$| p/Adobe cross-domain policy/ i/domain: $1; ports: $2/ # Missing trailing \0? Was like that in the submission. match adobe-crossdomain m|^$| p/Adobe cross-domain policy/ i/domain: $1; ports: $2/ match adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>\r\n\r\n \r\n \r\n\0| p/Konica Minolta printer cross-domain-policy/ # playbrassmonkey.com match adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>\0$| p/Brass Monkey cross-domain-policy/ softmatch adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>.*|s match afsmain m|^\+Welcome to Ability FTP Server \(Admin\)\. \[20500\]\r\n| p/Code-Crafters Ability FTP Server afsmain admin/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server/ cpe:/o:microsoft:windows/a match altiris-agent m|^<\0r\0e\0s\0p\0o\0n\0s\0e\0>\0C\0o\0n\0n\0e\0c\0t\0e\0d\0 \0t\0o\0 [\0\d.]*<\0/\0r\0e\0s\0p\0o\0n\0s\0e\0>\0$| p/Altiris remote monitoring agent/ # AMANDA index server 2.4.2p2 on Linux 2.4 match amanda m|^220 ([-.\w]+) AMANDA index server \((\d[-.\w ]+)\) ready\.\r\n| p/Amanda backup system index server/ v/$2/ o/Unix/ h/$1/ cpe:/a:amanda:amanda:$2/ match amanda m|^501 Could not read config file [^!\r\n]+!\r\n220 ([-.\w]+) AMANDA index server \(([-\w_.]+)\) ready\.\r\n| p/Amanda backup system index server/ v/$2/ i/broken: config file not found/ h/$1/ cpe:/a:amanda:amanda:$2/ match amanda m|^ld\.so\.1: amandad: fatal: (libsunmath\.so\.1): open failed: No such file or directory\n$| p/Amanda backup system index server/ i/broken: $1 not found/ cpe:/a:amanda:amanda/ match AndroMouse m|^AMServer$|s p/AndroMouse Android remote mouse server/ match antivir m|^220 Symantec AntiVirus Scan Engine ready\.\r\n| p/Symantec AntiVirus Scan Engine/ cpe:/a:symantec:antivirus/ cpe:/a:symantec:antivirus_scan_engine/ match antivir m|^200 NOD32SS ([\d.]+) \((\d+)\)\r\n| p/NOD32 AntiVirus/ v/$1 ($2)/ cpe:/a:eset:nod32_antivirus:$1/ match anyremote m|^Set\(icons,M,6,forward,7,prev,8,stop,9,next,\*,question,0,pause,#,no\);Set\(font,small\);Set\(menu,replace,Playlist,Toggle Shuffle,Toggle Repeat\);Set\(icons,MPD,1,vol_down,2,mute,3,vol_up,4,rewind,5,play,6,forward,7,prev,8,stop,9,next,\*,question,0,pause,#,no\);Set\(font,small\);Set\(menu,replace,Playlist,Toggle Shuffle,Toggle Repeat\);$| p/anyRemote remote control daemon/ match aperio-aaf m|^| p/Aperio Algorithm Framework/ match aplus m|^\x01\xff\0\xff\x01\x1d\0\xfd\0\n\x03\x05A\+ API \(([\d.]+)\) - CCS \(([\d.]+)\)\0| p/Cleo A+/ i/API $1; CSS $2/ match app m|^\0\x01\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x02$| p/Cisco Application Peering Protocol/ d/load balancer/ # http://www.qosient.com/argus/ match argus m|^\x80\x01\0\x80\0\x80\0\0\xe5az\xcb\0\0\0\0J...............\x02\0\x01\0\0<\x01,.......\0...\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff\xff\xff\x01\x04\0.\0\x80\x08|s p/Argus network analyzer/ v/3.0/ match arkeia m|^\0`\0\x04\0\0\0\x1810\x000\x000\x00852224\0\0\0\0\0\0\0\0\0\0\0$| p/Arkeia Network Backup/ # arkstats (part of arkeia-light 5.1.12 Backup server) on Linux 2.4.20 match arkstats m|^\0`\0\x03\0\0\0\x1810\x000\x000\x00852224\0\0\0\0\0\0\0\0\0\0\0| p/Arkeia arkstats/ match artsd m|^MCOP\0\0\0.\0\0\0\x01\0\0\0\x10aRts/MCOP-([\d.]+)\0\0\0\0|s p/artsd/ i/MCOP $1/ # Asterisk call manager - port 5038 match asterisk m|^Asterisk Call Manager/([\d.]+)\r\n| p/Asterisk Call Manager/ v/$1/ cpe:/a:digium:asterisk:$1/ match asterisk-proxy m|^Response: Follows\r\nPrivilege: Command\r\n--END COMMAND--\r\n| p/Asterisk Call Manager Proxy/ cpe:/a:digium:asterisk/ match audit m|^Visionsoft Audit on Demand Service\r\nVersion: ([\d.]+)\r\n\r\n| p/Visionsoft Audit on Demand Service/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match autosys m|^([\w._-]+)\nListener for [\w._-]+ AutoSysAdapter\nEOS\nExit Code = 1001\nIP <[\d.]+> is not authorized for this request\. Please contact your Web Administrator\.\nEOS\n| p/CA AutoSys RCS Listener/ v/$1/ i/not authorized/ match avg m|^220-AVG7 Anti-Virus daemon mode scanner\r\n220-Program version ([\d.]+), engine (\d+)\r\n220-Virus Database: Version ([\d/.]+) [-\d]+\r\n| p/AVG daemon mode/ v/$1 engine $2/ i/Virus DB $3/ cpe:/a:avg:anti-virus:$1/ match avg m=^220-AVG daemon mode scanner \((?:AVG|SMTP)\)\r\n220-Program version ([\w._-]+)\r\n220-Virus Database: Version ([\w._/ -]+)\r\n220 Ready\r\n= p/AVG daemon mode/ v/$1/ i/Virus DB $2/ cpe:/a:avg:anti-virus:$1/ match afbackup m|^afbackup ([\d.]+)\n\nAF's backup server ready\.\n| p/afbackup/ v/$1/ match afbackup m|^.*, Warning on encryption key file `/etc/afbackup/cryptkey': File not readable\.\n.*, Warning: Ignoring file `/etc/afbackup/cryptkey', using compiled-in key\.\nafbackup 3\.4\n\nAF's backup server ready\.\n\x9d\x84\x0bZ$| p/afbackup/ i/using compiled-in key/ match backdoor m|^220 jeem\.mail\.pv ESMTP\r\n| p/Jeem backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^\r\nUser Access Verification\r\n\r\nYour PassWord:| p/Jeem backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^ \r\n$| p/OptixPro backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^echo o [\d.]+ \d+ >s\r\necho common>> s\r\necho common>> s\r\necho bin>> s\r\necho get m220\.exe| p/JTRAM backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 Bot Server \(Win32\)\r\n$| p/Gaobot backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^PWD$| p/Subseven backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^\r\n\[RPL\]002\r\n$| p/Subseven backdoor/ i/**BACKDOOR**/ match backdoor m|^=+\n= +RBackdoor ([\d.]+) | p/RBackdoor/ v/$1/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 Windrone Server \(Win32\)\r\n$| p/NerdBot backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^Zadej heslo:$| p/Czech "zadej heslo" backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 Reptile welcomes you\.\.\r\n| p/Darkmoon backdoor "reptile" ftpd/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^Sifre_EDIT$| p/ProRat trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^MZ\x90\0\x03\0\0\0\x04\0\0\0\xff\xff\0\0\xb8\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0fn\0\0\xd0\0\0\0\x0e\x1f\xba\x0e\0\xb4\t\xcd!\xb8\x01L\xcd!This program cannot be run in DOS mode\.| p/Korgo worm/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^\xfa\xcb\xd9\xd9\xdd\xc5\xd8\xce\xd6| p/Theef trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 SSL Connection Established - Loading Protocol\.\.\.\.\r\n| p/dhcpse.exe/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^A-311 Death welcome\x001| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 CAFEiNi [-\w_.]+ FTP server\r\n$| p/CAFEiNi trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m=^220 (?:Stny|fuck)Ftpd 0wns j0\r?\n= p/Kibuv.b worm/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 [Sf.][tu.][nc.][yk.][F.][t.][p.][d.] [0.][w.][n.][s.] [j.][0.]\r?\n|i p/Generic Kibuv worm/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m=^(?:ba|)sh-([\d.]+)\$ = p/Bourne shell/ v/$1/ i/**BACKDOOR**/ match backdoor m|^exec .* failed : No such file or directory\n$| p/netcat -e/ i/misconfigured/ match backdoor m=220-Welcome!\r\n220-\x1b\[30m/\x1b\[31m#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4# \r\n220-\x1b\[30m\| Current Time: \x1b\[35m[^\r\n]*\r\n220-\x1b\[30m\| Current Date: \x1b\[35m[^\r\n]*\r\n220-\x1b\[30m\\\r\n= p/Windows trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match bandwidth-test m|^\x01\0\0\0$| p/MikroTik bandwidth-test server/ match barracuda-dcagent m|^Invalid Client IP\0\0$| p/Barracuda Domain Controller Agent/ match bas m|^4dc\r\n$| p/Blackberry Administration Service - Native Code Container/ match bas m|^4fd\r\n$| p/Blackberry Administration Service - Native Code Generator/ match bas m|^507\r\n$| p/Blackberry Administration Service/ # Port 2500: http://wiki.yobi.be/wiki/Belgian_eID match beidpcscd m|^\0\0\0\x1e\xffV\x92l\xfbUL\x87\xabw\x1f\xb2\n\xd8\xef/\0\0\0\x05Alive\0\0\0\x011| p/beidpcscd Belgian eID daemon/ match bf2rcon m|^### Battlefield 2 ModManager Rcon v([\d.]+)\.\n### Digest seed: \w+\n\n| p/Battlefield 2 ModManager Remote Console/ v/$1/ softmatch bgp m|^\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05| i/connection rejected/ # https://en.bitcoin.it/wiki/Protocol_specification#Message_structure # https://en.bitcoin.it/wiki/Protocol_specification#version # https://en.bitcoin.it/wiki/Changelog # Bitcoin "version" message prior to 20 February 2012. # 4 bytes magic number: "\xf9\xbe\xb4\xd9" # 12 bytes command: "version\0\0\0\0\0" # 4 bytes length # 4 bytes version # 8 bytes services bitfield: "\x01\0\0\0\0\0\0\0" # 8 bytes timestamp # 8 bytes client services count: "\x01\0\0\0\0\0\0\0" # 16 bytes IPv4-compatible client IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes client port # 8 bytes server services count: "\x01\0\0\0\0\0\0\0" # 16 bytes IPv4-compatible server IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes server port # 8 bytes random unique id # 1 byte subversion string length # variable subversion string # 4 bytes last block # Version 0xc8 -> 200 -> 0.2.0 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x51\0\0\0\xc8\0\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0$|s p/Bitcoin digital currency server/ v/0.2.0/ cpe:/a:bitcoin:bitcoind:0.2.0/ # Version 0x12c -> 300 -> 0.3.0 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x2c\x01\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.0/ cpe:/a:bitcoin:bitcoind:0.3.0/ # Version 0x136 -> 310 -> 0.3.10 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x57\0\0\0\x36\x01\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.10/ cpe:/a:bitcoin:bitcoind:0.3.10/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x57\0\0\0\x36\x01\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.10$1/ cpe:/a:bitcoin:bitcoind:0.3.10$1/ # Version 0x7bd4 -> 31700 -> 0.3.17 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xd4\x7b\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.17/ cpe:/a:bitcoin:bitcoind:0.3.17/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xd4\x7b\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.17$1/ cpe:/a:bitcoin:bitcoind:0.3.17$1/ # Version 0x7c38 -> 31800 -> 0.3.18 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x38\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.18/ cpe:/a:bitcoin:bitcoind:0.3.18/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x38\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.18$1/ cpe:/a:bitcoin:bitcoind:0.3.18$1/ # Version 0x7c9c -> 31900 -> 0.3.19 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x9c\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.19/ cpe:/a:bitcoin:bitcoind:0.3.19/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x9c\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.19$1/ cpe:/a:bitcoin:bitcoind:0.3.19$1/ # Version 0x7d00 -> 32000 -> 0.3.20 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x00\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.20/ cpe:/a:bitcoin:bitcoind:0.3.20/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x00\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.20$1/ cpe:/a:bitcoin:bitcoind:0.3.20$1/ # Version 0x7d01 -> 32001 -> 0.3.20.1 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x01\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.20.1/ cpe:/a:bitcoin:bitcoind:0.3.20.1/ # Version 0x7d02 -> 32002 -> 0.3.20.2 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x02\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.20.2/ cpe:/a:bitcoin:bitcoind:0.3.20.2/ # Version 0x7d64 -> 32100 -> 0.3.21 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x64\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.21/ cpe:/a:bitcoin:bitcoind:0.3.21/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x64\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.21$1/ cpe:/a:bitcoin:bitcoind:0.3.21$1/ # Version 0x7dc8 -> 32200 -> 0.3.22 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xc8\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.22/ cpe:/a:bitcoin:bitcoind:0.3.22/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xc8\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.22$1/ cpe:/a:bitcoin:bitcoind:0.3.22$1/ # Version 0x7e2c -> 32300 -> 0.3.23 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x2c\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.23/ cpe:/a:bitcoin:bitcoind:0.3.23/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x2c\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.23$1/ cpe:/a:bitcoin:bitcoind:0.3.23$1/ # Version 0x7e90 -> 32400 -> 0.3.24 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x90\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.24/ cpe:/a:bitcoin:bitcoind:0.3.24/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x90\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.24$1/ cpe:/a:bitcoin:bitcoind:0.3.24$1/ # https://bitcointalk.org/index.php?topic=55852.0 # http://bitcoin.org/en/alert/2012-02-18-protocol-change # "In June 2010 the Bitcoin reference software version 0.2.10 introduced a # change to the protocol: the 'version' messages exchanged by nodes at # connection time would have a new format that included checksum values to # detect corruption by broken networks." # Bitcoin "version" message with protocol version 70001 # https://en.bitcoin.it/wiki/BIP_0037#Extensions_to_existing_messages # https://en.bitcoin.it/wiki/BIP_0060 "The protocol version was upgraded to # 70001, and the (now accepted) BIP 0037 became implemented." # 4 bytes magic number: "\xf9\xbe\xb4\xd9" # 12 bytes command: "version\0\0\0\0\0" # 4 bytes length # 4 bytes checksum # 4 bytes version "\x71\x11\x01\0" # 8 bytes services bitfield: "\x01\0\0\0\0\0\0\0" # 8 bytes timestamp # 16 bytes IPv4-compatible client IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes client port # 16 bytes IPv4-compatible server IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes server port # 8 bytes nonce # 1 byte user agent string length # variable user agent string https://en.bitcoin.it/wiki/BIP_0014 # 4 bytes last block # 1 byte relay https://en.bitcoin.it/wiki/BIP_0037#Extensions_to_existing_messages # Version numbers now correspond only to protocol changes, not software releases. # Version 0x011171 -> 70001 0.7.1 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0.\0\0\0....\x71\x11\x01\0\0\0\0\0\0\0\0\0........\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff.............../Bitpeer:([\w._-]+)/\0\0\0\0\x01$|s p/Bitpeer/ v/$1/ softmatch bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0..\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ cpe:/a:bitcoin:bitcoind/ match bitcoin-jsonrpc m|^HTTP/1\.0 401 Authorization Required\r\n.*Server: bitcoin-json-rpc/([\w._-]+)\r\n|s p/Bitcoin JSON-RPC/ v/$1/ cpe:/a:bitcoin:bitcoind:$1/ match bitcoin-jsonrpc m|^HTTP/1\.0 401 Authorization Required\r\n.*Server: bitcoin-json-rpc\r\n|s p/Bitcoin JSON-RPC/ cpe:/a:bitcoin:bitcoind/ match bitcoin-jsonrpc m|^HTTP/1\.1 403 Forbidden\r\n.*Server: bitcoin-json-rpc/([\w._-]+)\r\n|s p/Bitcoin JSON-RPC/ v/$1/ cpe:/a:bitcoin:bitcoind:$1/ # Bittorrent Client 3.2.1b on Linux 2.4.X match bittorrent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/ # BMC Software Patrol Agent 3.45 and HP Patrol Agent match softwarepatrol m|^\0\0\0\x17i\x02\x03..\0\x05\x02\0\x04\x02\x04\x03..\0\x03\x04\0\0\0|s p|BMC/HP Software Patrol Agent| cpe:/a:bmc:patrol_agent/ match scmbug m|^SCMBUG-SERVER RELEASE_([-\w_.]+) \d+\n| p/Scmbug bugtracker/ v/$1/ # Tolis BRU (Backup and Restore Utility) match bru m|^0x[0-9a-fA-F]{32}L| p/Tolis BRU/ i/Backup and Restore Utility/ # Bruker AXS X-ray machines (how cool is that!?!?) (Brandon) match bruker-axs m|^\[ANGLESTATUS.*\[XYZSTATUS.*\[ZOOMSTATUS.*\[INSTRUMENTSTATUS.*XRAYSON=1|s p/Bruker AXS X-ray controller status/ i/X-rays: On/ d/specialized/ match bruker-axs m|^\[ANGLESTATUS.*\[XYZSTATUS.*\[ZOOMSTATUS.*\[INSTRUMENTSTATUS.*XRAYSON=0|s p/Bruker AXS X-ray controller status/ i/X-rays: Off/ d/specialized/ match buildservice m|^200 HELLO - BuildForge Agent v([\w._-]+)\n| p/BuildForge Agent/ v/$1/ match buildservice m|^\$\0\0\0\$\0\0\x000RAR\0 \0\0.\xe2\x02\0\xc4G\x0f\0\0\0\0\0\0\0\0\0\0\0\0\0|s p/Xoreax IncrediBuild/ o/Windows/ cpe:/o:microsoft:windows/a match burk-autopilot m|^\x19\0\0\0\0\0\x0f\xbeB!\x012\x02\xd1\x02\x032\x02p\0\x062\x02\x80\0$| p/Burk AutoPilot Plus remote management/ d/remote management/ match bzfs m|^BZFS\d\d\d\d\0$| p/BZFlag game server/ match bzfs m|^BZFS\d\d\d\d\r\n\r\n$| p/BZFlag game server/ # CA Message Queueing Server (Tom Sellers) match ca-mq m|^ACK\x01| p/CA Message Queuing Server/ match ca-unicenter m|^\x8d\0\0\0\x8d\0\0\0\x100\x81\x89\x02\x81\x81\0.*\x02\x03\x01\0\x01\0$| p/CA Unicenter remote control/ cpe:/a:ca:unicenter_remote_control/ match caicci m|^\x02\x07\x04\0\xe0\0{11}\x02\0{7}\x04\x03\x02\x010\0{7}\x01\0\0\0\x01\0\0\0\xe0\0{8}\x80\0\0\0\x80\0\0\0ems-p-sp\0{8}\x01\0{10}\x12\x01\0\0EMS-P-SPO-01\0{53}EMS-P-SPO-01\0{55}$| p/CAI-CCI/ match ccirmtd m|^\x02\x07\x04\0\xe0\0{11}\x02\0{7}\x04\x03\x02\x010\0{7}\x01\0\0\0\x01\0\0\0\xe0\0{8}\x80\0\0\0\x80\0\0\0hfnapp04\0{8}\x01\0{10}\x02\0\0\0HFNAPP04\0{57}HFNAPP04\0{59}$| p/CA Unicenter CCI Remote Daemon/ # https://github.com/ninjasphere/driver-go-chromecast match castv2 m|^\0\0\0X\x08\0\x12\x0bTr@n\$p0rt-0\x1a\x0bTr@n\$p0rt-0\"'urn:x-cast:com\.google\.cast\.tp\.heartbeat\(\x002\x0f{\"type\":\"PING\"}$| p/Ninja Sphere Chromecast driver/ match cccam m|^Welcome to the CCcam information client\.\n| p/CCcam DVR card sharing system information/ # http://comments.gmane.org/gmane.comp.security.openvas.users/3189 # Also submitted by an Nmap user, but with different data following. match nnsrv m|^\x94\0\0\0\xf4\xff\xff\xff\x01\0\0\0\xff\xff\xff\xff\0\0\0\0\xa5\0\0\0\0\0\0\0| p/C.CURE 800 NNSRV/ match cddbp m|^201 ([-\w_.]+) CDDBP server v([-\w.]+) ready at .*\r\n| p/freedb cddbp server/ v/$2/ h/$1/ # http://ceph.com/docs/next/dev/network-protocol/ # 2 back-to-back struct entity_addr_t, consisting of a u32 type (0), u32 nonce (random), and a sockaddr_storage. # This works for IPv4, have yet to get an IPv6 fingerprint match ceph m|^ceph (v[\w._-]+)\0\0\0\0....\0\x02......\0{120}\0\0\0\0....\0\x02......\0{120}|s p/Ceph distributed filesystem/ v/protocol $1/ i/ipv4/ match chargen m|^!"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefgh\r\n"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEF| p/Linux chargen/ o/Linux/ cpe:/o:linux:linux_kernel/a # Redhat 7.2, xinetd 2.3.7 chargen match chargen m|^\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklmnopq\r\n\+,-\./| p/xinetd chargen/ o/Unix/ # Sun Solaris 9; Windows match chargen m|^\ !"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_| # Mandrake Linux 9.2, xinetd 2.3.11 chargen match chargen m|NOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklm| p/xinetd chargen/ o/Unix/ match chargen m|^\*\*\* Port V([\d.]+) !\"#\$%&'\(\)\*\+,-\./0123456789:| p/Lantronix chargen/ v/$1/ match chargen m|^The quick brown fox jumps over the lazy dog\. 1234567890\r\n| p/Tektronix Phaser chargen/ d/printer/ match chat m|^WebStart Chat Service Established\.\.\.\r\n\(C\) 2000-\d+ R Gabriel all Rights Reserved\r\n| p/WebStart Chat Service/ match chat m|^\*\x01..\0\x04\0\0\0\x01$|s p/AIM or ICQ server/ match chat-ctrl m|^InfoChat Server v([\d.]+) Remote Control ready\n\r| p/InfoChat Remote Control/ v/$1/ match check_mk m|^<<>>\nVersion: ([\w._-]+)\n| p/check_mk extension for Nagios/ v/$1/ match chess m=^\n\r _ __ __ __ \n\r \| \| / /__ / /________ ____ ___ ___ / /_____ \n\r \| \| /\| / / _ \\/ / ___/ __ \\/ __ `__ \\/ _ \\ / __/ __ \\\n\r= p/Lasker Internet Chess server/ match chilliworx m|^ChilliSVC ([\d.]+)\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/ChilliWorx management console/ v/$1/ d/remote management/ match cirrato-client m|^Cirrato Client ([\w._-]+)\0$| p/Cirrato print server client/ v/$1/ # Citadel/UX. Maybe to change the service name and to move somewhere else? embyte match citadel m|^200.*Citadel(?:/UX)?| p/Citadel (UX) messaging server/ cpe:/a:citadel:ux/ # Citrix, Metaframe XP on Windows match citrix-ica m|^\x7f\x7fICA\0\x7f\x7fICA\0| p/Citrix Metaframe XP ICA/ o/Windows/ cpe:/o:microsoft:windows/a # Citrix MetaFrame XP 1.0 implimented with ClassLink 2000 on NT4 match citrix-ima m|^.\0\0\0\x81\0\0\0\x01|s p/Citrix Metaframe XP IMA/ o/Windows/ cpe:/o:microsoft:windows/a # http://www.citynet.ru/citynet-sv.3 # Really no idea what this is or which fields are mutable match citynet m|^CityNetDUTChannel\[AT3V1\]\x04\0\xa5\x0f\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0........|s p/CityNet SV.3/ match clsbd m|^\0\0\0\x10ClsBoolVersion 1$| p/Cadence IC design daemon/ match cmrcservice m|^\"\0\0\x80 \0S\0T\0A\0R\0T\0_\0H\0A\0N\0D\0S\0H\0A\0K\0E\0\0\0| p/Microsoft Configuration Manager Remote Control service/ i/CmRcService.exe/ o/Windows/ cpe:/a:microsoft:systems_management_server/ cpe:/o:microsoft:windows/a match codeforge m|^CFMSERV\(1\)\n| p/CodeForge IDE/ match concertosendlog m|^Concerto Software\r\n\r\nEnsemblePro SendLog Server - Version (\d[-.\w]+)\r\n\r\nEnter Telnet Password\r\n#> | p/Concerto Software EnsemblePro CRM software SendLog Server/ v/$1/ match concertotimesync m|^Concerto Software\r\n\r\nContactPro TimeSync Server - Version (\d[-.\w]+)\r\n\r\nEnter Telnet Password\r\n#> | p/Concerto Software EnsemblePro CRM software TimeSync Server/ v/$1/ match conference m|^Conference, V([\d.]+)\r\n$| p/Forum Communcations conferenced/ v/$1/ match complex-link m|^\x06\x07\xd0\0\x01\0\0\0\x01\0\x02\x07\xd0\0\x01\0\0\x01\x0f\x01\xf4\0\0\0\0HP +LTO ULTRIUM| p/HP LTO Ultrium data port/ d/storage-misc/ # Commvault Backup Server (CommVault Galaxy(R) Data Protection) match commvault m=^\0\0\0\t\0\0\0\|\0\0\0= p/CommVault Galaxy data backup/ match compuware-lm m|^Hello, I don't understand your request\. Good bye\.\.\.\. $| p/Compuware Distributed License Management/ # PacketCable COPS Client-Open # http://tools.ietf.org/html/rfc2748#section-2.1 match cops m|^\x10\x06[\x80-\xff].......\x0b\x01([\w._-]+)\0|s p/Common Open Policy Service (COPS)/ v/1/ h/$1/ # This port uses a binary protocol: [esc]X@ query OS version, [esc]XA query hardware match crestron-control m|^Crestron Terminal Protocol Console opened\r\n| p/Crestron Terminal Console/ i/Crestron CNMSX-AV automation system/ match crestron-control m|^\r\nCrestron Terminal Protocol Console Opened\r\n\r\n| p/Crestron Terminal Console/ # XSig allows communcation with a Crestron control system. match crestron-xsig m|^\x0f\0\x01\x02$| p/Crestron PRO2 XSig communication/ match cyrus-sync m|\* OK ([-.\w]+) Cyrus sync server v([-.\w]+)| p/Cyrus sync server/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match cvspserver m|^no repository configured in /| p/CVS pserver/ i/broken/ match cvspserver m|^/usr/sbin/cvs-pserver: line \d+: .*cvs: No such file or directory\n| p/CVS pserver/ i/broken/ match cvspserver m|^Unknown command: `pserver'\n\nCVS commands are:\n| p/CVS pserver/ i/broken/ match cvsup m|^OK \d+ \d+ ([-.\w]+) CVSup server ready\n| p/CVSup/ v/$1/ match damewaremr m|^0\x11\0\0...........@.........\0\0\0\x01\0\0\0\0\0\0\0.\0\0\0$|s p/DameWare Mini Remote Control/ o/Windows/ cpe:/o:microsoft:windows/a match darkcomet m|^[0-9A-F]{12}$| p/DarkComet RAT/ i/**BACKDOOR**/ # Linux match daytime m=^[0-3]\d [A-Z][A-Z][A-Z] (?:19|20)\d\d \d\d:\d\d:\d\d \S+\r\n= # OpenBSD 3.2 match daytime m=^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d (?:19|20)\d\d\r\n= o/Unix/ # Solaris 8,9 match daytime m=^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d (?:19|20)\d\d\n\r= p/Sun Solaris daytime/ o/Solaris/ cpe:/o:sun:sunos/a # Windows daytime match daytime m=^\d+:\d\d:\d\d [AP]M \d+/\d+/(?:19|20)\d\d\n$= p/Microsoft Windows USA daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows daytime - UK english I think (no AM/PM) match daytime m=^\d\d:\d\d:\d\d \d\d?.\d\d?.(?:19|20)\d\d\n$= p/Microsoft Windows International daytime/ o/Windows/ cpe:/o:microsoft:windows/a # daytime on Windows 2000 Server match daytime m=^.... \d{1,2}:\d{1,2}:\d{1,2} (?:19|20)\d\d-\d{1,2}-\d{1,2}\n$= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows NT daytime match daytime m=^[A-Z][a-z]+day, [A-Z][a-z]+ \d{1,2}, (?:19|20)\d\d \d{1,2}:\d\d:\d\d\n\0$= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows 2000 Adv Server sp-4 daytime match daytime m=^[A-Z][a-z][a-z] [A-Z][a-z][a-z] \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} (?:19|20)\d\d\n= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows 2003 Server daytme match daytime m=^\d{1,2}\.\d{1,2}\.\d{1,2} \d\d/\d\d/(?:19|20)\d\d\n= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows 2000 Prof. Central European format match daytime m|^\d{1,2}:\d\d:\d\d \d{1,2}[/.]\d{1,2}[/.]\d{4}\n$| p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\d{1,2}:\d\d:\d\d [ap]m \d{4}/\d\d/\d\d\n$| p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\d{1,2}:\d\d:\d\d [ap]m \d{1,2}/\d{1,2}/\d{4}\n$| p/Microsoft Windows 2003 daytime/ o/Windows/ cpe:/o:microsoft:windows_server_2003/a # South Africa localization. match daytime m|^\d\d:\d\d:\d\d [AP]M \d\d\d\d/\d\d/\d\d\n$| p/Microsoft Windows 7 daytime/ # Windows International daytime match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.20\d\d\n$| p/Microsoft Windows International daytime/ o/Windows/ cpe:/o:microsoft:windows/a # New Zealand format daytime - Windows 2000 match daytime m|^[01]\d:\d\d:\d\d [AP]M [0-3]\d/[01]\d/0\d\n$| p/Microsoft Windows daytime/ i/New Zealand style/ o/Windows/ cpe:/o:microsoft:windows/a # HP-UX B.11.00 A inetd daytime match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d [A-Z]+ 20\d\d\r\n$| p/HP-UX daytime/ o/HP-UX/ cpe:/o:hp:hp-ux/a # Tardis 2000 v1.4 on NT match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d 20\d\d $| p/Tardis 2000 daytime/ match daytime m|^\d+ \d\d-\d\d-\d\d \d\d:\d\d:\d\d 50 0 4 \d+\.0 UTC\(NIST\) \*\r\n| p/Greyware Domain Time II daytime/ # TrueTime nts100 running WxWorks match daytime m|^[A-Z][a-z]{2}, [A-Z][a-z]{2} \d{1,2}, 20\d\d, \d\d:\d\d:\d\d-UTC$| p/TrueTime nts100/ # Cisco router daytime match daytime m|^[A-Z][a-z]+day, [A-Z][a-z]+ \d{1,2}, \d{4} \d\d:\d\d:\d\d-\w\w\w(?:-DST)?\r\n| p/Cisco router daytime/ o/IOS/ cpe:/o:cisco:ios/a match daytime m|^\w+, +\d+ +\w+ +\d+ +\d+:\d+:\d+ [+-]\d+\r\n([\w:._ /\\-]+\\ats\.exe)\r\n| p/Atomic Time Synchonizer daytime/ i/$1/ o/Windows/ cpe:/o:microsoft:windows/ match daytime m|^\d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d\r\n$| p/American Dynamics EDVR security camera daytime/ d/webcam/ match devonthink m|^\xe6\x01\0\0\0\0\0\0bplist00\xd4\x01\x02\x03\x04\x05\x06\x1e\x1fX\$versionX\$objectsY\$archiverT\$top\x12\0\x01\x86\xa0\xa5\x07\x08\x0f\x13\x1aU\$null\xd3\t\n\x0b\x0c\r\x0eStag\[dataContentV\$class\x10\x01\x80\x02\x80\x04\xd2\x10\x0b\x11\x12WNS\.dataO\x10\x98bplist00\xd2\x01\x02\x03\x04_\x10\x16ComputerIdentificationZPINCodeKey_\x10:([\w._-]+)\x08| p/DEVONthink dcoument management/ i/PIN code key: $1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match diablo2 m|^[\xae\xaf]\x01$| p/Diablo 2 game server/ match dict m|^530 access denied\r\n$| p/dictd/ i/access denied/ match dict m|^220 ([-.\w]+) dictd ([-.\w/]+) on ([-.+ \w]+) | p/dictd/ v/$2/ o/$3/ h/$1/ match dict m|^220 hello <> msg\r\n$| p/Serpento dictd/ # DS2, Application Version 04.5 (025) M2IP - 03.1 (09.2)Bootloader Version 04.5 (022) M2IP - 03.1 (09.2) match digital-sprite-status m|^acam_bitmask\[0\]=1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384,32768\r\nact_actions\[0\]=1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1\r\nact_buzzer=0\r\n| p/Dedicated Micros Digital Sprite 2 camera/ d/webcam/ # Digifort port 8600. match digifort m|^\xd1Q\xf0'\0\0\0;\x01\x05LOGIN\0\0\0\x30\x01\x01\0\0\0\x05NONCE\x08 \0\0\0[0-9A-F]{32}$| p/Digifort Enterprise 6.5/ o/Windows/ cpe:/a:digifort:digifort:6.5.0_final/ cpe:/o:microsoft:windows/a # Digifort port 8610. match digifort-analytics m|^\xd1Q\xf0'\0\0\0A\x01\x15CMD_ANALYTICS_VERSION\0\0\0&\x01\x01\0\0\0\x07Version\x08\x14\0\0\0DIGIFORT ([\w._ -]+)\xd1Q\xf0'\0\0\0I\x01\x13CMD_ANALYTICS_NONCE\0\0\0\x30\x01\x01\0\0\0\x05NOnce\x08 \0\0\0\x30CD6DD9A883431A881BC14DE48F0F892\xd1Q\xf0'\0\0\0\x18\x01\x12CMD_ANALYTICS_PING\0\0\0\0\xd1Q\xf0'\0\0\0\x18\x01\x12CMD_ANALYTICS_PING\0\0\0\0$| p/Digifort Enterprise analytics/ v/$1/ o/Windows/ cpe:/a:digifort:digifort:$1/ cpe:/o:microsoft:windows/a # Digifort port 8611. match digifort-lpr m|^\xd1Q\xf0'\0\0\0;\x01\x0fCMD_LPR_VERSION\0\0\0&\x01\x01\0\0\0\x07Version\x08\x14\0\0\0DIGIFORT ([\w._ -]+)\xd1Q\xf0'\0\0\0C\x01\rCMD_LPR_NONCE\0\0\0\x30\x01\x01\0\0\0\x05NOnce\x08 \0\0\0\x332DA9B47DA082C982384782CEDFEE055\xd1Q\xf0'\0\0\0\x12\x01\x0cCMD_LPR_PING\0\0\0\0\xd1Q\xf0'\0\0\0\x12\x01\x0cCMD_LPR_PING\0\0\0\0$| p/Digifort Enterprise LPR/ v/$1/ o/Windows/ cpe:/a:digifort:digifort:$1/ cpe:/o:microsoft:windows/a match directconnect m=^\$MyNick ([-.\w]+)|\$Lock= p/Direct Connect P2P/ i/User: $1/ o/Windows/ cpe:/o:microsoft:windows/a match directconnect m|^\r\nDConnect Daemon v([\d.]+)\r\nlogin: | p/Direct Connect P2P/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match directconnect m= Your IP is temporarily banned for (\d+) minutes\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ match directconnect m= You are being banned for (\d+) minutes \(by SDCH Anti Hammering\)\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ match directconnect m= You are being redirected to ([\d.]+)\|\$ForceMove [\d.]+\|= p/PtokaX directconnect hub/ i/Redirected to $1/ match directconnect m=^server-version\$([\w._-]+)\|init-completion\$200\|port\$\d+\|= p/Shakespeer Direct Connect GUI/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match directconnect-admin m=^\r\nOpen DC Hub, version ([\d.]+), administrators port\.\r\nAll commands begin with '\$' and end with '\|'\.\r\nPlease supply administrators passord\.\r\n= p/OpenDCHub directconenct hub admin port/ v/$1/ o/Unix/ match directupdate m|^OK Welcome <[\d.]+> on DirectUpdate server ([\d.]+)\r\n| p/DirectUpdate dynamic IP updater/ v/$1/ match directupdate m|^OK Welcome <[\d.]+> on DirectUpdate engine VER=\[([\d.]+) \(Build (\d+)\)\]-0x\w+\r\n| p/DirectUpdate dynamic IP updater/ v/$1 build $2/ match diskmonitor m|^000001a2[0-9a-f]{410}\r\n| p/Active@ Hard Disk Monitor/ match diskmonitor m|^0000019a[0-9a-f]{402}\r\n| p/Active@ Hard Disk Monitor/ match dlmtp m|^220 DSPAM DLMTP ([\w._-]+) Authentication Required\r\n| p/DSPAM dlmtpd/ v/$1/ match durian m|^Durian Web Application Server III ([^<]+) for Win32\r| p/Durian Web Application Server III/ v/$1/ o/Windows/ cpe:/a:mozilla:durian_web_application_server:$1/ cpe:/o:microsoft:windows/a match dvr-video m|^head\0\0\0\0\xf9\x02\0\0\x04\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\0| p/LTS or QSEE DVR video server/ d/media device/ match dnsix m|^DNSIX$| # Port 5900. http://www.ducea.com/2008/11/24/drac-ip-port-numbers/. match drac-console m|^\0\0\0\x0c\0\0\0\?\0\0\0\x02$| p/Dell Remote Access Controller 4 console/ cpe:/h:dell:remote_access_card:4/ match dragon m|^UNAUTHORIZED\n\r\n\r$| p/Dragon realtime shell/ match drobo-nasd m%^DRINASD\0\x01\x01\0\0\0\0..<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n\n\n ESAINFO\n \d+\n \d+\n \w+\n \w+\n (Drobo(?:-FS|5N))?\n ([][\w._ ]+)\n ([^<]+)\n%s p/$1 NASD/ v/$2 ($3)/ match drobo-dsvc m|^DRIDDSVC\x07\x01.\0\0\0..\r\n\tESAINFO\r\n\t\d+\r\n\t\d+\r\n\t0db\d+\r\n\ttDB\d+\r\n\tDrobo(?:-FS)?\r\n\t([][\w._ ]+)\r\n\t([^<]+)\r\n|s p/Drobo-FS DDSVC/ v/$1 ($2)/ match drweb m|^0 PROTOCOL 2 [23] AGENT,CONSOLE,INSTALL| p/DrWeb/ match dynast-solver m|^DYNAST server v(.*) \(Win32\) - Copyright\(c\) DYN| p/DYNAST solver/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match echolink m|^[0-9a-f]{8}$| p/EchoLink radio-over-VoIP/ match enemyterritory m|^Welcome [\d.]+\. You have 15 seconds to identify\.\r\n| p/Enemy Territory Admin Mod/ match efi-webtools m|^\?p\xf7/Zq\xa2\xf5\x03.......\xf4\xea.......B$| p/EFI Fiery WebTools communication/ match efi-workstation m|^\(m\xe9l@k\xb7\xf5\x03$| p/EFI Fiery Command WorkStation/ match efi-workstation m|^\(m\xe9l@k\xb3\xf7\x1e\xa5$| p/EFI Fiery Command WorkStation/ match efi-workstation m|^\(m\xe9l@k\xb1\xf1\x15\xa5$| p/EFI Fiery Command WorkStation/ match eftserv m|^\?\x008 \xc3p EFTSRV1 ([\d.]+) | p/Ingenico EFTSRVd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ericom m|^Ericom GCS v([\d.]+)\0| p/Ericom PowerTermWebConnect/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match eggdrop m=^\r\n\r\n([-`|.\w]+) \(Eggdrop v(\d[-.\w+]+) +\([cC]\) *1997.*\r\n\r\n= p/Eggdrop irc bot console/ v/$2/ i/botname: $1/ # These 2 fallbacks are because many people customize their eggdrop # banners. These rules should always be well below the detailed rule # above. match eggdrop m|\(Eggdrop v([\d.]+) \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console/ v/$1/ match eggdrop m|\(Eggdrop v([\d.]+)\+ipv6 \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console with ipv6/ v/$1/ match eggdrop m|\(Eggdrop v([\d.]+)\+SSL \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console with SSL/ v/$1/ match eggdrop m|\(Eggdrop v([\d.]+)\+rc(\d+) \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console/ v/$1 rc $2/ match eggdrop m=\(Eggdrop v([\d.]+)\+(?:STEALER\.net|Gentoo) \(C\) 1997 Robey Pointer.*Eggheads=s p/Eggdrop IRC bot console with Gentoo patches/ v/$1/ i/Gentoo/ o/Linux/ cpe:/o:gentoo:linux/ match eggdrop m|Copyright \(C\) 1997 Robey Pointer\r\n.*Eggheads| p/Eggdrop IRC bot console/ match enistic-manager m|^WZ=AAAAAAAAAAByAAE=73\r0E0000000000cgAD83\r$| p/Enistic Energy Manager/ match envisalink m|^5053CD\r\n| p/EyezOn EnvisaLink/ d/security-misc/ match epp m|^\x00\x00\x03\x72<\?xml version=\"1\.0\" encoding=\"UTF-8\" standalone=\"no\" \?>\n\n\n \n ([^<]+)\n .*\n \n ([\w._-]+)\n| p/Extensible Provisioning Protocol/ v/$2/ i/server name: $1/ match eve-online m|^7\0\0\0~\0\0\0\0\x14\x06\x04\xe8\x99\x02\0\x05\xeb\0\x04\xdf\x92\0\0\n\xd7\xa3p=\n\xd7\x18@\x04\x95\xf1\x01\0\x13\x13EVE-EVE-RELEASE@ccp$| p/EVE Online game server/ match eve-online m|^:\0\0\0~\0\0\0\0\x14\x07\x04\xe8\x99\x02\0\x05\x3b\x01\x05\x03k\n333333\x1d@\x04\re\x05\0\x13\x17EVE-EVE-TRANQUILITY@ccp\x01$| p/EVE Online game server/ i/Tranquility server/ match exacqvision m|^8\0\0\0\x07\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0....\0\0\0\0....\0\0\0\0....\0\0\0\0$| p/exacqVision video surveillance/ v/2.1.13/ match exec m|^\x01Where are you\?\n$| p/netkit-rsh rexecd/ o/Linux/ cpe:/a:netkit:netkit/ cpe:/o:linux:linux_kernel/a # \x04 is the length, \x07\x08 is the command, following two bytes are an # offset into an XOR code book. http://titanfiesta.googlecode.com/svn/trunk/TitanFiesta/Common/XorTable.h. match fiesta-online m|^\x04\x07\x08..$| p/Fiesta Online game server/ match filemaker-xdbc m|^2\0TY\xb8\xd5\xbbH:x\x03\^v\xd5\xdf\x15Rgc\xd7\x1a\x067\(/\xbf\xc73\t\?3\x85\x9d\x92ne\x0bh\xbe\x8a\]\xdf!\x14xA\xbc\xb6\xe9_| p/FileMaker xDBC/ match filemaker-xdbc m|^2\0\0\0\xc3\x0b.\0\0\0([\d.]+) on Mac OS X ([\d.]+) \(([\w_]+)\)\0\0\0\0\0|s p/FileMaker xDBC/ v/$1/ i/$3/ o/Mac OS X $2/ cpe:/o:apple:mac_os_x:$2/ # Not sure what this is match filezilla m|^FZS\0\x04\0A\t\0\0\x04\0\r\x01\0\0\x14\0\0\0\0\x08.{18}| p/FileZilla service/ cpe:/a:filezilla-project:filezilla/ match finger m|\r\n {4}Line {5,8}User {6,8}Host\(s\) {13,18}Idle +Location\r\n| p/Cisco fingerd/ d/router/ o/IOS/ cpe:/o:cisco:ios/a match finger m|^OpenLDAP Finger Service\.\.\.\r\n| p/OpenLDAP fingerd/ cpe:/a:openldap:openldap/ match finger m|^No cfingerd\.conf file present\. Check your setup\.\n$| p/cfingerd/ i/Broken/ match finger m|^Windows NT Version ([\d.]+) build (\d+), \d+ processors? \(.*\)\r\nFingerDW V([\d.]+) - Hummingbird Ltd\.\n| p/Hummingbird fingerd/ v/$3/ i/WinNT $1 build $2/ o/Windows NT/ cpe:/o:microsoft:windows_nt:$1/ match finger m|^\r\nIntegrated port\r\nPrinter Type: Lexmark T642\r\nPrint Job Status:| p/Lexmark T642 printer fingerd/ d/printer/ cpe:/h:lexmark:t642/a match firewall m|^Your connection to this server has been blocked in this server's firewall\.\r\nYou need to contact the server owner for further information\.\r\nYour blocked IP address is .*\r\nThis server's hostname is ([\w._-]+)\r\n$| p/ConfigServer Security & Firewall/ i/blocked/ h/$1/ # Not sure what this protocol is match fortinet-sso m|^\0\0\0.\x80\x06\0\0\0\n\x01\x03\0\x03V.\0\0\0\n\x10\x03\0\0\0\x02\0\0\0\x13\x11\x05FSSO ([\d.]+)\0\0\0\x16\x12\x01.{16}\0\0\0\x17\x13\x01FSAE_SERVER_10001|s p/Fortinet SSO Collector Agent/ v/$1/ match fortinet-sso m|^\0\0\0.\x80\x06\0\0\0\n\x01\x03\0\0\0\0\0\0\0\n\x10\x03\0\0\0\0\0\0\0\x15\x11\x05FSAE server ([\d.]+)\0\0\0\x06\x12\x05\0\0\0\x17\x13\x05FSAE_SERVER_10001|s p/Fortinet FSAE Server/ v/$1/ # http://flightsim.apollo3.com/ match fsd m|^\$ERSERVER::004::Syntax error\r\n| p/FSD Flight Simulator/ match freevcs m|^Welcome to FreeVCS MSSQL NT Service\r\n| p/FreeVCS/ i/MSSQL/ o/Windows/ cpe:/o:microsoft:windows/a match freevcs m|^Welcome to FreeVCS DBISAM NT Service\r\n| p/FreeVCS/ i/DBISAM/ o/Windows/ cpe:/o:microsoft:windows/a match freevcs m|^Welcome to FreeVCS Test NT Service\r\n| p/FreeVCS/ o/Windows/ cpe:/o:microsoft:windows/a # http://www.frozen-bubble.org/servers/servers.php match frozen-bubble m|^FB/([\d.]+) PUSH: SERVER_READY ([\w._-]+) (\w+)\n| p/Frozen Bubble game server/ v/$1/ i/language: $3/ h/$2/ match file-replication m|^>>\n\0\x0eFRP Node Ready>>\n\0\x0e| p/File Replication Pro/ match freedoko m|^FreeDoko server\n\d+\.\d+: name: ([^\n]+)\n| p/FreeDoko game server/ i/name: $1/ match ftp m|^220 ([-/.+\w]+) FTP server \(SecureTransport (\d[-.\w]+)\) ready\.\r\n| p/Tumbleweed SecureTransport ftpd/ v/$2/ h/$1/ match ftp m|^220 3Com 3CDaemon FTP Server Version (\d[-.\w]+)\r\n| p/3Com 3CDaemon ftpd/ v/$1/ match ftp m|^220 3Com FTP Server Version ([-\w_.]+)\r\n| p/3Com ftpd/ v/$1/ # GuildFTP 0.999.9 on Windows match ftp m|^220-GuildFTPd FTP Server \(c\) \d\d\d\d(?:-\d\d\d\d)?\r\n220-Version (\d[-.\w]+)\r\n| p/Guild ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-.*\r\n220 Please enter your name:\r\n| p/GuildFTPd/ o/Windows/ cpe:/o:microsoft:windows/a # Medusa Async V1.21 [experimental] on Linux 2.4 match ftp m|^220 ([-/.+\w]+) FTP server \(Medusa Async V(\d[^\)]+)\) ready\.\r\n| p/Medusa Async ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-/.+\w]+)\((\d[-.\w]+)\) FTP server \(EPSON ([^\)]+)\) ready\.\r\n| p/Epson printer ftpd/ v/$2/ i/Epson $3/ d/printer/ h/$1/ match ftp m|^220 ([-/.+\w]+) IBM TCP/IP for OS/2 - FTP Server [Vv]er \d+:\d+:\d+ on [A-Z]| p|IBM OS/2 ftpd| o|OS/2| h/$1/ cpe:/a:ibm:os2_ftp_server/ cpe:/o:ibm:os2/ match ftp m|^220 ([-/.+\w]+) IBM TCP/IP f\xfcr OS/2 - FTP-Server [Vv]er \d+:\d+:\d+ .* bereit\.\r\n| p|IBM OS/2 ftpd| i/German/ o|OS/2| h/$1/ cpe:/a:ibm:os2_ftp_server::::de/ cpe:/o:ibm:os2/ match ftp m|^220 Internet Rex (\d[-.\w ]+) \(([-/.+\w]+)\) FTP server awaiting your command\.\r\n| p/Internet Rex ftpd/ v/$1/ i/$2/ match ftp m|^530 Connection refused, unknown IP address\.\r\n$| p/Microsoft IIS ftpd/ i/IP address rejected/ o/Windows/ cpe:/a:microsoft:iis/ cpe:/o:microsoft:windows/a match ftp m|^220 IIS ([\w._-]+) FTP\r\n| p/Microsoft IIS ftpd/ v/$1/ o/Windows/ cpe:/a:microsoft:iis:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 PizzaSwitch FTP server ready\r\n| p/Xylan PizzaSwitch ftpd/ match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V([-.\w]+)\) ready\.\r\n| p/IronPort mail appliance ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V([-.\w]+)\) ready\.\r\n| p/IronPort mail appliance ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V([-.\w]+)\) ready\r\n| p/IronPort firewall ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.+\w]+) Cisco IronPort FTP server \(V([-.\w]+)\) ready\r\n| p/Cisco IronPort mail appliance ftpd/ v/$2/ h/$1/ match ftp m|^220 WFTPD (\d[-.\w]+) service \(by Texas Imperial Software\) ready for new user\r\n| p/Texas Imperial Software WFTPD/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.*\r\n220 WFTPD (\d[-.\w]+) service \(by Texas Imperial Software\) ready for new user\r\n|s p/Texas Imperial Software WFTPD/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-.+\w]+) FTP server \(Version (MICRO-[-.\w:#+ ]+)\) ready\.\r\n| p/Bay Networks MicroAnnex terminal server ftpd/ v/$2/ d/terminal server/ h/$1/ match ftp m|^220 ([-.+\w]+) FTP server \(Digital UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Digital UNIX ftpd/ v/$2/ o/Digital UNIX/ h/$1/ cpe:/o:dec:digital_unix/a match ftp m|^220 ([-.+\w]+) FTP server \(Version [\d.]+\+Heimdal (\d[-+.\w ]+)\) ready\.\r\n| p/Heimdal Kerberized ftpd/ v/$2/ o/Unix/ h/$1/ match ftp m|^500 OOPS: (could not bind listening IPv4 socket)\r\n$| p/vsftpd/ i/broken: $1/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^500 OOPS: vsftpd: (.*)\r\n| p/vsftpd/ i/broken: $1/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220-QTCP at ([-.\w]+)\r\n220| p|IBM OS/400 FTPd| o|OS/400| h/$1/ cpe:/o:ibm:os_400/a match ftp m|^220[- ]FileZilla Server version (\d[-.\w ]+)\r\n| p/FileZilla ftpd/ v/$1/ o/Windows/ cpe:/a:filezilla-project:filezilla:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) running FileZilla Server version (\d[-.\w ]+)\r\n| p/FileZilla ftpd/ v/$2/ o/Windows/ h/$1/ cpe:/a:filezilla-project:filezilla:$2/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP Server - FileZilla\r\n| p/FileZilla ftpd/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to ([A-Z]+) FTP Service\.\r\n220 All unauthorized access is logged\.\r\n| p/FileZilla ftpd/ o/Windows/ h/$1/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^220.*\r\n220[- ]FileZilla Server version (\d[-.\w ]+)\r\n|s p/FileZilla ftpd/ v/$1/ o/Windows/ cpe:/a:filezilla-project:filezilla:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-.*\r\n220-\r\n220 using FileZilla FileZilla Server version ([^\r\n]+)\r\n|s p/FileZilla ftpd/ v/$1/ o/Windows/ cpe:/a:filezilla-project:filezilla:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-FileZilla Server\r\n| p/FileZilla ftpd/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^431 Could not initialize SSL connection\r\n| p/FileZilla ftpd/ i/Mandatory SSL/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^550 No connections allowed from your IP\r\n| p/FileZilla ftpd/ i/IP blocked/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a # Netgear RP114 switch with integrated ftp server or ZyXel P2302R VoIP match ftp m|^220 FTP version 1\.0 ready at | p/Netgear broadband router or ZyXel VoIP adapter ftpd/ v/1.0/ match ftp m|^220 ([\w._-]+) FTP version 1\.0 ready at | p/Netgear broadband router or ZyXel VoIP adapter ftpd/ v/1.0/ h/$1/ match ftp m|^220 \(none\) FTP server \(GNU inetutils ([\w._-]+)\) ready\.\r\n| p/GNU Inetutils FTPd/ v/$1/ cpe:/a:gnu:inetutils:$1/ match ftp m|^220 ([-.\w]+) FTP server \(GNU inetutils (\d[-.\w ]+)\) ready\.\r\n| p/GNU Inetutils FTPd/ v/$2/ h/$1/ cpe:/a:gnu:inetutils:$2/ match ftp m|^220 .* \(glftpd (\d[-.0-9a-zA-Z]+)_(\w+)(?:\+TLS)?\) ready\.\r\n| p/glFTPd/ v/$1/ i/$2/ o/Unix/ match ftp m|^220 .* \(glFTPd (\d[-.0-9a-zA-Z]+)_(\w+) Linux\+TLS\) ready\.?\r\n| p/glFTPd/ v/$1/ i/$2/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 .* \(glFTPd (\d[-.0-9a-zA-Z]+) Linux\+TLS\) ready\.\r\n| p/glFTPd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 .* \(glFTPd (\d[-.0-9a-zA-Z]+) FreeBSD\+TLS\) ready\.\r\n| p/glFTPd/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match ftp m|^220 ([-.\w]+) FTP server \(FirstClass v(\d[-.\w]+)\) ready\.\r\n| p/FirstClass FTP server/ v/$2/ h/$1/ match ftp m|^220 ([-.\w]+) FTP server \(Compaq Tru64 UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Compaq Tru64 ftp server/ v/$2/ o/Tru64 UNIX/ h/$1/ cpe:/o:compaq:tru64/a match ftp m|^220 Axis ([\w._ -]+) Network Camera(?: version)? (\d\S+) \((.*)\) ready\.\r\n|i p/Axis $1 Network Camera ftpd/ v/$2/ i/$3/ d/webcam/ match ftp m|^220 Axis ([\w._ -]+) Network Camera ([\w._-]+ \(\w+ \d+ \d+\)) ready\.\r\n| p/Axis $1 Network Camera ftpd/ v/$2/ d/webcam/ match ftp m|^220 AXIS ([\w._ -]+) Network Camera ([\w._-]+ \(\w+ \d+ \d+\)) ready\.\r\n| p/Axis $1 Network Camera ftpd/ v/$2/ d/webcam/ match ftp m|^220 Axis ([\w._ -]+) Network Camera ([\w._-]+) \w+ \d+ \d+ ready\.\r\n| p/Axis $1 Network Camera ftpd/ v/$2/ d/webcam/ match ftp m|^220 AXIS ([-.\w]+) FTP Network Print Server V(\d[-.\w]+) [A-Z][a-z]| p/Axis network print server ftpd/ v/$2/ i/Model $1/ d/print server/ match ftp m|^220 AXIS ([\d\w]+)V(\d\S+) (.*?) ready\.\n| p/AXIS $1 Webcam ftpd/ v/$2/ i/$3/ d/webcam/ cpe:/h:axis:$1/a match ftp m|^220 AXIS ([+\d]+) Video Server ?(\d\S+) (.*?) ready\.| p/AXIS $1 Video Server ftpd/ v/$2/ i/$3/ match ftp m|^220 AXIS (\w+) Video Server (\d\S+) \(.*\) ready\.\r\n| p/AXIS $1 Video Server ftpd/ v/$2/ match ftp m|^220 AXIS 205 version ([\d.]+) \(.*\) ready\.\r\n| p/AXIS 205 Network Video ftpd/ v/$1/ d/webcam/ match ftp m|^220 AXIS 250S MPEG-2 Video Server ([\d.]+) \([^)]+\) ready\.\r\n| p/AXIS 250S Network Video ftpd/ v/$1/ d/webcam/ match ftp m|^220 AXIS (\w+) Video Server ([\d.]+) \([^)]+\) ready\.\r\n| p/AXIS $1 Video Server ftpd/ v/$2/ d/media device/ match ftp m|^220 AXIS (\w+) Video Server Blade ([\w._-]+) \([^)]+\) ready\.\r\n| p/AXIS $1 Video Server Blade ftpd/ v/$2/ d/media device/ match ftp m|^220 AXIS StorPoint CD E100 CD-ROM Server V([\d.]+) .* ready\.\r\n| p/AXIS StorPoint E100 CD-ROM Server ftpd/ v/$1/ d/storage-misc/ cpe:/h:axis:storpoint_cd_e100/ match ftp m|^220 AXIS (.+) FTP Network Print Server V([-\w_.]+) | p/AXIS $1 print server ftpd/ v/$2/ d/print server/ cpe:/h:axis:$1/a match ftp m|^220 AXIS ([\d/+]+) FTP Print Server V([-\w_.]+) | p/AXIS $1 print server ftpd/ v/$2/ d/print server/ cpe:/h:axis:$1/a match ftp m|^220 AXIS (\w+) Network Fixed Dome Camera (.*) ready\.\r\n| p/AXIS $1 camera ftpd/ v/$2/ d/webcam/ match ftp m|^220-Cerberus FTP Server Personal Edition\r\n220-UNREGISTERED\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-This is the UNLICENSED personal edition and may be used for home, personal use only\r\n220-Welcome to Cerberus FTP Server\r\n220 Created by Cerberus, LLC\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-This is the UNLICENSED personal edition and may be used for home, personal use only\r\n220 Connected to Aurora FTP server\.\.\.\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-UNREGISTERED\r\n220-Welcome to Cerberus FTP Server\r\n220 Created by Grant Averett\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to Cerberus FTP Server\r\n220 Created by Grant Averett\r\n| p/Cerberus ftpd/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^421-Not currently accepting logins at this address\. Try back \r\n421 later\.\r\n| p/Cerberus ftpd/ i/banned/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 Welkom@([\w._-]+)\r\n521 Not logged in - Secure authentication required\r\n| p/Cerberus ftpd/ o/Windows/ h/$1/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP print service:V-(\d[-.\w]+)/Use the network password for the ID if updating\.\r\n| p|Brother/HP printer ftpd| v/$1/ d/printer/ match ftp m|^220- APC FTP server ready\.\r\n220 \r\n$| p/APC ftp server/ d/power-device/ # HP-UX 10.x or AIX match ftp m|^220 ([-\w]+) FTP server \(Version (\d[\w._-]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready\.\r\n| p/HP-UX or AIX ftpd/ v/$2/ o/Unix/ h/$1/ match ftp m|^220[- ]Roxen FTP server running on Roxen (\d[-.\w]+)/Pike (\d[-.\w]+)\r\n| p/Roxen ftp server/ v/$1/ i/Pike $2/ # Debian packaged oftpd 0.3.6-51 on Linux 2.6.0-test4 Debian match ftp m|^220 Service ready for new user\.\r\n| p/oftpd/ o/Unix/ # Mac OS X Client 10.2.6 built-in ftpd match ftp m|^220[ -].*FTP server \(lukemftpd (\d[-. \w]+)\) ready\.\r\n|s p/LukemFTPD/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220.*Microsoft FTP Service \(Version (\d[^)]+)| p/Microsoft ftpd/ v/$1/ o/Windows/ cpe:/a:microsoft:ftp_service:$1/ cpe:/o:microsoft:windows/a # This lame version doesn't give a version number # Windows 2003 match ftp m|^220[ -]Microsoft FTP Service\r\n| p/Microsoft ftpd/ o/Windows/ cpe:/a:microsoft:ftp_service/ cpe:/o:microsoft:windows/a match ftp m|^220[ -]Serv-U FTP[ -]Server v([\w._-]+) | p/Serv-U ftpd/ v/$1/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-Serv-U FTP Server for Winsock\r\n| p/Serv-U ftpd/ o/Windows/ cpe:/a:serv-u:serv-u/ cpe:/o:microsoft:windows/a match ftp m|^220 Serv-U FTP-Server v([-\w_.]+ build \d+) for WinSock ready\.\.\.\r\n| p/Serv-U ftpd/ v/$1/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-FTP Server v([\d.]+) for WinSock ready\.| p/Serv-U ftpd/ v/$1/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-SECURE FTP SERVER VERSION ([\d.]+) \(([-\w_.]+)\)\r\n| p/Serv-U ftpd/ v/$1/ i/Name $2/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^431 Unable to negotiate secure command connection\.\r\n| p/Serv-U ftpd/ i/SSL Required/ o/Windows/ cpe:/a:serv-u:serv-u/ cpe:/o:microsoft:windows/a match ftp m|^220-Sambar FTP Server Version (\d\S+)\x0d\x0a| p/Sambar ftpd/ v/$1/ cpe:/a:sambar:sambar_server:$1/ # Sambar server V5.3 on Windows NT match ftp m|^220-FTP Server ready\r\n220-Use USER user@host for native FTP proxy\r\n220 Your FTP Session will expire after 300 seconds of inactivity\.\r\n| p/Sambar ftpd/ cpe:/a:sambar:sambar_server/ match ftp m|^220 JD FTP Server Ready| p/HP JetDirect ftpd/ d/print server/ match ftp m|^220.*Check Point FireWall-1 Secure FTP server running on|s p/Check Point Firewall-1 ftpd/ d/firewall/ cpe:/a:checkpoint:firewall-1/ match ftp m|^220[- ].*FTP server \(Version (wu-[-.\w]+)|s p/WU-FTPD/ v/$1/ o/Unix/ cpe:/a:redhat:wu_ftpd:$1/ match ftp m|^220-\r\n220 ([-.\w]+) FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD/ v/$2/ o/Unix/ h/$1/ cpe:/a:redhat:wu_ftpd:$2/ match ftp m|^220 ([-.\w]+) FTP server \(Revision ([\d.]+) Version wuftpd-([-.+\w()]+) [^)]*\) ready\.\r\n$| p/WU-FTPD/ v/$3/ i/revision $2/ o/Unix/ h/$1/ cpe:/a:redhat:wu_ftpd:$3/ match ftp m|^220 ([-.\w]+) FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD or MIT Kerberos ftpd/ v/$2/ o/Unix/ h/$1/ # ProFTPd 1.2.5 match ftp m|^220 Server \(ProFTPD\) \[([-.\w]+)\]\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ProFTPD (\d\S+) Server| p/ProFTPD/ v/$1/ o/Unix/ cpe:/a:proftpd:proftpd:$1/a match ftp m|^220 FTP Server \[([-\w_.]+)\]\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ([-\w_.]+) FTP server ready\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220.*ProFTP[dD].*Server ready| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ProFTP Server Ready\r\n| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ProFTP Ready\r\n| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220 Welcome @ my\.ftp\.org\r\n$| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220-.*\r\n220 ProFTPD ([\d.]+) Server|s p/ProFTPD/ v/$1/ o/Unix/ cpe:/a:proftpd:proftpd:$1/a match ftp m|^220 .* FTP Server \(ProFTPD ([\d.]+) on Red Hat linux ([\d.]+)\) ready\.\r\n| p/ProFTPD/ v/$1/ i/RedHat $2/ o/Linux/ cpe:/a:proftpd:proftpd:$1/a cpe:/o:redhat:linux/ match ftp m|^220 ProFTP-Server auf ([-\w_.]+)\r\n| p/ProFTPD/ i/German/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd::::de/ match ftp m|^220.*\r\n220 ProFTPD ([\w._-]+) Server \(ProFTPD\)|s p/ProFTPD/ v/$1/ o/Unix/ cpe:/a:proftpd:proftpd:$1/a # Hope these aren't too general -Doug match ftp m|^220 ([-\w_.]+) FTP server ready!\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 FTP Server ready\.\r\n$| p/ProFTPD or KnFTPD/ o/Unix/ match ftp m|^220.*NcFTPd Server | p/NcFTPd/ o/Unix/ match ftp m|^220 ([-\w_.]+) FTP server \(SunOS 5\.([789])\) ready| p/Sun Solaris $2 ftpd/ o/Solaris/ h/$1/ cpe:/o:sun:sunos:5.$2/ match ftp m|^220 ([-\w_.]+) FTP server \(SunOS (\S+)\) ready| p/Sun SunOS ftpd/ v/$2/ o/Solaris/ h/$1/ cpe:/o:sun:sunos:$2/ match ftp m|^220-([-.\w]+) IBM FTP.*(V\d+R\d+)| p|IBM OS/390 ftpd| v/$2/ o|OS/390| h/$1/ cpe:/o:ibm:os_390/a match ftp m|^220-IBM FTP, .*\.\r\n220 Connection will close if idle for more than 120 minutes\.\r\n| p|IBM OS/390 ftpd| o|OS/390| cpe:/o:ibm:os_390/a match ftp m|^220 VxWorks \((\d[^)]+)\) FTP server ready| p/VxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 VxWorks \(VxWorks(\d[^)]+)\) FTP server ready| p/VxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 VxWorks FTP server \(VxWorks ?([\d.]+) - Secure NetLinx version \(([\d.]+)\)\) ready\.\r\n| p|AMX NetLinx A/V control system ftpd| v/$2/ i/VxWorks $1/ d/media device/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220 VxWorks \(VxWorks ([\w._-]+)\) FTP server ready\r\n| p|AMX NetLinx A/V control system ftpd| i/VxWorks $1/ d/media device/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220 VxWorks FTP server \(VxWorks ?([\w._-]+)\) ready\.\r\n| p/VxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 ABB Robotics FTP server \(VxWorks ([\d.]+) rev ([\d.]+)\) ready\.\r\n| p/ABB Robotics ftpd/ i/VxWorks $1 rev $2 **A ROBOT**/ d/specialized/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ # Pure-ftpd match ftp m|^220.*Welcome to .*Pure-?FTPd (\d\S+\s*)| p/Pure-FTPd/ v/$1/ cpe:/a:pureftpd:pure-ftpd:$1/ match ftp m|^220.*Welcome to .*Pure-?FTPd[^(]+\r\n| p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220.*Bienvenue sur .*Pure-?FTPd.*\r\n| p/Pure-FTPd/ i/French/ cpe:/a:pureftpd:pure-ftpd::::fr/ match ftp m|^220.*Bienvenue sur .*Pure-?FTPd (\d[-.\w]+)| p/Pure-FTPd/ v/$1/ i/French/ cpe:/a:pureftpd:pure-ftpd:$1:::fr/ match ftp m|^220.*Velkommen til .*Pure-?FTPd.*\r\n| p/Pure-FTPd/ i/Danish/ cpe:/a:pureftpd:pure-ftpd::::da/ match ftp m|^220.*Bem-vindo.*Pure-?FTPd.*\r\n| p/Pure-FTPd/ i/Portuguese/ cpe:/a:pureftpd:pure-ftpd::::pt/ # pure-ftpd 1.0.12 on Linux 2.4 match ftp m|^220[- ]FTP server ready\.\r\n.*214 Pure-FTPd - http://pureftpd\.org/?\r\n|s p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ # OpenBSD 3.4 beta running Pure-FTPd 1.0.16 with SSL/TLS match ftp m|^220---------- Welcome to Pure-FTPd \[privsep\] \[TLS\] ----------\r\n220-You are user number| p/Pure-FTPd/ i|with SSL/TLS| cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220---------- .* Pure-FTPd ----------\r\n220-| p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220.*214 Pure-FTPd - http://pureftpd\.org/?\r\n|s p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220 vsFTPd (.*) ready\.\.\.\r\n| p/vsftpd/ v/$1/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 vsFTPd (.*) ready\.\.\. \[charset=\w+\]\r\n| p/vsftpd/ v/$1/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 ready, dude \(vsFTPd (\d[0-9.]+): beat me, break me\)\r\n| p/vsftpd/ v/$1/ o/Unix/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 \(vsFTPd ([-.\w]+)\)\r\n$| p/vsftpd/ v/$1/ o/Unix/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 Welcome to blah FTP service\.\r\n$| p/vsftpd/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220 TYPSoft FTP Server (\d\S+) ready\.\.\.\r\n| p/TYPSoft ftpd/ v/$1/ o/Windows/ cpe:/a:typsoft:typsoft_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-MegaBit Gear (\S+).*FTP server ready| p/MegaBit Gear ftpd/ v/$1/ match ftp m|^220.*WS_FTP Server (\d\S+)| p/WS FTPd/ v/$1/ o/Windows/ cpe:/a:ipswitch:ws_ftp:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Features: a p \.\r\n$| p/publicfile ftpd/ o/Unix/ match ftp m|^220 ([-.\w]+) FTP server \(Version (\S+) VFTPD, based on Version (\S+)\) ready\.\r\n$| p/Virtual FTPD/ v/$2/ i/based on $3/ o/Unix/ h/$1/ match ftp m|220 ([-.\w]+) FTP server \(Version (\S+)/OpenBSD, linux port (\S+)\) ready\.\r\n| p/OpenBSD ftpd/ v/$2/ i/Linux port $3/ o/Linux/ h/$1/ cpe:/a:openbsd:ftpd:$2/ cpe:/o:linux:linux_kernel/a match ftp m|^220 ([-.\w]+) FTP server \(Version (\S+)/OpenBSD/Linux-ftpd-([-.\w]+)\) ready.\r\n$| p/OpenBSD ftpd/ v/$2/ i/Linux port $3/ o/Linux/ h/$1/ cpe:/a:openbsd:ftpd:$2/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Interscan Version ([-\w.]+)|i p/InterScan VirusWall ftpd/ v/$1/ match ftp m|^220 InterScan FTP VirusWall NT (\d[-.\w]+) \(([-.\w]+) Mode\), Virus scan (\w+)\r\n$| p/InterScan VirusWall NT/ v/$1/ i/Virus scan $3; $2 mode/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-.\w]+) FTP server \(Version ([-.\w]+)/OpenBSD\) ready\.\r\n$| p/OpenBSD ftpd/ v/$2/ o/OpenBSD/ h/$1/ cpe:/a:openbsd:ftpd:$2/ cpe:/o:openbsd:openbsd/ match ftp m|^220 ([-.\w]+) FTP server \(Version (6.0\w+)\) ready.\r\n| p/FreeBSD ftpd/ v/$2/ o/FreeBSD/ h/$1/ cpe:/o:freebsd:freebsd/a match ftp m|^220 FTP server \(Version ([\w.]+)\) ready\.\r\n| p/FreeBSD ftpd/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a # Trolltech Troll-FTPD 1.28 (Only runs on Linux) match ftp m|^220-Setting memory limit to 1024\+1024kbytes\r\n220-Local time is now \d+:\d+ and the load is [\d.]+\.\r\n220 You will be disconnected after \d+ seconds of inactivity.\r\n$| p/Trolltech Troll-FTPd/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version (7.1.0.0)\) ready\.\r\n$| p/Hummingbird FTP server/ v/$1/ cpe:/a:hummingbird:connectivity:$1/ match ftp m|^220 FTP server \(Hummingbird Communications Ltd\. \(HCLFTPD\) Version ([\d.]+)\) ready\.\r\n| p/Hummingbird FTP server/ v/$1/ cpe:/a:hummingbird:connectivity:$1/ match ftp m|^220- .*\n220 ([-.\w]+) FTP server \(Version (.*)\) ready\.\r\n|s p/BSD ftpd/ v/$2/ h/$1/ # Xitami FTPd match ftp m|^220- \r\n.*www\.imatix\.com --\r\n|s p/Xitami ftpd/ match ftp m|^220- Welcome to this Xitami FTP server, running version ([\d\w.]+) of Xitami\. \n You are user number (\d+) of a permitted (\d+) users\.| p/Xitami ftpd/ v/$1/ i|$2/$3 users| # Netware 6 - NWFTPD.NLM FTP Server Version 5.01w match ftp m|^220 Service Ready for new User\r\n$| p/NetWare NWFTPD/ match ftp m|^220-LRN\r\n220 Service Ready for new User\r\n| p/NetWare NWFTPD/ match ftp m|^220 ([-\w]+) FTP server \(NetWare (v[\d.]+)\) ready\.\r\n$| p/Novell NetWare ftpd/ v/$2/ o/NetWare/ h/$1/ cpe:/o:novell:netware/a match ftp m|220 FTP Server for NW 3.1x, 4.xx \((v1.10)\), \(c\) 199[0-9] HellSoft\.\r\n$| p/HellSoft FTP server for NetWare 3.1x, 4.x/ v/$1/ o/NetWare/ cpe:/o:novell:netware/a match ftp m|^220 ([-.\w]+) MultiNet FTP Server Process V(\S+) at .+\r\n$| p/DEC OpenVMS MultiNet FTPd/ v/$2/ h/$1/ match ftp m|^220-\r\n220 ([-.\w]+) FTP server \(NetBSD-ftpd ([-.\w]+)\) ready.\r\n$| p/NetBSD lukemftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.\w]+) Network Management Card AOS v([-.\w]+) FTP server ready.\r\n$| p/APC AOS ftpd/ v/$2/ i/on APC $1 network management card/ d/power-device/ o/AOS/ cpe:/o:apc:aos/a match ftp m|^220 FTP Server \(Version 1.0\) ready.\r\n$| p/GlobespanVirata ftpd/ v/1.0/ d/broadband router/ # HP-UX B.11.00 match ftp m|^220 ([-.+\w ]+) FTP server \(Version (\d[-.\w]+) [A-Z][a-z]{2} [A-Z].*20\d\d\) ready\.\r\n| p/HP-UX ftpd/ v/$2/ o/HP-UX/ h/$1/ cpe:/o:hp:hp-ux/a match ftp m|^220 ([-.+\w ]+) FTP server \(Version (\d[-.\w]+)\(([^\)]+)\) [A-Z][a-z]{2} [A-Z].*\d{4}\) ready\.\r\n| p/HP-UX ftpd/ v/$2/ i/patchlevel $3/ o/HP-UX/ h/$1/ cpe:/o:hp:hp-ux/a # 220 mirrors.midco.net FTP server ready. # WarFTP Daemon 1.70 on Win2K match ftp m=^220-.*\r\n(?:220-|) WarFTPd (\d[-.\w]+) \([\w ]+\) Ready\r\n=s p/WarFTPd/ v/$1/ cpe:/a:jgaa:warftpd:$1/ match ftp m|^220 ([-.+\w]+) FTP SERVICE ready\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n$| p/WarFTPd/ o/Windows/ h/$1/ cpe:/a:jgaa:warftpd/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Windows FTP Server| p/Windows Ftp Server/ i|Not from Microsoft - http://srv.nease.net/| # UnixWare 7.11 match ftp m|^220 ([-\w_.]+) FTP server \(BSDI Version ([\w.]+)\) ready\.\r\n| p|BSDI/Unixware ftpd| v/$2/ h/$1/ match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version ([\d.]+)\) ready\.\r\n| p/Hummingbird ftpd/ v/$1/ cpe:/a:hummingbird:connectivity:$1/ match ftp m|^220 OpenFTPD server ready\. .*\.\r\n| p/OpenFTPD/ match ftp m|^220 ([\w._-]+) FTP server \(NetBSD-ftpd 20\w+\) ready\.\r\n| p/NetBSD lukemftpd/ o/NetBSD/ h/$1/ cpe:/o:netbsd:netbsd/ match ftp m|^220-\r\n Your connection logged!\r\n220 ([\w_.-]+) FTP server \(NetBSD-ftpd 200\d+\) ready\.\r\n| p/NetBSD lukemftpd/ i/Connection logged/ h/$1/ match ftp m|^220 CommuniGate Pro FTP Server ([\d.]+) ready\r\n| p/Communigate Pro ftpd/ v/$1/ match ftp m|^220 CommuniGate Pro FTP Server ready\r\n| p/Communigate Pro ftpd/ match ftp m|^421 Sorry you are not welcomed on this server\.\r\n$| p/BulletProof ftpd/ i/Banned/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-BulletProof FTP Server ready \.\.\.\r\n| p/BulletProof ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^(?:220.*\r\n)?220 [Ee]valine FTP server \(Version: Mac OS X|s p/Evaline ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220 WinGate Engine FTP Gateway ready\r\n| p/WinGate ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Quick 'n Easy FTP Server\r\n| p/Quick 'n Easy ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Quick 'n Easy FTP Server DEMO\r\n| p/Quick 'n Easy ftpd/ i/DEMO/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^421 Too many connections for this IP address, please try again later\.\r\n| p/Quick 'n Easy ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Tornado-vxWorks \(VxWorks([\d.]+)\) FTP server ready\r\n| p/Tornado vxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 [-\w_.]+ FTP server \(UNIX\(r\) System V Release 4\.0\) ready\.\r\n| p/UNIX System V Release 4.0 ftpd/ o/Unix/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle9i Enterprise Edition Release ([\d.]+) - Production\) ready\.\r\n|s p/Oracle Enterprise XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2::enterprise/ match ftp m|^(?:200-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle9i Enterprise Edition Release ([\d.]+) - 64bit Production\) ready\.\r\n| p/Oracle XML DB ftpd/ v/$2/ i/64 bits/ h/$1/ cpe:/a:oracle:database_server:$2::enterprise/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle9i Release ([\d.]+) - Production\) ready\.\r\n|s p/Oracle XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle Database 10g Enterprise Edition Release ([\d.]+) - Production\) ready\.\r\n|s p/Oracle 10g Enterprise XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2::enterprise/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Personal Oracle9i Release ([\d.]+) - Production\) ready\.\r\n|s p/Personal Oracle XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2::personal/ match ftp m|^(?:220-.*\r\n)?220 ([\w._-]+) FTP Server \(Oracle XML DB/Oracle Database\) ready\.\r\n|s p/Oracle XML DB ftpd/ h/$1/ cpe:/a:oracle:database_server/ match ftp m|^(?:200-.*\r\n)?220 ([\w._-]+) FTP Server \(Oracle XML DB/\) ready\.\r\n|s p/Oracle XML DB ftpd/ h/$1/ cpe:/a:oracle:database_server/ match ftp m|^220 ([-\w_.]+) PacketShaper FTP server ready\.\r\n| p/PacketShaper ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 WfFTP server\(([\w.]+)\) ready\.\r\n| p/Nortel WfFTP/ v/$1/ d/router/ match ftp m|^220- (.*) WAR-FTPD ([-\w.]+) Ready\r\n220 Please enter your user name\.\r\n| p/WAR-FTPD/ v/$2/ i/Name $1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Canon ([\w._-]+) FTP Print Server V([\w._-]+) .* ready\.\r\n| p/Canon $1 FTP Print Server/ v/$2/ d/print server/ cpe:/h:canon:$1/ match ftp m|^500 OOPS: .*\r\n$| p/vsftpd/ i/Misconfigured/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^500 OOPS: vsftpd: both local and anonymous access disabled!\r\n| p/vsftpd/ i/Access denied/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220 FTP Version ([\d.]+) on MPS100\r\n| p/Lantronix MPS100 ftpd/ v/$1/ d/print server/ cpe:/h:lantronix:mps100/a match ftp m|^220.*bftpd ([\d.]+) at ([-\w_.]+) ready\.?\r\n|s p/bftpd/ v/$1/ h/$2/ match ftp m|^220 RICOH Pro (\d+[a-zA-Z]{0,3}) FTP server \(([\d+.]+)\) ready\.\r\n| p/Ricoh Pro $1 ftpd/ v/$2/ d/printer/ cpe:/h:ricoh:pro_$1/a match ftp m|^220 LANIER ([\w\d /-]+) FTP server \(([\d+.]+)\) ready\.\r\n| p/Lanier $1 ftpd/ v/$2/ d/printer/ cpe:/h:lanier:$1/a match ftp m|^220 Welcome to Code-Crafters Ability FTP Server\.\r\n| p/Code-Crafters Ability ftpd/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Code-Crafters - Ability Server ([\d.]+)\.| p/Code-Crafters Ability ftpd/ v/$1/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) FTP server \(ARM_BE - V([\w.]+)\) ready\.\r\n| p/NetComm NS4000 Network Camera/ i/ARM_BE $2/ d/webcam/ h/$1/ match ftp m|^220 MikroTik FTP server \(MikroTik v?([\w._-]+)\) ready\r\n| p/MikroTik router ftpd/ v/$1/ d/router/ match ftp m|^220 lankacom FTP server \(MikroTik v?([\w._-]+)\) ready\r\n| p/Lankacom router ftpd/ v/$1/ i/MikroTik/ d/router/ match ftp m|^220 (.+) FTP server \(MikroTik ([\w._-]+)\) ready\r\n| p/MikroTik router ftpd/ v/$2/ d/router/ h/$1/ match ftp m|^220 NetPresenz v([\d.]+) \(Unregistered\) awaits your command\.