# Nmap service detection probe list -*- mode: fundamental; -*- # $Id$ # # This is a database of custom probes and expected responses that the # Nmap Security Scanner ( http://nmap.org ) uses to # identify what services (eg http, smtp, dns, etc.) are listening on # open ports. Contributions to this database are welcome. # Instructions for obtaining and submitting service detection fingerprints can # be found in the Nmap Network Scanning book and online at # http://nmap.org/book/vscan-community.html # # This collection of probe data is (C) 1998-2010 by Insecure.Com # LLC. It is distributed under the Nmap Open Source license as # provided in the COPYING file of the source distribution or at # http://nmap.org/data/COPYING . Note that this license # requires you to license your own work under a compatible open source # license. If you wish to embed Nmap technology into proprietary # software, we sell alternative licenses (contact sales@insecure.com). # Dozens of software vendors already license Nmap technology such as # host discovery, port scanning, OS detection, and version detection. # For more details, see http://nmap.org/book/man-legal.html # # For details on how Nmap version detection works, why it was added, # the grammar of this file, and how to detect and contribute new # services, see http://nmap.org/book/vscan.html. # The Exclude directive takes a comma separated list of ports. # The format is exactly the same as the -p switch. Exclude T:9100-9107 # This is the NULL probe that just compares any banners given to us ##############################NEXT PROBE############################## Probe TCP NULL q|| # Wait for at least 6 seconds for data. It used to be 5, but some # smtp services have lately been instituting an artificial pause (see # FEATURE('greet_pause') in Sendmail, for example) totalwaitms 6000 match 1c-server m|^S\xf5\xc6\x1a{| p/1C:Enterprise business management server/ match 4d-server m|^\0\0\0H\0\0\0\x02.[^\0]*\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$|s p/4th Dimension database server/ match acap m|^\* ACAP \(IMPLEMENTATION \"CommuniGate Pro ACAP (\d[-.\w]+)\"\) | p/CommuniGate Pro ACAP server/ v/$1/ i/for mail client preference sharing/ match acarsd m|^g\0\0\0\x1b\0\0\0\0\0\0\0acarsd\t([\w._-]+)\tAPI-([\w._-]+)\)\0\0\0\x06\x05\0\0\0\0\0\0<\?xml | p/acarsd/ v/$1/ i/API $2/ cpe:/a:acarsd:acarsd:$1/ match acmp m|^ACMP Server Version ([\w._-]+)\r\n| p/Aagon ACMP Inventory/ v/$1/ match activemq m|^\0\0\0.\x01ActiveMQ\0\0\0|s p/Apache ActiveMQ/ cpe:/a:apache:activemq/ # Microsoft ActiveSync Version 3.7 Build 3083 (It's used for syncing # my ipaq it disappears when you remove the ipaq.) match activesync m|^.\0\x01\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0[^\0]\0.*\0\0\0$|s p/Microsoft ActiveSync/ o/Windows/ cpe:/a:microsoft:activesync/ cpe:/o:microsoft:windows/a match activesync m|^\(\0\0\0\x02\0\0\0\x03\0\0\0\+\0\0\x003\0\0\0\0\0\0\0\x04\0\0`\x01\0\0\xff\0\0\0\0\0\0\0\0\0\0\0$|s p/Citrix ActiveSync/ o/Windows/ cpe:/o:microsoft:windows/a match adabas-d m|^Adabas D Remote Control Server Version ([\d.]+) Date [\d-]+ \(key is [0-9a-f]+\)\r\nOK> | p/Adabas D database remote control/ v/$1/ match adobe-crossdomain m|^\0$| p/Adobe cross-domain policy/ i/domain: $1; ports: $2/ # Missing trailing \0? Was like that in the submission. match adobe-crossdomain m|^$| p/Adobe cross-domain policy/ i/domain: $1; ports: $2/ match adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>\r\n\r\n \r\n \r\n\0| p/Konica Minolta printer cross-domain-policy/ # playbrassmonkey.com match adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>\0$| p/Brass Monkey cross-domain-policy/ softmatch adobe-crossdomain m|^<\?xml version=\"1\.0\"\?>.*|s match afsmain m|^\+Welcome to Ability FTP Server \(Admin\)\. \[20500\]\r\n| p/Code-Crafters Ability FTP Server afsmain admin/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server/ cpe:/o:microsoft:windows/a match altiris-agent m|^<\0r\0e\0s\0p\0o\0n\0s\0e\0>\0C\0o\0n\0n\0e\0c\0t\0e\0d\0 \0t\0o\0 [\0\d.]*<\0/\0r\0e\0s\0p\0o\0n\0s\0e\0>\0$| p/Altiris remote monitoring agent/ # AMANDA index server 2.4.2p2 on Linux 2.4 match amanda m|^220 ([-.\w]+) AMANDA index server \((\d[-.\w ]+)\) ready\.\r\n| p/Amanda backup system index server/ v/$2/ o/Unix/ h/$1/ cpe:/a:amanda:amanda:$2/ match amanda m|^501 Could not read config file [^!\r\n]+!\r\n220 ([-.\w]+) AMANDA index server \(([-\w_.]+)\) ready\.\r\n| p/Amanda backup system index server/ v/$2/ i/broken: config file not found/ h/$1/ cpe:/a:amanda:amanda:$2/ match amanda m|^ld\.so\.1: amandad: fatal: (libsunmath\.so\.1): open failed: No such file or directory\n$| p/Amanda backup system index server/ i/broken: $1 not found/ cpe:/a:amanda:amanda/ match AndroMouse m|^AMServer$|s p/AndroMouse Android remote mouse server/ match antivir m|^220 Symantec AntiVirus Scan Engine ready\.\r\n| p/Symantec AntiVirus Scan Engine/ cpe:/a:symantec:antivirus/ cpe:/a:symantec:antivirus_scan_engine/ match antivir m|^200 NOD32SS ([\d.]+) \((\d+)\)\r\n| p/NOD32 AntiVirus/ v/$1 ($2)/ cpe:/a:eset:nod32_antivirus:$1/ match anyremote m|^Set\(icons,M,6,forward,7,prev,8,stop,9,next,\*,question,0,pause,#,no\);Set\(font,small\);Set\(menu,replace,Playlist,Toggle Shuffle,Toggle Repeat\);Set\(icons,MPD,1,vol_down,2,mute,3,vol_up,4,rewind,5,play,6,forward,7,prev,8,stop,9,next,\*,question,0,pause,#,no\);Set\(font,small\);Set\(menu,replace,Playlist,Toggle Shuffle,Toggle Repeat\);$| p/anyRemote remote control daemon/ match aperio-aaf m|^| p/Aperio Algorithm Framework/ match aplus m|^\x01\xff\0\xff\x01\x1d\0\xfd\0\n\x03\x05A\+ API \(([\d.]+)\) - CCS \(([\d.]+)\)\0| p/Cleo A+/ i/API $1; CSS $2/ match app m|^\0\x01\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x02$| p/Cisco Application Peering Protocol/ d/load balancer/ # http://www.qosient.com/argus/ match argus m|^\x80\x01\0\x80\0\x80\0\0\xe5az\xcb\0\0\0\0J...............\x02\0\x01\0\0<\x01,.......\0...\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff\xff\xff\x01\x04\0.\0\x80\x08|s p/Argus network analyzer/ v/3.0/ match arkeia m|^\0`\0\x04\0\0\0\x1810\x000\x000\x00852224\0\0\0\0\0\0\0\0\0\0\0$| p/Arkeia Network Backup/ # arkstats (part of arkeia-light 5.1.12 Backup server) on Linux 2.4.20 match arkstats m|^\0`\0\x03\0\0\0\x1810\x000\x000\x00852224\0\0\0\0\0\0\0\0\0\0\0| p/Arkeia arkstats/ match artsd m|^MCOP\0\0\0.\0\0\0\x01\0\0\0\x10aRts/MCOP-([\d.]+)\0\0\0\0|s p/artsd/ i/MCOP $1/ # Asterisk call manager - port 5038 match asterisk m|^Asterisk Call Manager/([\d.]+)\r\n| p/Asterisk Call Manager/ v/$1/ cpe:/a:digium:asterisk:$1/ match asterisk-proxy m|^Response: Follows\r\nPrivilege: Command\r\n--END COMMAND--\r\n| p/Asterisk Call Manager Proxy/ cpe:/a:digium:asterisk/ match audit m|^Visionsoft Audit on Demand Service\r\nVersion: ([\d.]+)\r\n\r\n| p/Visionsoft Audit on Demand Service/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match autosys m|^([\w._-]+)\nListener for [\w._-]+ AutoSysAdapter\nEOS\nExit Code = 1001\nIP <[\d.]+> is not authorized for this request\. Please contact your Web Administrator\.\nEOS\n| p/CA AutoSys RCS Listener/ v/$1/ i/not authorized/ match avg m|^220-AVG7 Anti-Virus daemon mode scanner\r\n220-Program version ([\d.]+), engine (\d+)\r\n220-Virus Database: Version ([\d/.]+) [-\d]+\r\n| p/AVG daemon mode/ v/$1 engine $2/ i/Virus DB $3/ cpe:/a:avg:anti-virus:$1/ match avg m=^220-AVG daemon mode scanner \((?:AVG|SMTP)\)\r\n220-Program version ([\w._-]+)\r\n220-Virus Database: Version ([\w._/ -]+)\r\n220 Ready\r\n= p/AVG daemon mode/ v/$1/ i/Virus DB $2/ cpe:/a:avg:anti-virus:$1/ match afbackup m|^afbackup ([\d.]+)\n\nAF's backup server ready\.\n| p/afbackup/ v/$1/ match afbackup m|^.*, Warning on encryption key file `/etc/afbackup/cryptkey': File not readable\.\n.*, Warning: Ignoring file `/etc/afbackup/cryptkey', using compiled-in key\.\nafbackup 3\.4\n\nAF's backup server ready\.\n\x9d\x84\x0bZ$| p/afbackup/ i/using compiled-in key/ match backdoor m|^220 jeem\.mail\.pv ESMTP\r\n| p/Jeem backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^\r\nUser Access Verification\r\n\r\nYour PassWord:| p/Jeem backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^ \r\n$| p/OptixPro backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^echo o [\d.]+ \d+ >s\r\necho common>> s\r\necho common>> s\r\necho bin>> s\r\necho get m220\.exe| p/JTRAM backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 Bot Server \(Win32\)\r\n$| p/Gaobot backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^PWD$| p/Subseven backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^\r\n\[RPL\]002\r\n$| p/Subseven backdoor/ i/**BACKDOOR**/ match backdoor m|^=+\n= +RBackdoor ([\d.]