\r\n| p/NetPresenz/ v/$1/ i/Unregistered/ o/Mac OS/ cpe:/o:apple:mac_os/a match ftp m|^220 LP-8900-[0-9A-F]+ FTP server \(OEM FTPD version ([\d.]+)\) ready\.\r\n| p/OEM FTPD $1/ i/EPSON Network Print Server/ d/print server/ match ftp m|^220 StylusPhoto750-[0-9A-F]+ FTP server \(OEM FTPD version ([\d.]+)\) ready\.\r\n| p/OEM FTPD $1/ i/Epson StylusPhoto750/ d/print server/ match ftp m|^220 AL-(\w+)-[0-9A-F]+ FTP server \(OEM FTPD version ([\d.]+)\) ready\.\r\n| p/OEM FTPD $2/ i/Epson AcuLaser $1 printer/ d/printer/ cpe:/h:epson:aculaser_$1/a match ftp m|^220 FTP Version ([\d.]+) on MSS100\r\n| p/Lantronix MSS100 serial interface ftpd/ v/$1/ d/specialized/ match ftp m|^220 Matrix FTP server \(Server \w+#\d\) ready\.\r\n| p/Matrix ftpd/ match ftp m|^220 Titan FTP Server ([\d.]+) Ready\.\r\n| p/Titan ftpd/ v/$1/ o/Windows/ cpe:/a:southrivertech:titan_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^421-\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+\r\n421-The evaluation period for this Titan FTP Server has expired\.\r\n| p/Titan ftpd/ i/Evaluation period expired/ o/Windows/ cpe:/a:southrivertech:titan_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 ioFTPD \[www: http://www\.ioftpd\.com\] - \[version: ([-\w_. ]+)\] server ready\.\r\n| p/ioFTPD/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 CesarFTP ([\w.]+) Server Welcome !\r\n| p/ACLogic CesarFTPd/ v/$1/ o/Windows/ cpe:/a:aclogic:cesarftpd:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 CesarFTP ([\w.]+) \xb7\xfe\xce\xf1\xc6\xf7\xbb\xb6\xd3\xad !\r\n| p/ACLogic CesarFTPd/ v/$1/ i/Chinese/ o/Windows/ cpe:/a:aclogic:cesarftpd:$1:::zh/ cpe:/o:microsoft:windows/a match ftp m|^220-This site is running the BisonWare BisonFTP server product V([\d.]+)\r\n| p/BisonWare BisonFTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m=^220-Welcome to XBOX FileZilla(?: \(XBMC\)|)\r\n220-version: XBFileZilla version ([\d.]+), \(based on FileZilla Server ([\d.]+)\)\r\n220 http://sourceforge\.net/projects/xbfilezilla\r\n= p/XBFileZilla/ v/$1/ i/Based on FileZilla $2/ cpe:/a:xbmc:xbfilezilla:$1/ match ftp m=^220-Welcome to XBOX FileZilla(?: \(XBMC\)|)\r\n220-version: XBMC:FileZilla version ([\d.]+), \(based on FileZilla Server ([\d.]+)\)\r\n220 http://sourceforge\.net/projects/xbfilezilla\r\n= p/XBFileZilla/ v/$1/ i/Based on FileZilla $2/ cpe:/a:xbmc:xbfilezilla:$1/ match ftp m|^220 Session will be terminated after 600 seconds of inactivity\.\r\n| p/Cisco 3000 series VPN ftpd/ d/security-misc/ o/IOS/ cpe:/o:cisco:ios/a match ftp m|^220-SlimFTPd ([\d.]+), by WhitSoft Development \(www\.whitsoftdev\.com\)\r\n| p/SlimFTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 BlackMoon FTP Server Version ([\d.]+ Release \d+) - Build \d+\. Free Edition\. Service Ready\r\n| p/BlackMoon ftpd/ v/$1/ i/Free edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 BlackMoon FTP Server Version ([\d.]+ Release \d+) - Build \d+\. Chaos Edition\. Service Ready\r\n| p/BlackMoon ftpd/ v/$1/ i/Chaos edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-BlackMoon FTP Server Version ([\d.]+ Release \d+) - Build \d+\r\n| p/BlackMoon ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 BlackMoon FTP Server - Free Edition - Version ([\d.]+)\. Service Ready\r\n| p/BlackMoon ftpd/ v/$1/ i/Free edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 netapp ftp server\r\n| p/netapp ftpd/ match ftp m|^220 Oracle Internet File System FTP Server ready\r\n| p/Oracle Internet File System ftpd/ match ftp m|^220 NRG 2205/2238/2212 FTP server \(([\d.]+)\) ready\.\r\n| p|NRG 2205/2238/2212 copier ftpd| v/$1/ d/printer/ match ftp m|^220 mandelbrot FTP server \(Version ([\d.]+) \(NeXT ([\d.]+)\) .*\) ready\.\r\n| p/mandelbrot ftpd/ v/$1/ i/NeXT $2/ o/NeXTStep/ # Microsoft Windows .NET Enterprise Server (build 3604-3790) match ftp m|^220 Net Administration Divisions FTP Server Ready\.\.\.\r\n| p/Net Administration Divisions ftpd/ match ftp m|^220-\r\n220-\r\n220 Please enter your user name\.\r\n| p/MoreFTPd/ match ftp m|^220 ([-\w_.]+) FTP server \(OSF/1 Version ([\d.]+)\) ready\.\r\n| p|OSF/1 ftpd| i|OSF/1 $2| o/Unix/ h/$1/ match ftp m|^220 Qtopia ([\d.]+) FTP Server\n| p/Qtopia ftpd/ v/$1/ d/PDA/ match ftp m|^220[ -]Gene6 FTP Server v([\d.]+) +\(Build (\d+)\).* ready\.\.\.\r\n| p/Gene6 ftpd/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 G6 FTP Server v([\d.]+) \(beta (\d+)\) ready \.\.\.\r\n| p/Gene6 ftpd/ v/$1 beta $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) by G6 FTP Server ready \.\.\.\r\n| p/Gene6 ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 .* by G6 FTP Server ready \.\.\.\r\n| p/Gene6 ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.*Hello! I'm Gene6 FTP Server v([-\w_.]+) \(Build (\d+)\)\.\r\n|s p/Gene6 ftpd/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([\w._-]+) FTP server ready\.\.\.\r\n| p/Gene6 ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 sftpd/([\d.]+) Server \[[-\w_.]+\]\r\n| p/sftpd/ v/$1/ match ftp m|^220-TYPSoft FTP Server ([\d.]+) ready\.\.\.\r\n| p/TYPSoft ftpd/ v/$1/ o/Windows/ cpe:/a:typsoft:typsoft_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Pablo's FTP Server\r\n| p/Pablo's ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 PowerLogic FTP Server ready\.\r\n| p/PowerLogic embedded device ftpd/ d/specialized/ match ftp m|^220 INTERMEC 540\+/542\+ FTP Printer Server V([\d.]+) .* ready\.\r\n| p|Intermec 540+/542+ printer ftpd| v/$1/ d/printer/ match ftp m|^220 EthernetBoard OkiLAN 8100e Ver ([\d.]+) FTP server\.\r\n| p/OkiLAN 8100e print server/ v/$1/ d/print server/ match ftp m|^220 OKI-([\w+]+) Version ([\d.]+) ready\.\r\n| p/OkiData $1 printer ftpd/ v/$2/ d/printer/ # SpeedStream 5660 ADSL modem/router match ftp m|^220 VxWorks \(ENI-ftpd ([\d.]+)\) FTP server ready\r\n| p/SpeedStream 5660 ADSL router/ i|Runs ENI-ftpd/$1 on VxWorks| d/router/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220--------------------------------------------------------------------------------\r\n220-This is the \"Banner\" message for the Mac OS X Server's FTP server process\.\r\n.*220 ([-\w_.]+) FTP server \(Version: Mac OS X Server ([\d.]+) - \+GSSAPI\) ready\.\r\n|s p/Mac OS X Server ftpd/ i/MacOS X $2/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a match ftp m|^220--------------------------------------------------------------------------------\r\n220-This is the \"Banner\" message for the Mac OS X Server's FTP server process\.\r\n| p/Mac OS X Server ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220 Welcome to U\.S\.Robotics SureConnect ADSL Ethernet/USB Router update FTP server v([\d.]+)\.\r\n| p/USRobotics SureConnect ADSL router ftpd/ v/$1/ d/router/ match ftp m|^220-Welcome to Xerver Free FTP Server ([\d.]+)\.\r\n220-\r\n220-You can login below now\.\r\n220 Features: \.\r\n| p/Xerver Free ftpd/ v/$1/ match ftp m|^220 ([-\w_.]+) FTP server \(tnftpd ([\w._+-]+)\) ready\.\r\n| p/tnftpd/ v/$2/ h/$1/ match ftp m|^220 ([-\w_.]+) FTP server \(LundFTPD ([\d.]+) .*\) ready\.\r\n| p/LundFTPd/ v/$2/ h/$1/ match ftp m|^220 HD316\r FTP server\(Version([\d.]+)\) ready\.\r\n| p/Panasonic WJ-HD316 Digital Disk Recorder/ v/$1/ d/media device/ cpe:/h:panasonic:wj-hd316/ match ftp m|^220 ([\w._-]+)\r FTP server\(Version([\w._-]+)\) ready\.\r\n| p/Panasonic WJ-HD316 Digital Disk Recorder/ v/$2/ d/media device/ h/$1/ cpe:/h:panasonic:wj-hd316/ match ftp m=^220 (\w+) IBM Infoprint (Color |)(\d+) FTP Server ([\w.]+) ready\.\r\n= p/IBM Infoprint $2$3 ftpd/ v/$4/ d/printer/ h/$1/ match ftp m|^220 ([\w._-]+) IBM Infoprint (\w+) FTP Server ([\w.]+) ready\.\r\n| p/IBM Infoprint $2 ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:ibm:infoprint_$2/a match ftp m|^220 ShareIt FTP Server ([\d.]+) \(WINCE\) Ready\.\r\n| p/ShareIt ftpd/ v/$1/ d/PDA/ match ftp m|^220 ShareIt FTP Pro ([\d.]+) \(WINCE\) Ready\.\r\n| p/ShareIt Pro ftpd/ v/$1/ d/PDA/ match ftp m|^220 ISOS FTP Server for Upgrade Purpose \(([\d.]+)\) ready\r\n| p/Billion 741GE ADSL router/ v/$1/ d/router/ cpe:/h:billion:741ge/a match ftp m|^220 PV11 FTP Server ready\r\n| p/Unknown wireless acces point ftpd/ i/Runs Phar Lap RTOS/ d/router/ match ftp m|^220 Alize Session Manager FTP Server\r\n| p/Alcatel OmniPCX ftpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/ match ftp m|^220-FTP Server ready\r\n220-Welcome to the Sambar FTP Server\r\r\n| p/Sambar ftpd/ cpe:/a:sambar:sambar_server/ match ftp m|^220 SINA FTPD \(Version ([-\d.]+)\).*\r\n| p/Sina ftpd/ v/$1/ match ftp m|^220 DataHive FTP Server ([\d.]+) Ready\.\r\n| p/DataHive ftpd/ v/$1/ match ftp m|^220--- AlterVista FTP, based on Pure-FTPd --\r\n| p/AlterVista ftpd/ i/Based on Pure-ftpd/ match ftp m|^220 Welcome to the ADI Convergence Galaxy update FTP server v([\d.]+)\.\r\n| p/ADI Convergence Galaxy update ftpd/ v/$1/ match ftp m|^421 You are not permitted to make this connection\.\r\n| p/Symantec Raptor Firewall ftpd/ d/firewall/ cpe:/a:symantec:raptor_firewall/ match ftp m|^220 copier2FTP server ready\.\r\n| p/Konica Minolta Di3510 Copier ftpd/ d/printer/ cpe:/h:konicaminolta:di3510/a match ftp m|^220 DrayTek FTP version ([\d.]+)\r\n| p/DrayTek Vigor router ftpd/ v/$1/ d/router/ match ftp m|^220 ([-\w_.]+) FTP server ready \(mod_ftpd/([\d.]+)\)\r\n| p/Apache mod_ftpd/ v/$2/ h/$1/ cpe:/a:apache:http_server/ match ftp m|^220 The Avalaunch FTP system -- enter user name\r\n| p/Avalaunch ftpd/ i/XBox/ d/game console/ match ftp m|^220 Server 47 FTP service\. Welcome\.\r\n| p/bftpd/ o/Unix/ match ftp m%^220-loading\.\.\r\n220-\| W e L c O m E @ SFXP\|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\|\r\n% p/SwiftFXP/ match ftp m|^220 Z-FTP\r\n| p/Z-FTPd/ match ftp m|^220 ([-/.+\w_]+) Dell ([-/.+\w ]+) FTP Server ([\w._-]+) ready\.\r\n| p/Dell $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:dell:$2/ match ftp m|^220 ([-/.+\w_]+) Dell Wireless Printer Adapter ([\w._-]+) FTP Server ready\.\r\n| p/Dell $2 Wireless Printer Adapter ftpd/ d/print server/ h/$1/ cpe:/h:dell:$2/ match ftp m|^220 ([-/.+\w_]+) Dell Laser Printer ([-/.+\w ]+) FTP Server ([\w._-]+) ready\.\r\n| p/Dell $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:dell:$2/ match ftp m|^220 Dell Laser Printer ([\w._-]+)\r\n| p/Dell $1 laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Dell Color Laser ([\w._-]+)\r\n| p/Dell $1 color laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Dell ([\w._-]+) Color Laser\r\n| p/Dell $1 color laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Dell MFP Laser ([\w._-]+)\r\n| p/Dell $1 laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Plan 9 FTP server ready\r\n| p/Plan 9 ftpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a match ftp m=^220-\+----------------------\[ UNREGISTERED VERSION \]-----------------------\+\r\n220-\| This site is running unregistered copy of RaidenFTPD ftp server \+\r\n= p/RaidenFTPd/ i/Unregistered/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|220 ([-\w_.]+) FTP server \(Version: Mac OS X Server ([\d.]+) - \+GSSAPI\) ready\.\r\n|s p/MacOS X Server ftpd/ i/MacOS X Server $2/ o/Mac OS X Server/ h/$1/ cpe:/o:apple:mac_os_x_server:$2/ match ftp m|^220 Fastream NETFile FTP Server(?: Ready)?\r\n| p/Fastream NETFile FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP 9500 server \(Version ([\d.]+)\) ready\.\r\n| p|Nokia Smartphone 9300/9500 ftpd| v/$1/ d/phone/ o/Symbian/ match ftp m|^220 [\d.]+ CVX FTP server \(([\d.]+)\) ready\.\r\n| p/CVX ftpd/ v/$1/ match ftp m|^220-\.:\.\r\n220-\.:+\r\n220-\.::::::::::\. e1137 FTP Server loading \.::::::::::::::\. WinSock ready \.| p/e1137 ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Connect\(active \d+, max active \d+\) session \d+ to RemoteScan Server ([\d.]+) on .*\r\n| p/RemoteScan ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.ArGoSoft FTP Server for Windows NT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.ArGoSoft FTP Server, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ArGoSoft FTP Server \.NET v\.([\d.]+) at [^\r\n]*\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to the dvd2xbox ftp server\.\r\n| p/dvd2xbox built-in ftpd/ d/game console/ match ftp m|^220 Welcome To WinEggDrop Tiny FTP Server\r\n| p/WinEggDrop ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-\n220-Welcome to the HOME Edition of GlobalSCAPE CuteFTP Server, which limits\n| p/GlobalSCAPE CuteFTPd/ i/HOME Edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Gestetner DSm622 FTP server \(([\d.]+)\) ready\.\r\n| p/Gestetner DSm622 copier ftpd/ v/$1/ d/printer/ match ftp m|^220 NRG (\w+) FTP server \(([\d.]+)\) ready\.\r\n| p/NRG $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:nrg:$1/a match ftp m|^220-\r\n| p/Backdoor Pubstro ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 wzd server ready\.\r\n| p/wzdftpd/ match ftp m|^500 Sorry, no server available to handle request on ([-\w_.:]+)\r\n| p/ProFTPD/ i/No server available/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^500 Sorry, no server available to handle request on ([-\w_.:]+)\.\r\n| p/ProFTPD/ i/No server available/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 Intel NetportExpress\(tm\) 10/100 Single-port FTP server ready\.\r\n| p/Intel NetportExpress print server ftpd/ d/print server/ match ftp m|^220 NET\+ARM FTP Server ([\d.]+) ready\.\r\n| p/NET+ARM ftpd/ v/$1/ match ftp m|^220- FTPshell Server Service \(Version ([-\w_.]+)\)\r\n220 \r\n| p/FTPshell ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Connected to ([-\w_.]+) ready\.\.\.\r\n| p/TYPSoft ftpd/ o/Windows/ h/$1/ cpe:/a:typsoft:typsoft_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) FTP Server \(LiteServe\) Ready!\r\n| p/Perception LiteServe ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 BetaFTPD ([-\w_.]+) ready\.\r\n| p/BetaFTPd/ v/$1/ match ftp m|^220 NET Disk FTP Server ready\.\r\n| p|NET Disk/NetStore ftpd| match ftp m|^421 Service not available, closing control connection\.\r\n| p|NET Disk/NetStore ftpd| i/Disabled/ match ftp m|^220 NETWORK HDD FTP Server ready\.\r\n| p/Argosy Research HD363N Network HDD ftpd/ d/storage-misc/ match ftp m|^220 Blue Coat FTP Service\r\n| p/Blue Coat ftp proxy/ d/security-misc/ # Can't find any info on this ftpd. Backdoor? -Doug match ftp m|^220 Homer Ftp Server\r\n| p/Homer ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Personal FTP Server ready\r\n| p/Personal FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Personal FTP Professional Server ready\r\n| p/Personal FTPd Professional/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-InterVations FileCOPA FTP Server Version ([\d.]+) .*\r\n220 Trial Version\. (\d+) days remaining\r\n| p/InterVations FileCOPA ftpd/ v/$1/ i/Trial: $2 days left/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 cab Mach4/(\d+) FTP Server ready\.\r\n| p/CAB MACH 4 label printer ftpd/ i/$1 dpi/ d/printer/ match ftp m|^220 cab A4\+/(\d+) FTP Server ready\.\r\n| p/CAB A4+ label printer ftpd/ i/$1 dpi/ d/printer/ match ftp m|^220 (KM[\w+]+) FTP server \(KM FTPD version ([\d.]+)\) ready\.\r\n| p/Konica Minolta $1 ftpd/ v/$2/ d/printer/ cpe:/h:konicaminolta:$1/a match ftp m|^220 Golden FTP Server ready v([\w._-]+)\r\n| p/Golden ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Golden FTP Server Pro ready v([\w._-]+)\r\n| p/Golden ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Golden FTP Server PRO ready v([\w._-]+)\r\n| p/Golden PRO ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ITC Version ([\d.]+) of [-\d]+ X Kyocera UIO UMC 10base OK \r\n| p/X Kyocera UIO UMC 10base print server ftpd/ v/$1/ d/print server/ cpe:/h:kyocera:uio_umc_10base/a match ftp m|^220 ActiveFax Version ([\d.]+) \(Build (\d+)\) - .*\r\n| p/ActiveFax ftpd/ v/$1 build $2/ match ftp m|^220-Welcome to CrushFTP!\r\n220 CrushFTP Server Ready[!.]\r\n| p/CrushFTPd/ match ftp m|^220-Welcome to CrushFTP([\w._-]+)!\r\n220 CrushFTP Server Ready\.\r\n| p/CrushFTP/ v/$1/ match ftp m|^220 DPO-7300 FTP Server ([\d.]+) ready\.\n| p/NetSilicon DPO-7300 ftpd/ v/$1/ match ftp m|^220 Welcome to WinFtp Server\.\r\n| p/WinFtpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 IBM TCP/IP for OS/2 - FTP Server ver ([\d:.]+) on .* ready\.\r\n| p|IBM OS/2 ftpd| v/$1/ o|OS/2| cpe:/a:ibm:os2_ftp_server:$1/ cpe:/o:ibm:os2/ match ftp m|^220 AudioVAULT FTP server\r\n| p/AudioVault ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP/VPP Server ([\d.]+) / Current Date: [-\d]+ [\d:]+\r\n| p/Verteiltes Printen und Plotten ftpd/ v/$1/ match ftp m|^220 Xerox WorkCentre (\w+) Ver ([\d.]+) FTP server\.\r\n| p/Xerox WorkCentre $1 ftpd/ v/$2/ d/printer/ cpe:/h:xerox:workcentre_$1/a match ftp m|^220 Xerox Phaser (\w+)\r\n| p/Xerox Phaser $1 printer ftpd/ d/printer/ cpe:/h:xerox:phaser_$1/a match ftp m|^220 .* Server \(vftpd ([\d.]+)\) ready\.\r\n| p/vftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Network Camera FTP Server\r\n| p/Vivotek 3102 Camera ftpd/ d/webcam/ match ftp m|^220-TwoFTPd server ready\.\r\n220 Authenticate first\.\r\n| p/TwoFTPd/ o/Unix/ match ftp m|^220 WEB TLC FTP SERVER READY TYPE HELP FOR HELP \r\n| p/Overland Storage Neo2000 ftpd/ d/storage-misc/ match ftp m|^220 ([-/.+\w_]+) Lexmark ([-/.+\w ]+) FTP Server ([-.\w]+) ready\.\r\n| p/Lexmark $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:lexmark:$2/a match ftp m|^220 ([-/.+\w_]+) MarkNet ([-/.+\w ]+) FTP Server ([-.\w]+) ready\.\r\n| p/Lexmark $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:lexmark:$2/a match ftp m|^500 ([\w._-]+) FTP server shut down -- please try again later\.\r\n| p/Mac OS X Server ftpd/ i/disabled/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a match ftp m|^220 \(Ver\. ([^)]+)\) [A-Z][a-z]{2} \d+ 20\d+ ready\.\r\n| p|Canon VB-C10/VB-C10R webcam ftpd| v/$1/ d/webcam/ match ftp m|^220 Cisco \(([\d.]+)\) FTP server ready\r\n| p/Cisco ftpd/ v/$1/ o/IOS/ cpe:/o:cisco:ios/a match ftp m|^220 \"Global Site Selector FTP\"\r\n| p/Cisco Site Selector ftpd/ d/security-misc/ cpe:/h:cisco:global_site_selector:-/ match ftp m|^220 ISOS FTP Server \(([\d.]+)\) ready\r\n| p/Xavi 7768 WAP ftpd/ v/$1/ d/WAP/ cpe:/h:xavi:7768/ match ftp m|^220- smallftpd ([\d.]+)\r\n220- check http://smallftpd\.free\.fr| p/smallftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) GridFTP Server ([\w._-]+) \((gcc\w+), [-\d]+\) (?:\[unknown\] )?ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/$3/ h/$1/ match ftp m|^220 ([\w._-]+) GridFTP Server ([\w._-]+) \((gcc\w+), [-\d]+\) \[Globus Toolkit ([\w._-]+)\] ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/Globus Toolkit $4; $3/ h/$1/ match ftp m|^220 ([-\w_.]+) (?:[A-Z]+ )?GridFTP Server ([\d.]+) (GSSAPI type Globus/GSI wu-\S+) \(gcc\w+, [-\d]+\) ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/$3/ h/$1/ match ftp m|^220 ([-\w_.]+) FTP server \(GridFTP Server ([\d.]+) \[(GSI patch v[\d\.]+)\] (wu-\S+) .+\) ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/$4 $3/ h/$1/ match ftp m|^220 Welcome to the OpenDreambox FTP service\.\r\n| p/Dreambox ftpd/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Willkomen auf Ihrer Dreambox\.\r\n| p/Dreambox ftpd/ i/German/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Welcome to the PLi dreambox FTP server\r\n| p/Dreambox ftpd/ i/PLi image/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Welcome to the Pli Jade Server >> OpenDreambox FTP service <<\.\r\n| p/Dreambox ftpd/ i/PLi Jade image/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 ([-\w_.]+) FTP server \(KONICA FTPD version ([\d.]+)\) ready\.\r\n| p/Konica Minolta printer ftpd/ v/$2/ d/printer/ h/$1/ match ftp m|^220 KONICA MINOLTA FTP server ready\.\r\n| p/Konica Minolta bizhub printer ftpd/ d/printer/ match ftp m|^Error loading /etc/ssl/certs/ftpd\.pem:| p/Linux NetKit ftpd/ i/misconfigured/ o/Linux/ cpe:/a:netkit:netkit/ cpe:/o:linux:linux_kernel/a match ftp m|^500 OOPS: cannot locate user entry:([-\w_]+)\r\n500 OOPS: child died\r\n| p/vsftpd/ i/misconfigured; ftp user $1/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220 Welcome to Freebox FTP Server\.\r\n| p/Freebox ftpd/ d/media device/ match ftp m|^220 FTP server \(Medusa Async V([\d.]+) \[experimental\]\) ready\.\r\n| p/Zope Medusa ftpd/ v/$1/ match ftp m|^220- Novonyx FTP Server for NetWare, v([\d.]+) \(| p/Novonyx ftpd/ v/$1/ o/NetWare/ cpe:/o:novell:netware/a match ftp m|^220 ([-\w_.]+) \(Aironet (BR\w+) V([\d.]+)\) ready\r\n| p/Aironet $2 wireless bridge ftpd/ v/$3/ d/WAP/ h/$1/ cpe:/h:cisco:aironet_$2/ match ftp m|^220-Welcome To Rumpus!\r\n220 Service ready for new user\r\n| p/Rumpus ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220 Hello, I'm freeFTPd ([\d.]+)\r\n| p/FreeFTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 PrNET FTP server \(PrNET FTP ([\d.]+)\) ready\.\r\n| p/Panasonic WV-NP1000 webcam ftpd/ v/$1/ d/webcam/ cpe:/h:panasonic:wv-np1000/a match ftp m|^220-Looking up your hostname\.\.\.\r\n220-Welcome to SimpleFTPd v([\w.]+) by MagicalTux| p/SimpleFTPd/ v/$1/ match ftp m|^220 IB-21E Ver ([\d.]+) FTP server\.\r\n| p/Kyocera IB-21E print server ftpd/ v/$1/ d/print server/ cpe:/h:kyocera:ib-21e/a match ftp m|^220 IB-23 Ver ([\d.]+) FTP server\.\r\n| p/Kyocera FS-1000D-series print server ftpd/ v/$1/ d/print server/ match ftp m|^220 SurgeFTP ([-\w_.]+) \(Version ([\w.]+)\)\r\n| p/SurgeFTPd/ v/$2/ h/$1/ cpe:/a:netwin:surgeftp:$2/ match ftp m|^220 Disk Station FTP server at ([-\w_.]+) ready\.\r\n| p/Synology NAS ftpd/ d/storage-misc/ h/$1/ match ftp m|^220 FTP Merak ([\d.-]+)\r\n| p/Merak ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^refused in\.ftpd from [-\w_.]+ logged\n| p/tcpwrapped ftpd/ i/refused/ match ftp m|^220 Ipswitch Notification Server| p/Ipswitch notification ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-?\s+SSH-[\d.]+-([a-zA-Z]+)| p/FTP masquerading as $1/ i/**BACKDOOR**/ match ftp m|^220 Xlight FTP Server ([\d.]+) ready\.\.\.\r\n| p/Xlight ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Xlight Server ([\d.]+) ready\.\.\. \r\n| p/Xlight ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 NetTerm FTP server ready \r\n| p/NetTerm ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 SHARP ([\w-]+) FTP server ready\.\r\n| p/Sharp $1 printer ftpd/ d/printer/ cpe:/h:sharp:$1/a match ftp m|^220 SHARP ([\w-]+) Ver ([\w._-]+) FTP server\.\r\n| p/SHARP $1 printer ftpd/ v/$2/ d/printer/ match ftp m|^220 (FS-\w+) FTP server\.?\r\n| p/Kyocera $1 printer ftpd/ d/printer/ cpe:/h:kyocera:$1/ match ftp m|^220 Scala FTP \(\"Scala InfoChannel Player \d+\" ([\w/.]+)\)\r\n| p/Scala InfoChannel Player ftpd/ v/$1/ d/media device/ match ftp m|^220 FTP Services for ClearPath MCP: Server version ([\d.]+)\r\n| p/Unisys ClearPath MCP ftpd/ v/$1/ match ftp m|^220 Nut/OS FTP ([\d.]+) beta ready at| p|Nut/OS Demo ftpd| v/$1/ o|Nut/OS| cpe:/o:ethernut:nut_os/a match ftp m|^ftpd - accept the connection from [\d.]+\n220-eDVR FTP Server v([\d.]+) \(c\)Copyright WebGate Inc\. \w+-\w+\r\n220-Welcome to (DS\w+)\r\n220 You will be disconnected after 180 seconds of inactivity\.\r\n| p/WebGate $2 eDVR camera ftpd/ v/$1/ d/webcam/ match ftp m|^220 FTP-Backupspace\r\n$| p/STRATO backup ftpd/ match ftp m|^220-.* \(([-\w_.]+)\)\r\n Synchronet FTP Server ([-\w_.]+)-Win32 Ready\r\n| p/Synchronet ftpd/ v/$2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to (DCS-\w+) FTP Server\r\n$| p/D-Link $1 webcam ftpd/ d/webcam/ cpe:/h:dlink:$1/a match ftp m|^220 X5 FTP server \(version ([\d.]+)\) ready\.\r\n| p/Zoom ADSL modem/ i/X5 $1/ d/broadband router/ match ftp m|^220 zFTPServer v([-\w_.]+), build ([-\d]+)| p/zFTPServer/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to zFTPServer\r\n| p/zFTPServer/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 FRITZ!BoxWLAN(\d+)(?:\(UI\))? FTP server ready\.\r\n| p/FRITZ!Box WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!BoxFonWLAN(\w+)(?:\(\w+\))? FTP server ready\.\r\n| p/FRITZ!Box Fon WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!Box Fon WLAN (\d+) FTP server ready\.\r\n| p/FRITZ!Box Fon WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!Box(\w+)Cable\(um\) FTP server ready\.\r\n| p/FRITZ!Box $1 cable modem ftpd/ d/broadband router/ match ftp m|^220 CompuMaster SRL, WT-6500 Ftp Server \(Version ([\d.]+)\)\.\r\n| p/CompuMaster WT-6500 ThinClient ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^211 Hello \[[-\w_.]+\], Secure/IP Authentication Server ([-\w_.]+) at your service\.\r\n| p|OpenVMS Secure/IP ftpd| v/$1/ o/OpenVMS/ cpe:/o:hp:openvms/a match ftp m|^220 HP166XC V([-\w_.]+) FUSION FTP server \(Version ([-\w_.]+)\) ready\.\r\n| p/HP166XC $1 Logic Analyzer ftpd/ i/FUSION ftpd $2/ d/specialized/ match ftp m|^220 FTP Server, type 'quote help' for help\r\n$| p/Polycom VSX 8000 ftpd/ d/webcam/ cpe:/h:polycom:vsx_8000/a match ftp m|^550 no more people, max connections is reached\r\n| p/Avalaunch XBOX ftpd/ i/Max connections reached/ d/game console/ match ftp m|^220 Fastream IQ FTP Server\r\n| p/Fastream IQ ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 RICOH Aficio ([\w ._+-]+?) FTP server \(([-\w_.]+)\) ready\.\r\n| p/Ricoh Aficio $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:ricoh:aficio_$1/a match ftp m|^220 RICOH Aficio ([\w ._+-]+?) \(([-\w_.]+)\) FTP server ready\r\n| p/Ricoh Aficio $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:ricoh:aficio_$1/a match ftp m|^220 HIOKI ftp service v([\d.]+)\r\n| p/Hioki HiCorder 8855 ftpd/ v/$1/ d/specialized/ match ftp m|^220 Treck FTP server ready\.\r\n| p/Treck Embedded ftpd/ match ftp m|^220 Microtest SuperCD-cdserver FTP server \(Version V([\w._-]+)\) ready\.\r\n| p/Axonix SuperCD ftpd/ v/$1/ d/media device/ match ftp m|^220 FTP service \(Ftpd ([\d.]+)\) ready on ([\w._-]+) at| p/Minix ftpd/ v/$1/ o/Minix/ h/$2/ cpe:/a:minix:ftpd:$1/ cpe:/o:minix:minix/a match ftp m|^220 Cube Station FTP server at ([\w._-]+) ready\.\r\n| p/Synology CubeStation ftpd/ h/$1/ match ftp m|^220 Xerox Phaser (\w+)\r\n421 Service not available, closing control connection\r\n| p/Xerox Phaser $1 ftpd/ d/printer/ cpe:/h:xerox:phaser_$1/a match ftp m|^220 CrossFTP Server ready for new user\.\r\n| p/CrossFTP java ftpd/ match ftp m|^220 ATAboy2X-\d+ FTP V([\w._-]+) ready\n| p/ATAboy2X ftpd/ v/$1/ d/storage-misc/ match ftp m|^220 Belkin Network USB Hub Ver ([\w._-]+) FTP server\.\r\n| p/Belkin USB hub ftpd/ v/$1/ match ftp m|^220-TCP/IP for VSE FTP Daemon Version ([\w._-]+) | p/VSE ftpd/ v/$1/ o/VSE/ match ftp m|^220 FTP server: Lexmark Optra LaserPrinter ready\r\n| p/Lexmark Optra LaserPrinter ftpd/ d/printer/ match ftp m|^220 NSE \(AG (\d+) v([\w._-]+)\) FTP server ready\r\n| p/Nomadix AG $1 ftpd/ v/$2/ d/WAP/ match ftp m|^220 Welcome to Easy File Sharing FTP Server!\r\n| p/Easy File Sharing ftpd/ o/Windows/ cpe:/a:efssoft:easy_file_sharing_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220- \*+\r\n220- \r\n220- Welcome to Dream FTP Server\r\n220- Copyright 2002 - 2004\r\n220- BolinTech Inc\.\r\n| p/BolinTech Dream FTP Server/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to the Netburner FTP server\.\r\n| p/Netburner embedded device ftpd/ d/specialized/ match ftp m|^220 NetBotz FTP Server ([\w._-]+) ready\.\r\n| p/NetBotz network monitor ftpd/ v/$1/ d/security-misc/ match ftp m|^220 TOSHIBA e-STUDIO5500c FTP server \(([\w._-]+)\) ready\.\r\n| p/Toshiba e-STUDIO5500c printer ftpd/ v/$1/ d/printer/ cpe:/h:toshiba:e-studio5500c/a match ftp m|^220 \(WJ-HD220 FTP Server version ([\w._-]+) Ready\)\r\n| p/Panasonic WJ-HD220 ftpd/ v/$1/ d/media device/ match ftp m|^220 ([\w._-]+) FTP server \(EMC-SNAS: ([\w._-]+)\) ready\.\r\n| p/EMC Scalable Network Accelerator ftpd/ v/$2/ h/$1/ match ftp m|^220-CentOS release ([\w._-]+) .*\r\n220 ProFTPD ([\w._-]+) Server \(ProFTPD Default Installation\)|s p/ProFTPD/ v/$2/ i/CentOS $1/ o/Linux/ cpe:/a:proftpd:proftpd:$2/a cpe:/o:centos:centos/ match ftp m|^220 TCAdmin FTP Server\r\n| p/Balance Servers TCAdmin game hosting ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^.* klogd: klogd started: BusyBox v([\w._-]+) \(.*\)\r\nDoing BRCTL \.\.\.\r\nsetfilter br0 0 \r\n/var/tmp/act_firewall: No such file or directory\r\n| p/Actiontec router ftpd/ i/firewall broken; BusyBox $1/ d/broadband router/ cpe:/a:busybox:busybox:$1/ # these should be fine. embyte match ftp m|^220 .*BlackJumboDog Version ([^ ]+)| p/Blackjumbodog FTPd/ v/$1/ match ftp m|^220[- ] ?[Cc]rob FTP [Ss]erver [Vv]?([-.\d\w]+)| p/Crob FTPd/ v/$1/ match ftp m|^220.* GlobalSCAPE Secure FTP Server \(v\. ([^\)]+)\)| p/GlobalSCAPE Secure FTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 GlobalSCAPE Secure FTP Server\r\n| p/GlobalSCAPE Secure FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Mollensoft FTP Server ([^ ]+) Ready\.| p/Mollensoft FTPd/ v/$1/ match ftp m|^220 Welcome to Ocean FTP Server.| p/Ocean FTPd/ match ftp m|^220 4dftp .* FTP Service \(Version ([^)]+)\)| p/WebStar 4dftp/ v/$1/ match ftp m|^220 IBM NPS 540\+/542\+ FTP Printer Server V([\w._-]+) | p|IBM NPS 540+/542+ print server ftpd| v/$1/ d/print server/ match ftp m|^220 ([\w._-]+) FTP server \(mmftpd \(([\w._/-]+)\)\) ready\r\n| p/mmftpd/ v/$2/ h/$1/ match ftp m|^220 C500 FTP Server ([\w._-]+) ready\.\n| p/Lexmark C500 printer ftpd/ v/$1/ d/printer/ cpe:/h:lexmark:c500/a match ftp m|^220-TiMOS-\w+-([\w._-]+) cpm/hops ALCATEL ESS 7450 Copyright \(c\) 2000-2007 Alcatel-Lucent\.\r\n| p/Alcatel-Lucent ESS 7450 router ftpd/ v/$1/ d/router/ o/TiMOS/ match ftp m|^220 SAVIN 8055 FTP server \(([\w._-]+)\) ready\.\r\n| p/Savin 8055 printer ftpd/ v/$1/ d/printer/ cpe:/h:savin:8055/a match ftp m|^220 TANDBERG Satellite Modulator SM6600\r\n| p/Tandberg SM6600 Satellite Modulator ftpd/ d/media device/ match ftp m|^220 SUN StorEdge 3511 RAID FTP server ready\.\r\n| p/Sun StorEdge 3511 ftpd/ d/storage-misc/ match ftp m|^220 IFT ([\w._-]+) RAID FTP server ready\.\r\n| p/Infortrend EonStor $1 ftpd/ d/storage-misc/ match ftp m|^421 Closing non-secure connections in Secure Mode\. \r\n| p/Polycom VSX 7000A VoIP phone ftpd/ d/VoIP phone/ cpe:/h:polycom:vsx_7000a/a match ftp m|^220-Sami FTP Server ([\w._-]+)\r\n| p/KarjaSoft Sami ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 DrFTPD ([\w._-]+) http://drftpd\.org\r\n| p/DrFTPD/ v/$1/ match ftp m|^220 DrFTPD\+ ([\w._-]+) \(\+STABLE\+\) \$Revision: (\d+) \$ http://drftpd\.org\r\n| p/DrFTPD/ v/$1 revision $2/ match ftp m|^220 Conti FTP Server ready\r\n| p/Conti ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Mobile File Service\r\n\r\n| p|HTC P4000 PDA/Phone ftpd| d/PDA/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Topfield PVR FTP server\r\n| p/Topfield HDPVR satellite decoder ftpd/ d/media device/ match ftp m|^220 ([\w._-]+) FTP server \(WS2000 FTPD Server\) ready\.\r\n| p|Motorola/Symbol WS2000 WAP ftpd| d/WAP/ h/$1/ match ftp m|^220 ADH FTP SERVER READY TYPE HELP FOR HELP \r\n| p/AD Network Video Dedicated Micros DVR ftpd/ d/webcam/ match ftp m|^220 TDS400 FTP Service \(Version ([\w._-]+)\)\.\r\n| p/TDS400 printer ftpd/ v/$1/ d/printer/ match ftp m|^220 ---freeFTPd 1\.0---warFTPd 1\.65---\r\n| p/Nepenthes HoneyTrap fake vulnerable ftpd/ match ftp m|^220- \w+\r\n220 FTP Server powered by: Quick 'n Easy FTP Server\r\n| p/Quick 'n Easy FTP Server/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-National Instruments FTP\r\n220 Service Ready \r\n| p/National Instruments LabVIEW ftpd/ d/specialized/ cpe:/a:ni:labview/ # The ASCII spells "FREETZ". match ftp m=^220- __ _ __ __ ___ __\r\n220- \|__ \|_\) \|__ \|__ \| /\r\n220- \| \|\\ \|__ \|__ \| /_\r\n220-\r\n220- The fun has just begun\.\.\.\r\n220 \r\n= p/vsftpd/ i/Freetz firmware for AVM Fritz!Box/ d/WAP/ cpe:/a:vsftpd:vsftpd/ match ftp m|Permission denied\.\(Please check access control list\)\r\nPermission denied\.\(Please check access control list\)\r\n\n\rSystem administrator is connecting from [\d.]+\n\rReject the connection request !!!\n\r\n\rSystem administrator is connecting from [\d.]+\n\rReject the connection request !!!\n\r| p/DrayTek Vigor 2820 ADSL router ftpd/ i/access denied/ d/broadband router/ cpe:/h:draytek:vigor_2820/a match ftp m|^550 Permission denied\.\(Too many user login!!!\)\r\nPermission denied\.\(Please check access control list\)\r\n| p/DrayTek Vigor 2820n ADSL router ftpd/ i/access denied/ d/broadband router/ cpe:/h:draytek:vigor_2820n/a match ftp m|^220-FTPSERVE IBM VM Level (\d)(\d+) at ([\w._-]+), [^\r\n]*\r\n220 Connection will close if idle for more than 5 minutes\.\r\n| p/IBM FTPSERVE/ o|z/VM $1.$2| h/$3/ match ftp m|^220 MeritFTP ([\d.]+) at ([\d.]+) ready\.\r\n| p/Merit Megatouch game device ftpd/ v/$1/ d/specialized/ h/$2/ match ftp m|^220 NET\+OS ([\d.]+) FTP server ready\.\r\n503 Bad sequence of commands\r\n| p/NET+OS ftpd/ i/NET+OS $1/ o/NET+OS/ match ftp m|^220 Welcome to the NSLU2 vsftp daemon\.\r\n| p/vsftpd/ i/NSLU2 NAS device/ d/storage-misc/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220- Menuet FTP Server v([\d.]+)\r\n220 Username and Password required\r\n| p/Menuet FTP Server/ v/$1/ o/MenuetOS/ match ftp m|^220 Xyratex (\w+) RAID FTP server ready\.\r\n| p/Xyratex $1 RAID NAS device ftpd/ d/storage-misc/ match ftp m|^220 MLT-57066 Version ([\w.]+) ready\.\r\n| p/Minolta PagePro 20 printer ftpd/ v/$1/ cpe:/h:minolta:pagepro_20/a match ftp m|^220 tandem FTP SERVER \w+ \(Version ([\w.]+) TANDEM \w+\) ready\.\r\n| p/Tandem FTP server/ v/$1/ i/Tandem Himalaya K2000/ o/GuardianOS/ match ftp m|^220 ZBR-(\d+) Version ([\d.]+) ready\.\r\n| p/Zebra print server ftpd/ v/$2/ i/firmware $1/ match ftp m|^220 ([\w._-]+) pSOSystem FTP server \(@\(#\)\(#\)pVER IA/MIPS, Version ([\w._ -]+), Built on ([\d/]+)\) ready\.\r\n| p/pSOSystem ftpd/ v/$2/ i/MIPS; build date $3/ o/pSOS/ h/$1/ match ftp m|^220 ([\w._-]+) pSOSystem FTP server \(@\(#\)\(#\)pVER IA/PPC, Version ([\w._ -]+), Built on ([\d/]+)\) ready\.\r\n| p/pSOSystem ftpd/ v/$2/ i/PowerPC; build date $3/ o/pSOS/ h/$1/ match ftp m|^220 ([\w._-]+) pSOSystem FTP server \(Network Utilities for /68k-MRI/([\w._-]+) - Network Utility\) ready\.\r\n| p/pSOSystem ftpd/ v/$2/ i/m68k/ o/pSOS/ h/$1/ match ftp m|^220 Star IFBD-HE05/06 FTP Server\.\r\n| p/Star Micronics TSP828L printer ftpd/ d/printer/ cpe:/h:starmicronics:tsp828l/a match ftp m|^220 Welcome to Baby FTP Server\r\n| p/Baby FTP Server/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([\w_.-]+) FTP server \(witelcom ([\d.]+)\) ready\r\n| p/Witelcom router ftpd/ v/$2/ d/router/ h/$1/ match ftp m|^220 SwiFTP ready\r\n| p/SwiFTP/ i/Android phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 SwiFTP ([\w._-]+) ready\r\n| p/SwiFTP/ v/$1/ i/Android phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 EFI FTP Print server ready\.\r\n| p/EFI Fiery ftpd/ d/print server/ match ftp m|^220 infotec IS (\d+) FTP server \(([\w.]+)\) ready\.\r\n| p/Infotec IS $1 ftpd/ v/$2/ match ftp m|^220- Print Server ([\d.]+ \([^)]*\))\r\n220 FTP server \(Version ([^)]*)\) ready\.\r\n| p/Roland plotter print server ftpd/ v/$2/ i/print server version $1/ match ftp m|^220 FTP Server \(ZyWALL (USG \w+)\) \[[\w._-]+\]\r\n| p/ZyWALL $1 firewall ftpd/ d/firewall/ match ftp m|^220 Connected to IndiFTPD\r\n| p/IndiFTPD/ match ftp m|^220 EasyCoder FTP Server v\.([\d.]+) ready\.\r\n| p/Intermec PM4i printer ftpd/ v/$1/ d/printer/ cpe:/h:intermec:pm4i/a match ftp m|^220 ALFTP Server ready\. \^-\^\)/~\r\n| p/ALFTP/ match ftp m|^220 ftp server corona \(([\w._-]+)\)\r\n| p/THEOS Corona ftpd/ v/$1/ o/THEOS/ match ftp m|^220 vxTarget FTP server \(VxWorks ([\d.]+)\) ready\.\r\n| p/vxTarget ftpd/ i/VxWorks $1/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220-Welcome to the S60 Dumb FTP Server \(dftpd\)\r\n| p/Dumb FTP Server (dftpd)/ d/phone/ o/SymbianOS/ match ftp m|^220-Local time is now [\d:]+\r\n220 You will be disconnected after 300 seconds of inactivity\.\r\n| p/DViCO TVIX 6500A set top box ftpd/ d/media device/ match ftp m|^220 ET(\w+) ([\w-]+) Series FTP Server ready\.\r\n| p/Lexmark $2 series printer ftpd/ i/MAC: $1/ d/printer/ match ftp m|^220 aFTPServer ready \(cwd is /\)\r\n$| p/FTPServer/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 BCB1COOL Server \(Proftpd FTP Server\) \[([\w._-]+)\]\r\n| p/ProFTPD/ h/$1/ cpe:/a:proftpd:proftpd/ match ftp m|^220 FTP version ([\w.]+)\r\n| p/DrayTek Vigor 2820 ADSL router ftpd/ v/$1/ d/broadband router/ cpe:/h:draytek:vigor_2820/a match ftp m|^220 FTP version ([\w.]+)\r\n331 Enter PASS command\r\n$| p/DrayTek Vigor 2820 ADSL router ftpd/ v/$1/ d/broadband router/ cpe:/h:draytek:vigor_2820/a match ftp m|^220 Core FTP Server Version ([\w._-]+, build \d+), installed (\d+ days ago) Registered\r\n| p/Core FTP Server/ v/$1/ i/installed $2/ cpe:/a:coreftp:core_ftp:$1/ match ftp m|^220 Core FTP Server Version ([\w._-]+, build \d+) Registered\r\n| p/Core FTP Server/ v/$1/ cpe:/a:coreftp:core_ftp:$1/ match ftp m|^220-.*\r\n220 ([\w._-]+) FTP Server \(Apache/([\w._-]+) \(Linux/SUSE\)\) ready\.\r\n| p/Apache mod_ftpd/ v/$2/ o/Linux/ h/$1/ cpe:/a:apache:http_server/ cpe:/o:linux:linux_kernel/a match ftp m|^220 pyftpdlib ([\w._-]+) ready\.\r\n| p/pyftpdlib/ v/$1/ match ftp m|^220 Simple FTP daemon coming up!\r\n| p/A+V Link NVS-4000 surveillance system ftpd/ d/webcam/ match ftp m|^220 DiskStation FTP server ready\.\r\n| p/Synology DiskStation NAS ftpd/ d/storage-misc/ match ftp m|^220 DiskStation-([\w._-]+) FTP server ready\.\r\n| p/Synology Disk Station DS-$1 NAS ftpd/ d/storage-misc/ # "1.0" number doesn't seem to reflect the true version number. match ftp m=^220- Ftp Site Powerd by BigFoolCat Ftp Server 1\.0 \(meishu1981@(?:163\.com|gmail\.com)\)\r\n220- Welcome to my ftp server\r\n220 \r\n= p/EasyFTP Server ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 <\w+> Tenor Multipath Switch FTP server \(Version VxWorks([\w._-]+)\) ready\.\r\n| p/Tenor Multipath Switch ftpd/ d/switch/ o/VxWorks $1/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220 Welcome to Tenor Multipath Switch\.\r\n| p/Tenor Multipath Switch ftpd/ d/switch/ match ftp m|^220 Imagistics ZB3500080 Ver ([\w._-]+) FTP server\.\r\n| p/Sharp AR-C260M or AR-M351N printer ftpd/ v/$1/ d/printer/ match ftp m|^220 ([\w._-]+) FTP SERVER T9552G07 \(Version ([\w._-]+) TANDEM ([\w._-]+)\) ready\.\r\n| p/HP Tandem NonStop ftpd/ v/$2 $3/ h/$1/ match ftp m|^220 iFTP server v([\w._-]+)\n| p/inLighten iBox digital signage ftpd/ v/$1/ d/media device/ match ftp m|^120 The user queue is full, please try again later\.\r\n| p/Huawei Quidway AR28-09 WAP ftpd/ i/user queue is full/ d/WAP/ cpe:/h:huawei:quidway_ar28-09/a match ftp m|^220 Mabry \(FtpServX COM Object\) server ready\.\r\n| p/Mabry FTPServX/ match ftp m|^220 ([\w._-]+) FTP server \(InterCon version ([\w._-]+)\) ready\.\r\n| p/Kyocera Mita TASKalfa 300ci printer ftpd/ v/$2/ h/$1/ cpe:/h:kyocera:mita_taskalfa_300ci/a match ftp m|^220 [\w._-]+Citizen_CLP([\w._-]+) FTP server \(InterCon version ([\w._-]+)\) ready\.\n| p/Citizen CLP-$1 label printer ftpd/ v/$2/ d/printer/ match ftp m|^220 FileApp - FTP Server\r\n| p/DigiDNA FileApp ftpd/ o/iOS/ cpe:/o:apple:iphone_os/a match ftp m=^220 (?:SHARP|Sharp) ([\w._-]+) Ver ([\w._+-]+) FTP server\.\r\n= p/Sharp $1 printer ftpd/ v/$2/ cpe:/h:sharp:$1/a match ftp m|^220 Nucleus FTP Server \(Version ([\w._-]+)\) ready\.\r\n| p/Nucleus ftpd/ v/$1/ match ftp m|^220 -= HyNetOS FTP Server =-\r\n500 Command \(null\) not understood\r\n| p/HyNetOS ftpd/ match ftp m|^230 User logged in\.\r\n214-The following commands are recognized\.\r\n214-USER\r\n214-PASS\r\n214-XPWD\r\n214-PWD\r\n214-TYPE\r\n214-PORT\r\n214-EPRT\r\n214-PASV\r\n214-EPSV\r\n214-ALLO\r\n214-STOR\r\n214-APPE\r\n214-RETR\r\n214-LIST\r\n214-NLST\r\n214-SYST\r\n214-MDTM\r\n214-XCWD\r\n214-CWD\r\n214-XCUP\r\n214-CDUP\r\n214-DELE\r\n214-XMKD\r\n214-MKD\r\n214-XRMD\r\n214-RMD\r\n214-NOOP\r\n214-RNFR\r\n214-RNTO\r\n214-REST\r\n214-SIZE\r\n214-QUIT\r\n214-HELP\r\n214-STAT\r\n214-SITE\r\n214-FEAT\r\n214-ADMIN_LOGIN\r\n214-MGET\r\n214-MPUT\r\n214-OPTS\r\n214 End of help\r\n$| p/Netgear 3500L WAP ftpd/ d/WAP/ cpe:/h:netgear:3500l/a match ftp m|^220-\*{53}\r\n220-Welcome to FTP\r\n220-Please use your email address and password to login\.\r\n220-If you are registered for more than one site then your login name must be: yourcompany\.com/you@youremail\.com\.\r\n220-\*{53}\r\n220-\r\n220 FTP Server Ready\r\n| p/Adobe Business Catalyst CMS ftpd/ match ftp m|^220 Welcome to the ftp service\r\n| p/Dionaea honeypot ftpd/ match ftp m|^220 silex ([\w._-]+) Ver ([\w._-]+) FTP server\.\r\n| p/Silex $1 USB server ftpd/ v/$2/ match ftp m|^220-Tracker RIA, 12090011\r\n220-Local time ([\d:]+)\r\n220 You will be disconnected after 180 seconds of inactivity\.\r\n| p/Bomara Tracker 2740 multipurpose server ftpd/ i/local time: $1/ match ftp m|^220 Comau ([\w._-]+) FTP server \(Version ([\w._-]+); Sys_id:([\w._-]+)\) [\d-]+ ready\.\r\n| p/Comau $1 robot control unit ftpd/ v/$2/ i/system id: $3/ d/specialized/ match ftp m|^220 CW([\w._-]+) FTP Service \(Version ([\w._-]+)\)\.\r\n| p/Océ ColorWave $1 printer ftpd/ v/$2/ d/printer/ match ftp m|^220 CONNECT:Enterprise Gateway ([\w._-]+)\. FTP Server ready\.\.\.\r\n| p/Sterling Connect:Enterprise ftpd/ v/$1/ cpe:/a:ibm:sterling_connect:$1/ match ftp m|^220-Playstation 3 FTP \r\n220 Copyleft \(c\) \d+ multiMAN \(login as anonymous\) \r\n| p/multiMAN ftpd/ i/PlayStation 3/ d/game console/ match ftp m|^220 ([\w._-]+) (BV[\w._-]+) FTP server \(V([\w._-]+)\) ready\.\r\n| p/OKI $2 VoIP adapter ftpd/ v/$3/ d/VoIP adapter/ h/$1/ match ftp m|^220 ([\w._-]+) \(Libra FTP daemon ([\w._ -]+)\)\r\n| p/Libra ftpd/ v/$2/ h/$1/ match ftp m|^220 (KM-[\w._-]+) FTP server\r\n| p/Kyocera Mita $1 printer ftpd/ d/printer/ cpe:/h:kyocera:mita_$1/a match ftp m|^220 Welcome to Solar FTP Server \(http://solarftp\.com\)\r\n| p/Solar FTP Server/ o/Windows/ cpe:/o:microsoft:windows/ match ftp m|^220 Indy FTP-Server bereit\.\r\n| p/Indy FTP server/ i/German/ cpe:/a:indy:ftp_server::::de/ match ftp m|^220-Welcome to the Ascotel FTP server\r\n220 \r\n| p/Aastra A150 VoIP phone ftpd/ d/VoIP phone/ cpe:/h:aastra:a150/a match ftp m|^220 \(none\) FTP server \(Version ([\w._-]+/OpenBSD/Linux-ftpd-[\w._-]+)\) ready\.\r\n| p/Topfield TF7100HDPVRt DVR ftpd/ v/$1/ d/media device/ match ftp m|^220 EthernetBoard OkiLAN ([\w._-]+) Ver ([\w._-]+) FTP server\.\r\n| p/OkiDATA OkiLAN $1 print server ftpd/ v/$2/ d/print server/ match ftp m|^220 Comtrend FTP firmware update utility\r\n| p/Comtrend FTP firmware update utility/ match ftp m|^220 Wing FTP Server ([\w._-]+) ready\.\.\.\r\n| p/Wing FTP Server/ v/$1/ match ftp m|^220-\xa1\xee Sonic FTP Server \(Version ([\w._-]+)\)\.\r\n220-\xa1\xee | p/Sonic FTP Server/ v/$1/ match ftp m|^220 Aos FTP Server ready\.\r\n| p/A2 ftpd/ o/A2/ cpe:/o:eth:a2/ match ftp m|^220 Serveur FTP ::ffff:[\d.]+ pr\xc3\xaat\r\n| p/ProFTPD/ i/French/ cpe:/a:proftpd:proftpd::::fr/ match ftp m|^220 FreeFloat Ftp Server \(Version ([\w._-]+)\)\.\r\n| p/FreeFloat ftpd/ v/$1/ o/Windows/ cpe:/a:freefloat:freefloat_ftp_server:$1/ cpe:/o:microsoft:windows/ match ftp m|^220 FreeFlow Accxes FTP server ready\r\n| p/Xerox FreeFlow Accxess ftpd/ d/print server/ cpe:/a:xerox:freeflow_print_server/ match ftp m|^220 [\d.]+ FTP Server \(Apache/([\w._-]+) \(Ubuntu\) (.*)\) ready\.\r\n| p/Apache FTP Protocol Module/ v/$1/ i/Ubuntu; $2/ o/Linux/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/ match ftp m|^220 Welcome to This FTP Server\. Service ready for new user\.\r\n214-The following commands are recognised:\r\nUSER\r\nPASS\r\nCWD\r\nQUIT\r\nTYPE\r\nPORT\r\nRETR\r\nSTOR\r\nSTOU\r\nAPPE\r\nRNFR\r\nRNTO\r\nABOR\r\nDELE\r\nCDUP\r\nRMD\r\nMKD\r\nPWD\r\nLIST\r\nNLST\r\nHELP\r\nNOOP\r\nXCUP\r\nXCWD\r\nXPWD\r\nXRMD\r\nXMKD\r\n214 List End\.\r\n| p/Toshiba CTX PBX ftpd/ d/PBX/ match ftp m|^220 Wind River FTP server ([\w._-]+) ready\.\r\n| p/Wind River FTP server/ v/$1/ o/VxWorks/ cpe:/a:windriver:ftp_server:$1/ cpe:/o:windriver:vxworks/ match ftp m|^220 FTP Server \(ZyWALL (USG \w+)\) \[::ffff:[\d.]+\]\r\n| p/ZyXEL ZyWALL $1 firewall ftpd/ cpe:/h:zyxel:zywall_$1/ match ftp m|^220 Authentication_Required\r\n| p/glFTPd/ o/Unix/ match ftp m|^220 Ftp firmware update utility\r\n| p/D-Link DLS-2750U ftp firmward update/ d/WAP/ cpe:/h:dlink:dls-2750u/ match ftp m|^550 Permission denied ,please check access control list\r\nPermission denied\.\(Please check access control list\)\r\n| p/DrayTek ADSL router ftpd/ match ftp m|^220 RIEDEL Artist FTP Server\r\n| p/Riedel Artist intercom system ftpd/ cpe:/h:riedel:artist/ match ftp m|^220 (ZXDSL [\w._-]+) FTP version ([\w._-]+) ready at .*\r\n| p/ZyXEL $1 ADSL modem ftpd/ v/$2/ d/broadband router/ cpe:/h:zyxel:$1/ match ftp m|^ - error: no valid servers configured\n - Fatal: error processing configuration file '/etc/proftpd/proftpd\.conf'\n$| p/ProFTPD/ cpe:/a:proftpd:proftpd/ match ftp m|^220 SoftDataCable ([\w._-]+) ready\r\n| p/Software Data Cable ftpd/ v/$1/ match ftp m|^220 Operation successful\r\n$| p/BusyBox ftpd/ i/D-Link DCS-932L IP-Cam camera/ d/webcam/ cpe:/a:busybox:busybox/ cpe:/h:dlink:dcs-932l/ match ftp m|^220-\*\*\* Running an unlicensed copy of TurboFTP Server \*\*\*\r\n220 TurboFTP Server ([\w._-]+) ready\.\r\n| p/TurboSoft TurboFTP/ v/$1/ o/Windows/ cpe:/a:turbosoft:turboftp:$1/ cpe:/o:microsoft:windows/a match ftp m|^200 Welcome to BarracudaBackupFTPd\.\r\n| p/Barracuda Backup 490 appliance ftpd/ d/storage-misc/ match ftp m|^220 awaiting Input\r\n| p/Encrypted FTP/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to the Cisco (TelePresence MCU [\w._-]+), version ([\w._()-]+)\r\n| p/Cisco $1 videoconferencing bridge/ v/$2/ d/VoIP adapter/ cpe:/h:cisco:$1/ match ftp m|^220 Multicraft ([\w._-]+) FTP server\r\n| p/Multicraft ftpd/ v/$1/ match ftp m|^220 [\d.]+ BECO FTP server \(Version ([\w._-]+)\) ready\.\r\n| p/Kaba B-web 93 00 timeclock ftpd/ v/$1/ match ftp m|^220-TiMOS-B-([\w._-]+) both/hops ALCATEL SR ([\w._-]+) Copyright \(c\) \d+-\d+ Alcatel-Lucent\.\r\n220-All rights reserved\. All use subject to applicable license agreements\.\r\n220-Built on (.*) by builder in /rel[\w._-]+/[\w._-]+/[\w._-]+/panos/main\r\n220-\r\n220-This is a Maxcom, system restricted to authorized individuals\. This system is subject to monitoring\. Unauthorized users, access, and/or modification will be prosecuted\.\r\n220 FTP server ready\r\n| p/Alcatel $2 Service Router ftpd/ i/build date: $3/ d/router/ o/TiMOS $1/ cpe:/h:alcatel:$2_service_router/ cpe:/o:alcatel:timos:$1/ match ftp m|^220 ASTRA-Super FTP server ready\.\r\n$| p/Ishida Astra counter-top scale ftpd/ match ftp m|^220 ucftpd FTP server ready\.\r\n| p/MontaVista ucftpd/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Welcome to Stupid-FTPd server\.\r\n| p/Stupid-FTPd/ match ftp m|^220 FTP v([\d.]+) at ([\w.-]+) ready\.\r\n| p/OpenRG ftpd/ v/$1/ d/broadband router/ h/$2/ match ftp m|^220 FRITZ!Box(\w+)\(kdg\) FTP server ready\.\r\n| p/AVM FRITZ!Box ftpd/ i/model: $1; Kabel Deutschland/ d/broadband router/ match ftp m|^220-Welcome to cc-ftpd\.\r\n220-You are user number (\d+ of \d+) allowed\.\r\n220-Local time is now ([\d:]+)\. Server port: \d+\.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this server\.\r\n220 You will be disconnected after 15 minutes of inactivity\.\r\n| p/Centova Cast ftpd/ i/user $1; local time $2/ match ftp m|^220 ([\w.-]+) FTP server \(QNXNTO-ftpd (\d{8})\) ready\.\r\n| p/QNX ftpd/ v/$2/ o/QNX/ h/$1/ cpe:/o:qnx:qnx/a match ftp m|^220-Cerberus FTP Server - Home Edition\r\n220-This is the UNLICENSED Home Edition and may be used for home, personal use only\r\n220-Welcome to Cerberus FTP Server\r\n220 Created by Cerberus, LLC\r\n| p/Cerberus FTP Server/ i/Home Edition/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-220-Welcome to Cerberus FTP Server\r\n220 220 Created by Cerberus, LLC\r\n| p/Cerberus FTP Server/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to my Server\r\n220-\r\n220 ICS FTP Server ready\.\r\n| p/Overbyte Internet Component Suite ftpd/ match ftp m|^220 ADAM2 FTP Server ready\r\n| p/Texas Instruments ADAM2 bootloader ftpd/ match ftp m|^220-Idea FTP Server v([\d.]+) \(([\w.-]+)\) \[[\d.]+\]\r\n220 Ready\r\n| p/home.pl Idea ftpd/ v/$1/ h/$2/ match ftp m|^220 ([\w.-]+) Lexmark ([\w]+) FTP Server ([\w.-]+) ready\.\r\n| p/Lexmark printer ftpd/ v/$3/ i/model $2/ h/$1/ cpe:/h:lexmark:$2/ match ftp m|^220 FTP Utility FTP server \(Version ([\d.]+)\) ready\.\r\n| p/Konica Minolta FTP Utility ftpd/ v/$1/ match ftp m|^220 PocketPro (\w+) FTP server ready\.\r\n| p/TROY PocketPro $1 print server ftpd/ match ftp m|^220 FTP Version ([\d.]+) on (IQ\w+)\r\n| p/IQinVision IQeye ftpd/ v/$1/ i/model $2/ match ftp m|^220 FRITZ!Box(\d+(?:\(UI\))?) FTP server ready\.\r\n| p/AVM FRITZ!Box ftpd/ i/model $1/ d/broadband router/ match ftp m|^220 220 RMNetwork FTP\r\n$| p/Ramnit worm ftpd/ i/malware/ match ftp m|^220 Monarch (\d+) Print Adapter FTP server ready\.\r\n| p/Avery-Dennison Monarch $1 print server ftpd/ match ftp m|^220-TCP/IP for VSE Internal FTPDAEMN ([\d.]+ ?[A-Z]) (\d{8}) \d\d\.\d\d\r\n Copyright \(c\) 1995,2006 Connectivity Systems Incorporated\r\n220 Ready for new user\r\n| p|IBM z/VSE ftpd| v/$1/ i/build date $2/ o|z/VSE| match ftp m|^220- \r\n {14}_/_/_/_/ \*\*\* eXo Platform JCR FTP Server {8}_/_/_/_/\r\n| p/eXo Platform JCR ftpd/ match ftp m|^220 RT-IP FTP Server ready\. Type HELP for help\r\n| p/Computer Solutions RT-IP ftpd/ match ftp m|^220 Welcome to ([\w.-]+)'s Everything ETP Server version ([\d.]+)\r\n| p|Everything ETP/FTP server| v/$2/ h/$1/ match ftp m|^220 Welcome to HD Media Box !\r\n| p|O2Media/Ellion HMR-600 ftpd| d/media device/ # SurgeFTP 2.3a3 match ftp m|^550 There is no place for you to log in\. Create domain for IP [\d.]+\.\r\n| p/NetWin SurgeFTP ftpd/ cpe:/a:netwin:surgeftp/ match ftp m|^220 SAVIN (\w+) FTP server \(([\d.]+)\) ready\.\r\n| p/Savin printer ftpd/ v/$2/ i/model $1/ d/printer/ cpe:/h:savin:$1/ match ftp m|^220 ([\w.-]+) FTP server \(StarOS\) ready\.\r\n| p/Cisco StarOS ftpd/ o/StarOS/ h/$1/ cpe:/o:cisco:staros/ match ftp m|^220- FTP Server \(RTOS-UH\) ready\. \(c\)IEP Version: ([\d.]+)\r\n220 Connection is automatically closed if idle for 10 Minutes\r\n| p/RTOS-UH ftpd/ v/$1/ o/RTOS-UH/ match ftp m|^220 iosFtp server ready\.\r\n| p/ios-ftp-server ftpd/ o/iOS/ cpe:/o:apple:iphone_os/ match ftp m|^220 SP (C?\d+\w*) \([a-f0-9]+\) FTP server ready\r\n| p/Ricoh Aficio SP $1 ftpd/ d/printer/ cpe:/h:ricoh:aficio_sp_$1/a match ftp m|^220 Sharp - NetScan Tool\r\n| p/Sharp Scan to Desktop ftpd/ match ftp m|^220 Welcome to ALPHA -FTPd server\.\r\n| p/Alpha ftpd/ match ftp m|^220 IPCamera FtpServer\(www\.maygion\.com\),do NOT change firmware unless you know what you are doing!\r\n| p/Maygion IPCamera ftpd/ d/webcam/ match ftp m|^220 AXIS ([\w._-]+) Video Encoder ([\w._-]+) \(\d\d\d\d\) ready\.\r\n| p/AXIS $1 video encoder ftpd/ v/$2/ d/media device/ match ftp m|^220 Star (IFBD-HE[\d/]+) FTP Server\.\r\n| p/Star $1 ftpd/ d/print server/ match ftp m|^220 Welcome to the HomeWorks Processor\r\n| p/Lutron HomeWorks ftpd/ #(insert ftp) # These look too generic, but didn't match anything else yet match ftp m|^220 FTP Server 2\.1 ready\r\n| p/Android ftpd/ v/2.1/ match ftp m|^220 FTP Server ready\.\.\.\r\n| p/Gene6 ftpd/ # not already sure about the next. maybe too generic? it exists already above a signature for openftpd. embyte match ftp m|^220 OpenFTPD server([^ ]+)?| p/OpenFTPD/ v/$1/ match ftp-proxy m|^220 Ftp service of Jana-Server ready\r\n| p/JanaServer ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 FTP Gateway at Jana Server ready\r\n| p/JanaServer ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 ([-.\w]+) FTP proxy \(Version (\d[-.\w]+)\) ready\.\r\n| p/Gauntlet FTP proxy/ v/$2/ h/$1/ # Frox FTP Proxy (frox-0.6.5) on Linux 2.2.X - http://frox.sourceforge.net/ match ftp-proxy m|^220 Frox transparent ftp proxy\. Login with username\[@host\[:port\]\]\r\n| p/Frox ftp proxy/ match ftp-proxy m|^501 Proxy unable to contact ftp server\r\n| p/Frox ftp proxy/ match ftp-proxy m|^220 ([-.+\w]+) FTP AnalogX Proxy (\d[-.\w]+) \(Release\) ready\r\n| p/AnalogX FTP proxy/ v/$2/ h/$1/ cpe:/a:analogx:proxy:$2/ match ftp-proxy m|^220 Secure Gateway FTP server| p/Symantec Enterprise Firewall FTP proxy/ d/firewall/ cpe:/a:symantec:enterprise_firewall/ match ftp-proxy m|^220-Sidewinder ftp proxy\. You must login to the proxy first| p/Sidewinder FTP proxy/ match ftp-proxy m|^220-\r\x0a220-Sidewinder ftp proxy|s p/Sidewinder FTP proxy/ match ftp-proxy m|^220 webshield2 FTP proxy ready\.\r\n| p/Webshield2 FTP proxy/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 WinProxy FTP Gateway ready, enter username@host\[:port\]\r\n| p/WinProxy FTP proxy/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 WinProxy \(Version ([^)]+)\) ready\.\r\n| p/WinProxy FTP proxy/ v/$1/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 Proxy602 Gateway ready, enter user@host\[:port\]\r\n| p/Proxy602 ftp proxy/ d/firewall/ match ftp-proxy m|^220 Java FTP Proxy Server \(usage: USERID=user@site\) ready\.\r\n| p/Java FTP Proxy/ match ftp-proxy m|^220 ([-\w_.]+) FTP proxy \(Version V([\d.]+)\) ready\.\r\n| p/Generic FTP proxy/ v/$2/ h/$1/ match ftp-proxy m|^220 CoolProxy FTP server & firewall\r\n| p/CoolProxy ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 Finjan SurfinGate Proxy - Server Ready\.\r\n| p/Finjan SurfinGate ftp proxy/ match ftp-proxy m|^220 ([-\w_.]+) \(NetCache\) .*\r\n| p/NetApp NetCache ftp proxy/ h/$1/ cpe:/a:netapp:netcache/ match ftp-proxy m|^220 Welcome to ([-\w_.]+) Ftp Proxy Service\.\r\n| p/Proxy Suite ftp proxy/ h/$1/ match ftp-proxy m|^220 Hi! Welcome \w+ UserGate| p/UserGate ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 Webwasher FTP Proxy ([\d.]+) build (\d+)\r\n| p/Webwasher ftp proxy/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220- ([-\w_.]+) PROXY-FTP server \(DeleGate/([\d.]+)\) ready\.\r\n| p/DeleGate ftp proxy/ v/$2/ h/$1/ match ftp-proxy m|^500 WinGate Engine Access Denied\r\n| p/WinGate ftp proxy/ i/access denied/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 IWSS FTP proxy ready\r\n| p/Trend Micro InterScan Web Security Suite ftp proxy/ cpe:/a:trendmicro:interscan_web_security_suite/ match ftp-proxy m|^220 ezProxy FTP Proxy Server Ready \r\n| p/ezProxy ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 FTP proxy \(v([\d.]+)\) ready\r\n530 Login incorrect\. Expected USER command\r\n| p/jftpgw ftp proxy/ v/$1/ match ftp-proxy m|^220-Welcome to SpoonProxy V([\w._-]+) by Pi-Soft Consulting, LLC\r\n| p/Pi-Soft SpoonProxy ftp proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220-CCProxy FTP Service\(Unregistered\)\r\n| p/CCProxy ftp proxy/ i/unregistered/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220-CCProxy FTP Service\r\n220-you need to input userid@site as login name\.\r\n220 Example: user anonymous@ftp\.netscape\.com\r\n| p/CCProxy ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 kingate\(([\w._-]+)-win32\) ftp proxy ready\r\n| p/kingate ftp proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 FileCatalyst Server Enterprise v([^\r\n]*)\r\n$| p/FileCatalyst ftp proxy/ v/$1/ match ftp-proxy m|^220 ([\w._-]+), KEN! DSL FTP-Gateway\r\n| p/AVM KEN! ftp proxy/ h/$1/ match ftp-proxy m|^220 ([\w._-]+), KEN! FTP-Gateway\r\n| p/AVM KEN! ftp proxy/ h/$1/ match ftp-proxy m|^220 server ready - login please\r\n| p/Squid ftp proxy/ cpe:/a:squid-cache:squid/ match ftp-proxy m|^421 Proxy is closed \(unknown user location\)\r\n$| p/Zscaler ftp proxy/ match ftp-proxy m|^220 Cleo VLProxy/([\w._-]+) FTP server ready\.\r\n$| p/Cleo VLProxy ftp proxy/ v/$1/ match ftp-proxy m|^220 McAfee Web Gateway ([\d.]+ build \d+)\r\n| p/McAfee Web Gateway ftp proxy/ v/$1/ cpe:/a:mcafee:web_gateway:$1/ match ftp-proxy m|^220-Firewall ftp proxy\. You must login to the proxy first\.\r\n220 Use proxy-user:auth-method@destination\.\r\n| p/Secure Computing Sidewinder firewall ftp proxy/ d/firewall/ cpe:/h:securecomputing:sidewinder/ # DAZ Studio 4.5, port 27997 match valentinadb m|^dddd\0\0\0\0\0\0\0\x0b| p/Valentina DB/ match varnish-cli m|^200 206 \n-----------------------------\nVarnish Cache CLI ([\w._-]+)\n-----------------------------\nLinux,([\w._-]+),([^\n]*)\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n\n| p/Varnish Cache CLI/ v/$1/ i/open; $3/ o/Linux $2/ cpe:/a:varnish-cache:varnish:$1/ cpe:/o:linux:linux_kernel:$2/ # Authentication added in 2.1.0. The version reported was actually 4.0.1 match varnish-cli m|^107 59 \n[a-z]{32}\n\nAuthentication required\.\n\n| p/Varnish Cache CLI/ v/2.0.6 or earlier/ i/authentication required/ cpe:/a:varnish-cache:varnish/ # TODO kerio? #match ftp m|^421 Service not available \(The FTP server is not responding\.\)\n$| v/unknown FTP server//service not responding/ match vdr m|^220 (\S+) SVDRP VideoDiskRecorder (\d[^\;]+);| p/VDR/ v/$2/ d/media device/ h/$1/ match vdr m|^Access denied!\n$| p/VDR/ d/media device/ softmatch ftp m|^220 Welcome to ([-.\w]+) FTP.*\r\n$|i h/$1/ softmatch ftp m|^220 ([-.\w]+) [-.\w ]+ftp.*\r\n$|i h/$1/ softmatch ftp m|^220-([-.\w]+) [-.\w ]+ftp.*\r\n220|i h/$1/ softmatch ftp m|^220 [-.\w ]+ftp.*\r\n$|i softmatch ftp m|^220-[-.\w ]+ftp.*\r\n220|i softmatch ftp m|^220[- ].*ftp server.*\r\n|i softmatch ftp m|^220-\r?\n220 - ftp|i match freeswitch-event m|^Content-Type: auth/request\n\n| p/FreeSWITCH mod_event_socket/ cpe:/a:freeswitch:freeswitch/ match fsae m|^\0\0\0\\\x80\x06\0\0\0\n\x01\x03\0...\0\0\0\n\x10\x03\0\0\0.\0\0\0\x15\x11\x05FSAE server ([\w._-]+)\0\0\0\x16\x12\x01................\0\0\0\x17\x13\x01FSAE_SERVER_\d+$|s p/Fortinet Server Authentication Extension/ v/$1/ match fw1-rlogin m|^\0Check Point FireWall-1 authenticated RLogin server running on ([-.\w]+)\r\n\r| p/Check Point FireWall-1 authenticated RLogin server/ i/$1/ cpe:/a:checkpoint:firewall-1/ match fyre m|^220 Fyre rendering server ready\n| p/Fyre rendering cluster node/ match g15daemon m|^G15 daemon HELLO$| p/g15daemon/ i/Logitech G15 keyboard control/ match galaxy m|^\0\0\0\t\0\0\0\x80\0\0\0\0\0\0\0\0\0\0\x042\0\0\0\x01\0\0\t_\0\0\0h| p/Galaxy Client Event Manager/ o/Windows/ cpe:/o:microsoft:windows/a match gamebots m|^HELLO_BOT\r\n| p/GameBots for Unreal Tournament 2004/ match gamebots-control m|^HELLO_CONTROL_SERVER\r\n| p/GameBots for Unreal Tournament 2004 control server/ # http://www.galaxysys.com/data/docs/SG%20Software%20User%20Guide%20%2810.4%29.pdf match gcs-clientgw m|^\x04\0\0\0....$| p/Galaxy Control Systems Client GW/ d/security-misc/ match geovision-mobile m|^D3\x22\x11\0\0\0\0\xc6\x11\0\0\xae\x15\0\0$| p/Geovision mobile device support/ match gnats m|^200 ([-.\w]+) GNATS server (\d[-.\w]+) ready\.\r\n| p/GNATS bugtracking system/ v/$2/ h/$1/ cpe:/a:gnu:gnats:$2/ match ganglia m|^<\?xml version=\"1\.0\".*.*\n \n|s p/Ganglia XML Grid monitor/ # Port 5400. Looks like UTF-16-LE-encoded pseudo-XML with embedded base64: # m|^\xde\xad\xad\xdeZ\x03\0\0\x7e\x9bxeVersion\x7c1024\x7cuGSY...AQAB\x7c$| match genetec-5400 m|^\xde\xad\xad\xdeZ\x03\0\0\x7e\x9bxeV\0e\0r\0s\0i\0o\0n\0\x7c\x001\x000\x002\x004\0\x7c\0<\0R\0S\0A\0K\0e\0y\0V\0a\0l\0u\0e\0>\0<\0M\0o\0d\0u\0l\0u\0s\0>\0(?:[\w/+=]\0)+<\0/\0M\0o\0d\0u\0l\0u\0s\0>\0<\0E\0x\0p\0o\0n\0e\0n\0t\0>\0(?:[\w/+=]\0)+<\0/\0E\0x\0p\0o\0n\0e\0n\0t\0>\0<\0/\0R\0S\0A\0K\0e\0y\0V\0a\0l\0u\0e\0>\0\x7c\0$| p/Genetec Security Center/ match genetec-5500 m|^\xde\xad\xad\xde\0\x01\0\0\xd6\xa0L\xc2\x0b\0\r\xcf\x88\"\xf2\xb7\xc9D\x81\x08\xe3\"\x16\x9a\x86\xb9\r\xcf\x88\"\xf2\xb7\xc9D\x81\x08\xe3\"\x16\x9a\x86\xb9\x04\0\0\0\0\0\0\0\0\x01\0\0\r\xcf\x88\"\xf2\xb7\xc9D\x81\x08\xe3\"\x16\x9a\x86\xb9\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/Genetec Security Center/ match git-daemon m|^Unknown option: --inetd\nusage: git \[--version\] \[--exec-path\[=GIT_EXEC_PATH\]\] \[--html-path\] \[-p\x7c--paginate\x7c--no-pager\] \[--bare\] \[--git-dir=GIT_DIR\] \[--work-tree=GIT_WORK_TREE\] \[--help\] COMMAND \[ARGS\]\n| p/git-daemon/ i/misconfigured/ cpe:/a:git:git/ match telnet m|^\xff\xfe\x01Domain 2 \(STUDENT03\)\r\n\r\n\r\n\r\n\r\n======================\r\n Main menu\r\n======================\r\n\?\) Help\r\nx\) Exit\r\n$| p/Genetec Security Center/ match telnet m|^\xff\xfe\x01Genetec Synergis Access Manager \(STUDENT03\)\r\n\r\n\r\n\r\n\r\n======================\r\n Main menu \r\n======================\r\n1\) Status\r\n\?\) Help\r\nx\) Exit\r\n| p/Genetec Synergis Access Manager/ match telnet m|^\xff\xfe\x01Genetec Directory \(STUDENT03\)\r\n\r\n\r\n\r\n\r\n======================\r\n Main menu\r\n======================\r\n1\) Status\r\n\?\) Help\r\nx\) Exit\r\n| p/Genetec Directory/ match telnet m|^\xff\xfe\x01Genetec Integration Service \(STUDENT03\)\r\n\r\n\r\n\r\n========================================================================\r\n Integration Service Main Menu\r\n========================================================================\r\n\r\n 1\) CONFIG\r\n Displays the configuration settings for the service\r\n\r\n 2\) STATUS\r\n Displays the status of the external systems being run by this\r\n service\.\r\n\r\n \?\) Help\r\n\r\n x\) Exit\r\n========================================================================\r\n| p/Genetec Integration Service/ match goldsync m|^%%QU%%QU%%QU$| p/GoldMine GoldSync synchronization/ # Probably not general enough... match gnatbox m|^GBPK\xfb\xf7n\x93W\xaf\x86\x93x@\xa9\x0e\xca\*\x9bS\0| p/Global Technology Associates Gnat Box firewall administration/ d/firewall/ match gnupg m|^OK GNU Privacy Guard's OpenPGP server ([\w._-]+) ready\n| p/GnuPG server mode/ v/$1/ cpe:/a:gnupg:gnupg:$1/ softmatch gkrellm m|^\nClient limit exceeded\.\n| p/GKrellM System Monitor/ softmatch gkrellm m|^\nConnection not allowed from .*\n| p/GKrellM System Monitor/ match gopher m|^3Connection to [\d.]+ is denied -- no authorization\.\r\n$| match g6-remote m|^200 1400\r\n$| p/G6 ftpd remote admin/ o/Windows/ cpe:/o:microsoft:windows/a match giop m|^GIOP\x01...\0\0\0\0|s p/CORBA naming service/ match guildwars2-heartbeat m|^\x17\0\0\0\0\t\0\0\0Heartbeat \0\0\0\x046\0\0\0\0\n\0\0\0Compressed \0\0\0\x04\x1a| p/Guild Wars 2 game heartbeat/ # CompTek AquaGateKeeper (Telephony package) http://aqua.comptek.ru match H.323-gatekeeper m|^\x03\0\0.*@|s p/CompTek AquaGateKeeper/ # OpenH323 Gatekeeper 2.0.3 match H.323-gatekeeper m|^\xff\xfd\x03\xff\xfb\x05.*Version:\r\nGatekeeper\(GNU\) Version\(([\d.]+)\) Ext\(.*\) Build\(.*\) Sys\(Linux .*\)\r\n| p/OpenH323 Gatekeeper/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a # Causes false matches with telnet. # match H.323-gatekeeper m|^\xff\xfd.$| p|GNU Gatekeeper| match H.323-gatekeeper m|^\xff\xfd\x03\xff\xfb\x05\xff\xfe\x01\r\nAccess forbidden!\r\n$| p/GNU Gatekeeper/ cpe:/a:gnugk:gnu_gatekeeper/ match H.323-gatekeeper m|^\x03\0\0\.\x08\x02\0\0Z~\0\"\x05%\xc0\x06\0\x08\x91J\0\x02X\x08\x11\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x80\x01\0$| p/GNU Gatekeeper/ cpe:/a:gnugk:gnu_gatekeeper/ # Returns ASCII data in the following format: # |HardDrive1DevName|HardDrive1HardwareID|HardDrive1Temp|TempUnit| # |HardDrive2DevName|HardDrive2HardwareID|HardDrive2Temp|TempUnit| match hddtemp m=^\|/dev/[hs]\w\w\|= p/hddtemp hard drive info server/ match hddtemp m=^\|$= p/hddtemp hard drive info server/ match helpdesklog m|^Helpdesk Advanced ([\d.]+) License Logging Service| p/Helpdesk Advanced license server/ v/$1/ match honeywell-ripsd m|^\0\x10\x03\x0c$| p/Honeywell ripsd power management server/ match hptsvr m|^\(\0\0\0hpt_stor\x01..\xbf\0\0\0\0\0\0\0\0....\.\.\.E\0\0\0\0\0\0\0\0$|s p/HighPoint RAID management service/ v/3.13/ match hptsvr m|^\(\0\0\0\0\0\0\0..`\0\x01\xff\xff\xff\xcc\xfa\x85\0C\x1d\xe6whfnk\.\.\.E\0\0\0\0\0\0\0\0$| p/HighPoint RAID management service/ # version unknown softmatch hptsvr m|^\(\0\0\0hpt_stor\x01..\0\0\0\0\0\0\0\0\0....\.\.\.E\0\0\0\0\0\0\0\0$|s p/HighPoint RAID management service/ match hpiod m|^msg=MessageError\nresult-code=5\n$| p/HP Linux Imaging and Printing System/ o/Linux/ cpe:/a:hp:linux_imaging_and_printing_project/ cpe:/o:linux:linux_kernel/a # And now for some SORRY web servers that just blurt out an http "response" upon connection!!! match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\nJAP\n| p/Java Anonymous Proxy/ match http m|^HTTP/1.0 500\r\nContent-type: text/plain\r\n\r\nNo Scan Capable Devices Found\r\n| p/HP Embedded Web Server remote scan service/ i/no scanner found/ d/printer/ # SMC Barricade 7004ABR match http m|^HTTP/1\.0 301 Moved\r\nLocation: http://\d+\.\d+\.\d+\.\d+:88\r\n| p/SMC Barricade broadband router/ i/simply redirects to real web admin port 88/ d/broadband router/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: SonicWALL\r\n| p/SonicWALL firewall http config/ d/firewall/ match http m|^HTTP/1\.0 500 Internal Server Error\r\nDate: .*\r\nContent-type: text/html\r\nExpires: .*\r\n\r\n

500 Internal Server Error

\r\n\r\n\r\n| p/Cisco Catalyst http config/ d/switch/ o/IOS/ cpe:/o:cisco:ios/a match http m|^HTTP/1\.1 200 OK\nMax-Age: 0\nExpires: 0\nCache-Control: no-cache\nCache-Control: private\nPragma: no-cache\nContent-type: multipart/x-mixed-replace;boundary=BoundaryString\n\n--BoundaryString\n| p/Motion Webcam gateway httpd/ match http m|^HTTP/1\.[01] 200 OK\r\nServer: Motion/([\d.]+)\r\n| p/Motion Camera httpd/ v/$1/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\nServer: Motion-httpd/([\d.]+)\r\n| p/Motion-httpd/ v/$1/ d/webcam/ match http m|^HTTP/1\.1 \d\d\d .*\nServer: Motion/([\d.]+)\n.*\nContent-type: image/jpeg\n|s p/Motion webcam httpd/ v/$1/ match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Type: text/plain\r\nServer: WPA/([-\w_.]+)\r\n\r\n| p/Glucose WeatherPop Advanced httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.0 503 R\r\nContent-Type: text/html\r\n\r\nBusy$| p/D-Link router http config/ d/router/ match http m|^501 Not Implemented\n

501 Not Implemented

\nThe server has not implemented your request type\.
\n\r\n$| p/Hummingbird Document Manager httpd/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\n\n
  • \n[^<]+\n
    • \nNice\n
      • \nNumber: \d+
      \nProgramArguments\n
        \n
      1. String: [^<]+
      2. \n| p/Apple launchd_debug httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\n\n
        • \ncom\.apple\.KernelEventAgent\n| p/Apple launchd_debugd httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Speed Touch WebServer/([\d.]+)\r\n| p|Alcatel/Thomson SpeedTouch ADSL http config| v/$1/ d/broadband router/ match http m|^HTTP/1\.1 408 Request Time-Out\r\nConnection: Close\r\n\r\n$| p/Konica Minolta bizhub printer http config/ d/printer/ match http m|^HTTP/1\.1 400 Bad Request\r\n.*\r\n\r\n