+) | p/RBackdoor/ v/$1/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 Windrone Server \(Win32\)\r\n$| p/NerdBot backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^Zadej heslo:$| p/Czech "zadej heslo" backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 Reptile welcomes you\.\.\r\n| p/Darkmoon backdoor "reptile" ftpd/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^Sifre_EDIT$| p/ProRat trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^MZ\x90\0\x03\0\0\0\x04\0\0\0\xff\xff\0\0\xb8\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0fn\0\0\xd0\0\0\0\x0e\x1f\xba\x0e\0\xb4\t\xcd!\xb8\x01L\xcd!This program cannot be run in DOS mode\.| p/Korgo worm/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^\xfa\xcb\xd9\xd9\xdd\xc5\xd8\xce\xd6| p/Theef trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 SSL Connection Established - Loading Protocol\.\.\.\.\r\n| p/dhcpse.exe/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^A-311 Death welcome\x001| p/Haxdoor trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 CAFEiNi [-\w_.]+ FTP server\r\n$| p/CAFEiNi trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m=^220 (?:Stny|fuck)Ftpd 0wns j0\r?\n= p/Kibuv.b worm/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m|^220 [Sf.][tu.][nc.][yk.][F.][t.][p.][d.] [0.][w.][n.][s.] [j.][0.]\r?\n|i p/Generic Kibuv worm/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match backdoor m=^(?:ba|)sh-([\d.]+)\$ = p/Bourne shell/ v/$1/ i/**BACKDOOR**/ match backdoor m|^exec .* failed : No such file or directory\n$| p/netcat -e/ i/misconfigured/ match backdoor m=220-Welcome!\r\n220-\x1b\[30m/\x1b\[31m#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4#\xa4# \r\n220-\x1b\[30m\| Current Time: \x1b\[35m[^\r\n]*\r\n220-\x1b\[30m\| Current Date: \x1b\[35m[^\r\n]*\r\n220-\x1b\[30m\\\r\n= p/Windows trojan/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a match bandwidth-test m|^\x01\0\0\0$| p/MikroTik bandwidth-test server/ match barracuda-dcagent m|^Invalid Client IP\0\0$| p/Barracuda Domain Controller Agent/ match bas m|^4dc\r\n$| p/Blackberry Administration Service - Native Code Container/ match bas m|^4fd\r\n$| p/Blackberry Administration Service - Native Code Generator/ match bas m|^507\r\n$| p/Blackberry Administration Service/ # Port 2500: http://wiki.yobi.be/wiki/Belgian_eID match beidpcscd m|^\0\0\0\x1e\xffV\x92l\xfbUL\x87\xabw\x1f\xb2\n\xd8\xef/\0\0\0\x05Alive\0\0\0\x011| p/beidpcscd Belgian eID daemon/ match bf2rcon m|^### Battlefield 2 ModManager Rcon v([\d.]+)\.\n### Digest seed: \w+\n\n| p/Battlefield 2 ModManager Remote Console/ v/$1/ softmatch bgp m|^\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x15\x03\x06\x05| i/connection rejected/ # https://en.bitcoin.it/wiki/Protocol_specification#Message_structure # https://en.bitcoin.it/wiki/Protocol_specification#version # https://en.bitcoin.it/wiki/Changelog # Bitcoin "version" message prior to 20 February 2012. # 4 bytes magic number: "\xf9\xbe\xb4\xd9" # 12 bytes command: "version\0\0\0\0\0" # 4 bytes length # 4 bytes version # 8 bytes services bitfield: "\x01\0\0\0\0\0\0\0" # 8 bytes timestamp # 8 bytes client services count: "\x01\0\0\0\0\0\0\0" # 16 bytes IPv4-compatible client IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes client port # 8 bytes server services count: "\x01\0\0\0\0\0\0\0" # 16 bytes IPv4-compatible server IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes server port # 8 bytes random unique id # 1 byte subversion string length # variable subversion string # 4 bytes last block # Version 0xc8 -> 200 -> 0.2.0 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x51\0\0\0\xc8\0\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0$|s p/Bitcoin digital currency server/ v/0.2.0/ cpe:/a:bitcoin:bitcoind:0.2.0/ # Version 0x12c -> 300 -> 0.3.0 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x2c\x01\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.0/ cpe:/a:bitcoin:bitcoind:0.3.0/ # Version 0x136 -> 310 -> 0.3.10 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x57\0\0\0\x36\x01\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.10/ cpe:/a:bitcoin:bitcoind:0.3.10/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x57\0\0\0\x36\x01\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.10$1/ cpe:/a:bitcoin:bitcoind:0.3.10$1/ # Version 0x7bd4 -> 31700 -> 0.3.17 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xd4\x7b\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.17/ cpe:/a:bitcoin:bitcoind:0.3.17/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xd4\x7b\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.17$1/ cpe:/a:bitcoin:bitcoind:0.3.17$1/ # Version 0x7c38 -> 31800 -> 0.3.18 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x38\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.18/ cpe:/a:bitcoin:bitcoind:0.3.18/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x38\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.18$1/ cpe:/a:bitcoin:bitcoind:0.3.18$1/ # Version 0x7c9c -> 31900 -> 0.3.19 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x9c\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.19/ cpe:/a:bitcoin:bitcoind:0.3.19/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x9c\x7c\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.19$1/ cpe:/a:bitcoin:bitcoind:0.3.19$1/ # Version 0x7d00 -> 32000 -> 0.3.20 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x00\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.20/ cpe:/a:bitcoin:bitcoind:0.3.20/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x00\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.20$1/ cpe:/a:bitcoin:bitcoind:0.3.20$1/ # Version 0x7d01 -> 32001 -> 0.3.20.1 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x01\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.20.1/ cpe:/a:bitcoin:bitcoind:0.3.20.1/ # Version 0x7d02 -> 32002 -> 0.3.20.2 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x02\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.20.2/ cpe:/a:bitcoin:bitcoind:0.3.20.2/ # Version 0x7d64 -> 32100 -> 0.3.21 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x64\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.21/ cpe:/a:bitcoin:bitcoind:0.3.21/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x64\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.21$1/ cpe:/a:bitcoin:bitcoind:0.3.21$1/ # Version 0x7dc8 -> 32200 -> 0.3.22 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xc8\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.22/ cpe:/a:bitcoin:bitcoind:0.3.22/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\xc8\x7d\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.22$1/ cpe:/a:bitcoin:bitcoind:0.3.22$1/ # Version 0x7e2c -> 32300 -> 0.3.23 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x2c\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.23/ cpe:/a:bitcoin:bitcoind:0.3.23/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x2c\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.23$1/ cpe:/a:bitcoin:bitcoind:0.3.23$1/ # Version 0x7e90 -> 32400 -> 0.3.24 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x90\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ v/0.3.24/ cpe:/a:bitcoin:bitcoind:0.3.24/ match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0\x90\x7e\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\x02(\..)....$|s p/Bitcoin digital currency server/ v/0.3.24$1/ cpe:/a:bitcoin:bitcoind:0.3.24$1/ # https://bitcointalk.org/index.php?topic=55852.0 # http://bitcoin.org/en/alert/2012-02-18-protocol-change # "In June 2010 the Bitcoin reference software version 0.2.10 introduced a # change to the protocol: the 'version' messages exchanged by nodes at # connection time would have a new format that included checksum values to # detect corruption by broken networks." # Bitcoin "version" message with protocol version 70001 # https://en.bitcoin.it/wiki/BIP_0037#Extensions_to_existing_messages # https://en.bitcoin.it/wiki/BIP_0060 "The protocol version was upgraded to # 70001, and the (now accepted) BIP 0037 became implemented." # 4 bytes magic number: "\xf9\xbe\xb4\xd9" # 12 bytes command: "version\0\0\0\0\0" # 4 bytes length # 4 bytes checksum # 4 bytes version "\x71\x11\x01\0" # 8 bytes services bitfield: "\x01\0\0\0\0\0\0\0" # 8 bytes timestamp # 16 bytes IPv4-compatible client IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes client port # 16 bytes IPv4-compatible server IP: "\0\0\0\0\0\0\0\0\0\0\xff\xff...." # 2 bytes server port # 8 bytes nonce # 1 byte user agent string length # variable user agent string https://en.bitcoin.it/wiki/BIP_0014 # 4 bytes last block # 1 byte relay https://en.bitcoin.it/wiki/BIP_0037#Extensions_to_existing_messages # Version numbers now correspond only to protocol changes, not software releases. # Version 0x011171 -> 70001 0.7.1 match bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0.\0\0\0....