          Bad Request \(Invalid Verb\)

          |s p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:iis/ cpe:/o:microsoft:windows/a match http m|^
          Authentication failed
          \r\n$| p/InterSect Alliance SNARE http config/ cpe:/a:intersectalliance:system_intrusion_analysis_and_reporting_environment/ match http m|^HTTP/1\.1 408 Request Timeout\nContent-Length:0\nContent-Type:text/html;charset=UTF-8\n\n$| p/Finchsync PocketPC Synchonizer httpd/ match http m|^HTTP/1\.1 200 OK\nServer: NetSupport Gateway/([\d.]+) \(Windows NT\)\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 14\nConnection: Keep-Alive\n\nCMD=HEARTBEAT\n$| p/NetSupport Gateway httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\nTransfer-Encoding: chunked\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/Dell DRAC config/ d/remote management/ cpe:/a:allegro:rompager:$1/ # This can inhibit a more informative GetRequest. # match http m|^HTTP/1\.1 400 Bad Request\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/o:acme:micro_httpd/ # http://code.google.com/p/free-android-apps/wiki/Project_LocalHTTPD match http m|^HTTP/1\.0 500 Internal Server Error \r\nContent-Type: text/plain\r\nDate: .*\r\n\r\nSERVER INTERNAL ERROR: Invalid ip\.$| p/Local HTTPD/ i/based on NanoHTTPD/ d/phone/ match http m|^HTTP/1\.0 400 Bad Request\r\nServer: httpd-impacct/([^\r\n]+)\r\nContent-type: text/html\r\n\r\n400 Bad Request\n

          400 Bad Request

          \nYour request has bad syntax or is inherently impossible to satisfy\.\n
          \n\n$| p/thttpd/ v/$1/ i/Asotel Vector 1908 switch http config/ d/switch/ cpe:/a:acme:thttpd:$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: DVBViewer \(Windows\)\r\nContent-Type: video/mpeg2\r\n\r\n\r\n| p/DVBViewer digital TV viewer httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 400 Bad Request\r\nserver: kolibri-([\w._-]+)\r\ncontent-type: text/plain\r\ncontent-length: 11\r\n\r\nBad Request$| p/Kolibri httpd/ v/$1/ cpe:/a:senkas:kolibri:$1/ match http m|^HTTP/1\.1 405 Method Not Allowed\r\nServer: remote-potato-v([\w._-]+)\r\n| p/Remote Potato media player/ v/$1/ # The date reveals the time zone instead of using GMT. match http m|^HTTP/1\.1 405 Method Not Allowed\r\nDate: ([^\r]+)\r\nServer: Embedthis-Appweb/([\w._-]+)\r\n| p/Embedthis-Appweb/ v/$2/ i/date: $1/ cpe:/a:mbedthis:appweb:$2/ match http m|^HTTP/1\.0 503 Service Unavailable\r\nDate: .* GMT\r\nServer: Embedthis-Appweb/([\w._-]+)\r\n| p/Embedthis-Appweb/ v/$1/ i/Sharp Open System Architecture/ d/printer/ cpe:/a:mbedthis:appweb:$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Microsoft-Cassini/([\w._-]+)\r\n| p/Microsoft Cassini httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 408 Request Timeout\r\nServer: WebSphere Application Server/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: 117\r\n| p/IBM WebSphere Application Server/ v/$1/ cpe:/a:ibm:websphere_application_server:$1/ match http m|^HTTP/1\.0 200 Ok Welcome to VOC\r\nServer: Voodoo chat daemon ver ([\w._ -]+)\r\nContent-type: text/html\r\nExpires: Mon, 08 Apr 1976 19:30:00 GMT\+3\r\nConnection: close\r\nKeep-Alive: max=0\r\nCache-Control: no-store, no-cache, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\n\r\n$| p/Voodoo http chat daemon/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Cassini/([\w._-]+)\r\n.*\n\n
          \n

          Invalid Access

          \n
          \n

          \n\n\n\n| p/Cisco ATA186 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:cisco:ata186/a match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\nContent-type: text/html; charset=\(null\)\r\n.*\n$|s p/QNAP TS-109 NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-109/ match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*NAS\n\n|s p/QNAP Turbo or TS-459 Pro+ NAS http config/ v/$1/ d/storage-misc/ match http m|^HTTP/1\.0 404 no application for: /\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Application Port http config/ d/media device/ match http m|^HTTP/1\.0 404 File not found\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Publishing Port http config/ d/media device/ match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://\(null\)/config/log_off_page\.htm\r\n\r\n| p/GoAhead WebServer/ i/Dell PowerConnect Gigabit switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a match http m|^HTTP/1\.0 301 Moved Permanently\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /main/main\.html\r\nServer: debut/([\w._-]+)\r\n\r\n| p/debut httpd/ v/$1/ i/Brother MFC-8860DN printer http config/ d/printer/ cpe:/h:brother:mfc-8860dn/a match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nServer: Avocent DSView ([\w._/-]+)\r\nLocation: https://([\w._-]+)/dsview/\r\nConnection: close\r\n\r\n| p/Avocent DSView remote management httpd/ v/$1/ h/$2/ match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: RAID HTTPServer/([\w._-]+)\r\n| p/Sun StorEdge 3511 http config/ v/$1/ d/storage-misc/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*Samsung Printer Status.*var contentURI = \"/general/printerDetails\.htm\"|s p/Samsung printer http config/ d/printer/ match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*NETGEAR WNHDE111 |s p/Ubicom httpd/ v/$1/ i/Netgear WNHDE111 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:netgear:wnhde111/a match http m|^HTTP/1\.0 200 .*\r\nServer: Server\r\n.*<title>[nN]euf ?box - Accueil|s p/SFR Neuf Box DSL modem http config/ d/broadband router/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Axigen-Webmail\r\n|s p/Axigen webmail httpd/ o/Unix/ cpe:/a:gecad:axigen_mail_server/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Axigen-Webadmin\r\n|s p/Axigen webadmin httpd/ o/Unix/ cpe:/a:gecad:axigen_mail_server/ match http m|^HTTP/1\.0 200 .*\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n\n\n.*\n\n(.*) - VSX 7000A| p/NetPort httpd/ v/$1/ i/Polycom VSX 7000A http config; name $2/ d/webcam/ cpe:/h:polycom:vsx_7000a/a match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\w._-]+)\r\nLocation: https://[\w._-]+/\+webvpn\+/index\.html\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco WebVPN http config/ d/security-misc/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n(UX-\w+)| p/dtHTTPd/ v/$1/ i/Sharp Broadband $2 Fax http config/ d/printer/ cpe:/h:sharp:$2/ match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n(FO-\w+)| p/dtHTTPd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/h:sharp:$2/ match http m|^HTTP/1\.1 200 OK\r\nServer: Conexant-EmWeb/R([\w._-]+) SIPGT/([\w._-]+)\r\n.*Login page.*NOTE: The requested URL could not be retrieved.*background-image: url\(/html/de/images/bg_ramp\.jpg\);\r\n|s p/AVM FRITZ!Box WAP http config/ d/WAP/ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*Note: The requested URL could not be retrieved\..*background-image: url\(\.\./\.\./de/images/bg_ramp\.jpg\);\n|s p/AVM FRITZ!Box WLAN 7270 WAP http config/ d/WAP/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: \d+\r\nContent-Type: text/html.*\r\nPragma: no-cache\r\nServer: Webserver\r\nWWW-Authenticate: Basic realm=\"HTTPS Access\"\r\n\r\n401 Unauthorized \(ERR_ACCESS_DENIED\)

          401 Unauthorized


          ERR_ACCESS_DENIED
          Webserver| p/AVM FRITZ!Box WAP http config/ d/WAP/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: lighttpd[/ ]([\d.]+) \(([^)]+)\)\r\n|si p/lighttpd/ v/$1/ i/$2/ cpe:/a:lighttpd:lighttpd:$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: lighttpd[/ ]([\d.]+)\r\n|si p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: lighttpd|si p/lighttpd/ cpe:/a:lighttpd:lighttpd/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"U\.S\. Robotics ADSL Router\"\r\n| p/micro_httpd/ i/USRobotics USR9107A ADSL http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\n\n\n\n\r\n$| p/RapidLogic httpd/ v/$1/ i/3Com 3CRWE454G75 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:3com:3crwe454g75/a match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Netgear WAG102 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:netgear:wag102/a match http m|^HTTP/1\.0 302 Moved Temporarily\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nLocation: /main\.html\r\n\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Sharp MX-2700N printer/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:mx-2700n/a match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: ZING-(\d+/[\d.]+) \([0-9a-f]{32}; [\w-]+\) ([^\r\n]*)\r\n\r\n$| p/ZING httpd/ v/$1/ i/SanDisk Sansa Connect MP3 player; $2/ d/media device/ match http m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 169\r\n\r\n503 Service Unavailable

          503 Service Unavailable

          The service is not available\. Please try again later\.

          $| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/ match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n401 Unauthorized\n

          401 Unauthorized

          \nAuthorization required\.\n
          \n\n$| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/ match http m|^HTTP/1\.0 301 Moved Permanently \r\nContent-Type: text/html\r\nDate: .*\r\nLocation: /fusionreactor/\r\n\r\nRedirecting, please wait\.$| p/FusionReactor web server monitor/ match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: wgt_http ([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Anlage\"\r\nConnection: close\r\n$| p/wgt_http/ v/$1/ i/Eumex 704PC ADSL router/ d/broadband router/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Alvarion-Webs\r\nDate: THU JAN 01 01:04:22 1970\r\nWWW-Authenticate: Basic realm=\"Alvarion\"\r\n.*Document Error: Unauthorized\r\n\t\t

          Access Error: Unauthorized

          \r\n\t\t

          Access to this document requires a User ID

          \r\n\r\n$|s p/Alvarion-Webs/ i/Alvarion BreezeMAX WiMAX WAP http config/ d/WAP/ match http m|^HTTP/1\.0 400 Bad Request\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n\n \n 400 Bad Request !!!| p/DrayTek Vigor 2800-series ADSL router httpd/ d/broadband router/ match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n\nJacarta interSeptor\n| p/Jacarta interSeptor environmental monitor http/ d/specialized/ match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: http:///index\.htm\r\nConnection: close\r\n\r\n| p/Dell PowerVault TL4000 http config/ d/storage-misc/ match http m|^HTTP/1\.0 302 Found\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nLocation: https?://[\d.]+/login\.htm\r\n\r\n.*Click Here to proceed\.\n|s p/3Com Baseline Switch 2948-SFP Plus web config/ d/switch/ match http m|^HTTP/1\.0 401 Unauthorized\.\r\nWWW-Authenticate: Basic realm=\"GAI-Tronics\"\r\nContent-Type: text/html\r\n\r\n401 Unauthorized\.\r\n\r\n

          401 Unauthorized

          The requested URL / requires authorization\.

          \r\n


          \r\n\r\n$| p/GAI-Tronics Commander VoIP phone http config/ d/VoIP phone/ match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POGOPLUG - ([\d.]+) - Linux\r\nDate: .*\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOPRO - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug Pro NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n.*Emerson Network Power IntelliSlot Web/(\d+) Card|s p/Allegro RomPager/ v/$1/ i|Emerson Network Power IntelliSlot Web/$2 card| d/power-device/ cpe:/a:allegro:rompager:$1/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w.]+)/?\r\nConnection: close\r\nContent-Length: 0\r\n\r\n|s p/VMware Server 2 http config/ h/$1/ cpe:/a:vmware:server:2/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"HP\"\r\n.*\r\n|s p/SimpleHelp remote desktop httpd/ match http m|^HTTP/1\.0 302 Object Moved\r\n.*Location: /\+CSCOE\+/logon\.html\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\n|s p/Cisco ASA firewall http config/ d/firewall/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\nSet-Cookie: webvpn=;.*/\+CSCOE\+/logon\.html|s p/Cisco ASA firewall http config/ d/firewall/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\n.*Server: Mbedthis-Appweb/([\d.]+)\r\n.*Set-Cookie: _appwebSessionId_=|s p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter ix2 NAS device/ d/storage-misc/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:iomega:storcenter_ix2/a match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nLocation: /EnterpriseController\r\n| p/GoogleMini search appliance httpd/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\n.*WWW-Authenticate: Basic realm=\"Huawei SmartAX (\w+)\"\r\n|s p/micro_httpd/ i/Huawei SmartAX $1 ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:huawei:smartax_$1/a match http m|^HTTP/1\.0 200 OK Content-type: text/html\r\n\r\n.*

          57066 Minolta Network Configuration Sheet 1 of 2\n\n

          .*Serial Number: *(\d+)\n.*Ethernet Address: *([0-9A-F.]+).*F/W Version: *([\w.]+ \(\w+\)).*Print Server Name: *([\w_.-]+)|s p/Minolta PagePro 20 printer http config/ i/serial number: $1, MAC: $2, firmware $3/ d/printer/ h/$4/ cpe:/h:minolta:pagepro_20/a match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n.*Server: WIC-2300\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n.*Server: DCS-\w+\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=(DCS-\w+)\r\n\r\nPassword Error\. $| p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.0 400 bad url /\r\nServer: TinyHTTPProxy/([\d.]+) ([^\r\n]+)\r\n| p/TinyHTTPProxy/ v/$1/ i/$2/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*|s p/Juniper SA2000 or SA4000 VPN gateway http config/ d/proxy server/ match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\r\n\r\n\r\nFMS : Freenet Message System| p/Freenet Message System web client/ match http m|^HTTP/1\.1 400 Bad Request\r\n.*Server: Profense\r\n|s p/Profense web application firewall/ d/firewall/ match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n.*Touchstone Status|s p/NET-DK/ v/$1/ i/Arris Touchstone TM702B VoIP modem/ d/VoIP adapter/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: MediaBox HTTPd Server/([\d.]+) \(Unix\)\r\n|s p/MediaBox HTTPd Server/ v/$1/ o/Unix/ match http m|^HTTP/1\.1 200 OK\r\nServer: cab/([\d.]+) \(([^)]+)\)\r\n.*cab AdminApplet|s p/cab/ v/$1/ i/AdminApplet $2/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\nEverything| p/voidtools Everything search engine httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 OK\r\n.*Set-Cookie: sessionId=.*\n\n\nCisco Systems Login\n|s p/Cisco 4400 wireless LAN controller httpd/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\n.*:: ThinStation ::.*

          Thinstation ([\w._-]+) on ([\w._-]+) :: Main page

          |s p/ThinStation http admin/ v/$1/ o/Linux/ h/$2/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n.*WWW-Authenticate: Basic realm=\"ADSL Router \(ANNEX B\)\"\r\n.*.*|s p/Allnet ALL0277DSL ADSL router http config/ d/broadband router/ cpe:/h:allnet:all0277dsl/a match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n

          301 Moved Permanently

          $| p/VMware ESXi Server httpd/ h/$1/ cpe:/o:vmware:esxi/ match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PCS-1 Web Control\"\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Sony PCS-1 video conferencing http config/ d/webcam/ cpe:/a:allegro:rompager:$1/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: Ubicom/([\d.]+)\r\n.*D-Link Gaming Router :\r\n\t\t Login\r\n\t|s p/Ubicom/ v/$1/ i/D-Link DGL-4500 WAP http config/ d/WAP/ cpe:/h:dlink:dgl-4500/a match http m|^HTTP/1\.1 307 Temporary Redirect\r\nConnection: keep-alive,close\r\n.*Location: http://([\w._-]+)/servlet/StartServlet\r\nServer: PEWG/([\d.]+)\r\n|s p/PEWG/ v/$2/ i/OCE print server/ d/print server/ h/$1/ match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\w+)v(\d+)POE \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/firmware $2; MAC $3/ d/VoIP phone/ match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\d+)i \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/MAC $2/ match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"IP Resource Card \(IPRC\)\(id=[0-9A-F]+\)\"\r\n|s p/InterTel IPRC VoIP management card/ d/PBX/ match http m|^HTTP/1\.1 200 OK\r\n.*Ethernetov\xfd teplom\xecr TME od Papouch s\.r\.o\.|s p/Papouch TME Ethernet thermometer http interface/ match http m|^HTTP/1\.1 200 OK\r\nServer: SMC Internet Update Manager\r\nConnection: Keep-Alive\r\nContent-Type: text\r\nDate: .*\r\nContent-Length: 61\r\n\r\nAvira Internet Update Manager ist betriebsbereit$| p/Avira SMC Internet Update Manager/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/VMware ESX 3.5 Server httpd/ h/$1/ cpe:/o:vmware:esx:3.5/ match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*.*.*.*\r\n\r\n\r\n\r\n\r\n$|s p/GoldStar iPECS 50B PBX http config/ d/PBX/ match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure\r\n.*VMware View Portal|s p/VMware View Manager httpd/ match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure; HttpOnly\r\n.*VMwareView Portal|s p/VMware View Manager httpd/ match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: \d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure.*VMware View Portal|s p/VMware View Manager httpd/ match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n\r\n\r\nVMware View| p/VMware View Manager httpd/ match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\d.]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 90\r\n\r\nNorman Security Error

          403 - Forbidden

          $| p/Norman Security Endpoint Protection httpd/ v/$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Norman Security/([\d.]+)\r\n.*Norman Security Error

          401 - Unauthorized

          $|s p/Norman Security Endpoint Protection httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*.*Oracle Applications Rapid Install|s p/Oracle Rapid Install httpd/ match http m|^HTTP/1\.1 200 OK\r\n.*\r\n\r\n\r\n\r\n
          |s p/HP Procurve 1810G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1810g/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.0 302\r\nLocation: /Portal0000\.htm\r\n.*Error\r\n

          /

          302 : MOVED TEMPORARILY

          $|s p/Siemens Simatic S7-300 PLC httpd/ d/specialized/ match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.mwsl\r\n\r\n$| p/Siemens Simatic S7-1200 PLC httpd/ d/specialized/ match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.html\r\n\r\n$| p/Siemens Simatic HMI MiniWeb httpd/ d/specialized/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Web Management\"\r\n\r\n401 Unauthorized401 Unauthorized$| p/Foundry EdgeIron switch http config/ d/switch/ match http m|^HTTP/1\.1 404 Not Found\r\nConnection: Close\r\nContent-Type: text/html\r\n\r\nThe specified URL cannot be found\r\n| p/Barracuda Web Application Firewall/ d/firewall/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nSet-Cookie: DLILPC=\"\"; Version=1; Max-Age=0; Path=/\r\n\r\n.*Power Controller \n \n|s p/Digital Loggers Web Power Switch II http config/ d/power-device/ match http m|^HTTP/1\.1 403 Directory Listing Denied\r\nContent-Type: text/plain\r\nContent-Length: 12\r\n\r\nError: 403\r\n$| p/HP Dream Screen media player http config/ d/media device/ match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*Seagate NAS - ([\w._-]+)\n\n|s p/Seagate Black Armor 440 NAS http config/ i/PHP $1/ h/$2/ cpe:/a:php:php:$1/ match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*My Book World Edition - ([\w._-]+)\n.*\n|s p/Western Digital My Book http config/ i/PHP $1/ d/storage-misc/ h/$2/ cpe:/a:php:php:$1/ match http m|^HTTP/1\.1 302 Found\r\n.*Location: https://([\w._-]+)/site-web/home\.seam\r\n|s p/Seam web framework/ h/$1/ match http m|^HTTP/1\.0 200 OK\r\n.*Print server homepage\n\n\n|s p/Citizen CLP-521 or Kyocera Mita KM-1530 printer http config/ d/printer/ cpe:/h:kyocera:mita_km-1530/a match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 19\r\nContent-Type: text/html\r\n\r\n 404 Page Not Found$| p/Kyocera Mita FS-1350DN printer http config/ d/printer/ cpe:/h:kyocera:mita_fs-1350dn/a match http m|^HTTP/1\.0 401 Unauthorized\r\n.*WWW-Authenticate: Basic realm=\"GeneralUser/Administrator\"\r\n\r\n401 Unauthorized\n

          401 Unauthorized

          \n
          \nAuthorization required for the requested URL\.\n\n|s p/thttpd/ i/Panasonic BB-HCM511 IP camera http config/ cpe:/a:acme:thttpd/ match http m|^HTTP/1\.1 307 Redirect\r\nLocation: https?://[^\r\n]*\r\nContent-Length: 0\r\n\r\n$| p/Apache httpd/ v/2.0.X/ cpe:/a:apache:http_server:2.0/ match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*OneAccess WCF|s p/RapidLogic httpd/ v/$1/ i/OneAccess ONE100A router http config/ d/router/ o/OneOS/ cpe:/a:rapidlogic:httpd:$1/ match http m|^HTTP/1\.1 200\r\n.*|s p/Nova viaWARP httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 OK\r\n.*Server: Apache ([\w._-]+) in ([^\r\n]+)\r\n|s p/Apache Tomcat $1/ i/in $2/ cpe:/a:apache:tomcat/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"PLC Adaptor\"\r\n\r\n| p/Panasonic PLC Adaptor Ethernet-to-mains bridge http config/ d/bridge/ match http m|^\n501 Method Not Implemented\n\n

          Method Not Implemented

          \n\n$| p/kissdx media player control httpd/ match http m|^HTTP/1\.1 200 OK\r\nServer: yawcam/([\w._-]+)\r\nContent-Length:\d+\r\n| p/Yawcam webcam viewer httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: ACS ([\w._-]+)\r\n|s p/Cisco ACS httpd/ v/$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\n.*Server: WYM/([\w._-]+)\r\n.*WWW-Authenticate: Basic realm=\"Rovio\"\r\n|s p/WYM httpd/ v/$1/ i/Wowwee Rovio webcam/ d/webcam/ match http m|^HTTP/1\.1 \d\d\d .*\r\n.*Server: Kerio Connect ([^\r\n]+)\r\n|s p/Kerio Connect webmail httpd/ v/$1/ match http m|^HTTP/1\.0 500 Internal server error\nServer: M3 Business Engine ([^\r\n]+)\nConnection: close\nContent-Type: text/html; charset=UTF-8\nCache-Control: no-cache\nPragma: no-cache\nExpires: 0\nContent-Type: text/html\n\n\n500 Internal server error\n\n

          500 Internal server error

          \n
          \n
          M3 Business Engine ServerView
          \n\n$| p/M3 Business Engine ServerView httpd/ v/$1/ match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError accessing ''\r\n$| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/ # TODO: hunt down line number/version number correlations match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError opening ''\r\n\d+:error:[A-F\d]+:system library:fopen:No such file or directory:bss_file\.c:169:fopen\('','r'\)\n\d+:error:[A-F\d]+:BIO routines:BIO_new_file:no such file:bss_file\.c:172:\n| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/ match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/html\r\n\r\n\n
          \n\n(.*) \nCiphers supported in s_server binary\n| p/OpenSSL s_server -www httpd/ i/command line: $1/ cpe:/a:openssl:openssl/
          match http m|^HTTP/1\.1 302 Moved Temporarily\r\n.*Server: go1984\r\n.*Location: http://([\w._-]+)(?::\d+)?/([\w._-]+)/Default/index\.htm\r\n\r\n|s p/go1984 httpd/ i/session ID $2/ d/webcam/ h/$1/
          match http m|^HTTP/1\.1 200 OK\r\n.*Connection: close\r\nContent-Type: text/html\r\n.*.*.*.*\r\n\tvar PIN_change_attempted = false;\r\n\tvar Login_failed = false;\r\n\tvar password_label = \"\";\r\n\r\n.*|s p/Wind River Web Server/ v/$1/ i/Fujitsu-Siemens FibreCAT SX80 NAS device http config/ d/storage-misc/
          match http m|^HTTP/1\.1 200 OK\r\nServer: WindRiver-WebServer/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n.*.*.*HP StorageWorks MSA Storage Management Utility|s p/Wind River Web Server/ v/$1/ i/HP StorageWorks MSA http config/ d/storage-misc/
          match http m|^HTTP/1\.1 200 OK\r\n.*Server: MarratechPortal/([\w._-]+) \(Java ([\w._-]+); Windows ([^)]+)\) build/(\d+)\r\n|s p/Marratech Portal/ v/$1 build $4/ i/Java $2; Windows $3/ o/Windows/ cpe:/o:microsoft:windows/a
          match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BBVS\r\nContent-type: text/plain\r\n.*WWW-Authenticate: Basic realm=\"SecuritySpy Web Server\"\r\n\r\n401 Unauthorized\r\n$|s p/SecuritySpy webcam viewer httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
          match http m|^HTTP/1\.1 200 OK\r\nServer: BBVS/([\w._-]+)\r\nKeep-Alive: timeout=20, max=100\r\nConnection: Keep-Alive\r\nAccept-Ranges: bytes\r\nContent-Length: 6258\r\nContent-Type: text/html\r\n\r\n\n\nSecuritySpy Web Server\n| p/SecuritySpy webcam viewer httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
          match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nExpires:0\r\npragma:no-cache\r\n\r\n\r\n\r\n\r\n\r\n$| p/TED 5000 power use monitor/ d/power-device/
          # http://java423.vicp.net:8652/infoserver.central/data/syshbk/collections/TECHNICALINSTRUCTION/1-61-208775-1.html
          match http m|^HTTP/1\.0 400 Malformed Header in \r\nContent-Type: text/html\r\n\r\n$| p/Sun ScApp bytecode transfer httpd/
          match http m|^HTTP/1\.1 200 OK\r\n\r\nFile SharePublic
          $| p/File Share httpd/ i/Android mobile phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*VoIP Gateway.*|s p/D-Link DVS-4088S, DVS-5088S, or DVG-7062S VoIP gateway http config/ d/VoIP adapter/ match http m|^HTTP/1\.0 200 OK\r\nServer: BEJY V([\w._-]+) HTTP ([\w._-]+) \r\n| p/BEJY httpd/ v/$2/ i/BEJY $1/ match http m|^HTTP/1\.0 404 Not Found\r\nServer: Xfire\r\nConnection: close\r\n\r\n\r\n$| p/Xfire httpd/ match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-type: text/html\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/ match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/ match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Language: en\r\n.*Content-Location: /default\.html\r\n.*ExpertAssist/([\w._-]+)\r\nSet-Cookie: RASID=\w+; path=/\r\n\r\n ExpertAssist|s p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n(DocuPrint [\w._-]+) - ([\w._-]+)\r\n| p/Fuji Xerox $1 printer http config/ d/printer/ h/$2/ cpe:/h:xerox:$1/a match http m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Length: 487\r\n\r\n\n\n\n\nContent Server Message\n\n\n\nNetwork message format error\. Unable to parse browser environment or content item\. Unable to parse properties\. Name-value pairs are missing an '='\.\n\n$| p/Oracle Universal Content Management httpd/ match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\n\r\n$| p/IDentifier NameTracer Pro httpd/ match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 155\r\nConnection: close\r\n.*<FortiClient Download Portal|s p/FortiClient firewall http config/ d/firewall/ match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n \n\n [\w._-]+ \n\n\n\n|s p/Fortinet FortiGate SSL VPN remote http login/ match http m|^HTTP/1\.1 200 OK\r\n.*Last-Modified: Tue, 03 Oct 2006 19:21:12 GMT\r\nETag: \"85f_52_4522b828\"\r\n.*Content-Length: 82\r\n.*location=\"/remote/index\";\n\n\n\n\0{605}$|s p/Fortinet FortiGate-5001 SSL VPN remote http login/ match http m|^HTTP/1\.1 200 OK\r\n.*Last-Modified: Wed, 11 Jan 2012 03:34:20 GMT\r\nETag: \"610_4f_4f0d033c\"\r\n.*Content-Length: 79\r\n.*location=\"/login\";\n\n\n\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/ match http m|^HTTP/1\.1 200 OK\r\n.*Last-Modified: Fri, 21 Apr 2000 00:53:33 GMT\r\nETag: W/\"685_4f_4d082ec4\"\r\n.*Content-Length: 79\r\n.*location=\"/login\";\n\n\n\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"View Home & Status Web Pages\"\r\n.*Server: Allegro-Software-RomPager/([\w._-]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\d.]+/home\.html\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a match http m|^HTTP/1\.1 200 OK\r\n.*XenServer ([\w._-]+)|s p/Citrix Xen Simple HTTP Server/ i/XenServer $1/ match http m|^HTTP/1\.0 200 OK\r\n.*ETag: \"-127477461\"\r\n.*Server: none\r\n.*Fireware XTM User Authentication|s p/WatchGuard FireBox XTM firewall http config/ d/firewall/ match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"uTorrent\"\r\n\r\n| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 300 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a # uTorrent 2.0.2 match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.0 200 OK\r\n.*Server: WYM/([\w._-]+)\r\n.*Content-Length: 1029\r\nLast-Modified: Tue, 19 May 2009 02:17:02 GMT\r\n\r\n\xef\xbb\xbf\r\n\r\nNVS|s p/WYM httpd/ v/$1/ i/A+V Link NVS-4000 surveillance system http config/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\nLast-Modified: Mon, 07 Apr 2009 04:00:00 GMT\r\nContent-Type: TEXT/HTML\r\nDate: \w\w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT00:00 GMT\r\nServer: ICOM ([\w._-]+) from SBS\r\nMIME-Version: 1\.0\r\nServer: ICOM [\w._-]+ from SBS\r\nConnection: close\r\nContent-Length: 861\r\n\r\n\r\n\r\nUltraQuest Index HTML| p/ICOM httpd/ v/$1/ i/UltraQuest mainframe reporting/ o|OS/390| cpe:/o:ibm:os_390/a match http m|^HTTP/1\.0 404 Not Found\r\nContent-type: text/html\r\nDate: Sat, 31 Dec 2005 23:02:28 GMT\r\nConnection: close\r\n\r\n404 Not Found\n

          404 Not Found

          \nThe requested URL was not found on this server\.\n\n$| p/BusyBox httpd/ i/Sphairon Turbolink IAD ADSL modem http config/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 302\r\nLocation: /login\.vibe\r\n\r\n$| p/VibeStreamer streaming media httpd/ match http m|^\r\n\r\n\r\n\r\n\r\n\r\n<\?xml version=\"1\.0\" encoding=\"ISO-8859-1\"\?>\r\n\r\n\r\n\r\n\r\n\r\n\r\nRealSecure SiteProtector.*\n\n302 Found\n\n

          Found

          \n

          The document has moved here\.

          \n

          Additionally, a 302 Found\nerror was encountered while trying to use an ErrorDocument to handle the request\.

          \n\n$| p/HP System Management httpd/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\n.*DVR WebViewer\r\n\r\n.*\r\n\r\n|s p/MicroDigital MDR-4600 DVR httpd/ i/Resolution $1x$2; CmdPort $3; StreamPort $4/ d/media device/ match http m|^HTTP/1\.0 200 OK\r\nServer: Senturion/([\w._-]+)\r\n.*Sensatronics: Senturion ([\w._-]+).*Willkommen zur Administration des Telefons|s p/Atcom AT-320 VoIP phone http config/ v/$2/ i/PalmMicro $1 chipset/ cpe:/h:atcom:at-320/a match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*Dashboard.*|s p/Red Condor antispam appliance http config/ d/proxy server/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\", qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*BMC HTTP Server\r\n.*\"\"|s p/HP Integrated Lights-Out http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/ match http m|^HTTP/1\.0 300 Multiple Choices\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\nConnection: close\r\nLocation: http://[\w._-]+/localmenus\.cgi\?func=604\r\nContent-type: text/html\r\n\r\n.*HTTP/1\.0 404 Not Found\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\n|s p/Rockpile httpd/ i/Cisco 7937 VoIP phone http config/ d/VoIP phone/ cpe:/h:cisco:7937/a match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"CentreWare Internet Services\"\r\n.*\r\n\r\n\r\nFAILED\r\n|s p/FujiXerox ApeosPort-IV C4470 http config/ d/printer/ match http m|^HTTP/1\.1 404 Not Found\r\n.*Server: iTP Secure WebServer/([\w._() -]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nConnection: close\r\n\r\nNot Found

          Not Found

          \n The requested object was not found on this server\.$|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: iTP Secure WebServer/([\w._() -]+)\r\n.*Index of /|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\n.*Server: iTP WebServer with NSJSP/([\w._() -]+) \(HTTP/1\.1 Connector\)\r\nLocation: http://([\w._-]+):\d+/index\.html\r\n|s p/iTP WebServer with NSJSP/ v/$1/ i/HP Tandem NonStop/ h/$2/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Indy/([\w._-]+)\r\n.*GregHSRWLib - RemObjects SDK for \.NET v([\w._-]+)|s p/Indy httpd/ v/$1/ i/.NET $2; Acer Registration Service; greghsrw.exe/ cpe:/a:indy:httpd:$1/ match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n.*Server: null\r\n.*HP - Data Center Fabric Manager|s p/HP Data Center Fabric Manager http config/ match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n.*Server: censhare hyena/([\w._-]+)\r\n|s p/censhare hyena httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*ETag: W/\"[\d-]+\"\r\n.*Server: Undefined\r\n.*|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/ match http m|^HTTP/1\.1 200 OK\r\n.*ETag: W/\"[\d-]+\"\r\n.*Server: Undefined\r\n.*|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/ match http m|^HTTP/1\.1 401 \r\nDate: Sat, 21 Dec 1996 12:00:00 GMT\r\nWWW-Authenticate: Basic realm=\"Default password:1234\"\r\n\r\n401 Unauthorized - User authentication is required\.$| p/Edimax PS-1206P print server/ d/print server/ match http m|^HTTP/1\.1 301 Moved Permanently\r\n.*Server: Noelios-Restlet-Engine/([\w._-]+)\r\nLocation: http://([\w._-]+)/index\.html\r\nVary: Accept-Charset,Accept-Encoding,Accept-Language,Accept,User-Agent\r\nContent-Length: 0\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n$|s p/Noelios Restlet Framework/ v/$1/ i/Sonatype Nexus Maven Repository Manager/ h/$2/ match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*Content-Type: text/html\r\nConnection: close\r\n\r\n\nError response\n\n\n

          Error response

          \n

          Error code 501\.\n

          Message: Not Implemented\.\n

          Error code explanation: 501 = Server does not support this operation\.\n\n$|s p/SimpleHTTPServer/ v/$1/ i/rPath Appliance Platform Agent; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: CMSHTTPD/([\w._-]+) z_VM/([\w._-]+) ([^\r\n]+)\r\n|s p/CMSHTTPD/ v/$1/ i|z/VM $2; $3| o|z/VM| match http m|^HTTP/1\.0 200 OK\nServer: Cardax Embedded Interface\n.*

          CardaxFT Controller # (\d+) \(ETS\)

          .*
          Version: v([\w._/-]+) BootMon-([\w._-]+)\n$|s p/Cardax FT security system http interface/ v/$2/ i/Controller #$1; BootMon $3/ d/security-misc/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nAllow: GET,POST,HEAD\r\nMIME-Version: 1\.0\r\nServer: (MA\w+) Server ([\w._-]+)\r\nLocation: http://0\.0\.0\.0\r\n\r\n$| p/Huawei $1 WAP http config/ v/$2/ cpe:/h:huawei:$1/a match http m|^HTTP/1\.0 200 OK\r\nServer: ZyXEL SSLVPN Server v([\w._-]+)\r\n.*ZyWALL SSL(\d+)|s p/ZyXEL ZyWALL SSL $2 SSL-VPN applicance http config/ v/$1/ d/firewall/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: \r\n.*ZyWALL ([^<]+)|s p/ZyXEL ZyWALL $1 firewall http config/ d/firewall/ cpe:/h:zyxel:zywall_$1/a match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\nLogin\n\n| p/D-Link DGS-1200T-series switch http config/ d/switch/ match http m|^HTTP/1\.1 505 HTTP Version not supported\r\nContent-Length: 0\r\nDate: .*\r\nAccept-Ranges: bytes\r\n\r\n$| p/Virtual Mic http synchronization/ d/media device/ o/iPhone OS/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*Server: Wireless Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*Server: Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*Server: Network Camera\r\n|s p/Vivotek IP7131 Network Camera http config/ d/webcam/ cpe:/h:vivotek:ip7131/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Remote-Motion CCD Network Camera\"\r\nContent-Type: text/html\r\nServer: Vivotek Network Camera\r\n\r\n\n\nProtected Object\n

          Protected Object

          This object on the server is protected\.

          \n$| p/Vivotek Network Camera http config/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Web Server\r\n.*NetGear ([\w._-]+)|s p/Netgear $1 switch http config/ d/switch/ cpe:/h:netgear:$1/ match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n.*Management.*\n\n\n|s p/Tandberg MXP video conferencing http config/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: HyNetOS/([\w._-]+)\r\n.*(CS\d+) SNMP/Web Adapter|s p/Effekta MH 6000 UPS http config/ i|$2 SNMP/Web adapter; HyNetOS $1| d/power-device/ o/HyNetOS/ match http m|^HTTP/1\.1 200 OK\r\nX-Cocoon-Version: ([\w._-]+)\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*F-Secure Policy Manager Web Reporting|s p/F-Secure Policy Manager http interface/ i/Apache Cocoon $1/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: ShellHTTPD/([\w._-]+)\r\n.*Dachstein LEAF Firewall|s p/ShellHTTPD/ v/$1/ i/Dachstein LEAF firewall/ d/firewall/ o/Linux 2.2/ cpe:/o:linux:linux_kernel:2.2/ match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: Thu, 01 Jan 1970 00:00:00 GMT\r\nnServer: avtech/([\w._-]+)\.\.Expires: 0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-type: text/html;charset=ISO-8859-1\r\nWWW-Authenticate: Basic realm=server\r\nContent-Length: 163\r\n| p/avtech httpd/ v/$1/ i/Postef-8840 ADSL router/ d/broadband router/ match http m|^HTTP/1\.0 200 Script output follows\r\nServer: shinGETsu/([\w._-]+) \(Saku/([\w._-]+)\) Python/([\w._-]+)\r\n| p/Saku/ v/$2/ i/client for shinGETsu $1 BBS; Python $3/ cpe:/a:python:python:$3/ match http m|^HTTP/1\.1 503 HTTP is not licensed\.

          To set up this filer, use /api \.\r\nServer: Data ONTAP/([\w._-]+)\r\n| p/NetApp http vFiler/ o/Data ONTAP $1/ cpe:/a:netapp:data_ontap:$1/ match http m|^HTTP/1\.1 503 HTTP is not licensed\.

          To administer this filer, use /na_admin/ \.\r\nServer: NetApp//([\w._-]+)\r\n| p/NetApp http vFiler/ v/$1/ o/Data ONTAP/ cpe:/a:netapp:data_ontap/ cpe:/o:netapp:data_ontap/a match http m|^HTTP/1\.1 503 HTTP is not enabled \(the value of option httpd\.enable is off\)\.

          To administer this filer, use /na_admin/ \.\r\nServer: NetApp//([\w._-]+)\r\n| p/NetApp http vFiler/ v/$1/ o/Data ONTAP/ cpe:/a:netapp:data_ontap/ cpe:/o:netapp:data_ontap/a match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\n401 Unauthorized\n\n

          401 Unauthorized

          \nAuthorization required\.\n\n\n| p/m0n0wall FreeBSD firewall web interface/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\n401 Unauthorized\n\n

          401 Unauthorized

          \nAuthorization required\. HuaCheng Technologies\n\n\n| p/HuaCheng firewall http config/ d/firewall/ match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\n501 Not Implemented\n\n

          501 Not Implemented

          \nThat method is not implemented\.\n\n\n$| p/Western Digital My Book http config/ d/storage-misc/ match http m|^HTTP/1\.1 200 OK\r\nServer: Axeda Agent Web Server/([\w._-]+)\r\n.*Last-Modified: 1200004200\r\n.*IM_v8_Data \r\n\r\n\r\n
          \r\n
          \r\n Server at ([\w._-]+) Port \d+|s p/ZyXEL ZyWALL USG 200 firewall http config/ i/redirect to port $1/ d/firewall/ h/$2/ cpe:/h:zyxel:zywall_usg_200/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*\n\t\n\t\n\t\n\t|s p/Buffalo NAS BitTorrent download manager http interface/ d/storage-misc/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-Encoding: gzip\r\nCache-Control: max-age=600, must-revalidate\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\0\0| p/Modtronix SBC65EC Web Server/ match http m|^HTTP/1\.0 301\r\n.*Server: OKWS/([\w._-]+)\r\n|s p/OKWS httpd/ v/$1/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*PowerDownTop\n\n\n$|s p/thttpd/ i/Panasonic IP camera http viewer/ d/webcam/ cpe:/a:acme:thttpd/ match http m|^HTTP/1\.0 200 OK\r\nServer: ZK Web Server\r\nPragma: no-cache\r\nCache-control: no-cache\r\n.*|s p/ZK Web Server/ i/ZKSoftware ZEM500 fingerprint reader; MIPS/ d/security-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 69\r\nContent-Type: text/html; charset=UTF-8\r\nServer: TornadoServer/([\w._-]+)\r\n\r\n404: Not Found404: Not Found$| p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a match http m|^HTTP/1\.1 301 0\w\w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nLocation: https://[\d.]+/web/content/index\.html\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Alcatel 7800 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:alcatel:7800/a # Juniper SRX-240H UTM firewall # Juniper EX2200-48T-4G switch match http m|^HTTP/1\.0 200 OK\r\n.*Server: Mbedthis-Appweb/([\w._-]+)\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nETag: \"[0-9a-f-]+\"\r\n.*X-Powered-By: PHP/([\w._-]+)\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n.*Log In - Juniper Web Device Manager|s p/Mbedthis-Appweb/ v/$1/ i/PHP $2/ d/firewall/ o/JUNOS/ cpe:/a:mbedthis:appweb:$1/ cpe:/a:php:php:$2/ cpe:/o:juniper:junos/a match http m|^HTTP/1\.0 403 Not Authorized\r\nContent-Type: text/html\r\nContent-Length: 379\r\n\r\n<\?xml version=\"1\.0\" encoding=\"US-ASCII\"\?>.*

          Will not send listings for this directory\.

          \r\n\r\n\r\n|s p/Ashd httpd/ match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n.*\r\n.*Phoenix PowerAgent GP|s p/Phoenix PowerAgent GP power monitor http interface/ d/power-device/ match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 4240\r\nContent-Type: text/html; charset=ISO-8859-1\r\n.*Server: IST OIS\r\n.*Allworx Hosted Web Site|s p/Allworx 6x VoIP phone http config/ d/VoIP phone/ cpe:/h:allworx:6x/a match http m|^HTTP/1\.0 403 Forbidden\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nDate: .*\r\nServer: IST OIS\r\n\r\n$| p/Allworx VoIP network server http admin/ d/VoIP adapter/ match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ACEswitch@[\d.]+\"\r\n\r\n401 Unauthorized\r\n$| p/Alteon 2424-SSL load balancer http config/ d/load balancer/ match http m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nLocation: /search\?site=default_collection&client=default_frontend&output=xml_no_dtd&proxystylesheet=default_frontend&proxycustom=\r\nContent-Type: text/html\r\nContent-Length: 0\r\n\r\n$| p/Google Mini search appliance httpd/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Apache/x\.x\.x \(Unix\) mod_ssl/x\.x\.x OpenSSL/([\w._-]+)\r\n.* FASTORA Filer Storage Manager .*classid=\"clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11\">|s p/Apache httpd/ i/Fastora NAS T2 NAS device; OpenSSL $1/ d/storage-misc/ o/FreeBSD/ cpe:/a:apache:http_server/ cpe:/a:openssl:openssl:$1/ cpe:/o:freebsd:freebsd/a match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nCache-Control: private\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\nParsing error$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/ match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\nCache-Control: private\r\nLocation: /index\.html\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nRedirect to index\.html$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/ match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nServer: SimpleHTTPtutorial v([\w._-]+)\r\n\r\n$| p/SimpleHTTPtutorial httpd/ v/$1/ match http m|^HTTP/1\.0 200 OK\n.*Server: uClinux-httpd ([\w._-]+)\nExpires: 0\n\n.*DxClient NetViewer.*Welcome.*\n\n\n| p/Speakerbus iD101 VoIP phone http config/ d/VoIP phone/ cpe:/h:speakerbus:id101/ match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html; charset=iso-8859-1\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n.*

          Username / Password is still (\w+/\w+)\. Please update\.

          |s p/ServersCheck Monitoring Server httpd/ v/$1/ i/credentials: $2/ match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n|s p/ServersCheck Monitoring Server httpd/ v/$1/ match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\n.*VMware View|s p/VMware ESX Server httpd/ cpe:/o:vmware:esx/ match http m|^HTTP/1\.1 200 Ok\r\nServer: PMSoftware-SWS/([\w._-]+)\r\n| p/PMSoftware Simple Web Server/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nlast-modified: .*\r\netag: [0-9a-f]+\r\nConnection: close\r\n\r\n| p/Node.js/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: (DPH-\w+)\r\n| p/D-Link $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: Mango DSP HTTP Stack\r\n.*Mango IP Node Configuration|s p/Mango DSP AVS Raven-M video server http config/ d/media device/ # Last-Modified has time zone. match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nLast-Modified: .* [-+]\d+\r\nExpires: .*\r\n\r\n| p/OpenText FirstClass webmail httpd/ match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: LOGSSLCHECK=nossl; path=/; expires=.*\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Language: en\r\nContent-Length: \d+\r\nContent-Location: /default\.html\r\n.*ExpertAssist|s p/ScriptLogic ExpertAssist remote management httpd/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nExpires: -1\r\nContent-Type: text/html\r\n\r\n\r\n\r\n\r\n Thomson Gateway - Startseite| p/Thomson SpeedTouch 536i router http config/ d/router/ cpe:/h:thomson:536i/ match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 240\r\n\r\n\r\n\r\nWeb-Manager ([\w._-]+)\r\n\r\n\r\n
          \r\n\r\n\r\n\r\n\r\n\r\n$| p/Napco Netlink NL-MOD http config/ v/$1/ match http m|^\r\n\r\n\r\n
          ERF-Gateway Settings & States
          \r\n\r\n\r\n| p/LaCrosse GW-1000U weather station httpd/ v/$1 $2/ match http m|^HTTP/1\.0 200 OK\r\nServer: \$ProjectRevision: ([\w._-]+) \$\r\nContent-Type: text/html\r\n\r\n\n\n \n \n| p/Teradici PCoIP remote management http config/ v/$1/ d/remote management/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https://\(null\)/\r\nContent-Length: 2\r\n\r\n\r\n| p/Teradici PCoIP remote management http config/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: 131\r\nContent-Type: text/html\r\n\r\n\n\n\n\n\n\n\n\n\n$| p/Digital Stream DPS-1000 set-top box http config/ d/media device/ match http m|^HTTP/1\.0 200 OK\nConnection: close\nContent-type: text/html\nContent-Length: \d+\n\n\n\n\n\n\nNetcool/ISM Login\n| p/IBM Netcool Internet Service Monitors httpd/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Z-World Rabbit\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n\r\nSafetyNet Series 5| p/Z-World Rabbit microcontroller httpd/ i/SafetyNet Series 5 environmental monitor/ d/specialized/ match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 48\r\nServer: Indy/([\w._-]+)\r\n\r\nThe requested URL / was not found on this server$| p/Indy httpd/ v/$1/ i/Avaya VoIP phone upgrade service/ cpe:/a:indy:httpd:$1/a match http m|^HTTP/1\.1 200 OK\r\nCONTENT-ENCODING: gzip\r\nEXPIRES: .*\r\nCONTENT-LENGTH: \d+\r\nLAST-MODIFIED: .*\r\nDATE: .*\r\nCONTENT-TYPE: text/html; charset=UTF-8\r\nCACHE-CONTROL: max-age=0, no-cache, public\r\nSERVER: Linux/([\w._-]+) Motorola/([\w._-]+) DAV/2\r\n| p/Moto Phone Portal httpd/ i/Linux $1; Motorola Defy $2/ d/phone/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$1/ match http m|^HTTP/1\.1 302 Found\r\nServer: httpd\r\nDate: .*\r\nLocation: login\.html\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\n\r\n$| p/Green Packet DX230 WAP http config/ d/WAP/ cpe:/h:green_packet:dx230/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Radware-web-server\r\nWWW-Authenticate: Basic realm=\"Radware\"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\nDocument Error: Unauthorized| p/Radware OnDemand switch http config/ d/switch/ match http m|^HTTP/1\.0 401 Unauthorized\nServer: Gnat-Box/([\w._-]+)\n| p/Global Technology Associates Gnat Box firewall http config/ v/$1/ d/firewall/ match http m|^HTTP/1\.1 400 Bad Request\r\nDate: Mon, 21 Feb 2011 17:38:00 GMT\r\nContent-Length: 0\r\n\r\n$| p/Apple TV httpd/ d/media device/ cpe:/a:apple:apple_tv/ match http m|^HTTP/1\.1 307 Temporary Redirect\r\n.*Content-Length: 0\r\nConnection: keep-alive\r\nServer: AmazonS3\r\n\r\n$|s p/Amazon S3 httpd/ match http m|^HTTP/1\.1 200 OK\nServer: BO/([\w._-]+)\nDate: .*\nContent-type: text/html\nPublic: GET, POST\nConnection: keep-alive\n\n| p/BO2K built-in httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nHello, non-Bayeux request\. Yet another one$| p/Node.js/ i/Faye Bayeux protocol/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.0 500 Internal Server Error\r\nCONTENT-TYPE: text/html\r\nDate: .*\r\nServer: IBM_CICS_Transaction_Server/([\w._-]+)\(zOS\)\r\n| p/IBM CICS Transaction Server/ v/$1/ o|z/OS| cpe:|o:ibm:z/os| match http m|^HTTP/1\.1 200 OK\r\nServer: corehttp-([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n
          | p/CoreHTTP/ v/$1/ i/directory listing/
          # http://code.google.com/p/webfinger/
          match http m|^HTTP/1\.1 400 Bad request\r\n\r\n$| p/WebFinger httpd/
          match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nFailure: 500 Internal Server Error\r\nnull\r\n\r\n$| p/Eucalyptus httpd/
          match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html; charset=utf-8\r\nContent-Length: 204\r\n\r\n\nDirectory listing for /\n\n

          Directory listing for /

          \n
          \n\n
          \n\n\n$| p/Dionaea honeypot httpd/ # http://www.erlang.org/doc/man/inets.html match http m|^HTTP/1\.0 200 OK\r\nServer: inets/([\w._-]+)\r\n| p/inets/ v/$1/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Encoding: gzip\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\x02\x03\xa5\x93Mo| p/HP ProCurve 1800-24G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1800/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.1 200 OK\r\nServer: afts/([\w._-]+)\r\n| p/afts/ v/$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: OBi(\w+)\r\n| p/Obihai OBi$1 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:obihai:obi$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n1\.0\n(?:\d\d\d\d-\d\d-\d\d\n)+| p/OpenStack Nova httpd/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": \[{\"status\": \"CURRENT\", \"id\": \"v([\w._-]+)\"}\]}| p/OpenStack Nova httpd/ v/$1/ # http://www.fastpath.it/products/palantir/index.php match http m|^HTTP/1\.0 200 OK\r\nContent-Type: multipart/x-mixed-replace; boundary=--mp-boundary\r\nExpires: .*\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache\r\nX-Protocol-Version: (\d+)\r\nX-Greeting: Livefeed\r\n\r\n--mp-boundary\r\n| p/Palantir media streaming httpd/ i/protocol $1/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: MediaMallServer/([\w._-]+)\r\n| p/PlayOn MediaMallServer httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\nI-O DATA Broadband Router ETX-R| p/I-O Data ETX-R router http config/ d/router/ match http m|^HTTP/1\.0 401 com\.wm\.app\.b2b\.server\.AccessException: com\.wm\.app\.b2b\.server\.AccessException: \[ISS\.0084\.9004\] Access Denied\r\nWWW-Authenticate: Basic realm=\"webMethods\"\r\n| p/Software AG webMethods httpd/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Secure Area\"\r\nContent-Type: text/html\r\n\r\nError401 Unauthorized$| p/ScriptLogic Image Center remote agent httpd/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nExpires: .*\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\nWelcome to (963)| p/Trend $1 building control system httpd/ d/security-misc/ cpe:/h:trend:$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWww-Authenticate: Basic REALM=\"elmeg\"\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nUnauthorized request\r\n$| p/Elmeg IP 290 VoIP phone http config/ d/VoIP phone/ cpe:/h:elmeg:ip_290/ match http m|^HTTP/1\.1 401 Authorization Required\nDate: .* ([-+]\d+)\nServer: WebPidginZ \n([\w._-]+)\nWWW-Authenticate: Digest realm=\"WebPidginZLoginDigest\", nonce=\"[0-9a-f]+\", opaque=\"0000000000000000\", stale=false, algorithm=MD5, qop=\"auth\"\nConnection: close\nContent-type: text/html\n\n\n\n$| p/WebPidgin-Z instant messaging interface/ v/$2/ i/time zone: $1/ match http m|^HTTP/1\.0 \d\d\d [\w ]+\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n{.*\"name\" : \"([^"]+)\",\n \"version\" : {\n \"number\" : \"([^"]+)\",.*\"lucene_version\" : \"([^"]+)\"\n },\n \"tagline\" : \"You Know, for Search\"\n}|s p/Elasticsearch REST API/ v/$2/ i/name: $1; Lucene version: $3/ match http m|^HTTP/1\.0 200 OK\r\n.*Content-Type: application/json; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n{\n \"ok\" : true,\n \"name\" : \"[\w._ -]+\",\n \"version\" : {\n \"number\" : \"([\w._-]+)\",\n \"date\" : \"(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)\",\n \"snapshot_build\" : \w+\n },\n|s p/ElasticSearch/ v/$1 $2/ match http m|^HTTP/1\.0 200 OK\r\n.*Content-Type: application/json; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n{.*\n \"name\" : \"([^"]+)\",.*\n \"version\" : {\n \"number\" : \"([\w._-]+)\",\n \"snapshot_build\" : false\n },|s p/ElasticSearch/ v/$2/ i/name: $1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nContent-Length: \d+\r\n\r\n\n\n\n\n\n|s p/NET-DK/ v/$1/ i/Motorola SB5101 or SB6120 cable modem http config/ d/broadband router/ cpe:/h:motorola:sb5101/ cpe:/h:motorola:sb6120/ match http m|^HTTP/1\.0 401 Unauthorized\n.*Server: SAINT/([\w._-]+)\n.*\n\nBad client authentication code\n\n\n\n

          Bad client authentication code

          \nThe command: GET / HTTP/1\.0\r\n was not properly authenticated\.\n\n\n$|s p/SAINTexploit http interface/ v/$1/ match http m|^HTTP/1\.0 200 OK\n.*Server: SAINT/([\w._-]+)\n.*SAINT Login|s p/SAINTexploit http interface/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\n\r\n



          LevelOne (GSW-\w+)| p/LevelOne $1 switch http config/ d/switch/ cpe:/h:levelone:$1/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n\n

          SoftwareERF-Gateway V([\w._-]+)
          Compilation Date(\d\d/\d\d/\d\d)
          \n|s p/Port25 Solutions PowerMTA http status/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(IPCamera_Logo\)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: .*\r\nCache-Control: max-age=60\r\n\r\n\xef\xbb\xbf| p/Maygion IPCamera http interface/ i/RTSP on same port/ # Verizon FIOS? match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=\"IgdAuthentication\", domain=\"/\", nonce=\"\w{35}=\", qop=\"auth\", algorithm=MD5, opaque=\"5ccc09c403ebaf9f0171e9517f40e41\" \r\n\r\n| p/TL-069 remote access/ match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=IgdAuthentication, domain=\"/\", qop=\"auth\", algorithm=MD5, nonce=\"\w{9}\"\r\n\r\n| p/TL-069 remote access/ match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 23\r\nServer: MySQL Aggregator\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CTA\"\r\nContent-Type: text/plain\r\n\r\nAuthorization required\n| p/MySQL Enterprise Agent Aggregator/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache \r\nServer: Bukkit Webby\r\nConnection: Close\r\n\r\n| p/Bukkit Webby Minecraft http admin/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: /console/index\.html\r\nConnection: close\r\nDate: .* GMT\r\n\r\n$| p/JBoss Administrator/ match http m|^HTTP/1\.1 200 OK\r\nCache-Control: max-age=0\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nX-UA-Compatible: IE=Edge\r\nConnection: close\r\nSet-Cookie: web_session_id=\w+; path=/; HttpOnly; \r\n\r\n.*PA Server Monitor|s p/Power Admin Server Monitor http admin/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: SentinelKeysServer/([\w._-]+)\r\nMIME-Version: 1\.1\r\nContent-Type: text/html\r\n| p/SafeNet Sentinel Keys License Monitor httpd/ v/$1/ i/Java Console/ cpe:/a:safenet-inc:sentinel_keys_server:$1/ # The version numbers don't line up. Need more info or more fingerprints to figure out. # Also, this matches 4 or 5 different services within CloudView. No further info. match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: .*\r\nDate: .*\r\nHost: 0\.0\.0\.0\r\nServer: NG/6\.0\.16943\r\n| p/Exalead CloudView/ v/5.1.12.31472/ match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nEtag: .*\r\nServer: ngconvert/6\.0\.16943 edoc/1\.4\.36592 \(BUILD=6\.0\.16943;EDOC=1\.4\.36592;AUTOMIME=1\.03;CONFEX=0\.153;XPDFTEXTLIB=3\.02\.24\)\r\n\r\n| p/Exalead CloudView/ v/5.1.12.31472/ match http m|^HTTP/1\.1 200 OK\r\n.*\r\n\r\n\n\n\n
          pageok
          \n\n$|s p/GoDaddy error/ match http m|^HTTP/1\.1 400 Bad Request \(5\)\r\nServer: httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Cisco small business router VPN/ match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTS/tvheadend\r\nCache-Control: no-cache\r\nWWW-Authenticate: Basic realm=| p/Tvheadend http config/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .* ([+-]\d+)\r\nContent-Length: 0\r\nServer: com\.novell\.zenworks\.httpserver/([\w._-]+)\r\n\r\n| p/Novell ZENworks httpd/ v/$2/ i/time zone: $1/ cpe:/a:novell:zenworks:$2/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/plain\n\nTable: Links\nLocal IP\tRemote IP\tHyst\.\tLQ\tNLQ\tCost\n| p/olsrd txtinfo plugin/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nDate: .*? ([A-Z]+)\r\nExpires: .*\r\n\r\n.*

          DVR (\w+) WatchDog \(([\w._-]+)\)

          |s p/March Networks $2 DVR http config/ i/time zone: $1/ h/$3/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: Speclab WebServer/([\w._-]+) (Instinct-\d+ Release \d+)\r\n|s p/Speclab WebServer/ v/$1/ i/Goal $2/ match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n {332}\n\n\t.*|s p/SOGo groupware http interface/ i/build: $1/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close \r\nContent-Type: text/html\r\nCache-control: no-cache\r\n\r\n.*top\.location\.href=\"login_page\.html\";Paradox IP Module|s p/Paradox security system IP module httpd/ d/security-misc/ match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) vom \d+\.\w+\.\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/German/ match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) of \w+/\d+/\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/English/ match http m|^HTTP/1\.1 200 OK\r\nContent-Length:\d+\r\nContent-Type:text/html\r\nConnection:close\r\n\r\n

          Mendeley Desktop

          | p/Mendeley Desktop httpd/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nLast-Modified: \d+/\d+/\d+ \d+:\d+:\d+ [AP]M\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n\r\n\r\nHomeWorks Illumination Web Keypad| p/Lutron HomeWorks web keypad/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\nUnified Protocol version ([\d.]+)| p/Samsung CLP printer httpd/ i/Unified Protocol $1/ d/printer/ # BIND 9.5 or later match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/xml\r\n.*Server: libisc\r\n.*|s p/BIND stats httpd/ i/XML statistics version $1/ cpe:/a:isc:bind/ match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n.*\r\n\r\n\r\n\t\r\n\t|s p/LANDesk html5 remote control/ cpe:/a:landesk:landesk_management_suite/ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: .*\r\nServer: Swift1\.0\r\n\r\n| p/Samsung Swift httpd/ v/1.0/ d/media device/ match http m|^HTTP/1\.1 200 OK\r\nSERVER: HDHomeRun/([\w._-]+)\r\n.*
          Model: ([\w._-]+)
          Device ID: [\w._-]+
          Firmware: ([\w._-]+)
          |s p/Silicondust HDHomeRun set top box http config/ v/$1/ i/model: $2; firmware: $3/ d/media device/ match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nDate: .*\r\nServer: KM-MFP-http/V([\w._-]+)\r\nContent-Type: text/html\r\n\r\n\r\n\r\n\r\n\r\n| p/Kyocera MFP printer http config/ v/$1/ d/printer/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: NSG\r\nWWW-Authenticate: Basic Realm=Security\r\n| p/Harmonic NSG QAM video delivery httpd/ d/media device/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: Httpd/1\.0\r\nDate: \w+ \w+ +\d+ \d+:\d+:\d+ \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http:///login\.asp\r\n\r\n| p/CJ HelloVision DVW-2300N router http redirector/ d/WAP/ match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Avaya Push Agent Ver x\.x\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n| p/Avaya Push Agent/ d/VoIP phone/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: GS-Webs\r\nDate: .*\r\nLocation: http://\x07/index\.html\r\n\r\n|s p/Huacam Cyclops IP camera http config/ d/webcam/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\n| p|TalkSwitch/FortiVoice web manager| d/VoIP phone/ match http m|^HTTP/1\.1 502 Bad Request\r\nContent-Length: \d+\r\n\r\n\r\n\r\nError 502 - Bad Request
          \r\nThe server could not resolve your request for uri: http://[\d.]+/\r\n\r\n| p/Blackberry phone httpd/ d/phone/ match http m|^HTTP/1\.1 403 Forbidden\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\nDocument Error: Forbidden\r\n\t\t

          Access Error: Forbidden

          \r\n\t\t

          HTTP/1\.0 403 Forbidden\n

          \r\n\r\n| p/Avaya 9670 VoIP Phone httpd/ d/VoIP phone/ cpe:/h:avaya:9670/a match http m|^HTTP/1\.1 302 Found\r\nLocation: http://([\w._-]+)/\?cfru=aHR0c.*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n\r\nRedirect\r\n\r\n\r\n\r\n
          \r\n
          \r\n
          \r\n
          | p/Cisco 7912G IP Phone/ d/VoIP phone/ cpe:/h:cisco:7912g/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\", qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*BMC HTTP Server\r\n|s p/BMC HTTP Server/ i/HP Integrated Lights-Out remote management/ d/remote management/ cpe:/h:hp:integrated_lights-out/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n.*RGB VIA Platform Home Page\r\n|s p/BusyBox httpd/ i/RGB Modular Media Converter http config/ d/media device/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Web UI Access\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\", stale=\"false\", algorithm=\"MD5\", qop=\"auth\"\r\n\r\n$| p/qBittorrent Web UI/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n\r\n\r\n\r\n\r\n\r\n

          SDR-IP

          by

          RFSPACE

          \r\n\r\n\r\n$| p/RF-Space SDR-IP software radio http config/ d/specialized/ cpe:/h:rf-space:sdr-ip/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nConnection: close\r\nContent-type: text/html\r\nServer: Flumotion/([\w._-]+)\r\n| p/Fluendo Flumotion httpd/ v/$1/ match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n\n\n\nEATON\n| p/Eaton Powerware Environmental Rack Monitor httpd/ d/power-misc/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nPlasma Monitor web control system\r\n| p/Pioneer PRO-141 monitor http config/ d/media device/ cpe:/h:pioneer:pro-141/ match http m|^HTTP/1\.0 200 200 OK\r\n.*Server: Ubicom/([\w._-]+)\r\n.*Microtek WES : Login\r\n|s p/Ubicom/ v/$1/ i/Microtek ML-WES WAP http config/ d/WAP/ cpe:/h:microtek:ml-wes/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length: *\d+\r\n\r\n\n\n\n\n| p/ISPmanager SSL redirector/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nContent-type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\r\nJointSpace| p/jointSPACE TV application framework/ d/media device/ match http m|^HTTP/1\.1 200 OK\r.*\nlibAbsinthe: (r[\d.]+)\r\n|s p/Legify Absinthe/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Web Server\r\nContent-Type: text/html\r\n.*\r\n\r\n \r\nNETGEAR ([^<]+)|s p/Netgear $1 http config/ d/switch/ cpe:/h:netgear:$1/a match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"Domoticz\.com\"\r\n\r\n|s p/Domoticz home automation httpd/ match http m|^HTTP/1\.0 302 Redirect\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ match http m|^HTTP/1\.1 401 Unauthorized\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ match http m|^HTTP/1\.1 200 OK\r\nServer: pyTivo/([\d.]+)\r\n| p/pyTivo http interface/ v/$1/ d/media device/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: DVRDVS-Webs\r\n| p/Hikvision DVR http interface/ d/media device/ match http m|^HTTP/1\.1 302 FOUND\r\nX-Hue-Jframe-Path: /\r\n| p/Cloudera Hue http Hadoop UI/ match http m=^HTTP/1\.1 200 OK\r.*\nLiferay-Portal: Liferay Portal (Community|Enterprise) Edition ([^(]+) \([A-Z][a-z]+ / Build (\d+) / [^)]+\)\r.*\nServer: Apache\r\n=s p/Liferay Portal $1 Edition/ v/$2/ i/build $3; Apache Tomcat/ cpe:/a:apache:tomcat/ match http m|^HTTP/1\.1 401 Unauthorized\nContent-Type: text/html;\nConnection: close\nWWW-Authenticate: Basic realm=\"Default: admin/admin\"\nContent-Length: \r\n\r\nSitecom Multi-Functional USB Server ([^<]+)| p/Sitecom $1 http config/ match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nPragma: no-cache\r\nExpires: \"[^"]+\"\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n\n\nILV701PL Web Configuration - Authentication| p/LEXCOM ILV701PL IPTV receiver http config/ d/media device/ match http m|^HTTP/1\.0 500 Server Error\nContent-Type: text/html\n\nhaserl CGI Error
          \n\[string \"([^"]+)\"\]:\d+:| p/Haserl CGI wrapper/ i/CGI path: "$1"/
          match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"yhhtpd\r\n| p/Neutrino yhttpd 3.X/
          match http m|^HTTP/1\.0 200 OK\r\nServer: xLightweb/([\d.]+)\r\nContent-Length: 0\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Headers: device-os, device-mo, app-build, device-id, device-no, device-ip, tracker, sub-id, sid\r\n\r\n| p/xLightweb httpd/ v/$1/
          match http m|^HTTP/1\.0 200 Document follows\r\nServer: XCD WebAdmin\r\nContent-Type: text/html\r\n\r\n| p/Intermec EasyLAN print server http admin/ d/print server/
          # Reported as TP-LINK PS110U (ZOT-PS-47)
          match http m|^HTTP/1\.0 200 OK\r\nDate: Mon, 24 Sep 2001 18:00:00 GMT\r\nMIME-version: 1\.0\nServer: (ZOT-PS-\d\d)/([\d.]+)\n| p/ZO Tech $1 or TP-LINK print server http admin/ v/$2/ d/print server/
          match http m|^HTTP/1\.1 200 OK\r\nServer: Dump1090\r\n| p/Dump1090 Mode S decoder http viewer/
          match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[^"]\"\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n\n| p/Fortinet FortiGate SSL VPN/ d/security-misc/
          match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\n| p/AEG Powersolutions UPS View http viewer/ d/power-device/
          match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: sid=[^;]+; path=/; httponly\r\nSet-Cookie: sid\.sig=[^;]+; path=/; httponly\r\nDate: .*\r\nConnection: close\r\n\r\n.*

          Webhook Deployer v([\w._-]+)|s p/Node.js/ i/Webhook Deployer v$1/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nServer: SIMP LIGHT\r\n\r\nSIMP Light web server \[ver\. ([\w._-]+)\]| p/SIMP Light SCADA httpd/ v/$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 91\r\nContent-Type: text/html\r\nX-Plex-Protocol: 1\.0\r\n| p/Plex Media Center httpd/ match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n\n\r\nRequest Error\r\n\r\n\r\n\r\n
          | p/ISPConfig http control panel/ match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Digest realm=\"(TV-IP\d\d\d\w*)\",qop=\"auth\", nonce=\"[a-f0-9]+\"\r\n\r\n| p/TRENDnet $1 httpd/ d/webcam/ cpe:/h:trendnet:$1/a #example $2 = "MediaCloset\0" match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\nAPC Back-UPS ([^(]+)\(([^)]+)\)| p/APC Back-UPS $1 http admin/ i/$P(2)/ match http m|^HTTP/1\.1 401 UNAUTHORIZED\r\nWWW-Authenticate: Basic realm=\"Login Required\"\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 90\r\nDate: .*\r\nServer: ([\w._-]+)\r\n\r\nCould not verify your access level for that URL\.\nYou have to login with proper credentials| p/Maraschino XBMC http interface/ h/$1/ match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=[0-9a-f]{40}; Path=/; HttpOnly\r\nX-Auth-Status: none\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n.* href=\"/ajenti:static/|s p/Ajenti http control panel/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Hydra/([\w._-]+)\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n\n\nIntelligent Switch>\n| p/Hydra httpd/ v/$1/ i/ZyXEL GS1600 switch/ d/switch/ cpe:/h:zyxel:gs1600/a match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n\n\nIntelligent Switch>\n| p/ZyXEL GS1600 switch http admin/ d/switch/ cpe:/h:zyxel:gs1600/a match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: \r\n\r\n| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/ # version 8.6 has Secure; HttpOnly match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: \r\n\r\n| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/ match http m|^HTTP/1\.0 500 No such header: Host\r\nserver: Ag \[47\]\r\ncontent-type: text/html\r\n\r\n\n\n\n\n

          500: No such header: Host

          \n\n\r\n| p/ZyXEL Keenetic http admin/ d/broadband router/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\nBasic Status\n| p/NetComm Wireless ADSL router http admin/ d/WAP/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Easy Chat Server/([\w._-]+)\r\n| p/Easy Chat Server httpd/ v/$1/ match http m|^HTTP/1\.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nX-Iinfo: ?[\d-]+ .NNN RT\(\d+ \d+\) q\([ 0-9-]+\) r\([ 0-9-]+\)| p/Incapsula CDN httpd/ match http m|^Evolis TCP/IP\r\n| p/Evolis ID card printer httpd/ d/printer/ match http m|^HTTP/1\.0 200 OK\r\nServer: pilight\r\n| p/pilight home automation webGUI/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nX_Language: .*\r\nContent-Type: text/html\r\nServer: Embedthis-http\r\nLocation: https://([^/]+)/start\.html\n\r\n| p/Embedthis httpd/ i/Dell iDRAC 7/ d/remote management/ h/$1/ cpe:/h:dell:idrac7/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nContent-Type: text/html\r\nContent-Length: 165\r\nLocation: http://oishare/DCIM\r\n\r\n\r\n301 Moved Permanently\r\n

          301 Moved Permanently

          \r\n\r\n\r\n| p/Olympus camera httpd/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: \r\nCache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n\r\n\r\n(NWA[\w-]+)| p/ZyXEL $1 http config/ d/WAP/ cpe:/h:zyxel:$1/a match http m|^HTTP/1\.0 404 Not Found\r\nServer: thttpd/([\w.]+)-Avtrex/([\w._-]+)\r\n| p/thttpd/ v/$1/ i/Avtrex $2/ d/media device/ cpe:/a:acme:thttpd:$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection:close\r\n\r\n\r\n\r\n\r\n\tBerryz WebShare| p/Berryz WebShare/ match http m|^HTTP/1\.1 500 Internal error\r\nCache: no-cache\r\nContent-Type: text/plain\r\nContent-Length: 28\r\n\r\nCardo Updater Internal error| p/Cardo Updater/ match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html\r\nCONTENT-LENGTH: 260\r\n\r\n.*

          PRESENTATION PAGE

          |s p/Pioneer VSX-921, Denon DNP-720AE, or Marantz AV7005 AV receiver http config/ d/media device/ match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Fhem: login required\"\r\nContent-Length: 0\r\n\r\n| p/FHEMWEB Fhem frontend/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\nYouLess energy monitor| p/YouLess energy monitor httpd/ d/power-device/ match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOMVOFFICE - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n| p/Pogoplug Office NAS httpd/ v/$1/ d/storage-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 404 Not Found\r\n.*\r\nServer: AmazonS3\r\n\r\n404|s p/Amazon S3 httpd/ match http m|^HTTP/1\.0 404 Not Found\r\nX-Powered-By: Servlet/([\d.]+)\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n

          SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined\.


          SRVE0255E: A WebGroup/Virtual Host to handle localhost:\d+ has not been defined\.


          IBM WebSphere Application Server| p/IBM Tivoli Enterprise Portal/ i/Servlet $1/ cpe:/a:ibm:websphere_application_server/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://([\w.-]+)/index\.do\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: ThinkFree Server\r\n\r\n| p/ThinkFree Server Integrator/ h/$1/ match http m|^HTTP/1\.1 301 Moved Permanently\r\n.*
          nginx/([\d.]+)
          \r\n\r\n\r\n| p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/ match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nCache-Control: no-cache\r\nX-Runtime: \d+\r\nSet-Cookie: spiceworks_session=[^;]+; path=/; HttpOnly\r\nLocation: https?://([\w.-]+):\d+/login\r\n| p/Spiceworks http admin/ h/$1/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Clearswift\r\n| p/Clearswift Secure Web Gateway/ d/security-misc/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: \"[^"]+\"\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: dcs-lig-httpd\r\n\r\n| p/lighttpd/ i/D-Link DCS IP camera/ d/webcam/ cpe:/a:lighttpd:lighttpd/a match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\n\r\n\n\n\n Xfinity| p/Xfinity router http config/ d/broadband router/ # Panasonic TX-P55VTW60 match http m|^HTTP/1\.0 404 Not Found\r\nServer: Panasonic AVC Server/([\w._-]+)\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nContent-Length: 0\r\n\r\n| p/Panasonic AVC httpd/ v/$1/ d/media device/ match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Length: 15\r\nContent-Type: text/html\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\n\r\nInvalid request| p/Amazon MP3 Downloader httpd/ match http m|^HTTP/1\.1 303 See Other\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: https://([\w.-]+):\d+/webvpn\.html\r\nSet-Cookie: webvpncontext=00@[\w._-]+; path=/\r\nConnection: Keep-Alive\r\n\r\n| p/Cisco SSLVPN/ h/$1/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: Hikvision-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://([\w.-]+):\d+/index\.[asphtm]+\r\n\r\n| p/Hikvision DVR httpd/ d/media device/ h/$1/ match http m|^HTTP/1\.1 400\r\nContent-Length: 22\r\nContent-Type: text/plain\r\n\r\nMalformed Request-Line| p/SABnzbd newsreader httpd/ match http m|^HTTP/1\.1 200 OK\r\nServer: HP_Compact_Server\r\nContent-Length: \d+\r\n-onnection: keep-alive\r\nContent-Type: text/html\r\n| p/HP LaserJet printer http admin/ d/printer/ # ntopng <= 1.1 (r7342) had an auth bypass because processing isn't terminated after redirect. match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\nHTTP/1\.1 200 OK\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nServer: ntopng ([\d.]+) \((r\d*)\)\r\n| p/ntopng http interface/ v/$1/ i/SVN $2; auth bypass/ cpe:/a:ntop:ntopng:$1/ match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\n$| p/ntopng http interface/ v/1.2 or later/ cpe:/a:ntop:ntopng/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\nServer: owhttpd\r\nLast-Modified: .*\r\nContent-Type: text/html\r\n\r\n| p/OWFS httpd/ match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nWWW-Authenticate: Digest realm=\"([^"]+)\", domain=\"/\", nonce=\"[\da-f]+\", algorithm=\"MD5\", qop=\"auth\"\r\nWWW-Authenticate: Basic realm=\"\1\"\r\nContent-Type: text/html\r\n.*\r\n\r\nError 401|s p/Tandberg videoconference httpd/ i/"$1"/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*.*(MP\d\w+)|s p/Audiocodes $1 gateway http config/ d/VoIP adapter/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n\n\n \n rabbit\.js and Socket\.IO publish/subscribe example| p/Node.js/ i/rabbit.js messaging example page/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*?\r\nConnection: close\r\n\r\n.*\n|s p/DVRWeb viewer/ v/$SUBST(1,",",".")/ i/CmdPort $2; StreamPort $3/ match http m|^HTTP/1\.0 200 OK\r\nServer: KwikNet Web Server\r\n| p/Kadak KwikNet httpd/ match http m|^HTTP/1\.1 406 Not Acceptable\r\nContent-Type: text/html\r\nServer: MineloadHTTPD\r\n\r\nInvalid XML password\.| p/Mineload Bukkit plugin/ match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: cPanel\r.*\nWWW-Authenticate: Basic realm=\"cPanel WebDisk\"\r\n|s p/cPanel httpd/ i/unauthorized/ match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nCache-control: no-cache\r\nDate: .*\r\nServer: eXtensible UPnP agent\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Type: text/html\r\nEXT:\r\n\r\n.*Uptime: (\d+ days, [\d:]+).*Model: xupnpd-([\w._-]+)|s p/xupnpd http admin/ v/$2/ i/uptime: $1/ match http m|^HTTP/1\.1 200 OK\r\nServer: fexsrv\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n| p/F*EX (Frams' Fast File EXchange) server/ cpe:/a:ulli_horlacher:fex/ match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nPragma: no-cache\r\n\r\n\r\n\r\n\r\n\r\n \" >| p/Novell Access Gateway/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nSet-Cookie: wbm_cookie_session_id=[\dA-F]+; path=/; HttpOnly\r\nCache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLocation: /main\.cgi\?page=index\.html\r\n\r\n| p/Vodafone Station http config/ d/WAP/ # Also responds to GenericLines (v6.60) match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: \d+ +\r\n\r\n.+>Dual DHCP DNS Server Version ([\w._-]+ Windows Build \d+)<|s p/Dual DHCP DNS Server http viewer/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nRefresh: 5;url=/\r\n\r\n.*

          PowerMTA™ ([\w._-]+) 
          \r\n
          \r\n\r\nRedirect \(authentication_redirect_to_virtual_host\)| p/Pitney Bowes Business Manager BMDLAService/ h/$1/ match http m|^HTTP/1\.0 401 Unauthorized\r.*\nServer: phionEntegraHTTP\r\nAllow: GET, HEAD, DELETE\r\nWWW-Authenticate: Basic realm=phion Transparent Agent authentication\r\n|s p/phion Entegra SSL VPN client/ match http m|^HTTP/1\.0 404 Not Found\r\nServer: 2Wire TR-069\r\nContent-Length: 0\r\nAllow: GET\r\nWWW-Authenticate: d=\d+ +set_mask=0x[\da-f]+ +handle_evt=0x[\da-f]+.+\r\n| p/2Wire TR-069 access/ match http m|^HTTP/1\.1 302 Found\r\nX-UA-Compatible: IE=edge,chrome=1\r\nSet-Cookie: JSESSIONID=[\dA-F]+; Path=/; Secure; HttpOnly\r\nDate: .*\r\nLocation: /login\.html\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nVary: Accept-Encoding\r\nConnection: close\r\nServer: NSC/([\w._-]+) \(JVM\)\r\n\r\n| p/Nexpose Security Console/ v/$1/ cpe:/a:rapid7:nexpose:$1/ match http m|^HTTP/1\.1 302 Found\r\nX-UA-Compatible: IE=edge,chrome=1\r\nSet-Cookie: JSESSIONID=[\dA-F]+; Path=/; Secure; HttpOnly\r\nDate: .*\r\nLocation: /maintenance-login\.html\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nVary: Accept-Encoding\r\nConnection: close\r\nServer: NSC/([\w._-]+) \(JVM\)\r\n\r\n| p/Nexpose Security Console/ v/$1/ i/maintenance mode/ cpe:/a:rapid7:nexpose:$1/ match http m|^HTTP/1\.1 404 Not Found\r\nX-Powered-By: Sinopia/([\w._-]+)\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 13\r\nVary: Accept-Encoding\r\nX-Status-Cat: http://flic\.kr/p/aV6juR\r\nDate: .*\r\nConnection: close\r\n\r\nCannot GET /\n| p/Sinopia npm proxy/ v/$1/ i/node.js/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.1 300 Multiple Choices\r\nVary: X-Auth-Token\r\nContent-Type: application/json\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": {\"values\": \[{.*?\"type\": \"application/vnd\.openstack\.identity-v([\d.]+)\+| p/OpenStack Identity API/ v/$1/ match http m|^HTTP/1\.1 200 Ok\r\nServer: ZyXEL Modem\r\n.*\.::Welcome to ZyXEL ([^:<]+?)::\.|s p/ZyXEL $1 modem http config/ d/broadband router/ cpe:/h:zyxel:$1/a match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\nDate: .*\r\nContent-length: \d+\r\nContent-type: text/html; charset=UTF-8\r\nX-powered-by: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/ i/Servlet $2; JSP $3/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Printopia/([\w._-]+)\r\nLocation: http://www\.ecamm\.com/mac/printopia/instructions\.html\r\nConnection: close\r\n\r\n| p/Printopia for Mac/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: httpd\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"(E\d+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\n| p/Cisco Linksys $1 router config/ d/broadband router/ cpe:/h:cisco:linksys_$1/a # Blackberry 10.2.1 match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: \r\n\r\n404 Not Found\n

          404 Not Found

          \nindex\.html:
          This item has not been found
          \n| p/Blackberry Universal Device Service/ d/phone/ cpe:/a:blackberry:blackberry_universal_device_service/ match http m|^HTTP/1\.1 404 Service not found\r\nDate: .* GMT\r\nServer: ACE XML Gateway\r\nContent-Type: text/plain\r\nContent-Length: 42\r\nConnection: close\r\n\r\nNo handler was found matching the request\.| p/Cisco Application Control Engine XML Gateway/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/ # Post-2.2 development version has longer content match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 17\r\nWWW-Authenticate: Basic realm=varnish-agent\r\nDate: .*\r\n\r\nAuthorize, please$| p/Varnish Agent/ v/2.2 or older/ cpe:/a:varnish-cache:varnish_agent/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"NetAV\", nonce=\"[\da-f]{32}\", algorithm=MD5, domain=\"/netav/\", qop=\"auth\",\r\nPragma: no-cache\r\nCache-control: no-cache, no-store\r\n\r\n$| p/Sony NetAV/ d/media device/ # UUID header added in 0.5.6b match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf-8\r\nPragma: no-cache\r\nExpires: 0\r\nCache-Control: no-store\r\nConnection: close\r\nX-PageKite-UUID: [\da-f]{40}\r\n\r\n

          400 Bad request

          Invalid request, no Host: found\.

          \n| p/PageKite localhost tunnel/ v/0.5.6b or later/ match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Genetic Lifeform and Distributed Open Server ([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nCache-Control: public, max-age=31536000\r\nContent-Length: 28\r\n\r\nAn error has occurred\. \(404\)| p/Hentai@Home P2P downloader/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request \(missing Host: header\)\r\nConnection: close\r\nDate: .* ([-+]\d\d\d\d)\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n| p/Pandora FMS/ i/timezone: $1/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nContent-Type: text/plain\r\nContent-Length: 24\r\nLocation: /unsupported_browser\.htm\r\nDate: .*\r\nConnection: close\r\nServer: RStudio\r\n\r\n/unsupported_browser\.htm| p/RStudio Server/ match http m|^HTTP/1\.0 401 unknown \r\nServer: ForceLiveTransfer/([\w ]+)\r\nContent-Length: 0\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"[^"]+\"\r\n\r\n$| p/ForceTech ForceLive Transfer/ v/$1/ d/media device/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/plain\r\nContent-length: 58\r\n\r\n400 Bad Request\n'json' or 'msgpack' parameter is required\n$| p/fluentd data collector/ v/0.10.48 or later/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: http://null/console/index\.html\r\nConnection: close\r\nDate: .*\r\n\r\n$| p/HornetQ JMS http admin/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\nServer: gvs ([\d.]+)\r\n.* Error 404 \(Not Found\)!!1|s p/Google Video Server/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\nDate: .*\r\nServer: HP-iLO-Server/([\w._-]+)\r\nContent-Length: 0\r\n\r\n| p/HP Integrated Lights-Out web interface/ v/$1/ cpe:/h:hp:integrated_lights-out:$1/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: Brazil/([\d.]+)\r\nConnection: close\r\nContent-Length: 135\r\nContent-Type: text/html\r\n\r\n\n\nError: 404\n\nGot the error: Not Found
          \nwhile trying to obtain /
          \n\n\n| p/Sun Labs Brazil httpd/ v/$1/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 83\r\n\r\nSecurity Error

          403 - Forbidden

          | p/Norman Security Suite http config/ v/$1/ cpe:/a:norman:security_suite:$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Tadiran MGCP Phone\"\r\nContent-Type: text/html\r\n\r\n| p/Tadiran MGCP phone http config/ d/VoIP phone/ #(insert http) # Maybe too generic? match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/html\r\nContent-Length: 0\r\n\r\n| p/Brickstream/ match http m|^HTTP/1\.0 302 Found\r\nLocation: /html/en/index\.html\r\n\r\n$| p/peercast.org/ match http m|^HTTP/1\.0 404 Not found\r\n\r\nFile Not Found\n

          File Not Found

          \n$| p/Bacula http config/ match http m|^HTTP/1\.[01] 302 Found\r\nConnection: Close\r\nContent-Length: 0\r\nContent-type: text/html\r\nDate: .*\r\nLocation: .*/login\.php\r\n\r\n| p/Kerio MailServer http config/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=\"Admin\"\r\n\r\nPassword Error\.\r\n\r\n$| p/D-Link DP-301P+ print server http config/ d/print server/ cpe:/h:d-link:dp-301p%2d/ match http m|^HTTP/1\.0 401 Unauthorized\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Web Server Authentication\"\r\n\r\n401 Unauthorized\n

          401 Unauthorized

          \n\n\n$| p/Accton VM1188T VoIP phone http config/ d/VoIP phone/ # Seen for OpenPegasus, VMware ESX CIM server, Microsoft SCX CIM Server. match http m|^HTTP/1\.1 501 Not Implemented\r\n\r\n$| p/Web-Based Enterprise Management CIM serverOpenPegasus WBEM httpd/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 302 Found\r\nLocation: http://[\d.]+:8080/\r\nContent-Length: 0\r\n\r\n$| p/Red Condor antispam appliance http config/ d/proxy server/ match http m|^HTTP/1\.0 301 Moved Permanently\r\nLocation: https:///\r\n\r\n$| p/Check Point NGX Firewall-1/ cpe:/a:checkpoint:firewall-1/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/Node.js/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.0 302 Redirection\r\nLocation: index\.html\r\n\r\n$| p/JPS Radio Gateway http config/ match http m|^HTTP/1\.1 404 \r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/SearchInform DLP/ match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\n\nLogin Page\n
          NTLM Authentica| p/Smoothwall proxy/ i/NTLM authentication/ match http-proxy m|^HTTP/1\.1 400 Received invalid request from Client\r\nDate: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=\"UTF-8\"\r\nContent-Length: \d+\r\nAccept-Ranges: none\r\nProxy-Connection: close\r\n\r\n\n\n \n \n The requested URL could not be retrieved| p|Sophos/Astaro UTM gateway| d/security-misc/ cpe:/a:astaro:security_gateway_software/ match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 84\r\n\r\n{\"fault\":{\"faultstring\":\"\\\"Missing Host header\\\"\",\"detail\":{\"code\":\"MISSING_HOST\"}}}| p/Apigee API proxy/ match http-proxy m|^HTTP/1\.0 400 badrequest\r\nVia: 1\.0 ([\w.-]+) \(McAfee Web Gateway ([\w._-]+)\)\r\nConnection: Close\r\n| p/McAfee Web Gateway/ v/$2/ i/Via $1/ cpe:/a:mcafee:web_gateway:$2/ match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 113\r\nDate: .*\r\nExpires: 0\r\n\r\n\nError 400: Bad Request\n\n

          Error 400: Bad Request

          \n\n\n| p/Mikrotik HotSpot http proxy/ match http-proxy m|^HTTP/1\.0 400 Host Required In Request\r\nDate: .*\r\nConnection: close\r\nCache-Control: no-store\r\nContent-Type: text/html\r\nContent-Language: en\r\nContent-Length: \d+\r\n\r\n\n\nHost Header Required\n\n\n\n

          Host Header Required

          \n
          \n\n| p/Cyberoam UTM http proxy/ match http-proxy m|^HTTP/1\.1 504 Gateway Timeout\r\nContent-Length: 15\r\nContent-Type: text/plain;\r\n\r\nZAP Error: null| p/OWASP Zed Attack Proxy/ match http-proxy m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Length: 47\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nZAP Error \[java\.net\.UnknownHostException\]: null| p/OWASP Zed Attack Proxy/ match http-proxy m|^HTTP/1\.0 200 OK\r\n\r\n$| p/sslstrip/ # No info on what this is yet softmatch http-proxy m|^HTTP/1\.1 400 Bad request\r\nContent-Length: 53\r\nContent-Type: text/html\r\n\r\nCan't do transparent proxying without a Host: header\.| match hnap m|^HTTP/1\.[01] *200 OK.*\r\n\r\n<\?xml.*([^<]+).*<(?:\w+:)?VendorName>([^<]+).*<(?:\w+:)?ModelName>([^<]+).*<(?:\w+:)?FirmwareVersion>([^<]+)|s p/$2 HNAP/ v/$4/ i/device: $1; model: $3/ # http://www.everyhue.com/vanilla/discussion/112/other-open-ports-on-the-bridge/p1 match hue-link m|^GET HTTP1\.0\n\n$| p|Philips Hue link/debug| # http://foolscap.lothar.com/ match foolscap m|^HTTP/1\.1 500 Internal Server Error: internal server error, see logs\r\n\r\n| p/foolscap RPC/ # Also "Zimbra Network edition 6.0 IMAP server." match imap-proxy m|^\* OK IMAP4 ready\r\nGET BAD invalid command\r\n| p/nginx imap proxy/ match magent m|^Agent Ready\.\.\.\r\n| p/MicroWorld mwagent.exe/ o/Windows/ cpe:/o:microsoft:windows/a match magent m|^Agent Ready\.\.\.\r\nGET / HTTP/1\.0\r\n\r\nGET 501 command not implemented ERROR\r\n| p/MicroWorld mwagent.exe/ o/Windows/ cpe:/o:microsoft:windows/a match magent m|^Agent Ready v([\w._]+)+\.\.\.(?:\[[\w._-]+\])\r\nGET / HTTP/1\.0 501 command not implemented ERROR\r\n 501 command not implemented ERROR\r\n| p/MicroWorld mwagent.exe/ v/$1/ i/eScan antivirus management console/ o/Windows/ cpe:/o:microsoft:windows/a match mas-financial m|^409 Invalid Protocol PVXAS/1\.0\r\n| p/MAS200 Financial System/ o/Windows/ cpe:/o:microsoft:windows/a match mas-financial m|^The Host cannot run the specified program\.$| p/MAS200 Financial System/ o/Windows/ cpe:/o:microsoft:windows/a # Another implementation (Bukkit?) with the same matchline doesn't respond to GetRequest. match minecraft m|^\xff\0\x0e\0P\0r\0o\0t\0o\0c\0o\0l\0 \0e\0r\0r\0o\0r$| p/Spigot Minecraft game server/ # http://www.mobilemouse.com/ match mobilemouse m|^HTTP/1\.0 200 OK \r\nServer: Mobile Air Mouse Server\r\n.*>The Mobile Air Mouse server running on \"([\w._-]+)\"|s p/Mobile Air Mouse server/ h/$1/ # https://en.wikipedia.org/wiki/Modbus match modbus m|^GET \0\x03H\xd4\x02| p/Modbus TCP/ softmatch mongodb m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: 116\r\n\r\nYou are trying to access MongoDB on the native driver port\. For http diagnostic access, add 1000 to the port number\n| cpe:/a:mongodb:mongodb/ match mrtgext-nlm m|^-1\n-1\n-1\n$| p/Novell NetWare MRTGEXT NLM Statistics/ o/NetWare/ cpe:/o:novell:netware/a match msn m|^{?Syntax Error : GET / HTTP/1\.0}? error\r\n$| p/amsn/ match msn m|^{?Erreur de syntaxe : GET / HTTP/1\.0}? error\r\n$| p/amsn/ i/French/ match msn m|^{? ?Erro de sintaxe : GET / HTTP/1\.0}? error\r\n$| p/amsn/ i/Portugese/ match msn m|^{?Errore di sintassi : GET / HTTP/1\.0}? error\r\n$| p/amsn/ i/Italian/ # http://www.icbevr.com/ibank/ibank2/ # byte 8 is a counter, so \x18 in byte 7 may also increment? match ibank2 m|^\x02\0\0\x01E\(\x18.{25}$| match icap m|^ICAP/1\.0 501 Method not implemented.*\r\nServer: IronNet/([\d.]+)\r\n\r\n|s p/IronNet Compliance Application/ v/$1/ match icap m|^ICAP/1\.0 501 Method not implemented.*\r\nService: ProxyAV AV scanner ([^\r\n]+)\r\n|s p/Blue Coat ProxyAV/ v/$1/ match icap m|^ICAP/1\.0 501 Other\r\nServer: Traffic Spicer ([\d.]+)\r\n| p/Traffic Spicer icapd/ v/$1/ match icap m|^ICAP/1\.0 501 Method not implemented\r\nConnection: close\r\n\r\n$| p/Symantec DLP Web Prevent icapd/ match icap m|^ICAP/1\.0 400 Bad request\r\nServer: C-ICAP/([\w._-]+)\r\nConnection: close\r\n\r\n$| p/C-ICAP/ v/$1/ softmatch icap m|^ICAP/1\.0 \d\d\d | # gidentd 0.4.5 on Linux 2.4.X match ident m|^0, 0 : ERROR : INVALID-PORT\r\n$| p/gidentd/ match ident m|^GET / HTTP/1\.0 : USERID : UNIX : ([-.\w]+)\r\n : USERID : UNIX : [-.\w]+\r\n| p/Nullidentd/ i/Claimed user: $1/ match ident m|^GET / HTTP/1\.0 : USERID : UNIX : ([-.\w]+)\r\n$| p/Liedentd/ i/Claimed user: $1/ # pidentd 2.81 match ident m|^0 , 0 : ERROR : X-INVALID-REQUEST\r\n$| p/pidentd/ # pidentd 3.1a25 on Linux 2.4.20 (SuSE 8.2) match ident m|^GET : ERROR : UNKNOWN-ERROR\r\n$| p/pidentd/ match ident m|^0, 0 : ERROR : INVALID-AUTH-REQ-INFO : CAPABILITY=USER-INTERACTION : AUTH-MECH=KEBEROS_V4\r\n$| p/Stanford PC-leland identd/ # fair-identd-20000201 # pidentd-2.8.5-3 match ident m|^0 , 0 : ERROR : UNKNOWN-ERROR\r\n$| p/pidentd/ i/could be fair-identd/ # identd 1.1 on Linux 2.4.21 # linux-identd 1.2 - http://www.fukt.bth.se/~per/identd match ident m|^GET / HTTP/1\.0 : ERROR : INVALID-PORT\r\n : ERROR : INVALID-PORT\r\n$| p/Linux-identd/ o/Linux/ cpe:/o:linux:linux_kernel/a # HP-UX ident match ident m|^0 , 0 : ERROR : INVALID-PORT\r\n| p/HP-UX identd/ o/HP-UX/ cpe:/o:hp:hp-ux/a match ident m|^GET / HTTP/1\.0 : USERID : UNIX : [^\r\n]+\r\n| p/KVIrc fake identd/ # uw-imap 2003debian0.0304182231-1 match imap m|^\* OK \[CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS STARTTLS LOGINDISABLED\] \[[-.\w]+\] IMAP4rev1 200[-.\w]+ at .*\r\nGET BAD Command unrecognized/login please: /\r\n\* BAD Null command\r\n| p/UW imapd/ match imap m|^\* OK \[[-.+\w]+\] IMAP4rev1 v1(\d[-.\w]+) server ready\r\n| p/UW imapd/ v/1$1/ match imap m|^\* OK ([-.+\w]+) IMAP4rev1 v1(\d[-.\w]+) server ready\r\n| p/UW imapd/ v/1$2/ h/$1/ # gnu/mailutils imap4d 0.3.2 on Linux match imap m|^\* OK IMAP4rev1\r\nGET BAD Invalid command\r\n\* BAD Null command\r\n$| p/GNU Mailutils imapd/ cpe:/a:gnu:mailutils/ # Cyrus IMAP 2.1.14 match ssl/imap m|^\* BYE Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus imapd/ cpe:/a:cmu:cyrus_imap_server/ match imap m|^\* OK ([-\w_.]+)\r\nGET BAD Error in IMAP command received by server\.\r\n\* BAD Error in IMAP command received by server\.\r\n| p/Dovecot imapd/ h/$1/ cpe:/a:dovecot:dovecot/ match imap m|^\* OK .*\r\nGET BAD Error in IMAP command received by server\.\r\n\* BAD Error in IMAP command received by server\.\r\n| p/Dovecot imapd/ cpe:/a:dovecot:dovecot/ # Too general -- also matches Cyrus imapd 2.3.9. # match imap m|^\* OK .*\r\nGET BAD Please login first\r\n| p/Dovecot imapd/ i/auth required/ cpe:/a:dovecot:dovecot/ match imap m|^\* OK IMAP4 IMAP4rev1 Server\r\nGET BAD Unrecognised Command\r\n| p/Floosietek FTgate imapd/ match imap m|^\* OK IMAP4r1 server \[([-\w_.]+)\] ready\r\nGET BAD Protocol Error: \"Unidentifiable command specified\"\.\r\n\* BAD Protocol Error: \"Tag not found in command\"\.\r\n| p/Microsoft Exchange imapd/ i/Version masked/ o/Windows/ h/$1/ cpe:/a:microsoft:exchange_server/ cpe:/o:microsoft:windows/a match imap m|^\* OK IMAP4rev1 server ready at \d\d/\d\d/\d\d \d?\d:\d\d:\d\d\r\nGET BAD UNKNOWN Command\r\n\r\n BAD UNKNOWN Command\r\n| p/MailEnable imapd/ o/Windows/ cpe:/a:mailenable:mailenable/ cpe:/o:microsoft:windows/a match imap m|^\* OK IMAP4rev1 server ready\r\nGET BAD Unknown command '/'\r\n BAD Unknown command ''\r\n| p/Kerio imapd/ match imap m|^\* OK Gimap ready for requests from [\d\.]+ ([\w\d]+)| p/Google Gmail imapd/ i/$1/ match imap m|^\* OK .*IMAP4rev1 Server Completed\r\nGET BAD Protocol Error: Invalid IMAP command specified\r\n| p/Cisco imapd/ # embyte match imap m|^\* OK MailSite IMAP4 Server ([-.\w]+) ready| p/MailSite imapd/ v/$1/ match imap m|^\* OK ([\w._-]+) Welcome \(cimap\)\r\nGET BAD Invalid command \(/\)\r\n\* BAD - command line Insufficient tokens \(\)\r\n| p/SurgeMail imapd/ h/$1/ match imap m|^GET NO Error in IMAP command received by server\.\r\n| p/cPanel Courier imapd/ match imap m|^\* OK .*\r\nGET BAD Unknown or NULL command\r\n BAD NULL COMMAND\r\n| p/hMailServer imapd/ o/Windows/ cpe:/o:microsoft:windows/a match imap m|^\* OK ([\w._-]+)\r\nGET BAD Unknown or NULL command\r\n BAD NULL COMMAND\r\n| p/hMailServer imapd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match imap m|^\* OK \[CAPABILITY IMAP4rev1 [^]]*\]\r\nGET NO Error in IMAP command received by server\.\r\n\* NO Error in IMAP command received by server\.\r\n| p/Plesk Courier imapd/ match intersys-cache m|^HTTP/1\.1 200 OK\r\nContent-Type: application/xml; charset=utf-8\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>$| p/Intersystems Cache httpd/ match intermec-bri m|^ERR UNAVAILABLE\r\nOK>\r\nOK>\r\n| p/Intermec Basic Reader Interface/ # Server: CUPS/1.1 match ipp m|^HTTP/1\.0 \d\d\d .*Home - CUPS ([\d.]+).*SUMMARY=\"Common UNIX Printing System|s p/CUPS/ v/$1/ cpe:/a:apple:cups:$1/ match ipp m|^HTTP/1\.0 \d\d\d .*\r\nServer: CUPS/([-\w_.]+)|s p/CUPS/ v/$1/ cpe:/a:apple:cups:$1/ match ipp m|^lpd \[@[-.\w]+\]: Host name for your address \([:.\d]+\) is not known\n$| p/CUPS/ cpe:/a:apple:cups/ match ipp m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: EPSON-IPP/([\d.]+)\r\nContent-Type: application/ipp\r\nContent-Length: \d+\r\n\r\n| p/Epson ippd/ v/$1/ d/print server/ match ipp m|^HTTP/1\.1 411 Length Required\r\nSERVER: EpsonNet IPP-SERVER/([\w._-]+)\r\nCONTENT-LENGTH: 0\r\n\r\n| p/Epson ippd/ v/$1/ i/AL-C2800 printer/ d/printer/ match ipp m|^HTTP/1\.0 404 Not Found\r\nCache-Control: no-cache\r\nDate: .*\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: 91\r\nServer: Web-Server/([\d.]+)\r\n\r\n404 Not Found\n

          404 Not Found

          \0| p/Web-Server httpd/ v/$1/ i/NRG copier or Ricoh Aficio printer http config/ d/printer/ match ipp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 89\r\nServer: Web-Server/([\d.]+)\r\n\r\n404 Not Found

          404 Not Found

          $| p/Web-Server httpd/ v/$1/ i/NRG copier or Ricoh Aficio printer http config/ d/printer/ match ipp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: CANON HTTP Server Ver(\d[-.\w ]+)\r\n| p/Canon printer http config/ v/$1/ match ipp m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Canon Http Server (\d[-.\w ]+)\r\n| p/Canon printer http config/ v/$1/ match ipp m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\r\nIBM Infoprint Color (\d+)| p/IBM Infoprint Color $1 ippd/ d/printer/ cpe:/h:ibm:infoprint_color_$1/ match ipp m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nMIME-version: 1\.0\r\nServer: ZOT-PS-17/([\d.]+)\r\nLast-Modified: .*\r\nExpires: .*\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n| p/ZOT-PS-17 http/ v/$1/ i|Longshine/TRENDnet USB Print Server| d/print server/ match ipp m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\w_]+)\r\nLocation: https://[\d.]+/\r\nContent-Type: text/html\r\nContent-Length: 90\r\n\r\nMoved\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/HP Laserjet 4200TN http config/ d/printer/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a cpe:/h:hp:laserjet_4200tn/a match ipp m|^HTTP/1\.0 \d\d\d .*\r\nContent-Type: text/html\r\n\r\n\r\nDell Laser Printer 1700n| p/Dell Laser Printer 1700n ippd/ d/printer/ cpe:/h:dell:1700n/ match ipp m|^HTTP/1\.0 \d\d\d .*Common UNIX Printing System.*HREF=\"http://www\.easysw\.com\" ALT=\"Easy Software Products Home Page\">\n|s p/Easy Software Products CUPS/ match ipp m|^Not Found

          Not Found

          The requested URL \"\"was not found on this server\.\r\n| p/Epson 980N Printer/ d/printer/ cpe:/h:epson:980n/a match ipp m|^HTTP/1\.0 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\n\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\n\n\n\nInvalid Request\n\n\n\n

          \n\n\nInvalid Request\. Some Error\n\n\n\n\n| p/Xerox Phaser 3500/ d/printer/ match ipp m|^HTTP/1\.0 200 OK\r\n.*\r\nServer: ZOT-PS-(\d+)/([\d.]+)\r\n|s p/ZOT-PS-$1 print server/ v/$2/ d/print server/ match ipp m|^HTTP/1\.0 404 Not found\r\n\r\n404 Not found$| p/Xerox WorkCentre IPP/ d/printer/ match ipp m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Language: C\r\nUpgrade: TLS/1\.0,HTTP/1\.1\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 138\r\n\r\n404 Not Found

          Not Found

          The requested resource was not found on this server\.\n| p/Thecus N5200 IPP/ d/storage-misc/ cpe:/h:thecus:n5200_nas_server/ match ipp m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n