\x71\x11\x01\0\0\0\0\0\0\0\0\0........\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff.............../Bitpeer:([\w._-]+)/\0\0\0\0\x01$|s p/Bitpeer/ v/$1/ softmatch bitcoin m|^\xf9\xbe\xb4\xd9version\0\0\0\0\0\x55\0\0\0..\0\0\x01\0\0\0\0\0\0\0........\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff......\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xff\xff..............\0....$|s p/Bitcoin digital currency server/ cpe:/a:bitcoin:bitcoind/ match bitcoin-jsonrpc m|^HTTP/1\.0 401 Authorization Required\r\n.*Server: bitcoin-json-rpc/([\w._-]+)\r\n|s p/Bitcoin JSON-RPC/ v/$1/ cpe:/a:bitcoin:bitcoind:$1/ match bitcoin-jsonrpc m|^HTTP/1\.0 401 Authorization Required\r\n.*Server: bitcoin-json-rpc\r\n|s p/Bitcoin JSON-RPC/ cpe:/a:bitcoin:bitcoind/ match bitcoin-jsonrpc m|^HTTP/1\.1 403 Forbidden\r\n.*Server: bitcoin-json-rpc/([\w._-]+)\r\n|s p/Bitcoin JSON-RPC/ v/$1/ cpe:/a:bitcoin:bitcoind:$1/ # Bittorrent Client 3.2.1b on Linux 2.4.X match bittorrent m|^\x13BitTorrent protocol\0\0\0\0\0\0\0\0| p/Bittorrent P2P client/ # BMC Software Patrol Agent 3.45 and HP Patrol Agent match softwarepatrol m|^\0\0\0\x17i\x02\x03..\0\x05\x02\0\x04\x02\x04\x03..\0\x03\x04\0\0\0|s p|BMC/HP Software Patrol Agent| cpe:/a:bmc:patrol_agent/ match scmbug m|^SCMBUG-SERVER RELEASE_([-\w_.]+) \d+\n| p/Scmbug bugtracker/ v/$1/ # Tolis BRU (Backup and Restore Utility) match bru m|^0x[0-9a-fA-F]{32}L| p/Tolis BRU/ i/Backup and Restore Utility/ # Bruker AXS X-ray machines (how cool is that!?!?) (Brandon) match bruker-axs m|^\[ANGLESTATUS.*\[XYZSTATUS.*\[ZOOMSTATUS.*\[INSTRUMENTSTATUS.*XRAYSON=1|s p/Bruker AXS X-ray controller status/ i/X-rays: On/ d/specialized/ match bruker-axs m|^\[ANGLESTATUS.*\[XYZSTATUS.*\[ZOOMSTATUS.*\[INSTRUMENTSTATUS.*XRAYSON=0|s p/Bruker AXS X-ray controller status/ i/X-rays: Off/ d/specialized/ match buildservice m|^200 HELLO - BuildForge Agent v([\w._-]+)\n| p/BuildForge Agent/ v/$1/ match buildservice m|^\$\0\0\0\$\0\0\x000RAR\0 \0\0.\xe2\x02\0\xc4G\x0f\0\0\0\0\0\0\0\0\0\0\0\0\0|s p/Xoreax IncrediBuild/ o/Windows/ cpe:/o:microsoft:windows/a match burk-autopilot m|^\x19\0\0\0\0\0\x0f\xbeB!\x012\x02\xd1\x02\x032\x02p\0\x062\x02\x80\0$| p/Burk AutoPilot Plus remote management/ d/remote management/ match bzfs m|^BZFS\d\d\d\d\0$| p/BZFlag game server/ match bzfs m|^BZFS\d\d\d\d\r\n\r\n$| p/BZFlag game server/ # CA Message Queueing Server (Tom Sellers) match ca-mq m|^ACK\x01| p/CA Message Queuing Server/ match ca-unicenter m|^\x8d\0\0\0\x8d\0\0\0\x100\x81\x89\x02\x81\x81\0.*\x02\x03\x01\0\x01\0$| p/CA Unicenter remote control/ cpe:/a:ca:unicenter_remote_control/ match caicci m|^\x02\x07\x04\0\xe0\0{11}\x02\0{7}\x04\x03\x02\x010\0{7}\x01\0\0\0\x01\0\0\0\xe0\0{8}\x80\0\0\0\x80\0\0\0ems-p-sp\0{8}\x01\0{10}\x12\x01\0\0EMS-P-SPO-01\0{53}EMS-P-SPO-01\0{55}$| p/CAI-CCI/ match ccirmtd m|^\x02\x07\x04\0\xe0\0{11}\x02\0{7}\x04\x03\x02\x010\0{7}\x01\0\0\0\x01\0\0\0\xe0\0{8}\x80\0\0\0\x80\0\0\0hfnapp04\0{8}\x01\0{10}\x02\0\0\0HFNAPP04\0{57}HFNAPP04\0{59}$| p/CA Unicenter CCI Remote Daemon/ # https://github.com/ninjasphere/driver-go-chromecast match castv2 m|^\0\0\0X\x08\0\x12\x0bTr@n\$p0rt-0\x1a\x0bTr@n\$p0rt-0\"'urn:x-cast:com\.google\.cast\.tp\.heartbeat\(\x002\x0f{\"type\":\"PING\"}$| p/Ninja Sphere Chromecast driver/ match cccam m|^Welcome to the CCcam information client\.\n| p/CCcam DVR card sharing system information/ # http://comments.gmane.org/gmane.comp.security.openvas.users/3189 # Also submitted by an Nmap user, but with different data following. match nnsrv m|^\x94\0\0\0\xf4\xff\xff\xff\x01\0\0\0\xff\xff\xff\xff\0\0\0\0\xa5\0\0\0\0\0\0\0| p/C.CURE 800 NNSRV/ match cddbp m|^201 ([-\w_.]+) CDDBP server v([-\w.]+) ready at .*\r\n| p/freedb cddbp server/ v/$2/ h/$1/ # http://ceph.com/docs/next/dev/network-protocol/ # 2 back-to-back struct entity_addr_t, consisting of a u32 type (0), u32 nonce (random), and a sockaddr_storage. # This works for IPv4, have yet to get an IPv6 fingerprint match ceph m|^ceph (v[\w._-]+)\0\0\0\0....\0\x02......\0{120}\0\0\0\0....\0\x02......\0{120}|s p/Ceph distributed filesystem/ v/protocol $1/ i/ipv4/ match chargen m|^!"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefgh\r\n"#\$%\&'\(\)\*\+,-\./0123456789:;<=>\?\@ABCDEF| p/Linux chargen/ o/Linux/ cpe:/o:linux:linux_kernel/a # Redhat 7.2, xinetd 2.3.7 chargen match chargen m|^\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklmnopq\r\n\+,-\./| p/xinetd chargen/ o/Unix/ # Sun Solaris 9; Windows match chargen m|^\ !"#\$%&'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\\\]\^_| # Mandrake Linux 9.2, xinetd 2.3.11 chargen match chargen m|NOPQRSTUVWXYZ\[\\\]\^_`abcdefghijklm| p/xinetd chargen/ o/Unix/ match chargen m|^\*\*\* Port V([\d.]+) !\"#\$%&'\(\)\*\+,-\./0123456789:| p/Lantronix chargen/ v/$1/ match chargen m|^The quick brown fox jumps over the lazy dog\. 1234567890\r\n| p/Tektronix Phaser chargen/ d/printer/ match chat m|^WebStart Chat Service Established\.\.\.\r\n\(C\) 2000-\d+ R Gabriel all Rights Reserved\r\n| p/WebStart Chat Service/ match chat m|^\*\x01..\0\x04\0\0\0\x01$|s p/AIM or ICQ server/ match chat-ctrl m|^InfoChat Server v([\d.]+) Remote Control ready\n\r| p/InfoChat Remote Control/ v/$1/ match check_mk m|^<<>>\nVersion: ([\w._-]+)\n| p/check_mk extension for Nagios/ v/$1/ match chess m=^\n\r _ __ __ __ \n\r \| \| / /__ / /________ ____ ___ ___ / /_____ \n\r \| \| /\| / / _ \\/ / ___/ __ \\/ __ `__ \\/ _ \\ / __/ __ \\\n\r= p/Lasker Internet Chess server/ match chilliworx m|^ChilliSVC ([\d.]+)\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/ChilliWorx management console/ v/$1/ d/remote management/ match cirrato-client m|^Cirrato Client ([\w._-]+)\0$| p/Cirrato print server client/ v/$1/ # Citadel/UX. Maybe to change the service name and to move somewhere else? embyte match citadel m|^200.*Citadel(?:/UX)?| p/Citadel (UX) messaging server/ cpe:/a:citadel:ux/ # Citrix, Metaframe XP on Windows match citrix-ica m|^\x7f\x7fICA\0\x7f\x7fICA\0| p/Citrix Metaframe XP ICA/ o/Windows/ cpe:/o:microsoft:windows/a # Citrix MetaFrame XP 1.0 implimented with ClassLink 2000 on NT4 match citrix-ima m|^.\0\0\0\x81\0\0\0\x01|s p/Citrix Metaframe XP IMA/ o/Windows/ cpe:/o:microsoft:windows/a # http://www.citynet.ru/citynet-sv.3 # Really no idea what this is or which fields are mutable match citynet m|^CityNetDUTChannel\[AT3V1\]\x04\0\xa5\x0f\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0........|s p/CityNet SV.3/ match clsbd m|^\0\0\0\x10ClsBoolVersion 1$| p/Cadence IC design daemon/ match cmrcservice m|^\"\0\0\x80 \0S\0T\0A\0R\0T\0_\0H\0A\0N\0D\0S\0H\0A\0K\0E\0\0\0| p/Microsoft Configuration Manager Remote Control service/ i/CmRcService.exe/ o/Windows/ cpe:/a:microsoft:systems_management_server/ cpe:/o:microsoft:windows/a match codeforge m|^CFMSERV\(1\)\n| p/CodeForge IDE/ match concertosendlog m|^Concerto Software\r\n\r\nEnsemblePro SendLog Server - Version (\d[-.\w]+)\r\n\r\nEnter Telnet Password\r\n#> | p/Concerto Software EnsemblePro CRM software SendLog Server/ v/$1/ match concertotimesync m|^Concerto Software\r\n\r\nContactPro TimeSync Server - Version (\d[-.\w]+)\r\n\r\nEnter Telnet Password\r\n#> | p/Concerto Software EnsemblePro CRM software TimeSync Server/ v/$1/ match conference m|^Conference, V([\d.]+)\r\n$| p/Forum Communcations conferenced/ v/$1/ match complex-link m|^\x06\x07\xd0\0\x01\0\0\0\x01\0\x02\x07\xd0\0\x01\0\0\x01\x0f\x01\xf4\0\0\0\0HP +LTO ULTRIUM| p/HP LTO Ultrium data port/ d/storage-misc/ # Commvault Backup Server (CommVault Galaxy(R) Data Protection) match commvault m=^\0\0\0\t\0\0\0\|\0\0\0= p/CommVault Galaxy data backup/ match compuware-lm m|^Hello, I don't understand your request\. Good bye\.\.\.\. $| p/Compuware Distributed License Management/ # PacketCable COPS Client-Open # http://tools.ietf.org/html/rfc2748#section-2.1 match cops m|^\x10\x06[\x80-\xff].......\x0b\x01([\w._-]+)\0|s p/Common Open Policy Service (COPS)/ v/1/ h/$1/ # This port uses a binary protocol: [esc]X@ query OS version, [esc]XA query hardware match crestron-control m|^Crestron Terminal Protocol Console opened\r\n| p/Crestron Terminal Console/ i/Crestron CNMSX-AV automation system/ match crestron-control m|^\r\nCrestron Terminal Protocol Console Opened\r\n\r\n| p/Crestron Terminal Console/ # XSig allows communcation with a Crestron control system. match crestron-xsig m|^\x0f\0\x01\x02$| p/Crestron PRO2 XSig communication/ match cyrus-sync m|\* OK ([-.\w]+) Cyrus sync server v([-.\w]+)| p/Cyrus sync server/ v/$2/ h/$1/ cpe:/a:cmu:cyrus_imap_server:$2/ match cvspserver m|^no repository configured in /| p/CVS pserver/ i/broken/ match cvspserver m|^/usr/sbin/cvs-pserver: line \d+: .*cvs: No such file or directory\n| p/CVS pserver/ i/broken/ match cvspserver m|^Unknown command: `pserver'\n\nCVS commands are:\n| p/CVS pserver/ i/broken/ match cvsup m|^OK \d+ \d+ ([-.