          For more printserver info please open the [\d.]+ home page$| p/Kyocera Mita KM-1530 IPP/ d/printer/ cpe:/h:kyocera:mita_km-1530/ match ipp m|^HTTP/1\.0 405 Method Not Allowed\r\nContent-Type: text/html\r\nCache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\n\r\n| p/Netia Spot ipp/ d/broadband router/ match ipp m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nServer: HP HTTP Server; HP ([^-]+) - (\w+); Serial Number: (\w+); (?:[\w_]+ )?Built:[^{]+ {\w+, ASIC id 0x[\da-f]+}\r\n\r\n$| p/HP $1 ipp/ i/model $2; serial $3/ d/printer/ cpe:/h:hp:$SUBST(1," ","_")/ match irc m|^:Default-Chat-Community 421 \* GET :Unknown command\r\n| p/Microsoft Exchange 2000 Server Chat Service/ o/Windows/ cpe:/a:microsoft:exchange_server:2000/ cpe:/o:microsoft:windows/a match irc m|^:([-\w_.]+) 451 :You have not registered your connection\r\n$| p/Wircsrv/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ingrian-xml m|^false101Could not parse client request| p/Ingrian NAE XML daemon/ d/security-misc/ # Jabber 1.4.2 match jabber m|^| p/Jabber instant messaging server/ i/Protocol $1/ cpe:/a:jabberd:jabberd/ match jabber m|^| p/Jabber instant messaging server/ i/Protocol $1/ cpe:/a:jabberd:jabberd/ match jabber m|^<\?xml version='1\.0'\?>| p/ejabberd/ i/Protocol $2/ h/$1/ cpe:/a:process-one:ejabberd/ match jabber m|^<\?xml version='1\.0'\?>| p/ejabberd/ i/Protocol $2/ h/$1/ cpe:/a:process-one:ejabberd/ match jabber m|^<\?xml version='1\.0'\?>| p/jit-transport jabber-ICQ transport/ h/$1/ match jabber m|^Invalid XML$| p/Jabber instant messaging server/ cpe:/a:jabberd:jabberd/ match jabber m|^Invalid XML$| p/Jabber instant messaging server/ cpe:/a:jabberd:jabberd/ match jabber m|^Invalid XML| p/jabberd instant messaging server/ cpe:/a:jabberd:jabberd/ match jabber m|^<\?xml version=\"1\.0\"\?>$| p/Facebook Chat XMPP/ h/$1/ match jabber m|^<\?xml version='1\.0'\?>$| p/Prosody Jabber server/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>$| p/Prosody Jabber client/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>$| p/Prosody Jabber server/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>$| p/Prosody Jabber client/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>$| p/Prosody Jabber client/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>$| p/Prosody Jabber server/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>| p/Prosody Jabber server/ cpe:/a:prosody:prosody/ match jabber m|^<\?xml version='1\.0'\?>| p/Isode M-Link Jabber client/ cpe:/a:isode:m-link/ match jabber m|^<\?xml version='1\.0'\?>| p/Isode M-Link Jabber server/ cpe:/a:isode:m-link/ match jabber m|^<\?xml version='1\.0' encoding='UTF-8'\?>\n\n$| p/Empathy Jabber client/ match james-admin m|^JAMES Remote Administration Tool ([\d.]+)\nPlease enter your login and password\nLogin id:\n| p/JAMES Remote Admin/ v/$1/ match jicp m|^d\x08\x1c\0\0\0Uncorrect JICP data type: 71$| p/Jade Inter Container Protocol/ match olsrd-jsoninfo m|^{\n\"links\": \[[^]]*\]\n,\n\t\"neighbors\": \[[^]]*\]\n,\n\t| p/olsrd jsoninfo plugin/ match jxta m|^JXTAHELLO tcp://[\d.]+:\d+ tcp://[\d.]+:\d+ | p/JXTA P2P Collaboration daemon/ match kazaa-http m|^HTTP/1\.1 \d\d\d .*\r\nServer: giFT-FastTrack ([\d.]+)\r\nX-Kazaa-Username: giFTed\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/giFTed FastTrack P2P client/ v/$1/ i/network: $2/ match kazaa-http m|^HTTP/1\.1 \d\d\d .*\r\nServer: giFT-FastTrack ([\d.]+)\r\nX-Kazaa-Username: www\.k-lite\.com\.br\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/K-Lite FastTrack P2P client/ v/$1/ i/network: $2/ match kazaa-http m|^HTTP/1\.0 404 Not Found\r?\nX-Kazaa-Username: (\S+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/KaZaA P2P client/ i/username: $1; network: $2/ match kazaa-http m|^HTTP/1\.[01] 404 Not Found\r?\nServer: giFT-FastTrack ([\d.]+)\r\nX-Kazaa-Username: (\S+)\r\nX-Kazaa-Network: ([-.\w]+)\r\n| p/KaZaA P2P client/ v/$1/ i/username: $2; network: $3/ match kazaa-peerpoint m|^HTTP/1\.0 404 Not Found\n\r\n$| p/KaZaA P2P client Peer Point Manager/ match kerberos-sec m|^\0\0\0.~\x81.0\x81..\x03\x02\x01\x05.\x03\x02\x01\x1e.\x11\x18\x0f|s p/Mac OS X kerberos-sec/ o/Mac OS X/ cpe:/a:apple:kerberos:5/ cpe:/o:apple:mac_os_x/a match lcdproc m|^huh\? Invalid command \"GET\"\n| p/LCDProc screen interface daemon/ match listserv m|^The file name you specified is invalid\. LISTSERV files have names like\r\n\"BOARD\.MINUTES\" or \"XYZ-L LOG9303\" \(without the quotes\)\.\r\n| p/LISTSERV Administration service/ cpe:/a:lsoft:listserv/ match megafillers m|^400 Unknown command\.\.\. Are you surprised\?\r\n$| p/MegaFillers game server/ match mogilefs m|^ERR unknown_command Unknown\+server\+command\r\n| p/MogileFS distributed filesystem/ match moneyworks m|^This is MoneyWorks; Server is on Windows\n$| p/MoneyWorks accounting software/ o/Windows/ cpe:/o:microsoft:windows/a match mosmig m|^GET \0\0\0\0TP/1\.0\r\n$| p/OpenMosix Process Migration Service/ o/Linux/ cpe:/o:linux:linux_kernel/a # Wrongly matches SSL in some cases # match msdtc m|^...\0..$|s p/Microsoft Distributed Transaction Coordinator/ o/Windows/ cpe:/o:microsoft:windows/a match msdtc m|^..\x0a\0x\x01$|s p/Microsoft Distributed Transaction Coordinator/ o/Windows/ cpe:/o:microsoft:windows/a match msdtc m|^ERROR\n$|s p/Microsoft Distributed Transaction Coordinator/ i/error/ o/Windows/ cpe:/o:microsoft:windows/a # MLDonkey 2.5 match napster m|^1INVALID REQUEST$| p/MLDonkey multi-network P2P client/ match napster m|^1$| p/WinMX or Lopster Napster P2P client/ match bittorrent-tracker m|^HTTP/1\.1 404 Not Found\r\nServer: MLdonkey\r\nConnection: close\r\nContent-Type: application/x-bittorrent\r\nContentlength: 0\r\n\r\n| p/MLDonkey multi-network P2P client/ match bittorrent-tracker m|^HTTP/1\.1 200 OK\r\nServer: MLdonkey/([\w._-]+)\r\nConnection: close\r\nContent-length: 53\r\n\r\nd14:failure reason31:Failure\(\"Incorrect filename 1\"\)e| p/MLDonkey multi-network P2P client/ v/$1/ match bittorrent-tracker m|^HTTP/1\.1 200 OK\r\nServer: MLdonkey\r\n| p/MLDonkey P2P client http config/ # Don't know the server name for this one. It's the same as the "your file may # exist elsewhere in the universe\nbut alas, not here" under FourOhFourRequest. match bittorrent-tracker m|^HTTP/1\.0 200 OK\r\n.*\nBitTorrent download info\n\n.*tracker version: ([\w._-]+)|s v/$1/ match ndb_mgmd m|^result: Unknown command, 'GET / HTTP/1\.0'\n\n| p/MySQL cluster management server/ v/5.1/ cpe:/a:mysql:mysql:5.1/ # Original path was "/opt/openerp/server/bin/service/netrpc_server\.py\" match net-rpc m|^ 4041\(lp1\ncexceptions\nValueError\np2\n\(S\"invalid literal for int\(\) with base 10: 'GET / HT'\"\np3\ntp4\nRp5\naS'Traceback \(most recent call last\):\\n File \"([\w._/-]+)/netrpc_server\.py\", line 69, in run\\n| p/OpenERP NET-RPC/ i/path: $1/ o/Unix/ match net-rpc m|^ 5051\(lp1\ncexceptions\nException\np2\n\(Vinvalid literal for int\(\) with base 10: 'GET / HT'\np3\ntp4\nRp5\naS'Traceback \(most recent call last\):\\n File \"([\w._/-]+)/netrpc_server\.py\", line 63, in run\\n| p/OpenERP NET-RPC/ i/path: $1/ o/Unix/ match netbios-ssn m=^\x83\0\0\x01\x82|\x8f$= match netwareip m|^\xfb\xff\xfe\xff\xfb\xff\xfe\xff\xfb\xff\xfe\xff$| p|Novell NetWare/IP| o/NetWare/ cpe:/o:novell:netware/a match nimbud-netmon m|^nimbus/([\d.]+) \d+ \d+\r\nmtype| p/Nimsoft Nimbus network monitor/ v/$1/ match ntrip m|^SOURCETABLE 200 OK\r\nServer: NTRIP Caster ([\w._-]+)/([\w._-]+)\r\nContent-Type: text/plain\r\n| p/Ntrip Caster/ v/$1/ i/protocol $2/ match giop m|^GIOP\x01\0\x01\x06\0\0\0\0$| p/omniORB omniNames/ i/Corba naming service/ match obiee m|^\x0c\x01\0\0\x03\0\0\0\x84\0\0\0\[\0n\0Q\0S\0E\0r\0r\0o\0r\0:\0 \x001\x002\x000\x003\x003\0\]\0 \0A\0 \0c\0l\0i\0e\0n\0t\0 \0t\0r\0i\0e\0d\0 \0t\0o\0 \0c\0o\0n\0n\0e\0c\0t\0 \0t\0o\0 \0a\0 \0s\0e\0r\0v\0e\0r\0 \0t\0h\0a\0t\0 \0i\0s\0 \0n\0o\0t\0 \0o\0f\0 \0t\0h\0e\0 \0r\0i\0g\0h\0t\0 \0t\0y\0p\0e\0\.\0\n\0\[\0n\0Q\0S\0E\0r\0r\0o\0r\0:\0 \x004\x003\x001\x001\x003\0\]\0 \0M\0e\0s\0s\0a\0g\0e\0 \0r\0e\0t\0u\0r\0n\0e\0d\0 \0f\0r\0o\0m\0 \0O\0B\0I\0S\0\.\0| p/Oracle BI Server/ match oem-agent m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Close\r\nX-ORCL-EMSV: ([\d.]+)\r\n|s p/Oracle Enterprise Manager Agent httpd/ v/$1/ cpe:/a:oracle:enterprise_manager:$1/ match openerp m|^[ \d]{8}1\(lp1\ncexceptions\nException\np2\n\(Vinvalid literal for int\(\) with base 10: 'GET / HT'\np3\ntp4\nRp5\naS'Traceback \(most recent call last\):\\n File \"(.*?)/openerp/service/netrpc_server\.py\", line 63, in run\\n msg = ts\.myreceive\(\)\\n File \".*?/openerp/tiny_socket\.py\", line 76, in myreceive\\n size = int\(buf\)\\nValueError: invalid literal for int\(\) with base 10: \\'GET / HT\\'\\n'\np6\na\.| p/OpenERP/ v/6.1/ i/install path: $1/ match opinionsquare m|^HTTP/1\.0 505 HTTP Version not supported\r\n\r\n$| p/OpinionSquare application/ # http://documents.opto22.com/1465_OptoMMP_Protocol_Guide.pdf match optommp m|^GET / P\0\0\0\0\0| p/OptoMMP/ # Oracle MTS Recovery Service 9.2.0.1 on Windows 2000 Professional match oracle-mts m|^HTTP/1\.0 200 OK\r\nContent-length: 7\r\n\r\nunknown$| p/Oracle MTS Recovery Service/ # Windows 2003 match oracle-mts m|^HTTP/1\.0 400 Bad Request\r\nContent-length: 15\r\nContent-type: text/html\r\n\r\n400 Bad Request$| p/Oracle MTS Recovery Service/ match oracle-vs m|^\(err \(type xen\.xend\.XendError\.XendError\) \(value 'Invalid operation: GET'\)\)\n$| p/Oracle Virtual Service Agent/ i/Xen/ match oracle-vs m|^\(err \(type \"\"\) \(value 'Invalid operation: GET'\)\)\n$| p/Oracle Virtual Service Agent/ i/Xen/ match ormi m|^\xe3\r\n\r\n\0\x01\0.\0vInvalid protocol verification, illegal ORMI request or request performed with an incompatible version of this protocol|s p/Oracle Remote Method Invocation/ match ormi m|^\xe3\r\n\r\n\0\x01\0\x03\x0b\0vInvalid protocol verification, illegal ORMI request or request performed with an incompatible version of this protocol| p/Oracle Remote Method Invocation/ match ssl/pop3 m|^-ERR \[SYS/PERM\] Fatal error: tls_start_servertls\(\) failed\r\n$| p/Cyrus pop3sd/ cpe:/a:cmu:cyrus_imap_server/ match ssl/pop3 m|^-ERR Fatal error: pop3s: required OpenSSL options not present\r\n| p/Cyrus pop3sd/ cpe:/a:cmu:cyrus_imap_server/ # Postgresql-server-7.3.2-3 match postgresql m|^EFATAL: invalid length of startup packet\n\0$| p/PostgreSQL DB/ cpe:/a:postgresql:postgresql/ match postgrey m|^action=dunno\n\n$| p/Postfix Greylist Daemon/ match powerchute m|^server=&type=0&id=&count=1&oid=[\d.]+&value=&error=4\n| p/APC Powerchute/ d/power-device/ match niprint m|^NIPrint received command: ET / HTTP/1\.0\r\.\r\nThis command is not in LPD specification, ignored\r\nNIPrint received command: \.\r\nThis command is not in LPD specification, ignored\r\n| p/Network Instruments NIPrint network analyzer/ match raop m|^RTSP/1\.0 401 Unauthorized\r\nServer: AirTunes/([\w._-]+)\r\nWWW-Authenticate: Digest realm=\"raop\" nonce=\"\w+\"\r\n\r\n$| p/Apple AirTunes roapd/ v/$1/ i/Apple AirPort Express/ d/WAP/ cpe:/h:apple:airport_express/ match redis m|^-ERR wrong number of arguments for 'get' command\r\n$| p/Redis key-value store/ # Later EMC Retrospect, then Roxio Retrospect, then Retrospect, Inc. Retrospect match retrospect m|^\0\xca\0\0\0\0\0\x04\0\0\0\0$| p/Dantz Retrospect/ v/6.0/ cpe:/a:dantz:retrospect:6.0/ # http://www.librelp.com/relp.html match relp m|^0 serverclose 0\n$| p/Reliable Event Logging Protocol/ match rfidquery m|^Error 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\nError 0 parse error\n\n$| p/Mercury3 RFID Query protocol/ match rtsp m|^RTSP/1.0 400 Bad Request\r\nServer: DSS/([-.\w]+) \[(v\d+)]-(\w+)\r\n| p/DarwinStreamingServer/ v/$1/ i/$2 on $3/ match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+ \[v\d+\]-Win32)\r\nCseq: \r\n| p/Apple QuickTime Streaming Server/ v/$1/ o/Windows/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:microsoft:windows/a match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+ \[\d+\]-Linux)\r\nCseq: \r\n| p/Apple QuickTime Streaming Server/ v/$1/ o/Linux/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:linux:linux_kernel/a match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+) \(Build/([\d.]+); Platform/MacOSX; ([^)]*); \)\r\n| p/Apple QuickTime Streaming Server/ v/$1 build $2/ i/$3/ o/Mac OS X/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:apple:mac_os_x/a match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/([\d.]+) \(Build/([\d.]+); Platform/MacOSX\)\r\n| p/Apple QuickTime Streaming Server/ v/$1 build $2/ o/Mac OS X/ cpe:/a:apple:quicktime_streaming_server:$1/ cpe:/o:apple:mac_os_x/a match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: QTSS/v([\d.]+)\r\nCseq: \r\nConnection: Close\r\n\r\n| p/Apple QuickTime Streaming Server/ v/$1/ cpe:/a:apple:quicktime_streaming_server:$1/ match rtsp m|^RTSP/1\.0 505 Protocol Version Not Supported\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1/a cpe:/o:microsoft:windows/a match rtsp m|^RTSP/1\.0 505 Vers\xc3\xa3o do Protocolo sem Suporte\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ i/Portuguese/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1:::pt/ cpe:/o:microsoft:windows/a match rtsp m|^RTSP/1\.0 505 Vers\xc3\xa3o de protocolo n\xc3\xa3o suportada\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ i/Portuguese/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1:::pt/ cpe:/o:microsoft:windows/a match rtsp m|^RTSP/1\.0 505 Versi\xc3\xb3n del protocolo no compatible\r\nDate: .*\r\nServer: WMServer/([\w._-]+)\r\n\r\n$| p/Microsoft Windows Media Services/ v/$1/ i/Spanish/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1:::es/ cpe:/o:microsoft:windows/a match rtsp m|^RTSP/1\.0 505 RTSP Version not supported\r\nCseq: \d+\r\nServer: fbxrtspd/([\d.]+) Freebox minimal RTSP server\r\n\r\n| p/Freebox minimal rtspd/ v/$1/ d/media device/ match rtsp m|^RTSP/1\.0 400 Bad Request\r\nCseq: \d+\r\nServer: fbxrtspd/([\w._-]+) Freebox RTSP server\r\n| p/Freebox rtspd/ v/$1/ d/media device/ match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nAllow: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, STATS\r\n\r\n| p/MediaPortal TV-Server rtspd/ d/media device/ match rtsp m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nWWW-Authenticate: Basic realm=\"server\r\nContent-Length: 166\r\n| p/Avtech MPEG4 DVR control rtspd/ match rtsp m|^RTSP/1\.0 400 Bad Request\r\nDate: .*\r\nallow: OPTIONS, DESCRIBE, SETUP, PLAY, TEARDOWN, SET_PARAMETER\r\n\r\n$| p/ACTi E32 webcam rtspd/ d/webcam/ cpe:/h:acti:e32/ match rtsp m|^HTTP/1\.0 503 Service Unavailable\r\nServer: GStreamer RTSP Server\r\nConnection: close\r\nCache-Control: no-store\r\nPragma: no-cache\r\nDate: .*\r\n\r\n$| p/GStreamer rtspd/ # Example i/Win32; Windows NT 6.1/ match rtsp m|^RTSP/1\.0 400 Bad Request\r\nServer: Microsoft Application Virtualization Server/([\w._-]+) \[([^]]+)\]\r\nDate: .*\r\n\r\n| p/Microsoft Application Virtualization Server rtspd/ v/$1/ i/$2/ o/Windows/ cpe:/o:microsoft:windows/a match sassafras m|^/0 0 ([-\w_.]+)\r\n/0 0 HUH\r\n| p/Sassafras Key Server/ h/$1/ match seti-proxy m|^HTTP/1\.0 200 OK\r\nServer: SetiQueue/(\d+)\r\n| p/SetiQueue SETI@Home proxy/ v/$1/ match shell m|^\x01INTERnet ACP Error Status = %SYSTEM-F-TOOMUCHDATA\r\n\0$| p/OpenVMS shelld/ o/OpenVMS/ cpe:/o:hp:openvms/a # SHOUTcast Distributed Network Audio: www.shoutcast.com match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/posix\(linux x86\) v([\w._-]+)
          \r\n.*icy-name:([^\r\n]*)\r\n.*icy-genre:([^\r\n]*)\r\n.*icy-url:([^\r\n]*)\r\n.*icy-br:(\d+)\r\n|s p/SHOUTcast server/ v/$1/ i/stream name: $2; genre: $3; URL: $4; bitrate: $5/ o/Linux/ cpe:/a:shoutcast:dnas:$1/a cpe:/o:linux:linux_kernel/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/Linux.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/win32.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/SolarisSparc.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Solaris/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:sun:sunos/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/FreeBSD.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/FreeBSD/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:freebsd:freebsd/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/posix.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Unix/ cpe:/a:shoutcast:dnas:$1/ match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/MacOS_X.v([\d.]+).*icy-name:(.*?)\r\n|s p/SHOUTcast server/ v/$1/ i/Name: $2/ o/Mac OS X/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:apple:mac_os_x/a match shoutcast m|^ICY 401 Service Unavailable\r\n.*SHOUTcast Distributed Network Audio Server/UNIX OS-3 v([\d.]+)| p/SHOUTcast server/ v/$1/ o/Unix/ cpe:/a:shoutcast:dnas:$1/ match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/Linux.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/win32.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/SolarisSparc.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Solaris/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:sun:sunos/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/FreeBSD.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/FreeBSD/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:freebsd:freebsd/a match shoutcast m|^ICY 200 OK\r\n.*SHOUTcast Distributed Network Audio Server/posix.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Unix/ cpe:/a:shoutcast:dnas:$1/ match shoutcast m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/Linux.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Linux/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:linux:linux_kernel/a match shoutcast m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/win32.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Windows/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:microsoft:windows/a match shoutcast m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/SolarisSparc.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Solaris/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:sun:sunos/a match shoutcast m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/FreeBSD.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/FreeBSD/ cpe:/a:shoutcast:dnas:$1/ cpe:/o:freebsd:freebsd/a match shoutcast m|^ICY \d\d\d .*SHOUTcast Distributed Network Audio Server/posix.v([\d.]+)|s p/SHOUTcast server/ v/$1/ o/Unix/ cpe:/a:shoutcast:dnas:$1/ match shoutcast m|^invalid password\r\n$| p/SHOUTcast server/ cpe:/a:shoutcast:dnas/a match shoutirc m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n\r\n

          ShoutIRC Bot ([\w._-]+)

          This is not a web server port, it is for use only by clients supporting the Remote Protocol!| p/ShoutIRC Bot/ v/$1/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box Fon WLAN ([\d.]+) ([^\r\n]+)\r\n| p/AVM FRITZ!Box WLAN $1/ v/$2/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box Fon (\w+) \(UI\) ([^\r\n]+)\r\n| p/AVM FRITZ!Box $1/ v/$2/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box Fon ([^\r\n]+)\r\n|s p/AVM FRITZ!Box/ v/$1/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM FRITZ!Box WLAN ([\d.]+) ([^\r\n]+)\r\n| p/AVM FRITZ!Box WLAN $1/ v/$2/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM FRITZ!Fon ([\w_-]+) ([^\r\n]+)\r\n| p/AVM FRITZ!Fon $1/ v/$2/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: FRITZ!OS\r\nContent-Length: 0\r\n\r\n| p/AVM FRITZ!OS SIP/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM Speedport (W \w+) ([^\r\n]+)\r\n| p/Speedport $1/ v/$2/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: AVM Sinus (W \w+) ([^\r\n]+)\r\n| p/AVM Sinus $1/ v/$2/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Illegal request line\r\nFrom: \r\nTo: ;tag=badrequest\r\nUser-Agent: Speedport (W \w+) ([^\r\n]+)\r\n| p/T-Com Speedport $1/ v/$2/ d/VoIP adapter/ match slimp3 m|^GET %2[Ff] HTTP%2[Ff]1\.0\n$| p/SliMP3 MP3 player/ i|http://www.slimdevices.com| match soap m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"gSOAP_Web_Service\",.*Server: gSOAP/([\d.]+)\r\n.*ClientHTTP Error: 401 Unauthorized|s p/gSOAP soap/ v/$1/ i/Sagem F@st 3464 WAP soap/ d/WAP/ match soap m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"realtek\.com\.tw\", qop=\"auth\", nonce=\"[0-9a-f]+\", opaque=\"[0-9a-f]+\"\r\nServer: gSOAP/([\w._-]+)\r\n| p/gSOAP soap/ v/$1/ match soap m|^HTTP/1\.1 \d\d\d .*\r\nServer: gSOAP/([\d.]+)\r\n|s p/gSOAP soap/ v/$1/ match soap m|^HTTP/1\.1 200 OK\r\nServer: SCS\r\nContent-Type: text/html; charset=utf-8\r\n.*

          ServerView Remote Connector - Provider V([\w._-]+)

          |s p/Fujitsu ServerView Remote Connector soap/ v/$1/ cpe:/a:fujitsu:serverview_operations_manager:$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: SCS\r\nContent-Type: text/html; charset=utf-8\r\n.*

          ServerView Remote Connector Service V([\w._-]+)

          |s p/Fujitsu ServerView Remote Connector soap/ v/$1/ cpe:/a:fujitsu:serverview_operations_manager:$1/ match soap m|^HTTP/1\.0 500 Internal Server Error\r\nServer: gSOAP/([\w._-]+)\r\n.* xmlns:gmmiws=\"https://([\w._-]+):\d+/glsinternal\.wsdl\" .*HTTP GET method not implemented|s p/gSOAP soap/ v/$1/ i/Good Messaging Server gddomsyncsrv/ h/$2/ match soap m|^HTTP/1\.0 500 Internal Server Error\r\nServer: gSOAP/([\w._-]+)\r\n.* xmlns:pushws=\"https://([\w._-]+):\d+/pushws\">.*HTTP GET method not implemented|s p/gSOAP soap/ v/$1/ i/Good Messaging Server gdpushproc/ h/$2/ match soap m|^HTTP/1\.1 405 Method Not Allowed\r\nDate:\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\r\nContent-Type: application/soap\+xml; charset=\"utf-8\"\r\n\r\n$| p/Dell 1130n printer soap/ d/printer/ cpe:/h:dell:1130n/ match soap m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8: \r\nConnection: close\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\" standalone=\"yes\"\?>.*Xtreme N GIGABIT Router(DIR-655) \w+([^<]+)|s p/D-Link $1 soap/ v/$2/ d/WAP/ cpe:/h:dlink:$1/ match soap m|^HTTP/1\.1 200 OK\r\nContent-Type: text/xml; charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>.*(SMC\w+)\nV([\w._-]+)|s p/SMC $1 Barricade WAP soap/ v/$2/ d/WAP/ cpe:/h:smc:$1:$2/ match smtp m|^220 ([\w._-]+)\r\n500 5\.5\.1 Unrecognized command\r\n| p/SoftStack Free SMTP Server/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/ # spamd 2.20-1woody match spamassassin m|^SPAMD/1\.0 76 Bad header line: GET / HTTP/1\.0\r\r?\n| p/SpamAssassin spamd/ cpe:/a:apache:spamassassin/ # TLS 1.0 Alert (0x21), Fatal (0x02), Unexpected message (0x0a) match ssl m|^\x15\x03\x01\0\x02\x02\x0a$| p/TLS/ v/1.0/ match http m|^HTTP/1\.1 405 Method Not Allowed\r\nDate:0000-01-01T18:54:43\r\nContent-Type: application/soap\+xml; charset=\"utf-8\"\r\n\r\n$| p/Samsung CLX-3175FW printer SOAP over HTTP/ d/printer/ cpe:/h:samsung:clx-3175fw/a match speech m|^ER\nLP\n#\nft_StUfF_keyOK\nER\n$| p/Festival Speech Synthesis System/ match sphinx-search m|^\x01\0\0\0\0\x01\0\0\0\0\0 \0\0\0\x1cunknown command \(code=\d+\)| p/Sphinx Search daemon/ # No idea if this is general enough match sopcast m|^HTTP/1\.0 200 OK\r\n\r\n0&\xb2u\x8ef\xcf\x11\xa6\xd9\0| p/SopCast P2P/ match tcpmux m|^-Service not available\r\n$| match telnet m|^\xff\xfb\x01\xff\xfe\"\n\r\tNetDSL Copyright by ARESCOM 2003\n\r\n\r\n\rUsername:GET / HTTP/1\.0\r\n\n\rPassword:\r\n\n\rUsername:| p/ARESCOM NetDSL 1000 router/ d/router/ match telnet m|^\xff\xfb\x03\xff\xfb\x01\xff\xfbi\r\n\tWelcome to Magicunix's TCP Server\.\r\n\r\n\r\nLogin: P/1\.0\r\nPassword: \r\nLogin incorrect\r\nLogin: | p/MagicUnix telnetd/ match telnet m|^\xff\xfb\x03\xff\xfb\x01\r\n\r\n\x07HP ([\w+]+) AdvanceStack 10BT Switching Hub Management Module\r\n| p/HP $1 switch telnetd/ d/switch/ cpe:/h:hp:$1/a match telnet m|^\xff\xfb\x01\r\n-> GET / HTTP/1\.0\r\nGET / HTTP/1\.0\r\nundefined symbol: GET\r\n-> \r\n-> | p/Konica Minolta Magicolor 2300 DL printer telnetd/ d/printer/ match telnet m|^\xff\xfe\x01Login to server\. \r\nUsername: ET / HTTP/1\.0\r\nPassword: \r\nLogin to server\. \r\nUsername:| p/EFCMService telnetd/ o/Windows/ cpe:/o:microsoft:windows/a match telnet m|^\xff\xfc\"\xff\xfb\x03\xff\xfb\x01\r\n\r\nWelcome to C A N O P Y CMM Micro\.\r\n\r\nPress Enter to Continue\.\.\.\r\n\r\nLogin: \r\nPassword: | p/Motorola Canopy cluster management module telnetd/ o/eCos/ match telnet m|^\xff\xfb\x01\xff\xfd\x01\xff\xfb\x03\xff\xfd\x03\xff\xfb\x05\xff\xfd\x05/---------\\\r\nC A N O P Y\r\n\r\n Motorola Broadband Wireless Technology Center\r\n\(Copyright 2001-20\d\d Motorola (?:Solutions )?Inc\.\)\r\n\r\n\r\n\r\nLogin: | p/Motorola Canopy Subscriber Module telnetd/ match telnet m|^\xff\xfb\x01\xff\xfb\x03telnet@CER(\w+)>GET / HTTP/1\.0\r\nInvalid input -> GET / HTTP/1\.0\r\nType \? for a list\r\n| p/NetIron CER $1 switch telnetd/ d/switch/ match telnet m|^BAD_COMMAND\n| p/Lotus Domino Console/ cpe:/a:ibm:lotus_domino/ match telnet m|^\xff\xfb\x01\xff\xfb\x03$| p/Pocket CMD telnetd/ match telnet m|^\xff\xfe\x01\r\n\r\n\+============================================================================\+\r\n\x7c \[ Rack Monitor Configuration Utility Main Menu \] \x7c\r\n\+============================================================================\+\r\n\r\nEnter Password: | p/Eaton Powerware Environmental Rack Monitor telnetd/ d/power-misc/ match telnet m|^\xff\xfb\x01\r\nMGI Login: GET / HTTP/1\.0\r\n\r\nPassword: \r\nLogin incorrect\r\n\r\nMGI Login: | p/Samsung PBX telnetd/ d/PBX/ match telnet m|^\xff\xfb\0\*\*\*\*\*\*\*\*\*\*\*\*\*\*\r\n\r\nD-Link Access Point login: | p/D-Link DWL-3200AP WAP telnetd/ d/WAP/ cpe:/h:dlink:dwl-3200ap/ match telnet m|^\r\n\xff\xfb\x01\xff\xfb\x03\r\nUser:GET / HTTP/1\.0\r\nPassword:\r\nUser:| p/Dell OpenManage telnetd/ cpe:/a:dell:openmanage_baseboard_management_controller_utilities/ match telnet m|^\n\rError 0xf802: Command not recognized\.\r\n| p/Quatech Airborne CLI server/ d/bridge/ # The Onion Router match tor-socks m|^HTTP/1\.0 501 Tor is not an HTTP Proxy\r\n| p/Tor SOCKS proxy/ cpe:/a:torproject:tor/ match tor-info m|^HTTP/1\.0 \d\d\d .*\r\nContent-Encoding: identity\r\n.*signed-directory\npublished .*\nrecommended-software|s p/Tor nodes info httpd/ cpe:/a:torproject:tor/ match tor-info m|^HTTP/1\.0 503 Directory busy, try again later\r\n\r\n$| p/Tor nodes info httpd/ cpe:/a:torproject:tor/ match utsessiond m|^ERR/InvalidCommand\n$| p/Sun Ray utsessiond/ cpe:/a:sun:ray_server_software/ match utsvc m|^protocolErrorInf error=Missing\\040hw\\040string\\040from\\040:\\040null\.\\040Check\\040hardware state=disconnected\n| p/Sun Ray utsvcd/ cpe:/a:sun:ray_server_software/ match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: (UPnP/[\d.]+ DLNADOC/[\d.]+) Platinum/([\d.]+)\r\n\r\n|s p/Platinum UPnP/ v/$2/ i/$1/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Linux-amd64-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Linux $1; UPnP $2/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Linux-([\w_.-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Linux $1; UPnP $2/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Windows_XP-([\w_.-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows XP $1; UPnP $2/ d/media device/ o/Windows XP/ cpe:/o:microsoft:windows_xp:$1/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Windows_Vista-x86-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows Vista $1; UPnP $2/ d/media device/ o/Windows Vista/ cpe:/o:microsoft:windows_vista:$1::x32/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Windows_Vista-x86_64-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows Vista $1; UPnP $2/ d/media device/ o/Windows Vista/ cpe:/o:microsoft:windows_vista:$1::x64/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Windows_7-x86-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows 7 $1; UPnP $2/ d/media device/ o/Windows 7/ cpe:/o:microsoft:windows_7:$1::x32/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Windows_7-x86_64-([\w._-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Windows 7 $1; UPnP $2/ d/media device/ o/Windows 7/ cpe:/o:microsoft:windows_7:$1::x64/ match upnp m|^HTTP/1\.[01] 200 OK\r\n.*Server: Mac_OS_X-x86_64-([\w_.-]+), UPnP/([\d.]+), PMS/(.*?)\r\n|s p/PS3 Media Server UPnP/ v/$3/ i/Mac OS X $1; UPnP $2/ d/media device/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match upnp m|^HTTP/1\.0 200 .*\r\n.*Server: Linux/([\w_.-]+), UPnP/([\w_.-]+), Free UPnP Entertainment Service/ReadyNAS\r\n|s p/FUPPES UPnP media server/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 200 OK\r\n.*Server: Linux/([\w_.-]+), UPnP/([\w_.-]+), Free UPnP Entertainment Service/([^\r\n]+)\r\n|s p/FUPPES UPnP media server/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 200 OK\r\n.*Server: FreeBSD/([\w_.-]+), UPnP/([\w_.-]+), Free UPnP Entertainment Service/([^\r\n]+)\r\n|s p/FUPPES UPnP media server/ v/$3/ i/FreeBSD $1; UPnP $2/ o/FreeBSD/ cpe:/o:freebsd:freebsd:$1/ match upnp m|^HTTP/1\.1 500 Internal Server Error\r\nSERVER: ipOS/([\d.]+) UPnP/([\d.]+) ipUPnP/([\d.]+)\r\n| p/ipOS upnpd/ i/D-Link WAP dynamic DNS; UPnP $2; ipUPnP $3/ d/WAP/ o/ipOS $1/ cpe:/o:ubicom:ipos:$1/ match upnp m|^HTTP/1\.1 400 Bad Request\r\nSERVER: ipOS/([\d.]+) UPnP/([\d.]+) ipGENADevice/([\d.]+)\r\n| p/ipOS upnpd/ i/D-Link DGL-4300 gaming router; UPnP $2; ipGENADevice $3/ d/broadband router/ o/ipOS $1/ cpe:/h:d-link:dgl-4300/ cpe:/o:ubicom:ipos:$1/ match upnp m=^HTTP/1\.0 \d\d\d .*\r\nSERVER: ipos/([\w._-]+) +UPnP/([\d.]+) (?:ADSL2\+ Router )?(TL-\w+|TD-\w+)/([\w._/-]+)\r\n= p/ipOS upnpd/ i/TP-LINK $3 WAP $4; UPnP $2/ d/WAP/ o/ipOS $1/ cpe:/h:tp-link:$4/ cpe:/o:ubicom:ipos:$1/ match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: Linux/([\w._+-]+), UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: Linux/([\w._+-]+) UPnP/([\d.]+) DLNADOC/([\d.]+) Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$4/ i/Linux $1; DLNADOC $3; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Linux/([\w._+-]+) DLNADOC/([\d.]+) UPnP/([\d.]+) MiniDLNA/([\w._-]+)\r\n|s p/MiniDLNA/ v/$4/ i/Linux $1; DLNADOC $2; UPnP $3/ o/Linux/ cpe:/a:minidlna:minidlna:$4/a cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 500 Internal Server Error\r\nSERVER: ([\w._-]+\.7601) 2/Service Pack (\d+), UPnP/([\w._-]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$4/ i/UPnP $3/ o/Windows 7 SP$2 build $1/ cpe:/o:microsoft:windows_7/a match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ([56]\.[\d. ]+)/, UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$3/ i/Windows $1; UPnP $2/ o/Windows/ cpe:/o:microsoft:windows/a match upnp m|^HTTP/1\.0 \d\d\d .*\r\nSERVER: ([56]\.[\d. ]+)/Service Pack (\d+), UPnP/([\d.]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Portable SDK for UPnP devices/ v/$4/ i/Windows $1 (SP$2); UPnP $3/ o/Windows/ cpe:/o:microsoft:windows/a match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux/([-+\w_.]+), UPnP/([\d.]+), Intel SDK for UPnP devices ?/([\w._~-]+)\r\n|s p/Intel UPnP reference SDK/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux/([-+\w_.]+) UPnP/([\d.]+) DLNADOC/([\w._-]+) Intel_SDK_for_UPnP_devices/([\w._~-]+)\r\n|s p/Intel UPnP reference SDK/ v/$4/ i/Linux $1; UPnP $2; DLNADOC $3/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Linux, UPnP/([\d.]+), Intel SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Intel UPnP reference SDK/ v/$2/ i/UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/a match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Darwin/([\w._+-]+), UPnP/([\w._-]+), Portable SDK for UPnP devices/([\w._~-]+)\r\n| p/Intel UPnP reference SDK/ v/$3/ i/Mac OS X $1; UPnP $2/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nSERVER: Windows2000/0\.0 UPnP/([\w._+-]+) PhilipsIntelSDK/([\w._-]+) DLNADOC/([\w._-]+)\r\n| p/Philips Intel UPnP SDK/ v/$2/ i/Philips Smart TV; UPnP $1; DLNADOC $3/ d/media device/ match upnp m|^HTTP/1\.[01] \d\d\d .*\r\nCONTENT-TYPE: text/xml\r\nContent-Length: .*Xbox 360.*(\w+)|s p/Xbox 360 XML UPnP/ i/Serial number $1/ d/game console/ o/Xbox 360/ cpe:/h:microsoft:xbox_360_kernel/ match upnp m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nConnection: close\r\nServer: Microsoft-Windows-NT/(\d[-.\w]+) UPnP/(\d[-.\w]+) UPnP-Device-Host/(\d[-.\w]+)\r\n| p/Microsoft Windows UPnP/ v/$2/ i/UPnP Device Host: $3/ o/Windows NT $1/ cpe:/o:microsoft:windows_nt:$1/ match upnp m|^HTTP/1\.1 200 .*\r\nSERVER: Linux/([\w._+-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 200 .*\r\nSERVER: Darwin/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/Darwin $1; UPnP $2/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: FreeBSD/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/FreeBSD $1; UPnP $2/ o/FreeBSD/ cpe:/o:freebsd:freebsd:$1/ match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: OpenBSD/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/OpenBSD $1; UPnP $2/ o/OpenBSD/ cpe:/o:openbsd:openbsd:$1/ match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: SunOS/([\w._-]+), UPnP/([\d.]+), MediaTomb/([\w._-]+)\r\n|s p/MediaTomb UPnP/ v/$3/ i/SunOS $1; UPnP $2/ o/Solaris/ cpe:/o:sun:sunos:$1/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; SDK $3/ cpe:/a:packetvideo:twonky/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), TwonkyMedia UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; SDK $3/ cpe:/a:packetvideo:twonky/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: *Linux/([\w._-]+), UPnP/([\w._-]+), TwonkyVision UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux $1; UPnP $2; SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; Twonky SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/ match upnp m=^HTTP/1\.1 \d\d\d .*Server: *Linux/([\w._-]+), UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n.*(?:TwonkyMedia|TwonkyMedia server media browser|TwonkyVision Configuration)=s p/TwonkyMedia UPnP/ i/Linux $1; UPnP $2; pvConnect SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: *Linux/([\w._-]+), UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n.*MediaServer Restriced Access|s p/TwonkyMedia UPnP/ i/Iomega Home Media NAS device; Linux $1; UPnP $2; pvConnect SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), TwonkyMedia UPnP SDK/([\w._-]+)\r\n\r\n|s p/TwonkyMedia UPnP/ i/Linux 2.X.X; UPnP $1; pvConnect SDK $2; SDK $3/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/ match upnp m|^HTTP/1\.1 401 Unauthorised\r\n.*WWW-Authenticate: Digest realm=\"([\w._-]+)\", nonce=\"\w+\", algorigthm=MD5, qop=\"auth\" \n.*Server: *Linux/2\.x\.x, UPnP/([\d.]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux; UPnP $2; pvConnect SDK $3; SDK $4/ o/Linux/ h/$1/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n\r\n|s p/TwonkyMedia UPnP/ i/Linux 2.X.X; UPnP $1; pvConnect SDK $2/ o/Linux/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: Windows NT/[\w._-]+, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), TwonkyMedia UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/UPnP $1; pvConnect SDK $2; SDK $3/ o/Windows NT/ cpe:/a:packetvideo:twonky/ cpe:/o:microsoft:windows_nt/ match upnp m|^HTTP/1\.1 401 Unauthorised\r\n.*WWW-Authenticate: Basic realm=\"([\w._-]+)\"\n.*Server: *Linux/2\.x\.x, UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+), Twonky UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux 2.X; UPnP $2; pvConnect SDK $3; SDK $4/ o/Linux/ h/$1/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:2/ match upnp m|^HTTP/1\.1 401 Unauthorised\r\n.*WWW-Authenticate: Basic realm=\"([\w._-]+)\"\n.*Server: *Linux/([\w._-]+), UPnP/([\w._-]+), pvConnect UPnP SDK/([\w._-]+)\r\n|s p/TwonkyMedia UPnP/ i/Linux $2; UPnP $3; pvConnect SDK $4/ o/Linux/ h/$1/ cpe:/a:packetvideo:twonky/ cpe:/o:linux:linux_kernel:$2/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nContent-Type: text/xml; charset=\"UTF-8\"\r\nServer: Orb Media Server, WINDOWS, UPnP/([\w._-]+), Intel MicroStack/([\w._-]+)\r\n| p/Orb Media Server UPnP/ i/UPnP $1; Intel MicroStack $2/ o/Windows/ cpe:/o:microsoft:windows/a match upnp m|^HTTP/1\.0 \d\d\d .*\r\nServer: OpenWRT/kamikaze UPnP/([\w._-]+) miniupnpd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/OpenWrt Kamikaze; UPnP $1/ d/broadband router/ o/Linux/ cpe:/a:miniupnp_project:miniupnpd:$2/a cpe:/o:linux:linux_kernel/a match upnp m|^HTTP/1\.0 404 Not Found\r\n.*Server: neufbox UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$2/ i/Neuf Box router; UPnP $1/ d/router/ cpe:/a:miniupnp_project:miniupnpd:$2/a match upnp m|^HTTP/1\.0 404 Not Found\r\n.*Server: DrayTek/Vigor(\w+) UPnP/([\w._-]+) MiniUPnPd/([\w._-]+)\r\n|s p/MiniUPnP/ v/$3/ i/DrayTek Vigor $1 router; UPnP $2/ d/router/ cpe:/a:miniupnp_project:miniupnpd:$3/a cpe:/h:draytek:vigor_$1/a match upnp m|^HTTP/1\.0 200 OK\r\n.*Server: Linux,([\w._-]+),UPnP/([\w._-]+),Coherence UPnP framework,([\w._-]+)\r\n|s p/Coherence UPnP framework/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/a match upnp m|^HTTP/1\.[01] 404 Not Found\r\n.*Server: Netgem/([\d.]+) \(NeufboxTV UPnPServer\)\r\n|s p/Netgem UPnP/ v/$1/ i/Neuf Box TV/ d/media device/ match upnp m|^HTTP/1\.1 200 OK\r\n.*Server: WINDOWS, UPnP/([\d.]+), Intel MicroStack/([\d.]+)\r\n.*(DMS-[\d.]+).*([\w._-]+): MediaServer.*Wistron.*WiDMS|s p/Intel MicroStack UPnP/ v/$2/ i/Wistron Digital Media Server $3; UPnP $1/ o/Windows/ h/$4/ cpe:/o:microsoft:windows/a match upnp m|^HTTP/1\.1 400 Bad Request\r\nServer: Linux, UPnP/([\d.]+), (DIR-[\w+]+) Ver ([\w._-]+)\r\n| p/D-Link $2 WAP UPnP/ v/$3/ i/UPnP $1/ d/WAP/ o/Linux/ cpe:/h:d-link:$2/ cpe:/o:linux:linux_kernel/a match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: FAST Router (\w+) Router, UPnP/([\w.]+)\r\n| p/FAST $1 router UPnP $2/ d/router/ match upnp m|^HTTP/1\.0 \d\d\d .*SERVER: Linux/([\w._-]+) UPnP/([\w._-]+) myigd/([\w._-]+)\r\n|s p/myigd/ v/$3/ i/Linksys WAG354G router; Linux $1; UPnP $2/ d/WAP/ o/Linux/ cpe:/h:linksys:wag354g/a cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 \d\d\d .*SERVER: Linux/([\w._-]+), UPnP/([\w._-]+), Everest/([\w._-]+)\r\n|s p/Everest/ v/$3/ i/Pelco Spectra Mini IP webcam; Linux $1; UPnP $2/ d/webcam/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 404 Bad Request\r\nCONTENT-LENGTH: 0\r\nCONTENT-TYPE: text/html\r\n\r\n$| p/SuperMicro IPMI UPnP/ cpe:/o:supermicro:intelligent_platform_management_firmware/ match upnp m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/([-.\w]+)\r\n| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/ReplayTV UPnP; UPnP $1/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*Server: RomPager/([\w.]+) UPnP/([\w.]+)\r\n\r\n\n.*ZyXEL Prestige Router|s p/Allegro RomPager/ v/$1/ i/ZyXEL Prestige router UPnP; UPnP $2/ d/router/ cpe:/a:allegro:rompager:$1/ match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: NT/([\d.]+) UPnP/([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n\r\n\r\nHotBrick Load Balancer ([-\w_.]+)\r\n| p/NT httpd/ v/$1/ i/HotBrick Load Balancer $3 UPnP; UPnP $2/ d/load balancer/ match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: NT/([\d.]+) UPnP/([\d.]+)\r\nDate: .*\r\nContent-type: text/html\r\n\r\n\r\n\r\nHotBrick Firewall VPN ([-\w_./]+)| p/NT httpd/ v/$1/ i/HotBrick Firewall VPN $3 UPnP; UPnP $2/ d/firewall/ match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nContent-Length: .*\r\n\r\nActiontec\n|s p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/ActionTec DSL UPnP; UPnP $1/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n\nADSL VPN Firewall Router| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion 741GE ADSL router UPnP; UPnP $1/ d/router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a cpe:/h:billion:741ge/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n\n\nADSL Configuration Page\n| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/Telewell 715 DSL router UPnP; UPnP $1/ d/router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a cpe:/h:telewell:715/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\d.]+) UPnP/([\d.]+) BRCM400/([\d.]+)\r\n| p|Belkin/Linksys wireless router UPnP| i/UPnP $2; BRCM400 $3/ d/router/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\n.*CopperJet ([-\w+/.]+) Router VoATM|s p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/CopperJet $3 VoATM router UPnP; UPnP $1/ d/router/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/[\d.]+ UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\n.*\nWireless ADSL VPN Firewall Router\n|s p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion BIPAC-743GE V1 ADSL WAP UPnP; UPnP $1/ d/WAP/ match upnp m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Nucleus/([\d.]+) UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nLocation: http://[\d.]+/hag/pages/home\.htm\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i|Huawei/Intracom ADSL router UPnP; UPnP $2; Nucleus $1| d/broadband router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n\nADSL -modem/firewall/switch/WLAN -AP\n| p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Telewell TW-EA2000 ADSL modem UPnP; UPnP $1/ d/WAP/ match upnp m|^HTTP/1\.1 \d\d\d .*Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*Siemens ([\w._ -]+) Router|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Siemens $3 router UPnP; UPnP $1/ d/router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:siemens:$3/a match upnp m|^HTTP/1\.1 200 OK\r\n.*Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*Zoom - USB Endpoint.*Zoom DSL Modem Web-Console|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Zoom A6 ADSL modem UPnP; UPnP $1/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:zoom:a6/a match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: Unknown/0\.0 UPnP/([\d.]+) GlobespanVirata-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nWWW-Authenticate: Basic realm=\"WebAdmin\"\r\n\r\n\n\n\n\n\n\n\nAuthentication failed\n\n\n\n\n| p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Xavi 7768r WAP UPnP; UPnP $1/ d/WAP/ match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Web Server\r\n.*MT882 ADSL Router|s p/Huawei SmartAX MT882 ADSL router UPnP/ i/UPnP $1/ d/broadband router/ cpe:/h:huawei:smartax_mt882/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Nucleus/([-\w_.]+) UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"MT882\"\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i/Huawei SmartAX MT882 ADSL router UPnP; UPnP $2; Nucleus $1/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a cpe:/h:huawei:smartax_mt882/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Nucleus/([\d.]+) UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\nWWW-Authenticate: Basic realm=\"Viking\"\r\n\r\n401 Unauthorized\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i/Viking router UPnP; UPnP $2; Nucleus $1/ d/router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*VoIP/802\.11g ADSL2\+ Firewall Router\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i|Billion ADSL/WAP/VoIP router UPnP; UPnP $1| d/router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 200 OK\r\n.*Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*Zoom - USB Endpoint.*Zoom DSL Modem Web-Console|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Zoom A6 ADSL modem UPnP; UPnP $1/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:zoom:a6/a match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: .*\nHuawei xDSL\r\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i|Huawei ADSL/WAP/VoIP router UPnP; UPnP $1| d/router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 200 OK\r\n.*Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*VoIP/802\.11g ADSL2\+ Firewall Router|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion 800VGT ADSL router UPnP; UPnP $1/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a cpe:/h:billion:800vgt/a match upnp m|^HTTP/1\.1 \d\d\d .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/R([\d_]+)\r\n.*Wireless ADSL Router Control Panel|s p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/Eminent EM4104 WAP UPnP; UPnP $1/ d/WAP/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 200 OK\r\n.*Server: ISOS/([-\w_.]+) UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n.*Scarlet One|s p/Conexant-EmWeb/ v/$SUBST(3,"_",".")/ i/Scarlet One UPnP; UPnP $2; ISOS $1/ d/VoIP adapter/ cpe:/a:conexant:emweb:$SUBST(3,"_",".")/a match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: ISOS/([-\w_.]+) UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n| p/Conexant-EmWeb/ v/$SUBST(3,"_",".")/ i/ISOS $1; UPnP $2/ d/broadband router/ cpe:/a:conexant:emweb:$SUBST(3,"_",".")/a match upnp m|^HTTP/1\.1 404 Not Found\r\nCONTENT-LENGTH: 48\r\nDATE: .*\r\nSERVER: Linux/6\.0 UPnP/([\d.]+) Intel UPnP/([\d.]+)\r\n\r\n

          404 Not Found

          $| p/Linksys WVC54GC webcam UPnP/ i/UPnP $1; Intel UPnP $2/ d/webcam/ o/Linux/ cpe:/h:linksys:wvc54gc/ cpe:/o:linux:linux_kernel/a match upnp m|^HTTP/1\.1 200 OK\r\nServer: Unknown/0\.0 UPnP/([\w._-]+) GlobespanVirata-EmWeb/R([\w._-]+)\r\n.*JetSpeed 500 i|s p/GlobespanVirata-EmWeb/ v/$SUBST(2,"_",".")/ i/Intracom JetSpeed 500i UPnP; UPnP $1/ d/broadband router/ match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: Nucleus/([\w._-]+) UPnP/([\w._-]+) Virata-EmWeb/R([\w._-]+)\r\nWWW-Authenticate: Basic realm=\"MT880\"\r\n\r\n\r\n| p/Virata-EmWeb/ v/$SUBST(3,"_",".")/ i/Huawei SmartAX MT880 DSL modem UPnP; UPnP $2; Nucleus $1/ d/broadband router/ cpe:/a:virata:emweb:$SUBST(3,"_",".")/a cpe:/h:huawei:smartax_mt880/a match upnp m|^HTTP/1\.1 400 Bad Request\r\nServer: Linux, UPnP/([\d.]+), (AR\w+) Ver ([\d.]+)\r\n| p/Airlink 101 $2 WAP UPnP/ v/$3/ i/UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/a match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*WorkForce ([\w+]+)|s p/Epson WorkForce $3 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:workforce_$3/ cpe:/o:linux:linux_kernel/a match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*Artisan ([\w+]+)|s p/Epson Artisan $3 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:artisan_$3/ cpe:/o:linux:linux_kernel/a match upnp m=^HTTP/1\.1 200 OK\r\n.*SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*(?:Epson )?(Stylus (?:Office |Photo )?\w+)=s p/Epson $3 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:$3/ cpe:/o:linux:linux_kernel/ match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n.*.*path\.indexOf\(\"/PRESENTATION/HTML/TOP/INDEX\.HTML\", 0\);|s p/Epson Stylus NX230 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:stylus_nx230/ cpe:/o:linux:linux_kernel/ match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: EPSON_Linux UPnP/([\d.]+) Epson UPnP SDK/([\d.]+)\r\n\r\n\r\n\r\n\r\n\r\n|s p/Epson WorkForce WF-2540 printer UPnP/ i/UPnP $1; Epson UPnP SDK $2/ d/printer/ o/Linux/ cpe:/h:epson:wf-2540/ cpe:/o:linux:linux_kernel/ match upnp m|^HTTP/1\.1 401 Unauthorized\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*WWW-Authenticate: Basic realm=\"WebAdmin\"\r\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/Billion 740- or 7400-series ADSL router UPnP; UPnP $1/ d/WAP/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 \d\d\d.*Server: Unknown/0\.0 UPnP/([\d.]+) Conexant-EmWeb/R([\d_]+)\r\n|s p/Conexant-EmWeb/ v/$SUBST(2,"_",".")/ i/UPnP $1/ cpe:/a:conexant:emweb:$SUBST(2,"_",".")/a match upnp m|^HTTP/1\.1 511 Not Implemented\r\n\r\n$| p/Netgear WGU624 WAP UPnP/ d/WAP/ cpe:/h:netgear:wgu624/ match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: PRONET (PN-\w+), UPnP/([\d.]+)\r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n

          404 Not Found

          $| p/Pronet $1 WAP UPnP/ i/UPnP $2/ d/WAP/ cpe:/h:pronet:$1/ match upnp m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Linux/2\.x UPnP/([\w._-]+) Avtech/([\w._-]+)\r\nConnection: close\r\nLast-Modified: .*..\xbe\x40..\xbe..\x03\r\n|s p/Avtech surveillance camera http config/ v/$2/ i/Linux 2.X; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel:2/ match upnp m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Linux/2\.x UPnP/([\w._-]+) Avtech/([\w._-]+)\r\nConnection: close\r\nLast-Modified: .*\xb2\xe8\xbe\x1c\xb2\xe8\xbe\x38\x62\x03\r\n| p/Avtech CPCAM surveillance camera http config/ v/$2/ i/Linux 2.X; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel:2/ match upnp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nServer: RTOS/([\w._-]+) UPnP/([\w._]+) ([\w._-]+)\s*/([\w._-]+)\r\nX-AV-Server-Info: av=5\.0; cn=\"Sony Corporation\"; mn=\"BRAVIA | p/Sony Bravia $3 TV http config/ v/$4/ i/UPnP $2/ d/media device/ o/RTOS $1/ cpe:/h:sony:bravia_$3:$4/ cpe:/o:greenhills:rtos:$1/ match upnp m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: \r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/AllShare UPnP/ o/Bada/ cpe:/o:samsung:bada:1.2/ match upnp m|^HTTP/1\.1 \d\d\d .*\r\nSERVER: Linux/([\w._-]+) UPnP/([\w._-]+) DLNADOC/([\w._-]+) INTEL_NMPR/([\w._-]+) LGE_DLNA_SDK/([\w._-]+)\r\n| p/LG LW5700 TV upnp/ i/UPnP $2; DLNADOC $3; INTEL_NMPR $4; LGE_DLNA_SDK $5/ d/media device/ o/Linux $1/ cpe:/h:lg:lw5700/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 500 Internal server error\r\nDATE: .* GMT\r\nSERVER: OpenRG/([\w._-]+) UPnP/([\w._-]+) Actiontec/RG_VERSION\r\nCONNECTION: close\r\n\r\n$| p/Jungo OpenRG upnp/ v/$1/ i/UPnP $2/ # E303s-2, K4201 match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: PACKAGE_VERSION HUAWEI, UPnP, HUAWEI SDK for UPnP devices/ \r\nCONTENT-LENGTH: 48\r\nCONTENT-TYPE: text/html\r\n\r\n

          404 Not Found

          $| p/Huawei broadband router upnp/ d/broadband router/ o/VxWorks/ cpe:/o:huawei:vxworks/ match upnp m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=\"utf-8\"\r\nServer: Linux/([\w._-]+) CyberHTTP/([\d.]+)\r\nContent-Length: 0\r\nDate: .*\r\n\r\n| p/CyberLink upnp/ v/$2/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 404 Not Found\r\nDATE: .*\r\nConnection: Keep-Alive\r\nServer: LINUX/([\w._-]+) UPnP/([\d.]+) BRCM400-UPnP/([\d.]+)\r\n| p/Broadcom upnpd/ v/$3/ i/UPnP $2/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 404 Not Found\r\nServer: NFLC/([\w._-]+) UPnP/([\w._-]+) DLNADOC/([\w._-]+)\r\n| p/NetFront Living Connect upnpd/ v/$1/ i/UPnP $2; DLNADOC $3/ match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: XboxUpnp/([\w._-]+) UPnP/([\w._-]+) Xbox/2\.0\.(\d+)\.0\r\n|s p/Microsoft Xbox 360 upnpd/ v/$1/ i/UPnP $2; Xbox Dashboard 2.0.$3.0/ o/Xbox 360/ cpe:/h:microsoft:xbox_360_kernel:$3/ match upnp m|^HTTP/1\.1 404 Not Found\r\nSERVER: Linux/([\w._-]+) UPnP/([\w._-]+) Motorola-DLNA-Stack-DLNADOC/([\w._-]+)\r\n| p/Motorola DLNA Stack upnpd/ i/UPnP $2; DLNA $3/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: ipos/([\w._-]+) UPnP/([\w._-]+) (RNX-[\w._-]+)/1\.0\r\n| p/ipOS upnpd/ i/Rosewill $3; UPnP $2/ d/broadband router/ o/ipOS $1/ cpe:/h:rosewill:$3/ cpe:/o:ubicom:ipos:$1/ match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: ipos/([\w._-]+) UPnP/([\w._-]+) (TL-[\w._-]+)/1\.0\r\n| p/ipOS upnpd/ i/TP-LINK $3; UPnP $2/ d/broadband router/ o/ipOS $1/ cpe:/h:tp-link:$3/ cpe:/o:ubicom:ipos:$1/ match upnp m|^HTTP/1\.1 200 OK\r\n.*Server: UPnP/([\w._-]+) DLNADOC/([\w._-]+) Allwinnertech/([\w._-]+)\r\n\r\n|s p/AllWinner upnpd/ v/$3/ i/UPnP $1; DLNADOC $2/ match upnp m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\nContent-Length: \d+\r\nServer: Linux ([23]\.[\w._-]+) DLNADOC/([\w._-]+) UPnP/([\w._-]+) ReadyDLNA/([\w._-]+)\r\n| p/ReadyDLNA/ v/$4/ i/DLNADOC $2; UPnP $3/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.0 404 Not Found\r\nSERVER: Roteador Wireless (WR\w+), UPnP/([\d.]+)\r\n| p/Intelbras $1 upnpd/ i/UPnP $2/ d/WAP/ match upnp m|^HTTP/1\.0 500 Internal Server Error\r\nContent-Type: text/xml\r\nContent-Language: en\r\nServer: WinRoute ([\w._-]+) UPnP/([\w._-]+) module\r\n| p/Kerio WinRoute UPnP module/ v/$1/ i/UPnP $2/ o/Windows/ cpe:/o:microsoft:windows/a match upnp m|^HTTP/1\.1 200 OK\r\n.*SERVER: IPI/([\w._-]+) UPnP/([\w._-]+) DLNADOC/([\w._-]+)\r\n|s p/IPI Media Renderer upnpd/ v/$1/ i/UPnP $2; DLNADOC $3/ match upnp m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nDate: .*\r\nX-AV-Client-Info: av=5\.0; cn=\"Sony Ericsson\"; mn=\"([^"]+)\"; mv=\"2\.0\";\r\n\r\n| p/Sony Ericsson $1 UPnP AV client/ d/phone/ # UUCP 1.06.2 on Linux 2.4.X # Taylor UUCP 1.06.2 on Slackware match uucp m|^login: Password:$| p/Taylor uucpd/ # uucico prompt does not have space after "Password:", # but Debian-contributed in.uucpd calls pam_authenticate, which does. match uucp m|^login: Password: $| p/Debian in.uucpd, probably Taylor uucpd/ i/PAM auth/ o/Linux/ cpe:/o:debian:debian_linux/ cpe:/o:linux:linux_kernel/ match uucp m|^login: Login incorrect\.$| p/Solaris uucpd/ o/Solaris/ cpe:/o:sun:sunos/a # Veritas Netbackup client v.3.4 # Veritas Netbackup 4.5 Java listener match netbackup m|^1000 2\n43\nunexpected message received\n$| p/Veritas Netbackup java listener/ cpe:/a:symantec:veritas_netbackup/ # Veritas Backup Exec 9.0 on Windows match ndmp m|^\x80\0\0\$\0\0\0\x01....\0\0\0\0\0\0\x05\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\0|s p/Veritas Backup Exec ndmp/ v/9.0/ cpe:/a:symantec:veritas_backup_exec:9.0/ # Possibly a different version? -Doug match ndmp m|^\x80\0\0\$\0\0\0\x01....\0\0\0\0\0\0\x05\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\0\0\0\0|s p/Veritas Backup Exec ndmp/ cpe:/a:symantec:veritas_backup_exec/ # DAZ Studio 4.5, port 27997 match valentinadb m|^dddd\0\0\0\0\0\0\0\x0b\xf2\xf2\xf2\xf2\0\0\0_\0\0\0\0\0\0\0\0\0\0\0\0\0F\0\0\0\x02\0\0\0=\0\x08%\x15\0\0\0\x1a\0R\0e\0c\0e\0i\0v\0e\0d\0 \0p\0a\0c\0k\0e\0t\0 \0i\0s\0 \0b\0r\0o\0k\0e\0n\0\.\0\xf4\xf4\xf4\xf4| p/Valentina DB/ match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: RealVNC/([-.\w]+)\r\n.*\r?\n\r?\n|si p/RealVNC/ v/$1/ i/resolution: $2x$3; VNC TCP port: $4/ cpe:/a:realvnc:realvnc:$1/ # Sometimes extra HTTP crap pushes the extra info out of the header we capture: match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: RealVNC/([-.\w]+)\r\n| p/RealVNC/ v/$1/ cpe:/a:realvnc:realvnc:$1/ match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: RealVNC-x0vncserver/([\w._ ()-]+)\r\n.*\n|s p/RealVNC x0vncserver/ v/$1/ i/resolution: $2x$3; VNC TCP port $4/ cpe:/a:realvnc:realvnc:$1/ match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: VNC Server Enterprise Edition/E([\w._-]+) \(r(\d+)\)\r\n.*\r\n|s p/VNC Server Enterprise Edition httpd/ v/$1 r$2/ i/resolution: $3x$4; VNC port $5/ cpe:/a:realvnc:realvnc:$1::enterprise/ match vnc-http m|^HTTP/1\.1 200 OK\r\nServer: VNC Server Personal Edition/P([\w._-]+) \(r(\d+)\)\r\n.*\r\n|s p/VNC Server Personal Edition httpd/ v/$1 r$2/ i/resolution: $3x$4; VNC port $5/ cpe:/a:realvnc:realvnc:$1::personal/ # RealVNC Unknown Version match vnc-http m|^HTTP/1\.0 200 OK\n\nVNC desktop\n\n\n| p/RealVNC/ i/resolution: $1x$2; VNC TCP port: $3/ cpe:/a:realvnc:realvnc/ # TightVNC Server version 1.2.2 HTTP on Windows 2000 SP2 match vnc-http m|^HTTP/1\.0 200 OK\n\nTightVNC desktop \[([-.\w]+)\]\n\n| p/TightVNC/ v/1.2.2/ i/resolution: $2x$3; VNC TCP port: $4/ h/$1/ cpe:/a:tightvnc:tightvnc:1.2.2/a # Tightvnc-1.2.3 match vnc-http m|^HTTP/1\.0 404 Not found\n\nFile Not Found\n