\w]+) CVSup server ready\n| p/CVSup/ v/$1/ match damewaremr m|^0\x11\0\0...........@.........\0\0\0\x01\0\0\0\0\0\0\0.\0\0\0$|s p/DameWare Mini Remote Control/ o/Windows/ cpe:/o:microsoft:windows/a match darkcomet m|^[0-9A-F]{12}$| p/DarkComet RAT/ i/**BACKDOOR**/ # Linux match daytime m=^[0-3]\d [A-Z][A-Z][A-Z] (?:19|20)\d\d \d\d:\d\d:\d\d \S+\r\n= # OpenBSD 3.2 match daytime m=^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d (?:19|20)\d\d\r\n= o/Unix/ # Solaris 8,9 match daytime m=^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} +\d\d:\d\d:\d\d (?:19|20)\d\d\n\r= p/Sun Solaris daytime/ o/Solaris/ cpe:/o:sun:sunos/a # Windows daytime match daytime m=^\d+:\d\d:\d\d [AP]M \d+/\d+/(?:19|20)\d\d\n$= p/Microsoft Windows USA daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows daytime - UK english I think (no AM/PM) match daytime m=^\d\d:\d\d:\d\d \d\d?.\d\d?.(?:19|20)\d\d\n$= p/Microsoft Windows International daytime/ o/Windows/ cpe:/o:microsoft:windows/a # daytime on Windows 2000 Server match daytime m=^.... \d{1,2}:\d{1,2}:\d{1,2} (?:19|20)\d\d-\d{1,2}-\d{1,2}\n$= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows NT daytime match daytime m=^[A-Z][a-z]+day, [A-Z][a-z]+ \d{1,2}, (?:19|20)\d\d \d{1,2}:\d\d:\d\d\n\0$= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows 2000 Adv Server sp-4 daytime match daytime m=^[A-Z][a-z][a-z] [A-Z][a-z][a-z] \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} (?:19|20)\d\d\n= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows 2003 Server daytme match daytime m=^\d{1,2}\.\d{1,2}\.\d{1,2} \d\d/\d\d/(?:19|20)\d\d\n= p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a # Windows 2000 Prof. Central European format match daytime m|^\d{1,2}:\d\d:\d\d \d{1,2}[/.]\d{1,2}[/.]\d{4}\n$| p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\d{1,2}:\d\d:\d\d [ap]m \d{4}/\d\d/\d\d\n$| p/Microsoft Windows daytime/ o/Windows/ cpe:/o:microsoft:windows/a match daytime m|^\d{1,2}:\d\d:\d\d [ap]m \d{1,2}/\d{1,2}/\d{4}\n$| p/Microsoft Windows 2003 daytime/ o/Windows/ cpe:/o:microsoft:windows_server_2003/a # South Africa localization. match daytime m|^\d\d:\d\d:\d\d [AP]M \d\d\d\d/\d\d/\d\d\n$| p/Microsoft Windows 7 daytime/ # Windows International daytime match daytime m|^\d\d:\d\d:\d\d \d\d.\d\d.20\d\d\n$| p/Microsoft Windows International daytime/ o/Windows/ cpe:/o:microsoft:windows/a # New Zealand format daytime - Windows 2000 match daytime m|^[01]\d:\d\d:\d\d [AP]M [0-3]\d/[01]\d/0\d\n$| p/Microsoft Windows daytime/ i/New Zealand style/ o/Windows/ cpe:/o:microsoft:windows/a # HP-UX B.11.00 A inetd daytime match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d [A-Z]+ 20\d\d\r\n$| p/HP-UX daytime/ o/HP-UX/ cpe:/o:hp:hp-ux/a # Tardis 2000 v1.4 on NT match daytime m|^[A-Z][a-z]{2} [A-Z][a-z]{2} +\d{1,2} \d\d:\d\d:\d\d 20\d\d $| p/Tardis 2000 daytime/ match daytime m|^\d+ \d\d-\d\d-\d\d \d\d:\d\d:\d\d 50 0 4 \d+\.0 UTC\(NIST\) \*\r\n| p/Greyware Domain Time II daytime/ # TrueTime nts100 running WxWorks match daytime m|^[A-Z][a-z]{2}, [A-Z][a-z]{2} \d{1,2}, 20\d\d, \d\d:\d\d:\d\d-UTC$| p/TrueTime nts100/ # Cisco router daytime match daytime m|^[A-Z][a-z]+day, [A-Z][a-z]+ \d{1,2}, \d{4} \d\d:\d\d:\d\d-\w\w\w(?:-DST)?\r\n| p/Cisco router daytime/ o/IOS/ cpe:/o:cisco:ios/a match daytime m|^\w+, +\d+ +\w+ +\d+ +\d+:\d+:\d+ [+-]\d+\r\n([\w:._ /\\-]+\\ats\.exe)\r\n| p/Atomic Time Synchonizer daytime/ i/$1/ o/Windows/ cpe:/o:microsoft:windows/ match daytime m|^\d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d\r\n$| p/American Dynamics EDVR security camera daytime/ d/webcam/ match devonthink m|^\xe6\x01\0\0\0\0\0\0bplist00\xd4\x01\x02\x03\x04\x05\x06\x1e\x1fX\$versionX\$objectsY\$archiverT\$top\x12\0\x01\x86\xa0\xa5\x07\x08\x0f\x13\x1aU\$null\xd3\t\n\x0b\x0c\r\x0eStag\[dataContentV\$class\x10\x01\x80\x02\x80\x04\xd2\x10\x0b\x11\x12WNS\.dataO\x10\x98bplist00\xd2\x01\x02\x03\x04_\x10\x16ComputerIdentificationZPINCodeKey_\x10:([\w._-]+)\x08| p/DEVONthink dcoument management/ i/PIN code key: $1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match diablo2 m|^[\xae\xaf]\x01$| p/Diablo 2 game server/ match dict m|^530 access denied\r\n$| p/dictd/ i/access denied/ match dict m|^220 ([-.\w]+) dictd ([-.\w/]+) on ([-.+ \w]+) | p/dictd/ v/$2/ o/$3/ h/$1/ match dict m|^220 hello <> msg\r\n$| p/Serpento dictd/ # DS2, Application Version 04.5 (025) M2IP - 03.1 (09.2)Bootloader Version 04.5 (022) M2IP - 03.1 (09.2) match digital-sprite-status m|^acam_bitmask\[0\]=1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384,32768\r\nact_actions\[0\]=1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1\r\nact_buzzer=0\r\n| p/Dedicated Micros Digital Sprite 2 camera/ d/webcam/ # Digifort port 8600. match digifort m|^\xd1Q\xf0'\0\0\0;\x01\x05LOGIN\0\0\0\x30\x01\x01\0\0\0\x05NONCE\x08 \0\0\0[0-9A-F]{32}$| p/Digifort Enterprise 6.5/ o/Windows/ cpe:/a:digifort:digifort:6.5.0_final/ cpe:/o:microsoft:windows/a # Digifort port 8610. match digifort-analytics m|^\xd1Q\xf0'\0\0\0A\x01\x15CMD_ANALYTICS_VERSION\0\0\0&\x01\x01\0\0\0\x07Version\x08\x14\0\0\0DIGIFORT ([\w._ -]+)\xd1Q\xf0'\0\0\0I\x01\x13CMD_ANALYTICS_NONCE\0\0\0\x30\x01\x01\0\0\0\x05NOnce\x08 \0\0\0\x30CD6DD9A883431A881BC14DE48F0F892\xd1Q\xf0'\0\0\0\x18\x01\x12CMD_ANALYTICS_PING\0\0\0\0\xd1Q\xf0'\0\0\0\x18\x01\x12CMD_ANALYTICS_PING\0\0\0\0$| p/Digifort Enterprise analytics/ v/$1/ o/Windows/ cpe:/a:digifort:digifort:$1/ cpe:/o:microsoft:windows/a # Digifort port 8611. match digifort-lpr m|^\xd1Q\xf0'\0\0\0;\x01\x0fCMD_LPR_VERSION\0\0\0&\x01\x01\0\0\0\x07Version\x08\x14\0\0\0DIGIFORT ([\w._ -]+)\xd1Q\xf0'\0\0\0C\x01\rCMD_LPR_NONCE\0\0\0\x30\x01\x01\0\0\0\x05NOnce\x08 \0\0\0\x332DA9B47DA082C982384782CEDFEE055\xd1Q\xf0'\0\0\0\x12\x01\x0cCMD_LPR_PING\0\0\0\0\xd1Q\xf0'\0\0\0\x12\x01\x0cCMD_LPR_PING\0\0\0\0$| p/Digifort Enterprise LPR/ v/$1/ o/Windows/ cpe:/a:digifort:digifort:$1/ cpe:/o:microsoft:windows/a match directconnect m=^\$MyNick ([-.\w]+)|\$Lock= p/Direct Connect P2P/ i/User: $1/ o/Windows/ cpe:/o:microsoft:windows/a match directconnect m|^\r\nDConnect Daemon v([\d.]+)\r\nlogin: | p/Direct Connect P2P/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match directconnect m= Your IP is temporarily banned for (\d+) minutes\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ match directconnect m= You are being banned for (\d+) minutes \(by SDCH Anti Hammering\)\.\|= p/Shadows DirectConnect hub/ i/Banned for $1 minutes/ match directconnect m= You are being redirected to ([\d.]+)\|\$ForceMove [\d.]+\|= p/PtokaX directconnect hub/ i/Redirected to $1/ match directconnect m=^server-version\$([\w._-]+)\|init-completion\$200\|port\$\d+\|= p/Shakespeer Direct Connect GUI/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match directconnect-admin m=^\r\nOpen DC Hub, version ([\d.]+), administrators port\.\r\nAll commands begin with '\$' and end with '\|'\.\r\nPlease supply administrators passord\.\r\n= p/OpenDCHub directconenct hub admin port/ v/$1/ o/Unix/ match directupdate m|^OK Welcome <[\d.]+> on DirectUpdate server ([\d.]+)\r\n| p/DirectUpdate dynamic IP updater/ v/$1/ match directupdate m|^OK Welcome <[\d.]+> on DirectUpdate engine VER=\[([\d.]+) \(Build (\d+)\)\]-0x\w+\r\n| p/DirectUpdate dynamic IP updater/ v/$1 build $2/ match diskmonitor m|^000001a2[0-9a-f]{410}\r\n| p/Active@ Hard Disk Monitor/ match diskmonitor m|^0000019a[0-9a-f]{402}\r\n| p/Active@ Hard Disk Monitor/ match dlmtp m|^220 DSPAM DLMTP ([\w._-]+) Authentication Required\r\n| p/DSPAM dlmtpd/ v/$1/ match doka5 m|^\xff\0\0\x14\x9d\0\0\0\0\0\0\0\0\0\0\x11l\0\0\0\x17\0\0| p/Surecomp DOKA 5/ cpe:/a:surecomp:doka_5/ match durian m|^Durian Web Application Server III ([^<]+) for Win32\r| p/Durian Web Application Server III/ v/$1/ o/Windows/ cpe:/a:mozilla:durian_web_application_server:$1/ cpe:/o:microsoft:windows/a match dvr-video m|^head\0\0\0\0\xf9\x02\0\0\x04\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\0| p/LTS or QSEE DVR video server/ d/media device/ # 1024 random bytes of challenge match d-mp m|^\x01\0\0\0\x08\x04\0\0\x04\x04\0\0\0\x04\0\0.{100}| p/Dark MultiPlayer Kerbel Space Program mod/ cpe:/a:christopher_andrews:darkmultiplayer/ match dnsix m|^DNSIX$| # Port 5900. http://www.ducea.com/2008/11/24/drac-ip-port-numbers/. match drac-console m|^\0\0\0\x0c\0\0\0\?\0\0\0\x02$| p/Dell Remote Access Controller 4 console/ cpe:/h:dell:remote_access_card:4/ match dragon m|^UNAUTHORIZED\n\r\n\r$| p/Dragon realtime shell/ match drobo-nasd m%^DRINASD\0\x01\x01\0\0\0\0..<\?xml version=\"1\.0\" encoding=\"utf-8\"\?>\n\n\n ESAINFO\n \d+\n \d+\n \w+\n \w+\n (Drobo(?:-FS|5N))?\n ([][\w._ ]+)\n ([^<]+)\n%s p/$1 NASD/ v/$2 ($3)/ match drobo-dsvc m|^DRIDDSVC\x07\x01.\0\0\0..\r\n\tESAINFO\r\n\t\d+\r\n\t\d+\r\n\t0db\d+\r\n\ttDB\d+\r\n\tDrobo(?:-FS)?\r\n\t([][\w._ ]+)\r\n\t([^<]+)\r\n|s p/Drobo-FS DDSVC/ v/$1 ($2)/ match drweb m|^0 PROTOCOL 2 [23] AGENT,CONSOLE,INSTALL| p/DrWeb/ match dynast-solver m|^DYNAST server v(.*) \(Win32\) - Copyright\(c\) DYN| p/DYNAST solver/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match echolink m|^[0-9a-f]{8}$| p/EchoLink radio-over-VoIP/ match enemyterritory m|^Welcome [\d.]+\. You have 15 seconds to identify\.\r\n| p/Enemy Territory Admin Mod/ match efi-webtools m|^\?p\xf7/Zq\xa2\xf5\x03.......\xf4\xea.......B$| p/EFI Fiery WebTools communication/ match efi-workstation m|^\(m\xe9l@k\xb7\xf5\x03$| p/EFI Fiery Command WorkStation/ match efi-workstation m|^\(m\xe9l@k\xb3\xf7\x1e\xa5$| p/EFI Fiery Command WorkStation/ match efi-workstation m|^\(m\xe9l@k\xb1\xf1\x15\xa5$| p/EFI Fiery Command WorkStation/ match eftserv m|^\?\x008 \xc3p EFTSRV1 ([\d.]+) | p/Ingenico EFTSRVd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ericom m|^Ericom GCS v([\d.]+)\0| p/Ericom PowerTermWebConnect/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match eggdrop m=^\r\n\r\n([-`|.\w]+) \(Eggdrop v(\d[-.\w+]+) +\([cC]\) *1997.*\r\n\r\n= p/Eggdrop irc bot console/ v/$2/ i/botname: $1/ # These 2 fallbacks are because many people customize their eggdrop # banners. These rules should always be well below the detailed rule # above. match eggdrop m|\(Eggdrop v([\d.]+) \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console/ v/$1/ match eggdrop m|\(Eggdrop v([\d.]+)\+ipv6 \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console with ipv6/ v/$1/ match eggdrop m|\(Eggdrop v([\d.]+)\+SSL \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console with SSL/ v/$1/ match eggdrop m|\(Eggdrop v([\d.]+)\+rc(\d+) \(C\) 1997 Robey Pointer.*Eggheads|s p/Eggdrop IRC bot console/ v/$1 rc $2/ match eggdrop m=\(Eggdrop v([\d.]+)\+(?:STEALER\.net|Gentoo) \(C\) 1997 Robey Pointer.*Eggheads=s p/Eggdrop IRC bot console with Gentoo patches/ v/$1/ i/Gentoo/ o/Linux/ cpe:/o:gentoo:linux/ match eggdrop m|Copyright \(C\) 1997 Robey Pointer\r\n.*Eggheads| p/Eggdrop IRC bot console/ match enistic-manager m|^WZ=AAAAAAAAAAByAAE=73\r0E0000000000cgAD83\r$| p/Enistic Energy Manager/ match envisalink m|^5053CD\r\n| p/EyezOn EnvisaLink/ d/security-misc/ match epp m|^\x00\x00..<\?xml version=\"1\.0\" encoding=\"UTF-8\" standalone=\"no\" \?>\n\n\n \n ([^<]+)\n .*\n \n ([\w._-]+)\n|s p/Extensible Provisioning Protocol/ v/$2/ h/$1/ softmatch epp m|^\0...<\?xml version=\"1\.0\" encoding=\"UTF-8\" standalone=\"no\"\?>([^<]+)|s p/Extensible Provisioning Protocol/ h/$1/ # RFC 5730 softmatch epp m|^\0...<\?xml version=\"1\.0\" encoding=\"UTF-8\" standalone=\"no\"\?>>\n\0\x0eFRP Node Ready>>\n\0\x0e| p/File Replication Pro/ match freedoko m|^FreeDoko server\n\d+\.\d+: name: ([^\n]+)\n| p/FreeDoko game server/ i/name: $1/ match ftp m|^220 ([-/.+\w]+) FTP server \(SecureTransport (\d[-.\w]+)\) ready\.\r\n| p/Tumbleweed SecureTransport ftpd/ v/$2/ h/$1/ match ftp m|^220 3Com 3CDaemon FTP Server Version (\d[-.\w]+)\r\n| p/3Com 3CDaemon ftpd/ v/$1/ match ftp m|^220 3Com FTP Server Version ([-\w_.]+)\r\n| p/3Com ftpd/ v/$1/ # GuildFTP 0.999.9 on Windows match ftp m|^220-GuildFTPd FTP Server \(c\) \d\d\d\d(?:-\d\d\d\d)?\r\n220-Version (\d[-.\w]+)\r\n| p/Guild ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-.*\r\n220 Please enter your name:\r\n| p/GuildFTPd/ o/Windows/ cpe:/o:microsoft:windows/a # Medusa Async V1.21 [experimental] on Linux 2.4 match ftp m|^220 ([-/.+\w]+) FTP server \(Medusa Async V(\d[^\)]+)\) ready\.\r\n| p/Medusa Async ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-/.+\w]+)\((\d[-.\w]+)\) FTP server \(EPSON ([^\)]+)\) ready\.\r\n| p/Epson printer ftpd/ v/$2/ i/Epson $3/ d/printer/ h/$1/ match ftp m|^220 ([-/.+\w]+) IBM TCP/IP for OS/2 - FTP Server [Vv]er \d+:\d+:\d+ on [A-Z]| p|IBM OS/2 ftpd| o|OS/2| h/$1/ cpe:/a:ibm:os2_ftp_server/ cpe:/o:ibm:os2/ match ftp m|^220 ([-/.+\w]+) IBM TCP/IP f\xfcr OS/2 - FTP-Server [Vv]er \d+:\d+:\d+ .* bereit\.\r\n| p|IBM OS/2 ftpd| i/German/ o|OS/2| h/$1/ cpe:/a:ibm:os2_ftp_server::::de/ cpe:/o:ibm:os2/ match ftp m|^220 Internet Rex (\d[-.\w ]+) \(([-/.+\w]+)\) FTP server awaiting your command\.\r\n| p/Internet Rex ftpd/ v/$1/ i/$2/ match ftp m|^530 Connection refused, unknown IP address\.\r\n$| p/Microsoft IIS ftpd/ i/IP address rejected/ o/Windows/ cpe:/a:microsoft:iis/ cpe:/o:microsoft:windows/a match ftp m|^220 IIS ([\w._-]+) FTP\r\n| p/Microsoft IIS ftpd/ v/$1/ o/Windows/ cpe:/a:microsoft:iis:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 PizzaSwitch FTP server ready\r\n| p/Xylan PizzaSwitch ftpd/ match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V([-.\w]+)\) ready\.\r\n| p/IronPort mail appliance ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V([-.\w]+)\) ready\.\r\n| p/IronPort mail appliance ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.+\w]+) IronPort FTP server \(V([-.\w]+)\) ready\r\n| p/IronPort firewall ftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.+\w]+) Cisco IronPort FTP server \(V([-.\w]+)\) ready\r\n| p/Cisco IronPort mail appliance ftpd/ v/$2/ h/$1/ match ftp m|^220 WFTPD (\d[-.\w]+) service \(by Texas Imperial Software\) ready for new user\r\n| p/Texas Imperial Software WFTPD/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.*\r\n220 WFTPD (\d[-.\w]+) service \(by Texas Imperial Software\) ready for new user\r\n|s p/Texas Imperial Software WFTPD/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-.+\w]+) FTP server \(Version (MICRO-[-.\w:#+ ]+)\) ready\.\r\n| p/Bay Networks MicroAnnex terminal server ftpd/ v/$2/ d/terminal server/ h/$1/ match ftp m|^220 ([-.+\w]+) FTP server \(Digital UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Digital UNIX ftpd/ v/$2/ o/Digital UNIX/ h/$1/ cpe:/o:dec:digital_unix/a match ftp m|^220 ([-.+\w]+) FTP server \(Version [\d.]+\+Heimdal (\d[-+.\w ]+)\) ready\.\r\n| p/Heimdal Kerberized ftpd/ v/$2/ o/Unix/ h/$1/ match ftp m|^500 OOPS: (could not bind listening IPv4 socket)\r\n$| p/vsftpd/ i/broken: $1/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^500 OOPS: vsftpd: (.*)\r\n| p/vsftpd/ i/broken: $1/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220-QTCP at ([-.\w]+)\r\n220| p|IBM OS/400 FTPd| o|OS/400| h/$1/ cpe:/o:ibm:os_400/a match ftp m|^220[- ]FileZilla Server version (\d[-.\w ]+)\r\n| p/FileZilla ftpd/ v/$1/ o/Windows/ cpe:/a:filezilla-project:filezilla:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) running FileZilla Server version (\d[-.\w ]+)\r\n| p/FileZilla ftpd/ v/$2/ o/Windows/ h/$1/ cpe:/a:filezilla-project:filezilla:$2/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP Server - FileZilla\r\n| p/FileZilla ftpd/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to ([A-Z]+) FTP Service\.\r\n220 All unauthorized access is logged\.\r\n| p/FileZilla ftpd/ o/Windows/ h/$1/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^220.*\r\n220[- ]FileZilla Server version (\d[-.\w ]+)\r\n|s p/FileZilla ftpd/ v/$1/ o/Windows/ cpe:/a:filezilla-project:filezilla:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-.*\r\n220-\r\n220 using FileZilla FileZilla Server version ([^\r\n]+)\r\n|s p/FileZilla ftpd/ v/$1/ o/Windows/ cpe:/a:filezilla-project:filezilla:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-FileZilla Server\r\n| p/FileZilla ftpd/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^431 Could not initialize SSL connection\r\n| p/FileZilla ftpd/ i/Mandatory SSL/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a match ftp m|^550 No connections allowed from your IP\r\n| p/FileZilla ftpd/ i/IP blocked/ o/Windows/ cpe:/a:filezilla-project:filezilla/ cpe:/o:microsoft:windows/a # Netgear RP114 switch with integrated ftp server or ZyXel P2302R VoIP match ftp m|^220 FTP version 1\.0 ready at | p/Netgear broadband router or ZyXel VoIP adapter ftpd/ v/1.0/ match ftp m|^220 ([\w._-]+) FTP version 1\.0 ready at | p/Netgear broadband router or ZyXel VoIP adapter ftpd/ v/1.0/ h/$1/ match ftp m|^220 \(none\) FTP server \(GNU inetutils ([\w._-]+)\) ready\.\r\n| p/GNU Inetutils FTPd/ v/$1/ cpe:/a:gnu:inetutils:$1/ match ftp m|^220 ([-.\w]+) FTP server \(GNU inetutils (\d[-.\w ]+)\) ready\.\r\n| p/GNU Inetutils FTPd/ v/$2/ h/$1/ cpe:/a:gnu:inetutils:$2/ match ftp m|^220 .* \(glftpd (\d[-.0-9a-zA-Z]+)_(\w+)(?:\+TLS)?\) ready\.\r\n| p/glFTPd/ v/$1/ i/$2/ o/Unix/ match ftp m|^220 .* \(glFTPd (\d[-.0-9a-zA-Z]+)_(\w+) Linux\+TLS\) ready\.?\r\n| p/glFTPd/ v/$1/ i/$2/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 .* \(glFTPd (\d[-.0-9a-zA-Z]+) Linux\+TLS\) ready\.\r\n| p/glFTPd/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 .* \(glFTPd (\d[-.0-9a-zA-Z]+) FreeBSD\+TLS\) ready\.\r\n| p/glFTPd/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match ftp m|^220 ([-.\w]+) FTP server \(FirstClass v(\d[-.\w]+)\) ready\.