          File Not Found

          \n$| p/TightVNC/ cpe:/a:tightvnc:tightvnc/a # Tightvnc 1.2.3 match vnc-http m|^HTTP/1\.0 200 OK\n\nTightVNC desktop \[([-.\w]+)\]\n\n| p/TightVNC/ v/1.2.3/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/ cpe:/a:tightvnc:tightvnc:1.2.3/a # TightVNC 1.2.6 match vnc-http m|^HTTP/1\.0 200 OK\n\n\n TightVNC desktop \[[-.\w]+\]| p/TightVNC/ cpe:/a:tightvnc:tightvnc/a # TightVNC 1.2.8 match vnc-http m|^HTTP/1\.0 200 OK[\r\n]*.*<!-- \n index\.vnc - default HTML page for TightVNC Java viewer applet, to be\n used with Xvnc\. On any file ending in \.vnc, the HTTP server embedded in\n Xvnc will substitute the following variables when preceded by a dollar:\n USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,\n.*<TITLE>\n(\w+)'s X desktop.*<APPLET CODE=VncViewer\.class ARCHIVE=VncViewer\.jar\n WIDTH=(\d+) HEIGHT=(\d+)>\n<param name=PORT value=(\d+)>\n\n</APPLET>|s p/TightVNC/ v/1.2.8/ i/user: $1; resolution: $2x$3; VNC TCP port: $4/ cpe:/a:tightvnc:tightvnc:1.2.8/a # TightVNC 1.2.8 - I guess it gets cut off sometimes? match vnc-http m|^HTTP/1\.0 200 OK[\r\n]*.*<!-- \n index\.vnc - default HTML page for TightVNC Java viewer applet, to be\n used with Xvnc\. On any file ending in \.vnc, the HTTP server embedded in\n Xvnc will substitute the following variables when preceded by a dollar:\n USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,\n|s p/TightVNC/ v/1.2.8/ cpe:/a:tightvnc:tightvnc:1.2.8/a # TightVNC 1.2.9 match vnc-http m|^HTTP/1\.0 200 OK\n.*<HTML><HEAD><TITLE>Remote Desktop\n\n\n\t\n\n\n|s p/TightVNC/ v/1.2.9/ i/resolution: $1x$2; VNC TCP port $3/ cpe:/a:tightvnc:tightvnc:1.2.9/a # NetWare VNCServer match vnc-http m|^HTTP/1\.0 200 OK\n.*\r\nAccess denied due to security policy violation

          \r\nReject ID: [0-9a-f-]+\r\n
          \r\n
          \r\n\r\n$| p/Check Point R65 firewall http config/ d/firewall/ cpe:/h:checkpoint:r65/a match http m|^HTTP/1\.1 406 Not Acceptable\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: 616\r\n\r\n\nRequest Error| p/Blue Coat proxy server/ d/proxy server/ match http m|^\r\n400 Bad Request\r\n\r\n

          400 Bad Request

          \r\n
          nginx
          \r\n\r\n\r\n$| p/nginx/ cpe:/a:igor_sysoev:nginx/ match http m|^\r\n400 Bad Request\r\n\r\n

          400 Bad Request

          \r\n
          nginx/([\w._-]+)
          \r\n\r\n\r\n$| p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/ match http m|^\r\n400 Bad Request\r\n\r\n

          400 Bad Request

          \r\n
          cloudflare-nginx
          \r\n\r\n\r\n$| p/cloudflare-nginx/ match http m|^400 Bad Request\r\n

          400 Bad Request

          \r\n\r\n| p/nginx/ cpe:/a:igor_sysoev:nginx/ # Counting on this 404 being unique enough here in RTSPRequest. match http m|^HTTP/1\.0 404 Not Found\r\n\r\n$| p/XBT BitTorrent tracker http interface/ match http m|^HTTP/1\.1 400 Bad Request\n\n$| p/Adaptec Storage Manager Agent httpd/ match http m|^HTTP/1\.1 406 Not Acceptable\r\n.*
          \n\n
          \n\nRequest Error \(unsupported_protocol\)\n
          \n
          \n
          |s p/Dreambox httpd/ d/media device/ match http m|^HTTP/1\.1 400 Bad Request \( The data is invalid\. \)\r\n| p/Microsoft ISA httpd/ o/Windows/ cpe:/a:microsoft:isa_server/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nConnection: close\r\nDate: .*\r\n\r\n400 Bad Request\r\n

          400 Bad Request

          \r\nThe request could not be understood by the server due to malformed syntax\r\n$| p/Trend Micro CSC module for Cisco ASA 5510 firewall httpd/ cpe:/h:cisco:asa_5510/a match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Zimbra http config/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nError 400: Bad Request\nCan not parse request: \[OPTIONS\]| p/TomTom httpd/ match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nDate: .*\r\nConnection: close\r\nServer: Apache\r\n\r\n| p/Apache Tomcat httpd/ cpe:/a:apache:tomcat/ match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nContent-Length: 0\r\n\r\n400 Bad Request\r\n| p/Cisco Wireless LAN Controller httpd/ d/remote management/ cpe:/o:cisco:wireless_lan_controller_software/ match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n505 HTTP Version Not Supported

          HTTP Version Not Supported

          HTTP versions 1\.0 and 1\.1 are supported\.

          | p/Mitel SIP DEC VoIP phone http config/ d/VoIP phone/ match http m|^\nError response\n\n\n

          Error response

          \n

          Error code 400\.\n

          Message: Bad request version \('RTSP/1\.0'\)\.\n

          Error code explanation: 400 = Bad request syntax or unsupported method\.\n\n| p/BaseHTTPServer/ cpe:/a:python:basehttpserver/a match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 59\r\nConnection: close\r\n\r\nError 400: Bad Request\nCannot parse HTTP request: \[OPTIONS\]$| p/Mongoose httpd/ match http m|^HTTP/1\.1 505 HTTP Version not supported\r\nContent-Length: 0\r\nDate: .* GMT\r\nConnection: close\r\n\r\n| p/Konica Minolta bizhub C452 OpenAPI/ d/printer/ cpe:/h:konicaminolta:bizhub_c452/ match http-proxy m|^HTTP/1\.1 503 Service Unavailable\r\ndate: .*\r\nconnection: close\r\n\r\n

          Service unavailable

          \n| p/HTTP Replicator proxy/ match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 103\r\nConnection: close\r\n\r\n

          Mikrotik HttpProxy

          \n\r
          \n\r

          \n\rError: 400 Bad Request\r\n\r\n

          \n\r\n\r$| p/MikroTik HttpProxy/ d/router/ match http-proxy m|^RTSP/1\.0 400 Bad Request\r\nServer: PanWeb Server/([\w._-]+)\r\n.*Keep-Alive: timeout=60, max=2000\r\nContent-Type: text/html\r\nContent-length: 130\r\n\r\nDocument Error: Bad Request|s p/PanWeb/ v/$1/ i/Palo Alto Networks http proxy/ match remote-control m|^\x01\0\0\0\0\0\0$| p/Alchemy Lab Remote Control PRO remote management/ d/remote management/ match rtsp-proxy m|^RTSP/1\.0 200 OK\r\n.*Via: [\d.]+ ([-\w_.]+) \(NetCache NetApp/([\w.]+)\)\r\n\r\n|s p/NetApp NetCache rtsp proxy/ v/$2/ h/$1/ cpe:/a:netapp:netcache:$2/ match rtsp-proxy m|^RTSP/1\.0 451 Parameter Not Understood\r\n\r\n$| p/RTSP Proxy Reference Implementation/ match rtsp-proxy m|^RTSP/1\.0 403 Forbidden: Proxy not licensed\r\nSession: \w+\r\n\r\n| p/Blue Coat rtsp proxy/ i/Unlicensed/ match sonicmq m|^\x1a\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\xff\xff\xff\xf1\0\0\0O$| p/Novell Sentinel SonicMQ broker/ match powerchute m|^RTSP/1\.0 400 Bad request\r\nContent-type: text/html\r\n\r\n| p/APC PowerChute Agent/ v/6.x|7.x/ d/power-device/ match powerchute m|^RTSP/1\.0 400 Bad request\nContent-type: text/html\n\n| p/APC PowerChute Agent/ v/7.X/ d/power-device/ match msdtc m|^ERROR\n$|s p/Microsoft Distributed Transaction Coordinator/ i/error/ o/Windows/ cpe:/o:microsoft:windows/a match upnp m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nServer: Unknown/0\.0 UPnP/([\d.]+) Virata-EmWeb/([-.\w]+)\r\n| p/Virata-EmWeb/ v/$SUBST(2,"_",".")/ i/ReplayTV UPnP; UPnP $1/ cpe:/a:virata:emweb:$SUBST(2,"_",".")/a # This probe sends an RPC "Null command" to the port for service # 100000 (portmapper). # Some of these numbers are abitrary (such as ID). I could consider # adding an \R escape in the string logic to provide a random byte. # This would make IDS detection and such a bit harder. On the other # hand, that would make the response a little harder to recognize too. ##############################NEXT PROBE############################## Probe TCP RPCCheck q|\x80\0\0\x28\x72\xFE\x1D\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xA0\0\x01\x97\x7C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| rarity 4 ports 81,111,199,514,544,710,711,1433,2049,4045,4999,7000,8307,8333,17007,32750-32810,38978 match unicorn-ils m|^\xb5q\x83\x02\x05\xe0\x84\x03\x01\xe1\x82\x85\x03\x04\x93\xe0\x86\x03\x04\x93\xe0\x8c\x01\0\x9fn\x16Unicorn ([\w._-]+) Standard\x9fo\x11SIRSI Corporation\x9fp\x033\.0\xab&\(\$\x81\"Expected CONSTRUCTED PDU not found$| p/SirsiDynix Unicorn Integrated Library System/ v/$1/ match afp m|^\x01\x01\x86\xa0\xff\xff\xecj\0\0\0\0\0\0\0\0| p/Mac OS 9 AFP/ o/Mac OS 9/ cpe:/o:apple:mac_os:9/ match exportfs m|^(?:p9sk1@[\w._-]+ )*p9sk1@([\w._-]+)\0/bin/exportfs: auth_proxy: auth_proxy rpc write: : invalid argument\n| p/Plan 9 exportfs/ o/Plan 9/ h/$1/ cpe:/o:belllabs:plan_9/a match honeywell-confd m|^\0\0\0\0\0\0\+\xc1$| p/Honeywell confd/ match http m|^HTTP/1\.1 400 Bad Request\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n400 Bad Request\n

          400 Bad Request

          \nNo request found\.\n
          \n
          micro_httpd
          \n\n$| p/micro_httpd/ cpe:/a:acme:micro_httpd/ match jabber m|^$| p/Ignite Realtime Openfire Jabber server/ v/3.8.1/ cpe:/a:igniterealtime:openfire:3.8.1/ match kerberos m|^\0\0\0Q~O0M\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5\x05\x02\x03...\xa6\x03\x02\x01=\xa9\x15\x1b\x13\xaa\x0b0\t\xa0\x03\x02\x01\0\xa1\x020\0$|s p/Heimdal Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ match kapow-robot m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n\n\n \n com\.kapowtech\.robosuite\.api\.java\.rql\.RQLProtocolException: Invalid byte 1 of 1-byte UTF-8 sequence\.| p/Kapow Robot Query Language/ v/$1/ match kvm m|^\0\0\0\0\0\x84\0\x10\x7c\x9f\xfb\0\0\0\0\0$| p/KVM daemon/ match lanrev-agent m|^\x01\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01| p/LANrev remote administration/ match mxie m|^\x80\x00\x00\x0c\x72\xfe\x1d\x13\x00\x00\x00\x01\x00\x00\x00\x02$| p/Zultys MXIE VoIP presence server/ # tcp/5000: Adaptive Server # tcp/5001: Backup Server # tcp/5002: Monitor Server match sybase-adaptive m|^\0\x01\0\x08\0\0\x00\0$| p/Sybase Adaptive Server/ o/Windows/ cpe:/a:sybase:adaptive_server/ cpe:/o:microsoft:windows/a match sybase-backup m|^\0\x01\0\x08\0\0\x01\0$| p/Sybase Backup Server/ o/Windows/ cpe:/a:sybase:backup_server/ cpe:/o:microsoft:windows/a match syncsort-cmagent m|^\x80\0\0.\x0f\x02\x02\x06\t\x1d\x02\x11m\x04\x15\x17\x01\x06c\x7csww{t\x1b...On\x04\x0f\x1d\x19wE\x0f\x13\x15\x08\x13g\x06\x03\x15\x04\x08\x0f\x13e\x18fm.ug| p/Syncsort Backup Express cmagent/ match tandem-print m|^\x01$| p/Sharp printer tandem printing/ d/printer/ # Distributed Relational Database Architecture (DRDA) OS/400 V5R2 # PRCCNVRM conversational protocol error. match drda m|^\0\x15\xd0\x02\xff\xff\0\x0f\x12E\0\x06\x11I\0\x08\0\x05\x11\?\x06$| p/IBM DRDA/ # Microsoft SQLServer 6.5 on WinNT 4.0 SP6a # Microsoft SQL Server 6.5 on WinNT 4.0 match ms-sql-s m|^\x04\x01\0C..\0\0\xaa\0\0\0/\x0f\xa2\x01\x0e.. Login failed\r\n\x14Microsoft SQL Server\0\0\0\xfd\0\xfd\0\0\0\0\0\x02$|s p/Microsoft SQL Server/ v/6.5/ o/Windows/ cpe:/a:microsoft:sql_server:6.5/ cpe:/o:microsoft:windows/a match netman m|^\0\0\0 \0\0\0\x01\xd5\x1f\x0fK\0\0\0\0\x18\?c\0\0\0\0\0\x01\0\0\x00([\w._-]+) $| p/Tivoli Workload Scheduler Netman/ v/$1/ match ossec-agent m=^\xdf\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\x97\|\0\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x10\0\0\0$= p/OSSEC Agent/ cpe:/a:ossec:ossec/ match riverbed-stats m|^a\x0f\x02\x04fiji\x02\x01\0\x02\x01\0\x02\x01\0$| p/Riverbed Steelhead Mobile caching proxy statistics/ d/proxy server/ match rpcbind m|^\x80\0\0\x18\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01| match rpcbind m|^\x80\0\0\x20\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02| match rpcbind m|^\x80\0\0\x14r\xfe\x1d\x13\0\0\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\x05| match rpcbind m|^\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| # The following matchline commented out as it is actually a match for a TLS # negotiation error message (15 03 01 00 02 02 0a) - http://seclists.org/nmap-dev/2010/q2/465 # match raid-mgt m|^\x15\x03\x01\0\x02\x02\n$| p/Promise Array Manager RAID management/ match raid-mon m|^\0 \0.{5}\x04\0\0\0\x02\\@|s p/Promise RAID message agent/ match raid-mon m|^\x02 \0.{5}\x04\0\0\0\x02\\@|s p/Promise RAID message agent/ match solidworks-remotesolve m|^\0\0\0\0\0\0\0\0T\x01\x04\x80| p/SolidWorks Remote Solver for Flow Simulation/ v/2009/ match telnet m=^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0Username: data_error\r\r\n\(rdata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\n\|= p/Jungo OpenRG telnetd/ i/Actiontec MI424-WR/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a match telnet m=^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0Username: data_error\r\n\(rdata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\ndata_error\r\n\|= p/Jungo OpenRG telnetd/ i/Linksys RV082 WAP/ d/WAP/ o/Linux 2.4/ cpe:/h:linksys:rv082/a cpe:/o:linux:linux_kernel:2.4/ match telnet m=^\xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd\0Log level 3\r\r\nUsername: data_error\r\r\n\(rdata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\ndata_error\r\r\n\|= p/Jungo OpenRG telnetd/ i/Pirelli A125G wireless DSL router/ d/WAP/ o/Linux/ cpe:/o:linux:linux_kernel/a # Version 4.2.4 match tina m|^\x80\0\0\x0c\0\0\0\x01\0\0\0\x11%\xf5:\0| p/Atempo Time Navigator/ # Vmware ESX 1.5.x Client Agent for Linux -- WAIT - I think this is erronous and is actually smux # HP-UX 11 SNMP Unix Multiplexer (smux) match smux m|^A\x01\x02$| p/HP-UX smux/ i/SNMP Unix Multiplexer/ o/HP-UX/ cpe:/o:hp:hp-ux/a # Network Appliance ONTAP 6.3.3 shell match shell m|^\x01Permission denied\.\n$| p/Netapp ONTAP rshd/ cpe:/a:netapp:data_ontap/ # HP-UX 11 Kerberized 'rsh' (v5) match kshell m|^\x01remshd: connect: Connection refused\n$| p/HP-UX kerberized rsh/ o/HP-UX/ cpe:/o:hp:hp-ux/a # Tumbleweed SecureTransport 4.1.1 Transaction Manager Non-Secure Port on Solaris match securetransport m|^\xde\xad\xbe\xef\x04\0\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x1fem\.requestparserparser\.InvError| p/Tumbleweed SecureTransport Transaction Manager Non-Secure Port/ # ED2KLink Server v1.12 (Build 1014 or later) match ed2klink m|^\x16\x15\x16\x16\x16\x12XW\]$| p/ED2KLink Server/ match sarad m|^NO LOGIN\0$| p/British National Corpud sarad/ match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nConnection: close\r\nContent-Type: text; charset=plain\r\nContent-Length: 16\r\n\r\ninvalid value 0 $| p/VMware hostd httpd/ match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n400 Bad Request \(ERR_INVALID_REQ\)

          400 Bad Request


          ERR_INVALID_REQ
          Webserver| p/AVM FRITZ!Box WLAN 7170 WAP http config/ d/WAP/ match upnp m|^HTTP/0\.0 400 Bad Request\r\nSERVER: Linux/([\w._+-]+), UPnP/([\w.]+), Intel SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Intel UPnP reference SDK/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/0\.0 400 Bad Request\r\nSERVER: Linux/([\w._+-]+), UPnP/([\w.]+), Portable SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Portable SDK for UPnP/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match upnp m|^HTTP/1\.1 400 Bad Request\r\nSERVER: Linux/([\w._+-]+), UPnP/([\w.]+), Portable SDK for UPnP devices ?/([\w._~-]+)\r\n| p/Portable SDK for UPnP/ v/$3/ i/Linux $1; UPnP $2/ o/Linux/ cpe:/o:linux:linux_kernel:$1/ match virtualgl m|^VGL\x02\x01$| p/VirtualGL/ #Fortinet Firewall SSL VPN on port 10433 V5.0,build3608 GA Patch 7 match http m|^\n\n\n.*HTTP_NOT_IMPLEMENTED
          |s p/Fortinet Firewall SSL VPN/ # Some HP printer service? Port 9110. # match jetdirect m|^\0\0\(r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\0\x01\x97\x7c\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| d/HP printer/ ##############################NEXT PROBE############################## Probe UDP RPCCheck q|\x72\xFE\x1D\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xA0\0\x01\x97\x7C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| rarity 1 ports 17,88,111,407,500,517,518,1419,2427,4045,10000,10080,12203,27960,32750-32810,38978 match amanda m|^Amanda ([\d.]+) NAK HANDLE SEQ 0\nERROR expected \"Amanda\", got \"r\xfe\x1d\x13\"\n| p/Amanda backup service/ v/$1/ o/Unix/ # http://xbtt.sourceforge.net/udp_tracker_protocol.html ("scrape output") match bittorrent-udp-tracker m|^\0\0\0\x02....\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$|s p/BitTorrent UDP tracker/ # http://bittorrent.org/beps/bep_0029.html match bittorrent-utp m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\0\0\0\0\0\xff\0\x03....$|s p/uTorrent uTP/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a # Seems to be a bug here, with a time_t timestamp (0x4B......, ca. Dec 2009) instead of a microsecond count. match bittorrent-utp m|^r\xfe\x1d\x13........\x7f\xff\xff\xff\xff\x02\x02..\0\x01\0\x08\0\0\0\0\0\0\0\0$|s match brio m|^\0\0\x01\(\x16\x85..$|s p/Brio 8 business intelligence/ match domain m=^r\xfe\x9d\x04\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\0\x01\x97\|\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$= p/Zoom X5 ADSL modem DNS/ d/broadband router/ cpe:/h:zoom:x5/a match slp-srvreg m|^\x02\x05\0\0\x12\0\0\0\0\0\0\x02\0\x02en\0\x0e$| p/IBM Director SLP Service Registration/ i/slp_srvreg.exe/ cpe:/a:ibm:director/ match radius m|^\x03\xfe\0\x14................$|s p/Juniper Steel-Belted Radius radiusd/ match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01| match rpcbind m|^\x72\xFE\x1D\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02| # OpenAFS 1.2.10 on Linux 2.4.22 match kerberos-sec m|^\x04\n\0\0\0\0\0\0\0\0\0\0\x04code = 4: packet version number unknown\0| p/OpenAFS/ cpe:/a:openafs:openafs/ # talk-server-0.17 (linux), ports 517-518/udp match talk m|^\x01\xfe\x05\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Talk server/ # Mandrake Linux 9.2, xinetd 2.3.11 chargen match chargen m|NOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklm| match chargen m|^ !\"#\$%&'\(\)\*\+| p/SunOS chargen/ o/SunOS/ cpe:/o:sun:sunos/a match isakmp m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\x0b\x10\x05\0\0\0\0\0\0\0\0| match jetadmin m|^2;http://[\d.]+:\d+/;[\d.]+;\d+:\d+;\w+,[\d.]+,PLUGIN_LOADED| p/HP Jetadmin/ # http://staff.science.uva.nl/~arnoud/activities/NaoIntro/ConnectLantronix.c match lantronix-config m|^\xff$| p/Lantronix DSTni networking chip configuration/ match nameserver m|^help\r\n\r\n\xff\xbf\xf8\xb0\xff7\0\x18\0\0\0\x01\0\0\0\0| p/Solaris Internet Name Server/ o/Solaris/ cpe:/o:sun:sunos/a match ppp m|^\x7e\xff\x7d\x23\xc0!}!#} }8}\"}&} } } } }#}\$\xc2'}%}&Q\x93\xee,}'}\"}\(}\"}\(D~| p/pppd/ v/2.4.5/ # Windows qotd service. Same as the TCP version. It's only in this # Probe because this is the first UDP Probe that nmap tries. match qotd m=^"(?:My spelling is Wobbly\.|Man can climb to the highest summits,|In Heaven an angel is nobody in particular\.|Assassination is the extreme form of censorship\.|When a stupid man is doing|We have no more right to consume happiness without|We want a few mad people now.|The secret of being miserable is to have leisure to|Here's the rule for bargains:|Oh the nerves, the nerves; the mysteries of this machine called man|A wonderful fact to reflect upon,|It was as true as taxes is\.)= p/Windows qotd/ i/English/ o/Windows/ cpe:/a:microsoft:qotd::::en/ cpe:/o:microsoft:windows/a match qotd m=^"(?:Mi ortograf\xeda tiembla\. Es bueno revisarla,|un hombre puede escalar a las m\xe1s altas cumbre|Algo maravilloso a poner de manifiesto:|Cuando un necio hace algo de lo que se aveg\xfcenza,|En el cielo, un \xe1ngel no es nadie en concreto|Traigamos unos cuantos locos ahora\.|Era tan verdad como los impuestos\. Y no|Hay libros cortos que, para entenderlos como se merecen,|Quedarse en lo conocido por miedo a lo desconocido,|La prosperidad hace amistades, y la adversidad las|El uso principal de un PC es confirmar la ley de|Quedarse en lo conocido por miedo a lo desconocido,|Cuando las leyes son injustas, no obligan en el fuero|Magia equivale a cualquier avance en la ciencia\.|Vale mejor consumir vanidades de la vida,)= p/Windows qotd/ i/Spanish/ o/Windows/ cpe:/a:microsoft:qotd::::es/ cpe:/o:microsoft:windows/a # Some Italian qotds start with a space instead of a " match qotd m=^.(?:Voce dal sen fuggita|Semel in anno licet insanire|Cosa bella e mortal passa e non dura|Quando uno stupido compie qualcosa di cui si vergogna,|Se tu pagare come dici tu,|Fatti non foste a viver come bruti,|Sperare senza far niente e` come)= p/Windows qotd/ i/Italian/ o/Windows/ cpe:/a:microsoft:qotd::::it/ cpe:/o:microsoft:windows/a match qotd m=^"(?:Prazos longos sao f\xa0ceis de subscrever\.|Deus, para a felicidade do homem, inventou a f\x82 e o amor\.|Ao vencido, \xa2dio ou compaixao, ao vencedor, as batatas\.|Quem nao sabe que ao p\x82 de cada bandeira p\xa3blica,|Nao te irrites se te pagarem mal um benef\xa1cio; antes cair|A vida, como a antiga Tebas, tem cem portas\.)= p/Windows qotd/ i/Portuguese/ cpe:/a:microsoft:qotd::::pt/ # The German version doesn't start with " match qotd m=^(?:Wer wirklich Autorit\xe4t hat, wird sich nicht scheuen,|Moral ist immer die Zuflucht der Leute,|Beharrlichkeit wird zuweilen mit Eigensinn|Wer den Tag mit Lachen beginnt, hat ihn|Wenn uns keine Ausweg mehr bleibt,|Gesichter sind die Leseb\xfccher des Lebens|Grosse Ereignisse werfen mitunter ihre Schatten|Dichtung ist verpflichtet, sich nach den|Ohne Freihet geht das Leben|Liebe ist wie ein Verkehrsunfall\. Man wird angefahren)= p/Windows qotd/ i/German/ cpe:/a:microsoft:qotd::::de/ match qotd m=^"(?:Clovek ma tri cesty, jak moudre jednat\. Nejprve premyslenim|Co je vubec hodno toho, aby to bylo vykonano,|Fantazie je dulezitejsi nez vedeni\.|Potize narustaji, cim vice se clovek blizi|Kdo nezna pristav, do ktereho se chce plavit,|Lidske mysleni ztraci smysl,|Nikdo nevi, co muze vykonat,|Nic neprekvapi lidi vice nez zdravy rozum|Zadny cil neni tak vysoky,)= p/Windows qotd/ i/Czech/ o/Windows/ cpe:/a:microsoft:qotd::::cs/ cpe:/o:microsoft:windows/a match qotd m=^"(?:L'art de persuader consiste autant|Le peu que je sais, c'est \x85 mon ignorance|Certaines \x83mes vont \x85 l'absolu comme l'eau|Le m\x82rite a sa pudeur comme la chastet|Rien de plus futile, de plus faux, de plus|\xb7 vaincre sans p\x82ril, on triomphe|Le comble de l'orgueil, c'est de se)= p/Windows qotd/ i/French/ o/Windows/ cpe:/a:microsoft:qotd::::fr/ cpe:/o:microsoft:windows/a match mohaa m|\xff\xff\xff\xff\x01disconnect| p/Medal Of Honor Allied Assault game server/ match mohaa-gamespy m|^\\final\\\\queryid\\\d+\.1| p/Medal Of Honor Allied Assault gamespy query port/ match ericssontimestep m|^.{8}\0\0\0\0\0\0\0\0\x0b\x10\x05\0\0\0\0\0\0\0\0\(\0\0\0\x0c\0\0\0\0\x01\0\0\x1e$|s p/Ericsson Timestep Permit VPN/ match rtp m|^501 0 Endpoint is not ready - Unrecognized command verb\n| match sauerbraten m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xa0\0\x01\x97\x7c\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x05\x80\x02\x01\0\0\x0c\0\0([\w._ -]+)\0$| p/Sauerbraten game server/ i/server name: $1/ match sentinel-lm m|^r\xfe\x1d\x13\0\0\0\0\0\0\0\x02,PSH,'A{\^QOHpe\]\)\]\\\^cRH>%gNQX$| p/SafeNet Sentinel License Manager/ match ssdp m|^HTTP/1\.1 200 OK\r\nST:upnp:rootdevice\r\nUSN:uuid:11111111-0000-c0a8-0101-efefefef8035::upnp:rootdevice\r\nLocation:http://[\d.]+:\d+/DeviceDescription\.xml\r\nCache-Control:max-age=480\r\nServer:Allegro-Software-RomUpnp/([\w._-]+) UPnP/([\w._-]+) IGD/1\.00\r\nExt:\r\n\r\n|s p/Allegro RomUPnP/ v/$1/ i/UPnP $2/ # Timbuktu 8.7.1 match timbuktu m|^\0#\xd1\x1f$| p/Timbuktu remote desktop/ match utorrent-udp m|^\x72\xfe\x1d\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03....$|s p/uTorrent UDP listener/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a # This protocol is defined by miniserv.pl to let Webmin servers to find each # other's HTTP port. The response format is # $address:$port:$ssl:$hostname match webmin m|^0\.0\.0\.0:(\d+):0:?$| i/http on TCP port $1/ match webmin m|^([^:]*):(\d+):0:?$| i/http on TCP $1:$2/ match webmin m|^0\.0\.0\.0:(\d+):0:(.+)$| i/http on TCP port $1 ($2)/ match webmin m|^([^:]*):(\d+):0:(.+)$| i/http on $1:$2 ($3)/ match webmin m|^0\.0\.0\.0:(\d+):1:?$| i/https on TCP port $1/ match webmin m|^([^:]*):(\d+):1:?$| i/https on TCP $1:$2/ match webmin m|^0\.0\.0\.0:(\d+):1:(.+)$| i/https on TCP port $1 ($2)/ match webmin m|^([^:]*):(\d+):1:(.+)$| i/https on $1:$2 ($3)/ softmatch quake3 m|^\xff\xff\xff\xffdisconnect$| p/Quake 3 game server/ # Know the device, but not the service. Port 19541. # match unknown m|^\xfer\0\0\0\0\0\x12ERR\(NOT SUPPORTED\)$| p/OKI ES3640e GA printer/ d/printer/ match apple-sasl m|How was your weekend\?;[0-9A-F]*\0| p/Mac OS X Server Password Server/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match nat-pmp m|^\0\xfe\0\x01\0\0..$|s p/natpmp daemon/ d/router/ match nat-pmp m|^\0\0\0\x01...\0$|s p/Apple Time Capsule/ d/router/ match xdmcp m|^\0\x01\0\x05..\0\0\0.(.+)\0.(.+)|s p/XDMCP/ i/willing; status: $2/ o/Unix/ h/$1/ ##############################NEXT PROBE############################## Probe UDP DNSVersionBindReq q|\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| rarity 1 ports 53,1967,2967 match chargen m|^ !\"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefg\r\n!\"#\$%&'\(\)\*\+,-\./0123456789| p/Windows Vista chargen/ o/Windows Vista/ cpe:/o:microsoft:windows_vista/a # http://packetstormsecurity.com/files/91243/D-Link-DAP-1160-Unauthenticated-Remote-Configuration.html match dcc m|^\0\x06\xf5\xff\0\0\x01\0| p/D-Link Click 'n Connect/ d/broadband router/ # Has to come before BIND matches. match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x0e.unbound ([\w._-]+)$| p/Unbound/ v/$1/ cpe:/a:nlnet:unbound:$1/ match domain m|\x07version\x04bind.*\x0cdnsmasq-([-\w._ ]+)$|s p/dnsmasq/ v/$1/ cpe:/a:thekelleys:dnsmasq:$1/ # Allow 3-12 character version numbers match domain m|\x07version\x04bind.*[\x03-\x14]([-\w._ ]{3,20})|s p/ISC BIND/ v/$1/ cpe:/a:isc:bind:$1/ match domain m|\x07version\x04bind.*[\x03-\x14]BIND ([-\w._]{3,20})|s p/ISC BIND/ v/$1/ cpe:/a:isc:bind:$1/ # Guesses at the length here, but should fit well match domain m|\x07version\x04bind.*?[\x11-\x2d][\x10-\x2c](\d[-\w._]*?)-RedHat-[-\w._]+.fc(\d+)|s p/ISC BIND/ v/$1/ i/Fedora Core $2/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:fedoraproject:fedora_core:$2/ cpe:/o:linux:linux_kernel/a match domain m|\x07version\x04bind.*?[\x11-\x2d][\x10-\x2c](\d[-\w._]*?)-RedHat-[-\w._]+.el(\d+)|s p/ISC BIND/ v/$1/ i/RedHat Enterprise Linux $2/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel:$2/a match domain m|\x07version\x04bind.*?[\x11-\x2d][\x10-\x2c](\d[-\w._]*?)-RedHat-|s p/ISC BIND/ v/$1/ i/RedHat Linux/ o/Linux/ cpe:/a:isc:bind:$1/ cpe:/o:linux:linux_kernel/a # ISC BIND 9.1.3 match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x01\0| p/ISC BIND/ v/9.X/ cpe:/a:isc:bind:9/ # ISC Bind bind-9.6.0_p1~alpha match domain m|^\0\x06\x81\x85\0\0\0\0\0\0\0\0$| p/ISC BIND/ v/9.X/ cpe:/a:isc:bind:9/ match domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03\0\0\0\0\0| p/ISC BIND/ v/8.X/ cpe:/a:isc:bind:8/ match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\+\*Served by Bind - www\.isc\.org/software/bind| p/ISC BIND/ cpe:/a:isc:bind/ # Tinydns 1.05 match domain m|^\0\x06\x81\x81\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/TinyDNS/ # MyDNS 0.10.0 on Linux match domain m|^\0\x06\x81\x04\0\0\0\0\0\0\0\0$| p/MyDNS/ # PowerDNS 2.9.11 match domain m|^\x07version\x04bind\0\0\x10\0.\xc0\x0c\0\x10\0\x01\0\0\0\x05\0..Served by POWERDNS ([\d.]+) |s p/PowerDNS/ v/$1/ cpe:/a:powerdns:powerdns:$1/ match domain m|^\x07version\x04bind\0\0\x10\0.\xc0\x0c\0\x10\0\x01\0\0\0\x05\0..Served by PowerDNS - http://www\.powerdns\.com|s p/PowerDNS/ cpe:/a:powerdns:powerdns/ match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03.......PowerDNS Recursor ([\w._-]+) (\$Id: pdns_recursor\.cc .*?\$)$|s p/PowerDNS Recursor/ v/$1/ i/$2/ cpe:/a:powerdns:recursor:$1/ match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03......PowerDNS Recursor ([\w._-]+) (\$Id: pdns_recursor\.cc .*?\$)$|s p/PowerDNS Recursor/ v/$1/ i/$2/ cpe:/a:powerdns:recursor:$1/ match domain m|^\0\x06\x85[\x00\x80]\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\x05\0..Served by POWERDNS ([\w._-]+) (\$Id: packethandler\.cc .*?\$)$|s p/PowerDNS/ v/$1/ i/$2/ cpe:/a:powerdns:powerdns:$1/ match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x01\0\x01\0\0\0\x03\0\x04....$|s p/Netgear ProSafe FVS318v3 firewall named/ d/firewall/ cpe:/h:netgear:prosafe_fvs318v3/a match domain m|^\0\x06\x05\0\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01X\x02\0\0\0..Microsoft DNS (.+)|s p/Microsoft DNS/ v/$1/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows/a match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x01\0\x01\0\0\0\x05\0\x04....|s p/Aruba 3400 Mobility Controller named/ match https-dns m|^\0\x06\x81\x83\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/HTTPS-DNS HTTPS-over-DNS tunnel/ match nstx m|^\0\x06\x84\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x01\xc0\x0c\0\x10\0\x01\0\0\0\0| p/NSTX IP-over-DNS tunnel/ # Microsoft DNS Windows 2000, SP4 # Zoom X5 ADSL modem DNS match domain m|^\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| # This fallback is because many people customize their BIND version to avoid # revealing specific version information. This rule should always be below the # detailed rules above. match domain m|\x07version\x04bind.*[\x04-\x1f][\x03-\x1e]([-\w._ ,;?()[\]+:/@\n]{3,30})|s p/ISC BIND/ i/Fake version: $1/ cpe:/a:isc:bind/ # Allow 3-20 character version numbers match domain m|\x07version\x04bind.*[\x03-\x14]([-\w._ ]{3,20})$|s p/ISC BIND/ i/Fake version: $1/ cpe:/a:isc:bind/ match domain m|\x07version\x04bind.*[\x08-\x19]BIND ([-\w._]{3,20})$|s p/ISC BIND/ i/Fake version: $1/ cpe:/a:isc:bind/ match domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03\0\0\0\0\0\)\(Meta IP DNS - BIND V([\d.]+)-REL \(Build (\d+)\)| p/Meta IP ISC BIND/ v/$1 build $2/ cpe:/a:isc:bind:$1/ # ISC BIND 8.2.7-REL match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x1b\x1arbldnsd ([\d.]+) | p/rbldnsd/ v/$1/ match domain m|^\0\x06\x85\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03\0\0\0\0\0\('Peticion no permitida/Query not allowed| p/ZyXEL Prestige 643 dns cache/ d/switch/ match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\x01Q\x80\0\x02\0\0| p/ZyXEL P-660R-D1 ADSL router dnsd/ d/broadband router/ cpe:/h:zyxel:p-660r-d1/ match domain m|^\0\x06\x81\x85\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/ZyXEL P-660HW-D1 wireless ADSL router dnsd/ d/WAP/ cpe:/h:zyxel:p-660hw-d1/ match cisco-sla-responder m|^..\0\x08\0\x03[\0\r][\0\n]$|s p/Cisco SLA Responder/ d/router/ o/IOS/ cpe:/o:cisco:ios/a match statd m|^r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01$| p/NFS statd/ # Aethra SV1242 - ADSL2plus IAD match domain m|^\0\x06\x80\x85\0\0\0\0\0\0\0\0$| p/Aethra SV1242 WAP/ d/WAP/ cpe:/h:aethra:sv1242/ # nsd 3.2.8 # NSD 3.2.10 match domain m|^\0\x06\x81\x05\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/NLnet Labs NSD/ v/3.2.8 - 3.2.10/ cpe:/a:nlnetlabs:nsd:3.2/ # These are pretty generic: match domain m|^\0\x06\x81\x84\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/pdnsd or Tor DNSPort/ match domain m|^\0\x06\x81\x82\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/NetWare dnsd/ o/NetWare/ cpe:/o:novell:netware/a match domain m|^\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x01\0\x01\0\0\0\x05\0\x04\xa3\xc0\x08\x06$| p/ArubaOS 3.3 named/ o/ArubaOS/ match domain m|^\0\x06\x81\x05\0\0\0\0\0\0\0\0$| p/MaraDNS/ match domain m|^\0\x06\x81\x03\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| p/Eagle DNS/ match kerberos-sec m=^~[\x60-\x62]\x30[\x5e-\x60]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01\x3c\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\x16\x1b\x14No client in request=s p/MIT Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:mit:kerberos/ # Symantec Antivirus (rtvscan.exe) match symantec-av m|^\0\x06\x01\x01\0\x10..........$|s p/Symantec rtvscan antivirus/ cpe:/a:symantec:antivirus/ match tunnel-test m|^\0\x06\x01\0\0\x02\0\0\0\0\0\0$| p/Check Point tunnel_test/ match unreal m|^.[\x40\xc0].[\x20\x23\x32\x38].[\x40\xc0].[\x20\x23\x32\x38]|s p/Unreal Tournament 2004 game server/ softmatch domain m|^\0\x06[\x80-\x87].\0\x01\0.\0.\0.\x07version\x04bind\0\0\x10\0\x03| ##############################NEXT PROBE############################## Probe TCP DNSVersionBindReq q|\0\x1E\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03| rarity 3 ports 53,135,512-514,543,544,628,1029,13783,2068,2105,2967,5000,5323,5520,5530,5555,5556,6543,7000,7008 # https://github.com/haiwen/ccnet match ccnet m|^\x01\x01\0\(\0\0\0\0([0-9a-f]{40})| i/peer ID $1/ match domain m|\x07version\x04bind.*\x0cdnsmasq-([-\w._ ]+)$|s p/dnsmasq/ v/$1/ cpe:/a:thekelleys:dnsmasq:$1/ match domain m|^....\x85\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0...dnsmasq-([\w._-]+)$|s p/dnsmasq/ v/$1/ cpe:/a:thekelleys:dnsmasq:$1/ # Has to come before BIND matches. match domain m|^..\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x0e.unbound ([\w._-]+)$| p/Unbound/ v/$1/ cpe:/a:nlnet:unbound:$1/ match domain m|\x07version\x04bind.*[\x03-\x14]BIND ([-\w._]{3,20})|s p/ISC BIND/ v/$1/ cpe:/a:isc:bind:$1/ match domain m|\x07version\x04bind.*[\x03-\x14]NSD ([-\w._]{3,20})|s p/NLnet Labs NSD/ v/$1/ cpe:/a:nlnet:nsd:$1/ match domain m|\x07version\x04bind.*[\x03-\x14]([-\w._ ]{3,20})|s p/ISC BIND/ v/$1/ cpe:/a:isc:bind:$1/ # ISC Bind 9.1.3 match domain m|\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x01\0| p/ISC BIND/ v/9.X/ cpe:/a:isc:bind:9/ match domain m|^..\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0...[\w._-]+-RedHat-([\w._-]+\.el5_[\w._-]+)\xc0\x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c|s p/ISC BIND/ v/$1/ o/Red Hat Enterprise Linux/ cpe:/a:isc:bind:$1/ cpe:/o:redhat:enterprise_linux/ match domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03\0\0\0\0\0\)\(Meta IP DNS - BIND V([\d.]+)-REL \(Build (\d+)\)| p/Meta IP ISC BIND/ v/$1 build $2/ cpe:/a:isc:bind:$1/ # ISC BIND 8.2.7-REL match domain m|\x07version\x04bind\0\0\x10\0\x03\x07VERSION\x04BIND\0\0\x10\0\x03\0\0\0\0\0| p/ISC BIND/ v/8.X/ cpe:/a:isc:bind:8/ # pdnsd 1.1.7a, 1.1.8b1 # http://www.phys.uu.nl/~rombouts/pdnsd.html match domain m|^\0\x1e\0\x06\x81\x84\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/pdnsd/ # Windows 2000 SP4 match domain m|^\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/Microsoft DNS/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows/a match domain m|\x07version\x04bind\0.*Microsoft DNS ([-\w_.]+) \(|s p/Microsoft DNS/ v/$1/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows/a # Novell 5.1 DNS Server # BIND 4.9.7-REL on OpenBSD # JDNSS 1.4.5 match domain m|^\0\x1e\0\x06\x81.\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$|s # PowerDNS 2.9.6 on FreeBSD # PowerDNS 2.9.8 Linux match domain m|^..\0\x06\x85\0\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0.\xc0\x0c\0\x10\0\x01\0\0\0\x05\0..Served by POWERDNS (\d[-.\w]+) |s p/PowerDNS/ v/$1/ cpe:/a:powerdns:powerdns:$1/ match domain m|^..\0\x06\x85\0\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0.\xc0\x0c\0\x10\0\x01\0\0\0\x05\0..Served by PowerDNS - http://www\.powerdns\.com|s p/PowerDNS/ cpe:/a:powerdns:powerdns/ match domain m|^..*\x07version\x04bind.*PowerDNS Recursor ([\d.]+)|s p/PowerDNS Recursor/ v/$1/ cpe:/a:powerdns:recursor:$1/ match domain m|^..*\x07version\x04bind.*Incognito DNS \w+ ([\d.]+) \(|s p/Incognito DNS Commander/ v/$1/ match domain m|^\0\x0c\0\x10\x81\x85\0\0\0\0\0\0\0\0$| p/Edimax BR-6104K router named/ d/router/ cpe:/h:edimax:br-6104k/ # Symantec Enterprise Firewall 6.5.2 DNS proxy on Win2K match domain m|^\0\x1e\0\x06\x81\x85\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/Symantec Enterprise Firewall DNS proxy/ cpe:/a:symantec:enterprise_firewall/ # Unbound 1.2.0 match domain m|^\0\x0c\0\x06\x81\x05\0\0\0\0\0\0\0\0$| p/NLNet Labs Unbound/ cpe:/a:nlnet:unbound/ match domain m|^\0L\0\x06\x85\0\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x22\x21Hi: [\w: ]{28}$| p/OzymanDNS DNS tunnel/ match domain m|^\0\x1e\0\x06\x85\x83\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/D-Link DIR-300 WAP named/ d/WAP/ cpe:/h:dlink:dir-300/a # http://member.wide.ad.jp/~fujiwara/v6rev.html match domain m|^\0\x1e\0\x06\x85\x05\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/v6rev/ match exec m|^\x01Login incorrect\.\n$| # HP-UX B.11.00 A match exec m|^\x01rexecd: Login incorrect.?\n$| p/HP-UX rexecd/ o/HP-UX/ cpe:/o:hp:hp-ux/a match exec m|^\x01rexecd: Couldn't look up address for your host\n$| p/HP-UX rexecd/ o/HP-UX/ cpe:/o:hp:hp-ux/a match exec m|^\x01rexecd: [-\d]+ The login is not correct\.\n| p/AIX rexecd/ o/AIX/ cpe:/o:ibm:aix/a match exec m|^\x01rexecd: [-\d]+ Connexion incorrecte\.\n| p/AIX rexecd/ i/French/ o/AIX/ cpe:/o:ibm:aix/a match exec m|^\x01INTERnet ACP AUXS failure Status = %LOGIN-F-NOSUCHUSER\r\n\0$| p/OpenVMS execd/ o/OpenVMS/ cpe:/o:hp:openvms/a # MyDNS 0.10.0 on Linux match domain m|^\0\x0c\0\x06\x81\x04\0\0\0\0\0\0\0\0$| p/MyDNS/ match domain m|^\0\x0c\0\x06\x80\x05\0\0\0\0\0\0\0\0$| p/MaraDNS/ match domain m|^\0\x0c\0\x06\x81\x84\0\0\0\0\0\0\0\0$| p/MikroTik RouterOS named or OpenDNS Updater/ match domain m|^\0\x0c\0\x06\x81\x85\0\0\0\0\0\0\0\0$| p/Nortel Contivity firewall DNS/ d/firewall/ cpe:/h:nortel:contivity/ match domain m|^..\0\x06\x81\x80\0\x01\0\x01\0\0\0\0\x07version\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0..Nominum Vantio ([\w._-]+)$|s p/Nominum Vantio/ v/$1/ softmatch domain m|^\0.\0\x06[\x80-\x87].\0\x01\0.\0.\0.\x07version\x04bind\0\0\x10\0\x03| match http m|^HTTP/1\.1 506 \r\nContent-Type: text/html\r\nServer: JavaWeb/0\r\n\r\n