\r\n| p/FirstClass FTP server/ v/$2/ h/$1/ match ftp m|^220 ([-.\w]+) FTP server \(Compaq Tru64 UNIX Version (\d[-.\w]+)\) ready\.\r\n| p/Compaq Tru64 ftp server/ v/$2/ o/Tru64 UNIX/ h/$1/ cpe:/o:compaq:tru64/a match ftp m|^220 Axis ([\w._ -]+) Network Camera(?: version)? (\d\S+) \((.*)\) ready\.\r\n|i p/Axis $1 Network Camera ftpd/ v/$2/ i/$3/ d/webcam/ match ftp m|^220 Axis ([\w._ -]+) Network Camera ([\w._-]+ \(\w+ \d+ \d+\)) ready\.\r\n| p/Axis $1 Network Camera ftpd/ v/$2/ d/webcam/ match ftp m|^220 AXIS ([\w._ -]+) Network Camera ([\w._-]+ \(\w+ \d+ \d+\)) ready\.\r\n| p/Axis $1 Network Camera ftpd/ v/$2/ d/webcam/ match ftp m|^220 Axis ([\w._ -]+) Network Camera ([\w._-]+) \w+ \d+ \d+ ready\.\r\n| p/Axis $1 Network Camera ftpd/ v/$2/ d/webcam/ match ftp m|^220 AXIS ([-.\w]+) FTP Network Print Server V(\d[-.\w]+) [A-Z][a-z]| p/Axis network print server ftpd/ v/$2/ i/Model $1/ d/print server/ match ftp m|^220 AXIS ([\d\w]+)V(\d\S+) (.*?) ready\.\n| p/AXIS $1 Webcam ftpd/ v/$2/ i/$3/ d/webcam/ cpe:/h:axis:$1/a match ftp m|^220 AXIS ([+\d]+) Video Server ?(\d\S+) (.*?) ready\.| p/AXIS $1 Video Server ftpd/ v/$2/ i/$3/ match ftp m|^220 AXIS (\w+) Video Server (\d\S+) \(.*\) ready\.\r\n| p/AXIS $1 Video Server ftpd/ v/$2/ match ftp m|^220 AXIS 205 version ([\d.]+) \(.*\) ready\.\r\n| p/AXIS 205 Network Video ftpd/ v/$1/ d/webcam/ match ftp m|^220 AXIS 250S MPEG-2 Video Server ([\d.]+) \([^)]+\) ready\.\r\n| p/AXIS 250S Network Video ftpd/ v/$1/ d/webcam/ match ftp m|^220 AXIS (\w+) Video Server ([\d.]+) \([^)]+\) ready\.\r\n| p/AXIS $1 Video Server ftpd/ v/$2/ d/media device/ match ftp m|^220 AXIS (\w+) Video Server Blade ([\w._-]+) \([^)]+\) ready\.\r\n| p/AXIS $1 Video Server Blade ftpd/ v/$2/ d/media device/ match ftp m|^220 AXIS StorPoint CD E100 CD-ROM Server V([\d.]+) .* ready\.\r\n| p/AXIS StorPoint E100 CD-ROM Server ftpd/ v/$1/ d/storage-misc/ cpe:/h:axis:storpoint_cd_e100/ match ftp m|^220 AXIS (.+) FTP Network Print Server V([-\w_.]+) | p/AXIS $1 print server ftpd/ v/$2/ d/print server/ cpe:/h:axis:$1/a match ftp m|^220 AXIS ([\d/+]+) FTP Print Server V([-\w_.]+) | p/AXIS $1 print server ftpd/ v/$2/ d/print server/ cpe:/h:axis:$1/a match ftp m|^220 AXIS (\w+) Network Fixed Dome Camera (.*) ready\.\r\n| p/AXIS $1 camera ftpd/ v/$2/ d/webcam/ match ftp m|^220-Cerberus FTP Server Personal Edition\r\n220-UNREGISTERED\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-This is the UNLICENSED personal edition and may be used for home, personal use only\r\n220-Welcome to Cerberus FTP Server\r\n220 Created by Cerberus, LLC\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-This is the UNLICENSED personal edition and may be used for home, personal use only\r\n220 Connected to Aurora FTP server\.\.\.\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Cerberus FTP Server - Personal Edition\r\n220-UNREGISTERED\r\n220-Welcome to Cerberus FTP Server\r\n220 Created by Grant Averett\r\n| p/Cerberus FTP Server/ i/Personal Edition; Unregistered/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to Cerberus FTP Server\r\n220 Created by Grant Averett\r\n| p/Cerberus ftpd/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^421-Not currently accepting logins at this address\. Try back \r\n421 later\.\r\n| p/Cerberus ftpd/ i/banned/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 Welkom@([\w._-]+)\r\n521 Not logged in - Secure authentication required\r\n| p/Cerberus ftpd/ o/Windows/ h/$1/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP print service:V-(\d[-.\w]+)/Use the network password for the ID if updating\.\r\n| p|Brother/HP printer ftpd| v/$1/ d/printer/ match ftp m|^220- APC FTP server ready\.\r\n220 \r\n$| p/APC ftp server/ d/power-device/ # HP-UX 10.x or AIX match ftp m|^220 ([-\w]+) FTP server \(Version (\d[\w._-]+) [A-Z][a-z]{2} [A-Z][a-z]{2} .*\) ready\.\r\n| p/HP-UX or AIX ftpd/ v/$2/ o/Unix/ h/$1/ match ftp m|^220[- ]Roxen FTP server running on Roxen (\d[-.\w]+)/Pike (\d[-.\w]+)\r\n| p/Roxen ftp server/ v/$1/ i/Pike $2/ # Debian packaged oftpd 0.3.6-51 on Linux 2.6.0-test4 Debian match ftp m|^220 Service ready for new user\.\r\n| p/oftpd/ o/Unix/ # Mac OS X Client 10.2.6 built-in ftpd match ftp m|^220[ -].*FTP server \(lukemftpd (\d[-. \w]+)\) ready\.\r\n|s p/LukemFTPD/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220.*Microsoft FTP Service \(Version (\d[^)]+)| p/Microsoft ftpd/ v/$1/ o/Windows/ cpe:/a:microsoft:ftp_service:$1/ cpe:/o:microsoft:windows/a # This lame version doesn't give a version number # Windows 2003 match ftp m|^220[ -]Microsoft FTP Service\r\n| p/Microsoft ftpd/ o/Windows/ cpe:/a:microsoft:ftp_service/ cpe:/o:microsoft:windows/a match ftp m|^220[ -]Serv-U FTP[ -]Server v([\w._-]+) | p/Serv-U ftpd/ v/$1/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-Serv-U FTP Server for Winsock\r\n| p/Serv-U ftpd/ o/Windows/ cpe:/a:serv-u:serv-u/ cpe:/o:microsoft:windows/a match ftp m|^220 Serv-U FTP-Server v([-\w_.]+ build \d+) for WinSock ready\.\.\.\r\n| p/Serv-U ftpd/ v/$1/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-FTP Server v([\d.]+) for WinSock ready\.| p/Serv-U ftpd/ v/$1/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-SECURE FTP SERVER VERSION ([\d.]+) \(([-\w_.]+)\)\r\n| p/Serv-U ftpd/ v/$1/ i/Name $2/ o/Windows/ cpe:/a:serv-u:serv-u:$1/ cpe:/o:microsoft:windows/a match ftp m|^431 Unable to negotiate secure command connection\.\r\n| p/Serv-U ftpd/ i/SSL Required/ o/Windows/ cpe:/a:serv-u:serv-u/ cpe:/o:microsoft:windows/a match ftp m|^220-Sambar FTP Server Version (\d\S+)\x0d\x0a| p/Sambar ftpd/ v/$1/ cpe:/a:sambar:sambar_server:$1/ # Sambar server V5.3 on Windows NT match ftp m|^220-FTP Server ready\r\n220-Use USER user@host for native FTP proxy\r\n220 Your FTP Session will expire after 300 seconds of inactivity\.\r\n| p/Sambar ftpd/ cpe:/a:sambar:sambar_server/ match ftp m|^220 JD FTP Server Ready| p/HP JetDirect ftpd/ d/print server/ match ftp m|^220.*Check Point FireWall-1 Secure FTP server running on|s p/Check Point Firewall-1 ftpd/ d/firewall/ cpe:/a:checkpoint:firewall-1/ match ftp m|^220[- ].*FTP server \(Version (wu-[-.\w]+)|s p/WU-FTPD/ v/$1/ o/Unix/ cpe:/a:redhat:wu_ftpd:$1/ match ftp m|^220-\r\n220 ([-.\w]+) FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD/ v/$2/ o/Unix/ h/$1/ cpe:/a:redhat:wu_ftpd:$2/ match ftp m|^220 ([-.\w]+) FTP server \(Revision ([\d.]+) Version wuftpd-([-.+\w()]+) [^)]*\) ready\.\r\n$| p/WU-FTPD/ v/$3/ i/revision $2/ o/Unix/ h/$1/ cpe:/a:redhat:wu_ftpd:$3/ match ftp m|^220 ([-.\w]+) FTP server \(Version ([-.+\w()]+)\) ready\.\r\n$| p/WU-FTPD or MIT Kerberos ftpd/ v/$2/ o/Unix/ h/$1/ # ProFTPd 1.2.5 match ftp m|^220 Server \(ProFTPD\) \[([-.\w]+)\]\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ProFTPD (\d\S+) Server| p/ProFTPD/ v/$1/ o/Unix/ cpe:/a:proftpd:proftpd:$1/a match ftp m|^220 FTP Server \[([-\w_.]+)\]\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ([-\w_.]+) FTP server ready\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220.*ProFTP[dD].*Server ready| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ProFTP Server Ready\r\n| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220 ProFTP Ready\r\n| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220 Welcome @ my\.ftp\.org\r\n$| p/ProFTPD/ o/Unix/ cpe:/a:proftpd:proftpd/a match ftp m|^220-.*\r\n220 ProFTPD ([\d.]+) Server|s p/ProFTPD/ v/$1/ o/Unix/ cpe:/a:proftpd:proftpd:$1/a match ftp m|^220 .* FTP Server \(ProFTPD ([\d.]+) on Red Hat linux ([\d.]+)\) ready\.\r\n| p/ProFTPD/ v/$1/ i/RedHat $2/ o/Linux/ cpe:/a:proftpd:proftpd:$1/a cpe:/o:redhat:linux/ match ftp m|^220 ProFTP-Server auf ([-\w_.]+)\r\n| p/ProFTPD/ i/German/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd::::de/ match ftp m|^220.*\r\n220 ProFTPD ([\w._-]+) Server \(ProFTPD\)|s p/ProFTPD/ v/$1/ o/Unix/ cpe:/a:proftpd:proftpd:$1/a # Hope these aren't too general -Doug match ftp m|^220 ([-\w_.]+) FTP server ready!\r\n| p/ProFTPD/ o/Unix/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 FTP Server ready\.\r\n$| p/ProFTPD or KnFTPD/ o/Unix/ match ftp m|^220.*NcFTPd Server | p/NcFTPd/ o/Unix/ match ftp m|^220 ([-\w_.]+) FTP server \(SunOS 5\.([789])\) ready| p/Sun Solaris $2 ftpd/ o/Solaris/ h/$1/ cpe:/o:sun:sunos:5.$2/ match ftp m|^220 ([-\w_.]+) FTP server \(SunOS (\S+)\) ready| p/Sun SunOS ftpd/ v/$2/ o/Solaris/ h/$1/ cpe:/o:sun:sunos:$2/ match ftp m|^220-([-.\w]+) IBM FTP.*(V\d+R\d+)| p|IBM OS/390 ftpd| v/$2/ o|OS/390| h/$1/ cpe:/o:ibm:os_390/a match ftp m|^220-IBM FTP, .*\.\r\n220 Connection will close if idle for more than 120 minutes\.\r\n| p|IBM OS/390 ftpd| o|OS/390| cpe:/o:ibm:os_390/a match ftp m|^220 VxWorks \((\d[^)]+)\) FTP server ready| p/VxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 VxWorks \(VxWorks(\d[^)]+)\) FTP server ready| p/VxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 VxWorks FTP server \(VxWorks ?([\d.]+) - Secure NetLinx version \(([\d.]+)\)\) ready\.\r\n| p|AMX NetLinx A/V control system ftpd| v/$2/ i/VxWorks $1/ d/media device/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220 VxWorks \(VxWorks ([\w._-]+)\) FTP server ready\r\n| p|AMX NetLinx A/V control system ftpd| i/VxWorks $1/ d/media device/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220 VxWorks FTP server \(VxWorks ?([\w._-]+)\) ready\.\r\n| p/VxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 ABB Robotics FTP server \(VxWorks ([\d.]+) rev ([\d.]+)\) ready\.\r\n| p/ABB Robotics ftpd/ i/VxWorks $1 rev $2 **A ROBOT**/ d/specialized/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ # Pure-ftpd match ftp m|^220.*Welcome to .*Pure-?FTPd (\d\S+\s*)| p/Pure-FTPd/ v/$1/ cpe:/a:pureftpd:pure-ftpd:$1/ match ftp m|^220.*Welcome to .*Pure-?FTPd[^(]+\r\n| p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220.*Bienvenue sur .*Pure-?FTPd.*\r\n| p/Pure-FTPd/ i/French/ cpe:/a:pureftpd:pure-ftpd::::fr/ match ftp m|^220.*Bienvenue sur .*Pure-?FTPd (\d[-.\w]+)| p/Pure-FTPd/ v/$1/ i/French/ cpe:/a:pureftpd:pure-ftpd:$1:::fr/ match ftp m|^220.*Velkommen til .*Pure-?FTPd.*\r\n| p/Pure-FTPd/ i/Danish/ cpe:/a:pureftpd:pure-ftpd::::da/ match ftp m|^220.*Bem-vindo.*Pure-?FTPd.*\r\n| p/Pure-FTPd/ i/Portuguese/ cpe:/a:pureftpd:pure-ftpd::::pt/ # pure-ftpd 1.0.12 on Linux 2.4 match ftp m|^220[- ]FTP server ready\.\r\n.*214 Pure-FTPd - http://pureftpd\.org/?\r\n|s p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ # OpenBSD 3.4 beta running Pure-FTPd 1.0.16 with SSL/TLS match ftp m|^220---------- Welcome to Pure-FTPd \[privsep\] \[TLS\] ----------\r\n220-You are user number| p/Pure-FTPd/ i|with SSL/TLS| cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220---------- .* Pure-FTPd ----------\r\n220-| p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220.*214 Pure-FTPd - http://pureftpd\.org/?\r\n|s p/Pure-FTPd/ cpe:/a:pureftpd:pure-ftpd/ match ftp m|^220 vsFTPd (.*) ready\.\.\.\r\n| p/vsftpd/ v/$1/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 vsFTPd (.*) ready\.\.\. \[charset=\w+\]\r\n| p/vsftpd/ v/$1/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 ready, dude \(vsFTPd (\d[0-9.]+): beat me, break me\)\r\n| p/vsftpd/ v/$1/ o/Unix/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 \(vsFTPd ([-.\w]+)\)\r\n$| p/vsftpd/ v/$1/ o/Unix/ cpe:/a:vsftpd:vsftpd:$1/ match ftp m|^220 Welcome to blah FTP service\.\r\n$| p/vsftpd/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220 TYPSoft FTP Server (\d\S+) ready\.\.\.\r\n| p/TYPSoft ftpd/ v/$1/ o/Windows/ cpe:/a:typsoft:typsoft_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^220-MegaBit Gear (\S+).*FTP server ready| p/MegaBit Gear ftpd/ v/$1/ match ftp m|^220.*WS_FTP Server (\d\S+)| p/WS FTPd/ v/$1/ o/Windows/ cpe:/a:ipswitch:ws_ftp:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Features: a p \.\r\n$| p/publicfile ftpd/ o/Unix/ match ftp m|^220 ([-.\w]+) FTP server \(Version (\S+) VFTPD, based on Version (\S+)\) ready\.\r\n$| p/Virtual FTPD/ v/$2/ i/based on $3/ o/Unix/ h/$1/ match ftp m|220 ([-.\w]+) FTP server \(Version (\S+)/OpenBSD, linux port (\S+)\) ready\.\r\n| p/OpenBSD ftpd/ v/$2/ i/Linux port $3/ o/Linux/ h/$1/ cpe:/a:openbsd:ftpd:$2/ cpe:/o:linux:linux_kernel/a match ftp m|^220 ([-.\w]+) FTP server \(Version (\S+)/OpenBSD/Linux-ftpd-([-.\w]+)\) ready.\r\n$| p/OpenBSD ftpd/ v/$2/ i/Linux port $3/ o/Linux/ h/$1/ cpe:/a:openbsd:ftpd:$2/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Interscan Version ([-\w.]+)|i p/InterScan VirusWall ftpd/ v/$1/ match ftp m|^220 InterScan FTP VirusWall NT (\d[-.\w]+) \(([-.\w]+) Mode\), Virus scan (\w+)\r\n$| p/InterScan VirusWall NT/ v/$1/ i/Virus scan $3; $2 mode/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-.\w]+) FTP server \(Version ([-.\w]+)/OpenBSD\) ready\.\r\n$| p/OpenBSD ftpd/ v/$2/ o/OpenBSD/ h/$1/ cpe:/a:openbsd:ftpd:$2/ cpe:/o:openbsd:openbsd/ match ftp m|^220 ([-.\w]+) FTP server \(Version (6.0\w+)\) ready.\r\n| p/FreeBSD ftpd/ v/$2/ o/FreeBSD/ h/$1/ cpe:/o:freebsd:freebsd/a match ftp m|^220 FTP server \(Version ([\w.]+)\) ready\.\r\n| p/FreeBSD ftpd/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a # Trolltech Troll-FTPD 1.28 (Only runs on Linux) match ftp m|^220-Setting memory limit to 1024\+1024kbytes\r\n220-Local time is now \d+:\d+ and the load is [\d.]+\.\r\n220 You will be disconnected after \d+ seconds of inactivity.\r\n$| p/Trolltech Troll-FTPd/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version (7.1.0.0)\) ready\.\r\n$| p/Hummingbird FTP server/ v/$1/ cpe:/a:hummingbird:connectivity:$1/ match ftp m|^220 FTP server \(Hummingbird Communications Ltd\. \(HCLFTPD\) Version ([\d.]+)\) ready\.\r\n| p/Hummingbird FTP server/ v/$1/ cpe:/a:hummingbird:connectivity:$1/ match ftp m|^220- .*\n220 ([-.\w]+) FTP server \(Version (.*)\) ready\.\r\n|s p/BSD ftpd/ v/$2/ h/$1/ # Xitami FTPd match ftp m|^220- \r\n.*www\.imatix\.com --\r\n|s p/Xitami ftpd/ match ftp m|^220- Welcome to this Xitami FTP server, running version ([\d\w.]+) of Xitami\. \n You are user number (\d+) of a permitted (\d+) users\.| p/Xitami ftpd/ v/$1/ i|$2/$3 users| # Netware 6 - NWFTPD.NLM FTP Server Version 5.01w match ftp m|^220 Service Ready for new User\r\n$| p/NetWare NWFTPD/ match ftp m|^220-LRN\r\n220 Service Ready for new User\r\n| p/NetWare NWFTPD/ match ftp m|^220 ([-\w]+) FTP server \(NetWare (v[\d.]+)\) ready\.\r\n$| p/Novell NetWare ftpd/ v/$2/ o/NetWare/ h/$1/ cpe:/o:novell:netware/a match ftp m|220 FTP Server for NW 3.1x, 4.xx \((v1.10)\), \(c\) 199[0-9] HellSoft\.\r\n$| p/HellSoft FTP server for NetWare 3.1x, 4.x/ v/$1/ o/NetWare/ cpe:/o:novell:netware/a match ftp m|^220 ([-.\w]+) MultiNet FTP Server Process V(\S+) at .+\r\n$| p/DEC OpenVMS MultiNet FTPd/ v/$2/ h/$1/ match ftp m|^220-\r\n220 ([-.\w]+) FTP server \(NetBSD-ftpd ([-.\w]+)\) ready.\r\n$| p/NetBSD lukemftpd/ v/$2/ h/$1/ match ftp m|^220 ([-.\w]+) Network Management Card AOS v([-.\w]+) FTP server ready.\r\n$| p/APC AOS ftpd/ v/$2/ i/on APC $1 network management card/ d/power-device/ o/AOS/ cpe:/o:apc:aos/a match ftp m|^220 FTP Server \(Version 1.0\) ready.\r\n$| p/GlobespanVirata ftpd/ v/1.0/ d/broadband router/ # HP-UX B.11.00 match ftp m|^220 ([-.+\w ]+) FTP server \(Version (\d[-.\w]+) [A-Z][a-z]{2} [A-Z].*20\d\d\) ready\.\r\n| p/HP-UX ftpd/ v/$2/ o/HP-UX/ h/$1/ cpe:/o:hp:hp-ux/a match ftp m|^220 ([-.+\w ]+) FTP server \(Version (\d[-.\w]+)\(([^\)]+)\) [A-Z][a-z]{2} [A-Z].*\d{4}\) ready\.\r\n| p/HP-UX ftpd/ v/$2/ i/patchlevel $3/ o/HP-UX/ h/$1/ cpe:/o:hp:hp-ux/a # 220 mirrors.midco.net FTP server ready. # WarFTP Daemon 1.70 on Win2K match ftp m=^220-.*\r\n(?:220-|) WarFTPd (\d[-.\w]+) \([\w ]+\) Ready\r\n=s p/WarFTPd/ v/$1/ cpe:/a:jgaa:warftpd:$1/ match ftp m|^220 ([-.+\w]+) FTP SERVICE ready\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n500 Please enter a command\. Dunno how to interperet empty lines\.\.\.\r\n$| p/WarFTPd/ o/Windows/ h/$1/ cpe:/a:jgaa:warftpd/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Windows FTP Server| p/Windows Ftp Server/ i|Not from Microsoft - http://srv.nease.net/| # UnixWare 7.11 match ftp m|^220 ([-\w_.]+) FTP server \(BSDI Version ([\w.]+)\) ready\.\r\n| p|BSDI/Unixware ftpd| v/$2/ h/$1/ match ftp m|^220 FTP server \(Hummingbird Ltd\. \(HCLFTPD\) Version ([\d.]+)\) ready\.\r\n| p/Hummingbird ftpd/ v/$1/ cpe:/a:hummingbird:connectivity:$1/ match ftp m|^220 OpenFTPD server ready\. .*\.\r\n| p/OpenFTPD/ match ftp m|^220 ([\w._-]+) FTP server \(NetBSD-ftpd 20\w+\) ready\.\r\n| p/NetBSD lukemftpd/ o/NetBSD/ h/$1/ cpe:/o:netbsd:netbsd/ match ftp m|^220-\r\n Your connection logged!\r\n220 ([\w_.-]+) FTP server \(NetBSD-ftpd 200\d+\) ready\.\r\n| p/NetBSD lukemftpd/ i/Connection logged/ h/$1/ match ftp m|^220 CommuniGate Pro FTP Server ([\d.]+) ready\r\n| p/Communigate Pro ftpd/ v/$1/ cpe:/a:stalker:communigate_pro:$1/ match ftp m|^220 CommuniGate Pro FTP Server ready\r\n| p/Communigate Pro ftpd/ cpe:/a:stalker:communigate_pro/ match ftp m|^421 Sorry you are not welcomed on this server\.\r\n$| p/BulletProof ftpd/ i/Banned/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-BulletProof FTP Server ready \.\.\.\r\n| p/BulletProof ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^(?:220.*\r\n)?220 [Ee]valine FTP server \(Version: Mac OS X|s p/Evaline ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220 WinGate Engine FTP Gateway ready\r\n| p/WinGate ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Quick 'n Easy FTP Server\r\n| p/Quick 'n Easy ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Quick 'n Easy FTP Server DEMO\r\n| p/Quick 'n Easy ftpd/ i/DEMO/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^421 Too many connections for this IP address, please try again later\.