          506 - IO Error

          $| p/AirDroid httpd/ d/phone/ o/Android/ cpe:/a:airdroid:airdroid/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel/ match ixia m=^\0.\x05\x02....\0\x01\x01@\0\0\0\0\0\0\0\0\0.\$Id: //ral_depot/products/IxChariot([\w._-]+)/(?:ENDPOINT|endpoint)/CODE/client\.c#\d+ \$\0\0\0..\0\x02\0\x0ce1_thread\0\0\x18main_process_incoming\0$= p/IxChariot/ v/$1/ i/Ixia XR100 performance monitor/ # Digital UNIX V4.0F login match login m|^\x01Permission denied: Error 0$| p/Digital UNIX login/ o/Digital UNIX/ cpe:/o:dec:digital_unix/a match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\n\r\n\r\n\r\n\r#################################################\n\r### ###\n\r### LSI Logic Series 4 SCSI RAID Controller ###\n\r### Copyright \d+, LSI Logic Inc\. ###\n\r### ###\n\r### Series 4 Disk Array Controller ###\n\r### Serial number: (\w+) ###\n\r### Network name: ([-\w_.]+) *###| p/LSI Logic Series SCSI RAID rlogin/ i/Serial $1; Network name $2/ match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\n\r\n\r\n\r\n\r#####################################################################\n\r### ###\n\r### Engenio Series 4, RAID Controller ###\n\r### Copyright 2003-2004, Engenio Information Technologies, Inc\. ###\n\r### ###\n\r### Series 4 Disk Array Controller ###\n\r### Serial number: (\w+) ###\n\r### Network name: ([\w._-]+) *###\n\r| p/IBM DS4400 NAS device rlogin/ i/Serial $1; Network name $2/ d/storage-misc/ cpe:/h:ibm:ds4400/a match login m|^\0\r\nSorry, shell is locked\.\r\n$| p/FabricOS switch logind/ d/switch/ cpe:/o:brocade:fabric_os/ match login m|^\0\r\n\nLantronix MSS100 Version V([\d.]+)/\d+\(\d+\)\n\r\nType HELP at the 'Local_\d+> ' prompt for assistance\.\n\r\n\r\n\nUsername> | p/Lantronix MSS100 serial interface logind/ v/$1/ d/specialized/ match login m|^\[Thread \d+\(INITIAL\)\] at 0x\w+: Segmentation fault \(Stack bottom 0x0\)\n| p|Aficio/NRG/Ricoh printer logind| d/printer/ match login m|^\x01Winsock RSHD/NT: Protocol negotiation error\.\n\0$| p/Winsock RSHD/ o/Windows/ cpe:/o:microsoft:windows/a # We've seen this on Cisco routers and also NetApp filers match login m|^\x01Permission denied\.\n$| p|Cisco/NetApp logind| match login m=^\x01Permission denied ?: Error (?:35|0|1)\r?\n?$= p/Tru64 Unix logind/ o/Tru64 UNIX/ cpe:/o:compaq:tru64/a match login m|^\x01permission denied\.\n| p/Solaris logind/ o/Solaris/ cpe:/o:sun:sunos/a match login m|^\x01UX:in\.rlogind: Permission denied\.\r\n| p/Siemens HiPath logind/ match login m|^\x01Permission denied : Error \d+\r\n| match login m|^\x01rlogind: Acc\xe8s refus\xe9\.\r\n| p/AIX rlogind/ i/French/ o/AIX/ cpe:/o:ibm:aix/a match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\n\r\n\r\n\r\n\r#+\n\r### +###\n\r### LSI Logic Series 4 SCSI RAID Controller ###.*Serial number: 1T84210104 |s p/LSI Series 4 RAID controller logind/ d/storage-misc/ match login m|^\0\r\nEL-(\d+) RealPort Server - US Patent No\. 6,047,319\r\n| p/Digi EtherLite $1 RealPort logind/ d/terminal server/ match login m|^\0\n\rSelect access level \(read, write, administer\): \w+ _vxTaskEntry| p/3Com LANplex switch logind/ d/switch/ match login m|^\0\^A\^@\^@\^@\^@\^@\^@\^Gversion\^Dbind\^@\^@\^P\^@\r\n-> shell restarted\.\r\n\r\n-> | p/ShoreTel VoIP phone logind/ d/VoIP phone/ match login m|^\x01TCPIP RLOGIN Connection refused\0\0$| p/OpenVMS logind/ o/OpenVMS/ cpe:/o:hp:openvms/a match login m|^\0\r\n-> trcStack aborted: error in top frame\r\ntShell restarted\.\r\n\r\n-> !1 echo_recv: -1\.\r\n| p/ACT VoIP wifi phone logind/ d/VoIP phone/ match login m|^\0\r\nEL-32 EtherLite module\r\n\r\n| p/Digi EtherLite32 logind/ match login m|^\x01in\.rlogind: Permission denied\.\r\n| p/Microsoft Windows Services for Unix logind/ o/Windows/ cpe:/a:microsoft:windows_services_for_unix/ cpe:/o:microsoft:windows/a match login m|^\x01rlogind: Host name for your address \([\d.]+\) unknown\.\r\n| p|A/UX logind| o|A/UX| cpe:/o:apple:a_ux/ # OpenBSD 2.3 # Solaris 9 match login m|^\x01rlogind: Permission denied\.\r\n$| match login m|^\0\r\nlogin: | p/Airspan MiMAX WiMAX WAP logind/ d/WAP/ # HP-UX 11 Kerberized rlogin match klogin m|^\x01rlogind: Login Incorrect\.\r\n$| p/HP-UX kerberized rlogin/ o/HP-UX/ cpe:/o:hp:hp-ux/a match klogin m|^\x01rlogind: Kerberos Authentication not enabled\.\.\r\n| p/HP-UX kerberized rlogin/ i/disabled/ o/HP-UX/ cpe:/o:hp:hp-ux/a # Solaris Kerberos authenticated login match klogin m|^\x01rlogind: Kerberos authentication failed\.\r\n| p/Solaris kerberized rlogin/ o/Solaris/ cpe:/o:sun:sunos/a match klogin m|^\x01rlogind: Kerberos authentication failed, exiting\.\r\n| p/Solaris kerberized rlogin/ o/Solaris/ cpe:/o:sun:sunos/a match klogin m|^\x01klogind: Kerberos authentication failed\.\r\n| p/Kerberized rlogin/ match klogin m|^\x01eklogin: Kerberos authentication failed\.\r\n| p/Encrypted Kerberized rlogin/ match klogin m|^\x01eklogind: Kerberos authentication failed\.\r\n| p/Encrypted Kerberized rlogin/ # Solaris Kerberos authenticated remote shell match kshell m|^\x01[kr]shd: Authentication failed: Bad sendauth version was sent\n| p/Solaris kerberised rsh/ o/Solaris/ cpe:/o:sun:sunos/a match kshell m|^\x01krshd: Kerberos Authentication Failed\.\r\n| p/AIX kerberised rsh/ o/AIX/ cpe:/o:ibm:aix/a match kshell m|^\x01krshd: Echec de l'authentification Kerberos\.\r\n\0| p/AIX kerberised rsh/ i/French/ o/AIX/ cpe:/o:ibm:aix/a match kshell m|^\x01kshd: Authentication failed: | p/Kerberized rsh/ o/Unix/ match ssc-agent m|^\0\x1e\0\x06\0\t\0\0$| p/Novell NetWare ssc-agent/ o/NetWare/ cpe:/o:novell:netware/a # http://www.apcupsd.com/ - apcupsd 3.8.5-1.3 on Linux 2.4.X match apcupsd m|^\0\x11Invalid command\n\0\0\0$| p/apcupsd/ # Avocent AutoView 1000R KVM or HP 3x1x16 KVM or Dell IP KVM model 2161DS Console Switch match kvm m|^BEEF\x83\0\0| p/KVM daemon/ match klogin m|^\x01krlogind: Kerberos Authentication Failed\.\r\n\0| p/AIX kerberized rlogin/ o/AIX/ cpe:/o:ibm:aix/a match klogin m|^\x01krlogind: Echec de l'authentification Kerberos\.\r\n\0| p/AIX kerberized rlogin/ i/French/ o/AIX/ cpe:/o:ibm:aix/a match klogin m|^\0\0's Password: $| p/AIX kerberized rlogin/ o/AIX/ cpe:/o:ibm:aix/a match kshell m|^\x01rshd ?: [-\d]+ The host name for your address is not known\.\n| p/AIX (kerberized?) rshd/ o/AIX/ cpe:/o:ibm:aix/a match kshell m|^\x01rshd ?: [-\d]+ Le nom d'h\xf4te correspondant \xe0 l'adresse est inconnu\.\n| p/AIX (kerberized?) rshd/ i/French/ o/AIX/ cpe:/o:ibm:aix/a match kshell m|^\x01rshd: [-\d]+ The remote user login is not correct\.\n| p/AIX (kerberized?) rshd/ o/AIX/ cpe:/o:ibm:aix/a match minecraft m|^\xff\0\x0eProtocol error| p/Minecraft game server/ match modbus m|^\0\x1e\0\x06\0\x03\0\x01\0| p/Modbus TCP/ match modbus m|^\0\x1e\0\x06\0\x03\0\x80\x01| p/Modbus TCP/ match utrmcd m|^\x01in\.utrcmdd \(remote\): protocol error \(1\)\n\0| p/Sun Ray utrmcdd/ cpe:/a:sun:ray_server_software/ # 13724/tcp match vnetd m|^1\0$| p/Veritas Netbackup Network Utility/ cpe:/a:symantec:veritas_netbackup/ # Sun Cobalt Adaptive Firewall 1.7-0 match pafserver m|^\0&\xeb\xefTQM\xee\[B| p/Sun Cobalt Adaptive Firewall/ o/Linux/ cpe:/o:linux:linux_kernel/a # RSA SecureID Ace Server 5 match sdlog m|^\0\0\0\x01\0\x17\0\x14\0\x06\0\0\0\x01\0\0\0\0\0\0$| p/RSA SecureID Ace Server/ cpe:/h:rsa:securid/ match freeciv m|^\0\x03\x02\0\.\x01\0\0\0\0Invalid name ''\0\+1\.14\.0 conn_info team\0\0\x03\x03$| p/Freeciv/ v/1.X/ cpe:/a:freeciv:freeciv:1/ match freeciv m|^\0\x03X\0.\x01\0\0\0\0Your client is too old\. To use this server please upgrade your client to a CVS version later than 2003-11-28 or Freeciv 1\.15\.0 or later\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ cpe:/a:freeciv:freeciv:2/ match freeciv m|^\0\x03X\0.\x01\0\0\0\0Tw\xc3\xb3j klient jest zbyt stary\. Aby wej\xc5\x9b\xc4\x87 na ten serwer musisz u\xc5\xbcywa\xc4\x87 klienta w wersji co najmniej 1\.15\.0\. \(Lub z CVS'a po 18\.11\.2003\)\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ i/Polish/ cpe:/a:freeciv:freeciv:2:::pl/ match freeciv m|^\0\x03X\0.\x01\0\0\0\0Votre client est trop vieux\. Pour utiliser ce serveur veuillez mettre votre client \xc3\xa0 jour avec une version Freeciv 2\.2 ou ult\xc3\xa9rieure\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ i/French/ cpe:/a:freeciv:freeciv:2:::fr/ match freeciv m|^\0(?:\x03\x58\0)?\x6a\x01\0\0\0\0Your client is too old\. To use this server, please upgrade your client to a Freeciv 2\.2 or later\.\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/2.X/ cpe:/a:freeciv:freeciv:2/ match freeciv m|^\0\x03\x58\0\x16\x01\0\0\0\0Freeciv ([\d.]+)\0\0\0\x03\0\0\x03\x01$| p/Freeciv/ v/$1/ cpe:/a:freeciv:freeciv:$1/ match imaze-game m|^\0\x18\x82iMaze server JC/HUK ([\d.]+)$| p/iMaze game server/ v/$1/ match msrpc m|^\x05\0\r\x03\x10\0\0\0\x18\0\0\0v\x07\0\0\x04\0\x01\x05\0\0.\0$|s p/Microsoft RPC/ o/Windows/ cpe:/o:microsoft:windows/a # http://msdn.microsoft.com/en-us/library/cc219293.aspx softmatch mc-nmf m|^\x08Ihttp://schemas\.microsoft\.com/ws/2006/05/framing/faults/UnsupportedVersion| o/Windows/ cpe:/o:microsoft:windows/a match ormi m|^\xe3\r\n\r\n\0\x01\0.\0vInvalid protocol verification, illegal ORMI request or request performed with an incompatible version of this protocol|s p/Oracle Remote Method Invocation/ match arkeia m|^\0\x05\0\0\0\0\0\0$| p/Arkeia Network Backup/ match qcheck m|^.*\$Id: //ral_depot/products/current/ENDPOINT/CODE/client\.c|s p/Ixia Q-Check network performance tester/ match qmqp m|^58:Dnetstring format error while receiving QMQP packet header,| p/Postfix qmqpd/ match sybase-adaptive m|^\x04\x01\0\(\0\0\0\0\xaa\0\x14\0\0\x0f\xa2\x01\x0eLogin failed\.\n\xfd\0\x02\0\x02\0\0\0\0$| p/Sybase Adaptive Server/ o/Windows/ cpe:/a:sybase:adaptive_server/ cpe:/o:microsoft:windows/a match telecom-misc m|^\0\x1e\x02\x06\x01\0\0\0\0\0\0\xf1\0| p/Radio IP MTG gateway/ d/telecom-misc/ match warcraft m|^\0\0\x09$| p/World of Warcraft game server/ match upnp m|^HTTP/1\.0 414 Request-URI Too Long\r\nServer: Linux/([\w._-]+) UPnP/([\w._-]+) fbxigdd/([\w._-]+)\r\nConnection: close\r\n\r\n$| p/fbxigdd/ v/$3/ i/AliceBox PM203 UPnP; UPnP $2/ d/WAP/ o/Linux $1/ cpe:/o:linux:linux_kernel:$1/ match xtunnels m|^\0\x03\x04\0\x04$| p/XTunnels proxy server/ # DNS Server status request: http://www.rfc-editor.org/rfc/rfc1035.txt ##############################NEXT PROBE############################## Probe UDP DNSStatusRequest q|\0\0\x10\0\0\0\0\0\0\0\0\0| rarity 5 ports 53,69,135,1761 match iodine m|^\x80\xa7\x84\0\0\x01\0\x01\0\0\0\0.*\0\0\x0a\0\x01\xc0\x0c\0\n\0\x01\0\0\0\0\0\x05BADIP$| p/iodine IP-over-DNS tunnel/ cpe:/a:kryo:iodine/ match domain m|^\0\0\x90\x04\0\0\0\0\0\0\0\0| match domain m|^\0\x06\x81\x82\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03$| p/Encore ENDSL-AR4 DSL router named/ d/broadband router/ cpe:/h:encore:endsl-ar4/a # This one below came from 2 tested Windows XP boxes match msrpc m|^\x04\x06\0\0\x10\0\0\0\0\0\0\0| match netprobe m|^\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/Mega System Technologies NetProbe Lite environmental sensor/ d/specialized/ match tftp m|^\0\x05\0\x02\0The IP address is not in the range of allowable addresses\.\0| p/SolarWinds tftpd/ i/IP disallowed/ o/Windows/ cpe:/a:solarwinds:tftp_server/ cpe:/o:microsoft:windows/a match tftp m|^\0\x05\0\0Invalid TFTP Opcode| p/Cisco tftpd/ cpe:/a:cisco:tftp_server/ match tftp m|^\0\x05\0\x04Illegal TFTP operation\0| p/Plan 9 tftpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a match tftp m|^\0\x05\0\x04Error: Illegal TFTP Operation\0\0\0\0\0| p/Zoom X5 ADSL modem tftpd/ d/broadband router/ cpe:/h:zoom:x5/a match tftp m|^\0\x05\0\x04Illegal operation\0$| p/Cisco router tftpd/ d/router/ o/IOS/ cpe:/a:cisco:tftp_server/ cpe:/o:cisco:ios/a match tftp m|^\0\x05\0\x04Illegal operation error\.\0$| p/Microsoft Windows Deployment Services tftpd/ o/Windows/ cpe:/o:microsoft:windows/ # version 10.9.0.25 match tftp m|^\0\x05\0\x04Unknown operatation code: 0 received from [\d.]+:\d+\0| p/SolarWinds Free tftpd/ cpe:/a:solarwinds:tftp_server/ # TFTP error softmatch tftp m|^\0\x05\0[\0-\x07][^\0]+\0$| match landesk-rc m|^\0\0\0\0USER\x01\0\x10\0\x08\0:\xd0\x08\0:\xd0\x01\x01\.\0O\0\x03\0T\0\xff\xff\0\0\0\xfd\0\0\0\0\0\0\x02\0\0\0LANDeskWorkgroup Manager ver ([\d.]+)\0| p/LANDesk Workgroup Manager/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a # DNS Server status request: http://www.crynwr.com/crynwr/rfc1035/rfc1035.html ##############################NEXT PROBE############################## Probe TCP DNSStatusRequest q|\0\x0C\0\0\x10\0\0\0\0\0\0\0\0\0| rarity 7 ports 53,513,514,6050,41523 match domain m|^\0\x0c\0\0\x90\x04\0\0\0\0\0\0\0\0$| match domain m|^\0\x0c\0\0\x90\x84\0\0\0\0\0\0\0\0$| p/OpenDNS Updater/ # Fortigate v4.0,build0511,120110 (MR3 Patch 4) match domain m|^\0\x0c\0\0\x90\x01\0\0\0\0\0\0\0\0$| p/Fortinet FortiGate named/ # ARCserve Client Agent v4.0d for Solaris 2.x(Running on SunOS 5.8Generic_108528-13 sun4u) match arcserve m|^\0\0s\0\0\0\0\0$| p/ARCserve Client Agent/ i/backup software/ cpe:/a:ca:arcserve_client_agent/ # ARCServe Win32 Client Agent v4.0 match arcserve m|^h\0\0\0\0\0\0\0$| p/ARCserve Client Agent/ i/backup software/ cpe:/a:ca:arcserve_client_agent/ # ARCserver Client Agent Discovery service on W2K3 match arcserve m|^([\w\d_-]+)\0$| p/ARCserve Discovery/ h/$1/ cpe:/a:ca:arcserve_client_agent/ match login m|^\0\r\n\nIQinVision IQeye3 Version ([vV].*)\n\r\nType HELP| p/IQinVision IQeye3 logind/ v/version $1/ d/webcam/ match login m|^\0\r\n\nLantronix ETS16 Version V([\d.]+)/\d+\(\d+\)\n\r\nType HELP at the 'BRTR-ETS16>' prompt for assistance\.\n\r\nUsername> | p/Lantronix ETS16 logind/ v/$1/ d/terminal server/ cpe:/h:lantronix:ets16:$1/ # Craftbukkit server build 860 (Minecraft v 1.6.6) http://bukkit.org match minecraft m|^\xff\0\x0e\0P\0r\0o\0t\0o\0c\0o\0l\0 \0e\0r\0r\0o\0r$| p/Minecraft game server/ match shell m|^\0rsh: \x10: Command not supported\n| p/Ricoh rshd/ d/printer/ # Know the device but not the service. # match unknown m|^\0\0\0\0\0\x03\0\x80\x01$| p/Weintek MT8000 touch screen/ d/media device/ ##############################NEXT PROBE############################## Probe UDP NBTStat q|\x80\xf0\0\x10\0\x01\0\0\0\0\0\0\x20\x43\x4bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0\x21\0\x01| rarity 4 ports 137 # Windows Server 2003 match domain m|^\x80\xf0\x80\x80\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2003/ # Windows Server 2003 match domain m|^\x80\xf0\x80\x82\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2003/ # Windows Server 2012 Release Candidate Datacenter running DNS 6.2.8400.0. match domain m|^\x80\xf0\x80\x02\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ v/6.2/ o/Windows/ cpe:/a:microsoft:dns:6.2/ cpe:/o:microsoft:windows_server_2012/ match domain m|^\x80\xf0\x81\x83\0\x01\0\0\0\0\0\0 ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\0\0!\0\x01| p/Mikrotik DNS/ d/router/ # NBT Response starts with a header: # The following fields are each 2 bytes: transaction ID; Flags; question count; answer count; name service count; additional record count # Next comes 34 bytes NUL-terminaed name # then comes 2 byte fields: question type; question clss # 4 byte TTL # 2 byte rdata length # 1 byte number of names ### -- End of header # Next comes the given number of nbnames - each are a 15 byte name (space padded) followed by a one byte service type, and then 16 BIT flags ### -- End of name table - finally comes the footer: # 48 - Adapter address (eg MAC addy) # 8 bit fields: major version; minor version # 16 bit fields: duration; frmps received; frmps transmitted; iframe receive errors; transmit aborts # 32 bit fields: trasnmitted; received # The remaining fields are all 16-bits: iframe transmit errors; number of receive buffers; tl_timeouts; tl_timeouts; free ncbs; ncbs; # max_ncbs; number of transmit buffers; max datagram; pending sessions; max sessions; packet_sessions # I'm not convinced that these next 4 work on a very wide variety of # machines. I think most of the real matching comes in the next block. match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0\w{1,15} *\x1e\x84\0\w{1,15} *\x1d\x04\0\x01\x02__MSBROWSE__\x02\x01\x84\0(\w{1,15}) *\x03|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2 user: $3/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/ match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0\w{1,15} *\x1e\x84\0\w{1,15} *\x1d\x04\0\x01\x02__MSBROWSE__\x02\x01\x84\0\0|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/ match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0(\w{1,15}) *\x03\x04\0\w{1,15} *\x1e\x84\0|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2 user: $3/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/ match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...(\w{1,15}) *\0\x04\0(\w{1,15}) *\0\x84\0\w{1,15} *\x03\x04\0\w{1,15} *\x04\0\w{1,15} *\x1e\x84\0|s p/Microsoft Windows XP netbios-ssn/ i/workgroup: $2/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/ # It would be really nice if we could get username and/or OS # information from this. But it is quite hard to parse out the proper # information unambiguously, especially with just regular expressions. # But it certainly would be nice to get more info: # # nbtstat # match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0..([\w\-]{1,15}) *\0D\0.*\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0..([\w\-]{1,15}) *\0D\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0...*\0([\w\-]{1,15}) *\0D\0.*\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0...*\0([\w\-]{1,15}) *\0D\0([\w\-]{1,15}) *\0\xc4\0|s p/Microsoft Windows netbios-ssn/ i/workgroup: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a # Windows NT 4.0 SP6a match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15}).*\04\0([\w\-]{1,15}) *\0\x84\0|s p/Microsoft Windows NT netbios-ssn/ i/workgroup: $2/ o/Windows NT/ h/$1/ cpe:/o:microsoft:windows_nt/a # WinXP match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15}).*\x04| p/Microsoft Windows XP netbios-ssn/ o/Windows XP/ h/$1/ cpe:/o:microsoft:windows_xp/a match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0\0/\x00......\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|s p/Microsoft Windows Mobile netbios-ssn/ o/Windows/ cpe:/o:microsoft:windows/a match netbios-ns m|^\x80\xf0\x85\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15}).*\04\0([\w\-]{1,15}) *\x1e\x84\0|s p/Novell NetWare netbios-ns/ i/workgroup: $2/ o/NetWare/ h/$1/ cpe:/o:novell:netware/a # # Samba has a version too # nmbd version 2.2.7 on Linux 2.4.20 match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]{1,15}).*\0([\w\-]{1,15}) *|s p/Samba nmbd/ i/workgroup: $2/ h/$1/ cpe:/a:samba:samba/ # From an acer PDA match netbios-ns m|^\x80\xf0\x84\0\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...\0\x80H'y\x86\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/WinCE netbios-ns/ o/Windows CE/ cpe:/o:microsoft:windows_ce/a # From a mikrotik router match netbios-ns m|^\x80\xf0\x85\x80\0\x01\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...\d+\.\d+ \0D\0\0\0| p/MikroTik router netbios-ns/ d/router/ match netbios-ns m|^\x80\xf0\x84\x00\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...\x01\x02__MSBROWSE__\x02\x01\x84\0(MACBOOKPRO-[0-9A-F]{4})\0.*\0([\w._ -]+)\x1d|s p/Apple Mac OS X netbios-ns/ i/workgroup: $2/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/ match netbios-ns m|^\x80\xf0\x85\x80\0\0\0\x01\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01\0\0\0\0...([\w\-]+) *\0\x04\0|s p/Xerox WorkCentre netbios-ns/ d/printer/ h/$1/ match ntp m|^\x04\x01\0\0\0\0\0\0\0\0\0\0LOCL....\0\0\0\0AAAAA\0\0!....\0\0\0\0....\0\0\0\0| p/Actiontec ntpd/ d/broadband router/ # Apparently used on OS X: http://support.apple.com/kb/ts1629 match osu-nms m|^\x08\x02\0\x03\x03\x11\0\0\x03\x03\x12\0\0\x03\x03\x13\0\0\x03\x03\x14\0\0\x06\x03\x15\0\0\0\0\0\x06\x03\x16\0\0\0\0\0\x03\x03\x18\0\0\x04\x03\x19\0\0\0\x06\x03!\0\0\0\0\0\x06\x03\"\0\0\0\0\0\x06\x03#\0\0\0\0\0\x06\x03\$\0\0\0\0\0\x06\x03%\0\0\0\0\0\x06\x03&\0\0\0\0$| p/OSU Network Monitoring System/ ##############################NEXT PROBE############################## Probe UDP Help q|help\r\n\r\n| rarity 3 ports 7,13,37,42 match chargen m|@ABCDEFGHIJKLMNOPQRSTUVWXYZ| match echo m|^help\r\n\r\n$| # Solaris 8, 9 match daytime m=^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d (?:19|20)\d\d\n\r$= p/Sun Solaris daytime/ o/Solaris/ cpe:/o:sun:sunos/a # Mandrake Linux 9.2, xinetd daytime match daytime m|^[0-3]\d [A-Z][A-Z][A-Z] 20\d\d \d\d:\d\d:\d\d \S+\r\n| # Windows small services daytime match daytime m|^\d{1,2}:\d\d:\d\d [AP]M \d{1,2}/\d\d/\d{4}\n$| p/Windows small service daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\d{1,2}:\d\d:\d\d \d{1,2}/\d\d/\d{4}\n$| p/Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.20\d\d\n$| p/Microsoft Windows International daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\w\w\w \w\w\w \d\d \d\d:\d\d:\d\d \d\d\d\d\r\n$| p/AIX daytime/ o/AIX/ cpe:/o:ibm:aix/a match daytime m|^(\w\w\w \w\w\w \d\d \d\d:\d\d:\d\d \w+ \d\d\d\d)\r\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0\0\x7f\xff\xec0\0\0\0\0\0\0\0\0\0\0\0\0\x04\x01Q\xa0\0\0\0\0\0\x01\0\x15\x90-d\0\0\0\0\0\0\0\0\x1c\0\0\xff\xfe\xff\xff\xff\xff\xc5:H\0\0\x16\xc3\xd8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff\xac\x10\x0b\x05\0\xff\0\x06T\xa3\0\0 !\"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNO\xd3\$\x12\xccTUVWOy\x94L\0\r\xd1z\0\0\0\0\x04\x02\x1b`\0\0\0\0\x04\x02\x1b`| i/time: $1/ # TIME match time m|^[\xd5-\xe2]...$|s i/32 bits/ match time m|^[\xd5-\xe2]....\0\0\0$|s i/64 bits/ # Solaris Internet Name Server (42/udp), see ien116.txt match nameserver m|^help\r\n\r\n\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a match nameserver m|^\x03\x03\x02$| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a match nameserver m|^\0\x06\x01\0\0\x01\0\0\x03\x03\x02$| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a ##############################NEXT PROBE############################## Probe TCP Hello q|EHLO\r\n| rarity 8 ports 25,587,3025 sslports 465 totalwaitms 7500 match exalead m|^\? 1 illegal command\n\0| p/Exalead search appliance/ match smtp m|^220\s+(DP-\d+)\r\n250-Hello\r\n250-DSN\r\n| p/Panasonic smtpd/ v/$1/ i/Panasonic printer/ d/printer/ match smtp m|^220 ESMTP service ready\r\n250\x20ok\r\n| p/Rustock smtp backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match smtp m|^220 Hello [A-Z][a-z]{2}, .*\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Notes smtpd/ cpe:/a:ibm:lotus_notes/ match smtp m|^220 ([\w_.-]+) ESMTP\r\n250-[-\w_.]+\r\n250-AUTH LOGIN CRAM-MD5 PLAIN\r\n250-AUTH=LOGIN CRAM-MD5 PLAIN\r\n250-PIPELINING\r\n250 8BITMIME\r\n| p/Access Remote PC smtpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match smtp m|^220 \[[\w_.-]+\] FTGate Server Ready\r\n250-([\w._-]+)\r\n| p/Floosietek FTGate smtpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a # NetWare GroupWise Internet Agent 7 SP3 beta match smtp m|^220 ([\w_.-]+) Ready\r\n250-.*\r\n250-AUTH LOGIN\r\n(?:250-8BITMIME\r\n)?250-SIZE\r\n250 DSN\r\n| p/Novell NetWare GroupWise Internet Agent smtpd/ o/NetWare/ h/$1/ cpe:/a:novell:groupwise/ cpe:/o:novell:netware/a match smtp m|^220 .* Ready\r\n250-.*\r\n250-AUTH LOGIN\r\n(?:250-8BITMIME\r\n)?250-SIZE\r\n250 DSN\r\n| p/Novell NetWare GroupWise Internet Agent smtpd/ o/NetWare/ cpe:/a:novell:groupwise/ cpe:/o:novell:netware/a match smtp m|^220 \[[\w_.-]+\] ESMTP Ready\r\n501 HELO requires domain address\r\n| p/Canon imageRUNNER C5185 smtpd/ d/printer/ cpe:/h:canon:imagerunner_c5185/ match smtp m|^220 .* SMTP ready at .*\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Domino smtpd/ cpe:/a:ibm:lotus_domino/ match smtp m|^220 Hello\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Domino smtpd/ cpe:/a:ibm:lotus_domino/ match smtp m|^220 ([\w_.-]+)\r\n250-[\w._-]+ Axigen ESMTP hello\r\n| p/Axigen smtpd/ o/Unix/ h/$1/ cpe:/a:gecad:axigen_mail_server/ match smtp m|^220 ([\w_.-]+) ESMTP\r\n501 ehlo requires domain/address - see RFC-2821 4\.1\.1\.1\r\n| p/qpsmtpd/ h/$1/ match smtp m|^220 ([\w_.-]+) ESMTP Service ready\r\n250-[\w_.-]+ Missing required domain name in EHLO, defaulted to your IP address \[[\d.]+\]\r\n| p/Critical Path smtpd/ h/$1/ match smtp m|^220 \r\n501 \r\n| p/Konica Minolta bizhub 350 printer smtpd/ d/printer/ cpe:/h:konicaminolta:bizhub_350/ match smtp m|^220 ([\w_.-]+) ESMTP SonicWALL \(([\d.]+)\)\r\n| p/SonicWALL Email Security smtpd/ v/$2/ d/security-misc/ h/$1/ match smtp m|^220 ([\w_.-]+) ready\r\n250-[\w_.-]+\r\n250 AUTH LOGIN PLAIN \r\n$| p/Freemail smtpd/ h/$1/ match smtp m|^554 SMTP synchronization error\r\n| p/Exim smtpd/ cpe:/a:exim:exim/ match smtp m|^220 ([\w._-]+) ESMTP\r\n501 Syntax: EHLO hostname\r\n| p/Postfix smtpd/ h/$1/ cpe:/a:postfix:postfix/a match smtp m|^220 ESMTP Postfix\r\n501 Syntax: EHLO hostname\r\n| p/Postfix smtpd/ cpe:/a:postfix:postfix/a match smtp m|^220-\*{89}\r\n220 \*{32}\r\n250-Welcome [\w._-]+, nice to meet you\.\.\.\r\n250-AUTH=(?:\w+ ?)+\r\n250-AUTH(?: \w+)+\r\n250-SIZE \d+\r\n250-DSN\r\n250-ETRN\r\n250 XXXA\r\n| p/ArGoSoft smtpd/ o/Windows/ cpe:/o:microsoft:windows/a match smtp m|^220 ESMTP Ready\r\n250-([\w._-]+) Hello \[[\d.]+\]\r\n250-SIZE\r\n250-PIPELINING\r\n250-DSN\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250-X-ANONYMOUSTLS\r\n250-AUTH NTLM\r\n250-X-EXPS GSSAPI NTLM\r\n250-8BITMIME\r\n250-BINARYMIME\r\n250-CHUNKING\r\n250-XEXCH50\r\n250 XRDST\r\n| p/Microsoft Outlook Web Access smtpd/ h/$1/ match smtp m|^220 ([\w._-]+) ESMTP\r\n250-\1\r\n250-STARTTLS\r\n250-SIZE 50000000\r\n250-PIPELINING\r\n250 8BITMIME\r\n| p/qmail smtpd/ h/$1/ match smtp m|^220 ESMTP\r\n501 5\.0\.0 EHLO requires domain address\r\n| p/Sendmail/ cpe:/a:sendmail:sendmail/a match smtp m|^220 $| p/OpenBSD spamd/ match smtp-proxy m|^220 ([-\w_.]+) .*\r\n250-[-\w_.]+ supports the following ESMTP extensions:\r\n250-SIZE \d+\r\n250-DSN\r\n250-8bitmime\r\n250 OK\r\n| p/Trend Micro IMSS smtp proxy/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match smtp-proxy m|^220 ([\w._-]+) ESMTP [\w._-]+\r\n501 5\.5\.2 HELO requires domain address\r\n| p/SonicWALL Email Security Appliance smtp proxy/ d/proxy server/ h/$1/ match smtp-proxy m|^220 Ready to receive mail -=- ESMTP\r\n250-Ready to receive mail -=-\r\n250-AUTH LOGIN PLAIN\r\n250-AUTH=LOGIN PLAIN\r\n250-PIPELINING\r\n250 8BITMIME\r\n| p/PineApp Mail-SeCure smtp proxy/ cpe:/a:pineapp:mail-secure/ match smtp-proxy m|^220 MailStore SMTP Proxy Server\r\n250-([\w._-]+)\r\n250-STARTTLS\r\n250 MAILSTORE\r\n| p/MailStore smtp proxy/ h/$1/ ##############################NEXT PROBE############################## Probe TCP Help q|HELP\r\n| rarity 3 ports 1,7,21,25,79,113,119,515,587,1111,1311,12345,2401,2627,3000,3493,6560,6666-6670,22490 sslports 465 totalwaitms 7500 # http://www.computerpokercompetition.org/ match acpc m|^Usage: Valid commands are\nLIST\nCLEAR\nSTATUS\nKILL\nNEW\nCONFIG\nAUTONCONNECT\nGETINFO\nHELP\nFor specific help on each command, type HELP:COMMAND\r\r\n\n| p/Glassfrog computer poker server/ match caldav m|^\nError response\n\n\n

          Error response

          \n

          Error code 400\.\n

          Message: Bad request syntax \('HELP'\)\.\n

          Error code explanation: 400 = Bad request syntax or unsupported method\.\n\n| p/Radicale calendar and contacts server/ match chat m|^\r\n>STATUS\tset status\r\nINVISIBLE\tset invisible mode\r\nMAINWINDOW\tshow/hide main window\r\n| p/Simple Instant Messenger control plugin/ # CVSD (cvs chrooting service for pserver) cvsd 0.9.18 # CVS 1.11.5 pserver match cvspserver m|^cvs \[pserver aborted\]: bad auth protocol start: HELP\r\n\n?$| p/cvs pserver/ # CVSNT pserver match cvspserver m|^cvs \[server aborted\]: bad auth protocol start: HELP\r\n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/ match cvspserver m|^cvs \[server aborted\]: bad auth protocol start: HELP\r\nerror \n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/ match cvspserver m|^cvsnt \[server aborted\]: bad auth protocol start: HELP\r\nerror \n$| p/CVSNT cvs pserver/ cpe:/a:march-hare:cvsnt/ # Concurrent Versions System (CVS) 1.10.7 (client/server) match cvspserver m|^cvs-pserver \[pserver aborted\]: bad auth protocol start: HELP\r\n\n| p/cvs pserver/ match cvspserver m|^-f \[pserver aborted\]: bad auth protocol start: HELP\r\n\n| p/SunOS cvs pserver/ o/SunOS/ cpe:/o:sun:sunos/a match echo m|^HELP\r\n$| match irc-proxy m|^:ezbounce!srv NOTICE \(unknown\) :\x02| p/ezbounce irc proxy/ o/Unix/ # ProFTPD 1.2.5 match ftp m|^220 ([-.\w]+) FTP server ready\.\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n QUIT REIN\* PORT PASV TYPE STRU MODE RETR \r\n STOR STOU\* APPE ALLO\* REST RNFR RNTO ABOR \r\n DELE MDTM RMD XRMD MKD XMKD PWD XPWD \r\n SIZE LIST | p/ProFTPD/ v/1.2.5/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd:1.2.5/a match ftp m|^220 FTP-Server on \[([-\w_.]+)\]\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n214-USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n214-QUIT REIN\* PORT PASV TYPE STRU MODE RETR \r\n214-STOR STOU\* APPE ALLO\* REST RNFR RNTO ABOR \r\n214-DELE MDTM RMD XRMD MKD XMKD PWD XPWD \r\n214-SIZE LIST| p/ProFTPD/ v/1.2.5/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd:1.2.5/a # ProFTPD 1.2.6 match ftp m|^220 ([-.\w]+) FTP server ready\.\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n214-USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n214-QUIT REIN\* PORT PASV EPRT EPSV TYPE STRU \r\n214-MODE RETR STOR STOU APPE ALLO\* REST RNFR \r\n214-RNTO ABOR DELE MDTM RMD XRMD MKD XMKD| p/ProFTPD/ v/1.2.6/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd:1.2.6/a match ftp m|^220 ([-.\w]+ )?FTP [sS]erver ready\.?\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n214-USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n214-QUIT REIN\* PORT PASV EPRT EPSV TYPE STRU \r\n214-MODE RETR STOR STOU APPE ALLO\* REST RNFR \r\n214-RNTO ABOR DELE MDTM RMD XRMD MKD XMKD| p/ProFTPD/ v/1.2.6/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd:1.2.6/a # ProFTPD 1.2.8 # proftpd 1.2.9 rc1 match ftp m%^220 .*\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n(?:214-| )USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n(?:214-| )QUIT REIN\* PORT PASV TYPE STRU MODE RETR \r\n(?:214-| )STOR STOU APPE ALLO\* REST RNFR RNTO ABOR \r\n(?:214-| )DELE MDTM RMD XRMD MKD XMKD PWD XPWD \r\n(?:214-| )SIZE% p/ProFTPD/ v/1.2.8 - 1.2.9/ o/Unix/ cpe:/a:proftpd:proftpd/ match ftp m%^220 .*\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n(?:214-| )USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n(?:214-| )QUIT REIN\* PORT PASV EPRT EPSV TYPE STRU \r\n(?:214-| )MODE RETR STOR STOU APPE ALLO\* REST RNFR \r\n(?:214-| )RNTO ABOR DELE MDTM RMD XRMD MKD XMKD \r\n(?:214-| )PWD XPWD SIZE LIST NLST SITE SYST STAT \r\n% p/ProFTPD/ v/1.2.8 - 1.2.9/ o/Unix/ cpe:/a:proftpd:proftpd/ # proftpd 1.2.9rc1 on linux 2.4.19 match ftp m|220 localhost FTP server ready\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n214-USER PASS ACCT\* CWD XCWD CDUP XCUP SMNT\* \r\n214-QUIT REIN\* PORT PASV TYPE STRU MODE RETR \r\n214-STOR STOU APPE ALLO\* REST RNFR RNTO ABOR \r\n214-DELE| p/ProFTPD/ v/1.2.9rc1/ o/Unix/ cpe:/a:proftpd:proftpd:1.2.9rc1/a # proftpd 1.2.10 match ftp m|^220 .*\r\n214-The following commands are recognized \(\* =>'s unimplemented\):\r\n CWD XCWD CDUP XCUP SMNT\* QUIT PORT PASV \r\n EPRT EPSV ALLO\* RNFR RNTO DELE MDTM RMD \r\n XRMD MKD XMKD PWD XPWD SIZE SYST HELP \r\n NOOP FEAT OPTS AUTH\*? CCC\* CONF\* ENC\* MIC\* \r\n PBSZ\*? PROT\*? TYPE STRU MODE RETR STOR STOU \r\n|s p/ProFTPD/ v/1.2.10/ cpe:/a:proftpd:proftpd:1.2.10/a match ftp m|^220 .*\r\n214-The following commands are recognized \(\* =>'s unimplemented\):\r\n CWD XCWD CDUP XCUP SMNT\* QUIT PORT PASV \r\n EPRT EPSV ALLO\* RNFR RNTO DELE MDTM RMD \r\n XRMD MKD XMKD PWD XPWD SIZE SYST HELP \r\n|s p/ProFTPD/ cpe:/a:proftpd:proftpd/a match ftp m|^220[ -].*\r\n214-The following commands are recognized \(\* =>'s unimplemented\):\r\n|s p/ProFTPD/ cpe:/a:proftpd:proftpd/a match ftp m|^220 .*\r\n214-\xd1\xeb\xe5\xe4\xf3\xfe\xf9\xe8\xe5 \xea\xee\xec\xe0\xed\xe4\xfb \xe1\xfb\xeb\xe8 \xf0\xe0\xf1\xef\xee\xe7\xed\xe0\xed\xfb \(\* => \xed\xe5 \xf0\xe5\xe0\xeb\xe8\xe7\xee\xe2\xe0\xed\xee\):\r\n| p/ProFTPD/ i/locale: ru_RU/ cpe:/a:proftpd:proftpd/a # Solaris 8 ftpd match ftp m|^220 ([-.+\w]+) FTP server \(.*\) ready\.\r\n214-The following commands are recognized:\r\n USER EPRT STRU MAIL\* ALLO CWD STAT\* XRMD \r\n PASS LPRT MODE MSND\* REST\* XCWD HELP PWD \r\n ACCT\* EPSV RETR MSOM\* RNFR LIST NOOP XPWD \r\n REIN\* LPSV STOR MSAM\* RNTO NLST MKD CDUP \r\n| p/Sun Solaris ftpd/ o/Solaris/ h/$1/ cpe:/o:sun:sunos/a # Phaser860 printer match ftp m|^220 FTP server ready\.\r\n214- The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PORT STOR MSAM\* RNTO\* NLST\* MKD\* CDUP\* EPLF\*\r\n PASS PASV\* APPE\* MRSQ\* ABOR SITE\* XMKD\* XCUP\*\r\n ACCT\* TYPE MLFL\* MRCP\* DELE SYST RMD\* STOU \r\n SMNT\* STRU MAIL\* ALLO\* CWD\* STAT XRMD\* SIZE\*\r\n REIN\* MODE MSND\* REST\* XC| p/Phaser printer ftpd/ d/printer/ match ftp m|^220 FTP server ready\.\r\n214- The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PORT MODE MSND\* REST\* XCWD\* HELP PWD MDTM\*\r\n PASS EPRT RETR\* MSOM\* RNFR\* LIST\* NOOP XPWD MACB\*\r\n ACCT\* PASV\* STOR MSAM\* RNTO\* NLST\* MKD\* CDUP\* EPLF\*\r\n SMNT\* EPSV APPE\* MRSQ\* ABOR SITE\* XMKD\* XCUP\*\r\n REIN\* TYPE MLFL\* MRCP\* DELE SYST RMD\* STOU \r\n QUIT STRU MAIL\* ALLO\* CWD\* STAT XRMD\* SIZE\*\r\n214 Direct comments to http://www\.xerox\.com/officeprinting\.\r\n| p/Xerox 8560DN printer ftpd/ d/printer/ cpe:/h:xerox:8560dn/a # bsd-ftpd 0.3.3 (port of OpenBSD ftp server) on Linux 2.4.20 match ftp m|^220 ([-.\w]+) FTP server ready\.\r\n214- The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PORT TYPE MLFL\* MRCP\* DELE SYST RMD STOU \r\n PASS LPRT STRU MAIL\* ALLO CWD STAT XRMD SIZE \r\n ACCT\* EPRT MODE MSND\* REST XCWD HELP PWD MDTM \r\n SMNT\* PASV RETR MSOM\* RNFR LIST NOOP XPWD \r| p/bsd-ftpd/ o/Linux/ h/$1/ cpe:/o:linux:linux_kernel/a # Rhinosoft Serv-U FTP v.4.1 build 4.1.0.0 on Windows XP match ftp m|^220 .*\r\n214- The following commands are recognized \(\* => unimplemented\)\.\r\n USER PORT RETR ALLO DELE SITE XMKD CDUP FEAT\r\n PASS PASV STOR REST CWD STAT RMD XCUP OPTS\r\n ACCT TYPE APPE RNFR XCWD HELP XRMD STOU AUTH\r\n REIN STRU SMNT RNTO LIST NOOP PWD SIZE PBSZ\r\n| p/Rhinosoft Serv-U FTP/ cpe:/a:serv-u:serv-u/ # BulletProof FTP server 2.15 on Windows XP match ftp m|^220 .*\r\n530 Please login with USER and PASS first\.\r\n$| p/BulletProof FTPd/ o/Windows/ cpe:/o:microsoft:windows/a # SGI IRIX 6.5.18f ftpd match ftp m|^220 ([-.\w]+) FTP server ready\.\r\n214- The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PORT STOR MSAM\* RNTO NLST MKD CDUP \r\n PASS PASV APPE MRSQ\* ABOR SITE XMKD XCUP \r\n ACCT\* TYPE MLFL\* MRCP\* DELE SYST RMD STOU \r\n SMNT\* STRU MAIL\* ALLO CWD STAT XRMD SIZE \r\n REIN\* MODE MSND\* REST XCWD HELP PWD MDTM \r\n QUIT RETR MSOM\* RNFR LIST NOOP XPWD \r\n214 Direct comments to | p/SGI IRIX ftpd/ o/IRIX/ h/$1/ cpe:/o:sgi:irix/a match ftp m|^421 Server is temporarily unavailable - please try again later\.\r\n421 Service closing control connection\.\r\n| p/Serv-U ftpd/ i/Server temporarily unavailable/ o/Windows/ cpe:/a:serv-u:serv-u/ cpe:/o:microsoft:windows/a # FreeBSD 4.10 ftpd match ftp m|^220 FTP server ready\.\r\n214- The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PORT TYPE MLFL\* MRCP\* DELE SYST RMD STOU \r\n PASS LPRT STRU MAIL\* ALLO CWD STAT XRMD SIZE \r\n ACCT\* EPRT MODE MSND\* REST XCWD HELP PWD MDTM \r\n SMNT\* PASV RETR MSOM\* RNFR LIST NOOP XPWD \r\n REIN\* LPSV STOR MSAM\* RNTO NLST MKD CDUP \r\n QUIT EPSV APPE MRSQ\* ABOR SITE XMKD XCUP \r\n214 End\.\r\n| p/FreeBSD ftpd/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match ftp m|^220 .*\r\n214-CesarFTP server ([\w.]+) supports the following commands:\r\n| p/ACLogic CesarFTPd/ v/$1/ o/Windows/ cpe:/a:aclogic:cesarftpd:$1/ cpe:/o:microsoft:windows/ match ftp m|^220 Private ftp server, anonymous login not allowed\.\r\n214-The following commands are recognized:\r\n USER PASS QUIT CWD PWD PORT PASV TYPE\r\n LIST REST CDUP RETR STOR SIZE DELE RMD \r\n MKD RNFR RNTO ABOR SYST NOOP APPE NLST\r\n MDTM XPWD XCUP XMKD XRMD NOP EPSV EPRT\r\n AUTH ADAT PBSZ PROT FEAT MODE OPTS HELP\r\n214 Have a nice day\.\r\n| p/FileZilla ftpd/ i/No anon login/ o/Windows/ cpe:/a:filezilla-project:filezilla:ftpd/ cpe:/o:microsoft:windows/a match ftp m|^220.*\r\n214-The following commands are recognized:\r\n USER PASS QUIT CWD PWD PORT PASV TYPE\r\n LIST REST CDUP RETR STOR SIZE DELE RMD \r\n MKD RNFR RNTO ABOR SYST NOOP APPE NLST\r\n MDTM XPWD XCUP XMKD XRMD NOP EPSV EPRT\r\n AUTH ADAT PBSZ PROT FEAT MODE OPTS HELP\r\n ALLO MLST MLSD\r\n214 Have a nice day\.\r\n| p/FileZilla ftpd/ o/Windows/ cpe:/a:filezilla-project:filezilla:ftpd/ cpe:/o:microsoft:windows/a # OpenVMS 7.3-1 match ftp m|^220 ([-\w_.]+) FTP Server \(Version ([\d.]+)\) Ready\.\r\n214-The following commands are recognized:\r\n USER TYPE RETR RNFR NLST PWD ALLO EPSV \r\n PASS STRU STOR RNTO CWD CDUP SYST QUIT \r\n SITE PORT STOU DELE MKD NOOP STAT HELP \r\n MODE EPRT APPE LIST RMD ABOR PASV \r\n214 End of Help\.\r\n| p/OpenVMS ftpd/ v/$2/ h/$1/ match ftp m|^220 SMTP service ready\r\n214-Commands:\r\r\n214-\tDATA\tRCPT\tMAIL\tQUIT\tRSET\r\r\n214 \tHELO\tVRFY\tEXPN\tHELP\tNOOP\r\n| p/WatchGuard Firebox II firewall ftpd/ d/firewall/ match ftp m|^220 Speak friend, and enter\r\n214-\r\n ftpd\.bin - Round-robin File Transfer Server, version ([\w.]+)\r\n| p/ftpd.bin round-robin file server/ v/$1/ match ftp m|^220 FTP server ready\. \r\n214-Ethernet Interface\r\n \r\n To access help, cd to the help directory then enter a \"dir\" command\.\r\n \r\n \r\n| p|QMS/Minolta Magicolor 2200 DeskLaser printer ftpd| d/printer/ match ftp m|^220 FTPU ready\.\r\n500 Sorry, no such command\.\r\n| p/Netgear DG632 router ftpd/ d/router/ cpe:/h:netgear:dg632/a match ftp m|^220 ([-\w_.]+) FTP server \(UNIX_SV ([\d.]+)\) ready\.\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER PORT STOR MSAM\* RNTO NLST MKD CDUP \r\n PASS PASV APPE MRSQ\* ABOR SITE XMKD XCUP \r\n ACCT\* TYPE MLFL\* MRCP\* DELE SYST RMD STOU \r\n SMNT\* STRU MAIL\* ALLO CWD STAT XRMD SIZE \r\n REIN\* MODE MSND\* REST XCWD HELP PWD MDTM \r\n QUIT RETR MSOM\* RNFR LIST NOOP XPWD \r\n| p/WU-FTPd/ i/UNIX_SV $2/ o/Unix/ h/$1/ cpe:/a:redhat:wu_ftpd/ match ftp m|^220 server ready\r\n530 Please login with USER and PASS\r\n$| p/Extreme FTPd/ match ftp m|^220 FTP server ready\.\r\n502 Command not implemented\.\r\n$| p/Aruba router ftpd/ d/router/ match ftp m|^220 Type 'site help' or 'quote site help'\.\r\n220-| p/RaidenFTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-\r\n220 Features p a \.\r\n214 Please refer to FTP documentation\.\r\n| p/Sami ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP server at \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} ready\.\r\n503 USER expected\.\r\n| p/Linksys NSLU2 ftpd/ d/storage-misc/ cpe:/h:linksys:nslu2/ match ftp m|^220[ -].*\r\n214-The following commands are recognized:\r\n.*\r\n214 Have a nice day\.\r\n|s p/FileZilla ftpd/ o/Windows/ cpe:/a:filezilla-project:filezilla:ftpd/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+)\r\n214-The following commands are recognized \(\* =>'s unimplemented\)\.\r\n.*\r\n214 Direct comments to|s p/ProFTPD/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 Please enter your login name now\.\r\n502 help is not implemented\.\r\n| p/EvolutionX ftpd/ d/game console/ match ftp m|^220[ -].*\r\n550 SSL/TLS required on the control channel\r\n|s p/ProFTPD/ i/requires SSL/ cpe:/a:proftpd:proftpd/a match ftp m|^220 FTP server ready\r\n214-The following commands are recognized:\r\nHELP\tUSER\tPASS\tQUIT\tLIST\tNLST\r\nRETR\tSTOR\tCWD\tTYPE\tPORT\tPWD\r\nSTRU\tMODE\tALLO\tACCT\tPASV\tNOOP\r\nDELE\tEPRT\tEPSV\r\n214 End of command list\.\r\n| p|TopLayer/Alcatel ftpd| match ftp m|^220.*This site is running NcFTPd Server software|s p/NcFTPd/ match ftp m|^220 Connection established\.\r\n214-The following commands are supported:\r\n\tUSER\tPORT\tTYPE\tABOR\tCWD \tLIST\r\n\tPASS\tPASV\tSTRU\tPWD \tXCWD\tNLST\r\n\tQUIT\tSTOR\tRETR\tMODE\tXPWD\tNOOP\r\n\tHELP\r\n214 \r\n| p/Canon imageRUNNER 570 printer ftpd/ d/printer/ cpe:/h:canon:imagerunner_570/ match ftp m|^220 ([\w._-]+) (?:Ver )([\w._-]+) FTP server\.\r\n214- FTPD supported commands\(RFC959 subset\):\r\n| p/Kyocera $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:kyocera:$1/a match ftp m|^220 ADP LaserStatio FTP server\.\r\n214- FTPD supported commands\(RFC959 subset\):\r\n| p/Kyocera LaserStation 1940 printer ftpd/ d/printer/ cpe:/h:kyocera:laserstation_1940/a match ftp m|^220 ([\w._ -]+) FTP server\.\r\n214- FTPD supported commands\(RFC959 subset\):\r\n| p/Kyocera $1 printer ftpd/ d/printer/ cpe:/h:kyocera:$1/a match ftp m|^220.Welcome to ([-\w_.]+)\r\n214-The following SITE commands are recognized\r\n.*214 Pure-FTPd - http://pureftpd\.org/?\r\n|s p/Pure-FTPd/ h/$1/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^214-The following SITE commands are recognized\r\n.*214 Pure-FTPd - http://pureftpd\.org/\r\n|s p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220.*214 Pure-FTPd - http://pureftpd\.org/?\r\n|s p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220 Welcome to the update FTP server v1\.0\.\r\n502 'HELP' command not implemented\.\r\n| p/Netcomm V300 VoIP adapter update ftpd/ d/VoIP adapter/ cpe:/h:netcomm:v300/a match ftp m|^220 Connection established\.\r\n214-The following commands are supported:\r\n\tUSER\tPORT\tTYPE\tABOR\tCWD \tLIST\r\n| p/Canon imageRUNNER printer ftpd/ d/printer/ match ftp m|^220 Ftp firmware update utility\r\n500 Unknown command: \"HELP\"\r\n| p|Belkin/BT/D-Link/Gigaset broadband router ftp firmware update| d/broadband router/ match ftp m|^220 FTP Server Ready\r\n.*\r\n214 Direct comments to psp@amoks\.com\.\r\n|s p/Amoks PlayStation Portable ftpd/ d/game console/ match ftp m|^220 FTP server ready\r\n211 HELP text\r\n| p/Alfresco Document Management System ftpd/ match ftp m|^220 FTP Server Ready\r\n500 Unknown cmd HELP\r\n| p/Optus Speedstream 4200 ADSL router ftpd/ d/router/ match ftp m|^214-The following commands are recognized \(\* => unimplemented\.\)\r\n.*\r\n214 Direct comments to support@arcanesoft\.com\.\r\n|s p/Arcanesoft Vermillion ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Connection established\.\r\n214-The following commands are supported\.\r\n USER PORT TYPE ABOR CWD LIST\r\n PASS PASV STRU PWD XCWD NLST\r\n QUIT STOR MODE XPWD NOOP HELP\r\n214 End of HELP\r\n| p/Canon iPF6100 printer ftpd/ d/printer/ cpe:/h:canon:ipf6100/a match ftp m|^200 1500\r\nf\0\x18\0\0\0x\xda\x0b\xcd\xcb\xce\xcb/\xcfSH\xce\xcf\xcdM\xccK\xd1\x03\x005\x93\x06\x1e| p/Gene6 ftpd/ match ftp m|^220 Welcome to connection\.\r\n214 FTP Server Help\.\r\n HUMAX PVR FTP Server\. \r\n214 End\r\n| p/Humax iHDR-5050C DVR ftpd/ d/media device/ match ftp m|^220 Service ready for new user\r\n214-The following commands are recognized\r\n ABOR\r\n ALLO\r\n APPE\r\n CDUP\r\n CWD\r\n DELE\r\n LIST\r\n MKD\r\n MODE\r\n NLST\r\n NOOP\r\n PASS\r\n PORT\r\n PWD\r\n QUIT\r\n RETR\r\n RMD\r\n RNFR\r\n RNTO\r\n SIZE\r\n SMNT\r\n STOR\r\n STRU\r\n SYST\r\n TYPE\r\n USER\r\n XCUP\r\n XCWD\r\n XMKD\r\n XPWD\r\n XRMD\r\n214 HELP command successful\r\n| p/Lumetrix Imaging Photometer ftpd/ match ftp m|^220 ([\w._-]+) FTP server ready\.\r\n214-\r\n The following commands are recognized\.\r\n \(`-' = not implemented, `\+' = supports options\)\r\n USER REIN- TYPE ALLO MKD HELP MIC MLST\+ MSND-\r\n PASS PORT STRU REST PWD NOOP\+ CONF MLSD MSOM-\r\n ACCT- LPRT MODE RNFR LIST AUTH ENC MAIL- XCUP\r\n CWD EPRT RETR RNTO NLST ADAT FEAT MLFL- XCWD\r\n CDUP PASV STOR ABOR SITE PROT OPTS MRCP- XMKD\r\n SMNT- LPSV STOU DELE SYST PBSZ MDTM MRSQ- XPWD\r\n QUIT EPSV APPE RMD STAT CCC SIZE MSAM- XRMD\r\n214 Direct comments to ftp-bugs@| p/QNX ftpd/ v/$1/ o/QNX/ cpe:/o:qnx:qnx/a # DS210j, DS207+ match ftp m|^220 ([\w._-]+) FTP server ready\.\r\n214- The following commands are recognized \(\* =>'s unimplemented\)\.\r\n USER LPRT MODE MSOM\* RNTO SITE RMD SIZE PROT \r\n PASS EPRT RETR MSAM\* ABOR SYST XRMD MDTM \r\n ACCT\* PASV STOR MRSQ\* DELE STAT PWD MFMT \r\n SMNT\* LPSV APPE MRCP\* CWD HELP XPWD FEAT \r\n REIN\* EPSV MLFL\* ALLO XCWD NOOP CDUP OPTS \r\n QUIT TYPE MAIL\* REST LIST MKD XCUP AUTH \r\n PORT STRU MSND\* RNFR NLST XMKD STOU PBSZ \r\n214 Direct comments to ftp-bugs@| p/Synology DS200-series NAS device ftpd/ d/storage-misc/ h/$1/ match ftp m|^220 Hi there!\r\n214-This is gatling \(www\.fefe\.de/gatling/\); No help available\.\r\n214 See http://cr\.yp\.to/ftp\.html for FTP help\.\r\n| p/gatling ftpd/ match ftp m|^220 Service ready for new user\r\n214-The following commands are implemented\.\r\nABOR APPE CDUP CWD DELE HELP LIST MDTM\r\nMKD MODE NLST NOOP PASS PASV PORT PWD\r\nQUIT REST RETR RMD RNFR RNTO SITE SIZE\r\nSTAT STOR STOU STRU SYST TYPE USER\r\n214 End of help\r\n| p/Cisco Wireless Control System ftpd/ cpe:/h:cisco:wireless_control_system/ match ftp m|^220 Operation successful\r\n214-Features:\r\n EPSV\r\n PASV\r\n REST STREAM\r\n MDTM\r\n SIZE\r\n214 Ok\r\n| p/BusyBox ftpd/ cpe:/a:busybox:busybox/ match ftp m|^220-Rival Group FTP Server\r\n220-Unauthorized access prohibited\r\n220 All activity is logged\.\r\n214-CesarFTP server ([\w._-]+) supports the following commands:\r\n214-ABOR ACCT ALLO APPE CDUP CWD DELE HELP LIST\r\n214-MDTM MKD MODE NLST NOOP PASS PASV PORT PWD \r\n214-QUIT REIN REST RETR RMD RNFR RNTO SITE SMNT\r\n214-STAT STOR STOU STRU SYST TYPE\r\n214-\r\n214-CesarFTP server [\w._-]+ supports specific commands\r\n214-invoked with the SITE command:\r\n214-\r\n214-SITE MSG\r\n214-\r\n214 \r\n| p/ACLogic CesarFTP/ v/$1/ o/Windows/ cpe:/a:aclogic:cesarftpd:$1/ cpe:/o:microsoft:windows/ match ftp m|^220 pyftpdlib ([\w._-]+) ready\.\r\n214-The following commands are recognized:\r\n ABOR ALLO APPE CDUP CWD DELE EPRT EPSV \r\n FEAT HELP LIST MDTM MKD MLSD MLST MODE \r\n NLST NOOP OPTS PASS PASV PORT PWD QUIT \r\n REIN REST RETR RMD RNFR RNTO SIZE STAT \r\n STOR STOU STRU SYST TYPE USER XCUP XCWD \r\n XMKD XPWD XRMD \r\n214 Help command successful\.\r\n$| p/pyftpdlib/ v/$1/ # CANOPY Motorola Broadband Wireless Technology Center match ftp m|^220 Service ready\r\n500 Unsupported command\r\n| p/Motorola Canopy WAP ftpd/ d/WAP/ match ftp m|^220 FTP server ready\r\n214-The following commands are recognized:\r\nHELP\tUSER\tPASS\tQUIT\tLIST\tNLST\nRETR\tSTOR\tCWD\tTYPE\tPORT\tPWD\nSTRU\tMODE\tALLO\tACCT\tPASV\tNOOP\nDELE\n214 End of command list\.\r\n| p/Nortel CES1010E router ftpd/ d/router/ cpe:/h:nortel:ces1010e/ match ftp m|^220 FTP server ready\.\r\n214-The following commands are recognized:\r\nHELP\tUSER\tPASS\tQUIT\tLIST\tNLST\tCDUP\r\nRETR\tSTOR\tCWD\tTYPE\tPORT\tPWD\tXCUP\r\nSTRU\tMODE\tXCWD\tALLO\tACCT\tXPWD\tPASV\r\nNOOP\tSYST\r\n214 End of command list\.\r\n| p/Alcatel Litespan-2000 PBX ftpd/ d/PBX/ cpe:/h:alcatel:litespan-2000/ match ftp m|^220 Opto 22 FTP server ready\.\r\n502 HELP command not implemented, or not allowed\.\r\n| p/Opto 22 ftpd/ # Before version 2.0.8, vsftpd outputs the "Please login" lines in response to # blank lines, which is caught under GenericLines above." In 2.0.8 and after, # it ignores blank lines. match ftp m|^(?:220-.*\r\n)?220 .*\r\n530 Please login with USER and PASS\.\r\n|s p/vsftpd/ v/2.0.8 or later/ cpe:/a:vsftpd:vsftpd/ match ftp-proxy m|^220 Service Ready\r\n502 Command Not implemented\r\n$| p/Novell iChain ftp proxy/ cpe:/a:novell:ichain/ match finger m|^iFinger v(\d[-.\w]+)\n\n| p/IcculusFinger/ v/$1/ match finger m|^\n ----------------------------------------------------------------------\n Sorry, that user doesn't exist\.\n| p/Stock and Trade Finger Server fingerd/ match freenet m|^HTTP/1\.1 400 Parse error: Could not parse request line \(split\.length=1\): HELP\r\n| p/Freenet/ match gnuserv m|^gnudoit: Connection refused\ngnudoit: unable to connect to remote$| p/Gnuserv/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"esecsrva\"\r\n\r\n$| p/IBM Director wmicimserver httpd/ cpe:/a:ibm:director/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"ANLYX2\"\r\n\r\n$| p/IBM Director wmicimserver httpd/ cpe:/a:ibm:director/ # Dell OpenManage 5.2 (File Version: 3.2.0.364) likes to throw exceptions... match http m|^HTTP/1\.0 500 Internal Server Error\r\nConnection: Close\r\nContent-Type: text/html\r\n.*

          java\.lang\.Exception: Invalid request: HELP

          |s p/Dell PowerEdge OpenManage Server Administrator httpd/ o/Windows/ cpe:/a:dell:openmanage_server_administrator/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 400 Bad Request\r\n\r\nGET /bst/disconnect HTTP/1\.1\r\nHost: ([\w._-]+)\r\nUser-Agent: DragonFly Storm \(Client; Protocol (\d+)\)\r\nConnection: close\r\n\r\n| p/DragonFly Storm httpd/ i/Protocol $2/ h/$1/ match http m|^HTTP/1\.1 400 Page not found\r\nServer: GoAhead-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\nDocument Error: Page not found\r\n\t\t

          Access Error: Page not found

          \r\n\t\t

          Bad request type

          \r\n\r\n| p/GoAhead WebServer/ i/TRENDnet TEW-637AP WAP http config/ d/WAP/ cpe:/a:goahead:goahead_webserver/ cpe:/h:trendnet:tew-637ap/a match http m|^HTTP/1\.1 400 Bad Request\r\nServer: RealVNC/([-.\w]+)\r\nDate: Mon, 27 Jul 2009 08:06:03 GMT\r\nLast-Modified: Mon, 27 Jul 2009 08:06:03 GMT\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n| p/RealVNC/ v/$1/ i/unauthorized/ cpe:/a:realvnc:realvnc:$1/ match http m|^HTTP/1\.0 400 Bad Request\r\nServer: httpd\r\n.*\n\n400 Bad Request\n