\r\n| p/Quick 'n Easy ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Tornado-vxWorks \(VxWorks([\d.]+)\) FTP server ready\r\n| p/Tornado vxWorks ftpd/ v/$1/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220 [-\w_.]+ FTP server \(UNIX\(r\) System V Release 4\.0\) ready\.\r\n| p/UNIX System V Release 4.0 ftpd/ o/Unix/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle9i Enterprise Edition Release ([\d.]+) - Production\) ready\.\r\n|s p/Oracle Enterprise XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2::enterprise/ match ftp m|^(?:200-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle9i Enterprise Edition Release ([\d.]+) - 64bit Production\) ready\.\r\n| p/Oracle XML DB ftpd/ v/$2/ i/64 bits/ h/$1/ cpe:/a:oracle:database_server:$2::enterprise/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle9i Release ([\d.]+) - Production\) ready\.\r\n|s p/Oracle XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Oracle Database 10g Enterprise Edition Release ([\d.]+) - Production\) ready\.\r\n|s p/Oracle 10g Enterprise XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2::enterprise/ match ftp m|^(?:220-.*\r\n)?220 ([-\w_.]+) FTP Server \(Oracle XML DB/Personal Oracle9i Release ([\d.]+) - Production\) ready\.\r\n|s p/Personal Oracle XML DB ftpd/ v/$2/ h/$1/ cpe:/a:oracle:database_server:$2::personal/ match ftp m|^(?:220-.*\r\n)?220 ([\w._-]+) FTP Server \(Oracle XML DB/Oracle Database\) ready\.\r\n|s p/Oracle XML DB ftpd/ h/$1/ cpe:/a:oracle:database_server/ match ftp m|^(?:200-.*\r\n)?220 ([\w._-]+) FTP Server \(Oracle XML DB/\) ready\.\r\n|s p/Oracle XML DB ftpd/ h/$1/ cpe:/a:oracle:database_server/ match ftp m|^220 ([-\w_.]+) PacketShaper FTP server ready\.\r\n| p/PacketShaper ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 WfFTP server\(([\w.]+)\) ready\.\r\n| p/Nortel WfFTP/ v/$1/ d/router/ match ftp m|^220- (.*) WAR-FTPD ([-\w.]+) Ready\r\n220 Please enter your user name\.\r\n| p/WAR-FTPD/ v/$2/ i/Name $1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Canon ([\w._-]+) FTP Print Server V([\w._-]+) .* ready\.\r\n| p/Canon $1 FTP Print Server/ v/$2/ d/print server/ cpe:/h:canon:$1/ match ftp m|^500 OOPS: .*\r\n$| p/vsftpd/ i/Misconfigured/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^500 OOPS: vsftpd: both local and anonymous access disabled!\r\n| p/vsftpd/ i/Access denied/ o/Unix/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220 FTP Version ([\d.]+) on MPS100\r\n| p/Lantronix MPS100 ftpd/ v/$1/ d/print server/ cpe:/h:lantronix:mps100/a match ftp m|^220.*bftpd ([\d.]+) at ([-\w_.]+) ready\.?\r\n|s p/bftpd/ v/$1/ h/$2/ match ftp m|^220 RICOH Pro (\d+[a-zA-Z]{0,3}) FTP server \(([\d+.]+)\) ready\.\r\n| p/Ricoh Pro $1 ftpd/ v/$2/ d/printer/ cpe:/h:ricoh:pro_$1/a match ftp m|^220 LANIER ([\w\d /-]+) FTP server \(([\d+.]+)\) ready\.\r\n| p/Lanier $1 ftpd/ v/$2/ d/printer/ cpe:/h:lanier:$1/a match ftp m|^220 Welcome to Code-Crafters Ability FTP Server\.\r\n| p/Code-Crafters Ability ftpd/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Code-Crafters - Ability Server ([\d.]+)\.| p/Code-Crafters Ability ftpd/ v/$1/ o/Windows/ cpe:/a:code-crafters:ability_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) FTP server \(ARM_BE - V([\w.]+)\) ready\.\r\n| p/NetComm NS4000 Network Camera/ i/ARM_BE $2/ d/webcam/ h/$1/ match ftp m|^220 MikroTik FTP server \(MikroTik v?([\w._-]+)\) ready\r\n| p/MikroTik router ftpd/ v/$1/ d/router/ match ftp m|^220 lankacom FTP server \(MikroTik v?([\w._-]+)\) ready\r\n| p/Lankacom router ftpd/ v/$1/ i/MikroTik/ d/router/ match ftp m|^220 (.+) FTP server \(MikroTik ([\w._-]+)\) ready\r\n| p/MikroTik router ftpd/ v/$2/ d/router/ h/$1/ match ftp m|^220 NetPresenz v([\d.]+) \(Unregistered\) awaits your command\.\r\n| p/NetPresenz/ v/$1/ i/Unregistered/ o/Mac OS/ cpe:/o:apple:mac_os/a match ftp m|^220 LP-8900-[0-9A-F]+ FTP server \(OEM FTPD version ([\d.]+)\) ready\.\r\n| p/OEM FTPD $1/ i/EPSON Network Print Server/ d/print server/ match ftp m|^220 StylusPhoto750-[0-9A-F]+ FTP server \(OEM FTPD version ([\d.]+)\) ready\.\r\n| p/OEM FTPD $1/ i/Epson StylusPhoto750/ d/print server/ match ftp m|^220 AL-(\w+)-[0-9A-F]+ FTP server \(OEM FTPD version ([\d.]+)\) ready\.\r\n| p/OEM FTPD $2/ i/Epson AcuLaser $1 printer/ d/printer/ cpe:/h:epson:aculaser_$1/a match ftp m|^220 FTP Version ([\d.]+) on MSS100\r\n| p/Lantronix MSS100 serial interface ftpd/ v/$1/ d/specialized/ match ftp m|^220 Matrix FTP server \(Server \w+#\d\) ready\.\r\n| p/Matrix ftpd/ match ftp m|^220 Titan FTP Server ([\d.]+) Ready\.\r\n| p/Titan ftpd/ v/$1/ o/Windows/ cpe:/a:southrivertech:titan_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^421-\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+=\+\r\n421-The evaluation period for this Titan FTP Server has expired\.\r\n| p/Titan ftpd/ i/Evaluation period expired/ o/Windows/ cpe:/a:southrivertech:titan_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 ioFTPD \[www: http://www\.ioftpd\.com\] - \[version: ([-\w_. ]+)\] server ready\.\r\n| p/ioFTPD/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 CesarFTP ([\w.]+) Server Welcome !\r\n| p/ACLogic CesarFTPd/ v/$1/ o/Windows/ cpe:/a:aclogic:cesarftpd:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 CesarFTP ([\w.]+) \xb7\xfe\xce\xf1\xc6\xf7\xbb\xb6\xd3\xad !\r\n| p/ACLogic CesarFTPd/ v/$1/ i/Chinese/ o/Windows/ cpe:/a:aclogic:cesarftpd:$1:::zh/ cpe:/o:microsoft:windows/a match ftp m|^220-This site is running the BisonWare BisonFTP server product V([\d.]+)\r\n| p/BisonWare BisonFTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m=^220-Welcome to XBOX FileZilla(?: \(XBMC\)|)\r\n220-version: XBFileZilla version ([\d.]+), \(based on FileZilla Server ([\d.]+)\)\r\n220 http://sourceforge\.net/projects/xbfilezilla\r\n= p/XBFileZilla/ v/$1/ i/Based on FileZilla $2/ cpe:/a:xbmc:xbfilezilla:$1/ match ftp m=^220-Welcome to XBOX FileZilla(?: \(XBMC\)|)\r\n220-version: XBMC:FileZilla version ([\d.]+), \(based on FileZilla Server ([\d.]+)\)\r\n220 http://sourceforge\.net/projects/xbfilezilla\r\n= p/XBFileZilla/ v/$1/ i/Based on FileZilla $2/ cpe:/a:xbmc:xbfilezilla:$1/ match ftp m|^220 Session will be terminated after 600 seconds of inactivity\.\r\n| p/Cisco 3000 series VPN ftpd/ d/security-misc/ o/IOS/ cpe:/o:cisco:ios/a match ftp m|^220-SlimFTPd ([\d.]+), by WhitSoft Development \(www\.whitsoftdev\.com\)\r\n| p/SlimFTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 BlackMoon FTP Server Version ([\d.]+ Release \d+) - Build \d+\. Free Edition\. Service Ready\r\n| p/BlackMoon ftpd/ v/$1/ i/Free edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 BlackMoon FTP Server Version ([\d.]+ Release \d+) - Build \d+\. Chaos Edition\. Service Ready\r\n| p/BlackMoon ftpd/ v/$1/ i/Chaos edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-BlackMoon FTP Server Version ([\d.]+ Release \d+) - Build \d+\r\n| p/BlackMoon ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 BlackMoon FTP Server - Free Edition - Version ([\d.]+)\. Service Ready\r\n| p/BlackMoon ftpd/ v/$1/ i/Free edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 netapp ftp server\r\n| p/netapp ftpd/ match ftp m|^220 Oracle Internet File System FTP Server ready\r\n| p/Oracle Internet File System ftpd/ match ftp m|^220 NRG 2205/2238/2212 FTP server \(([\d.]+)\) ready\.\r\n| p|NRG 2205/2238/2212 copier ftpd| v/$1/ d/printer/ match ftp m|^220 mandelbrot FTP server \(Version ([\d.]+) \(NeXT ([\d.]+)\) .*\) ready\.\r\n| p/mandelbrot ftpd/ v/$1/ i/NeXT $2/ o/NeXTStep/ cpe:/o:next:nextstep/ # Microsoft Windows .NET Enterprise Server (build 3604-3790) match ftp m|^220 Net Administration Divisions FTP Server Ready\.\.\.\r\n| p/Net Administration Divisions ftpd/ match ftp m|^220-\r\n220-\r\n220 Please enter your user name\.\r\n| p/MoreFTPd/ match ftp m|^220 ([-\w_.]+) FTP server \(OSF/1 Version ([\d.]+)\) ready\.\r\n| p|OSF/1 ftpd| i|OSF/1 $2| o/Unix/ h/$1/ match ftp m|^220 Qtopia ([\d.]+) FTP Server\n| p/Qtopia ftpd/ v/$1/ d/PDA/ match ftp m|^220[ -]Gene6 FTP Server v([\d.]+) +\(Build (\d+)\).* ready\.\.\.\r\n| p/Gene6 ftpd/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 G6 FTP Server v([\d.]+) \(beta (\d+)\) ready \.\.\.\r\n| p/Gene6 ftpd/ v/$1 beta $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) by G6 FTP Server ready \.\.\.\r\n| p/Gene6 ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 .* by G6 FTP Server ready \.\.\.\r\n| p/Gene6 ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.*Hello! I'm Gene6 FTP Server v([-\w_.]+) \(Build (\d+)\)\.\r\n|s p/Gene6 ftpd/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([\w._-]+) FTP server ready\.\.\.\r\n| p/Gene6 ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 sftpd/([\d.]+) Server \[[-\w_.]+\]\r\n| p/sftpd/ v/$1/ match ftp m|^220-TYPSoft FTP Server ([\d.]+) ready\.\.\.\r\n| p/TYPSoft ftpd/ v/$1/ o/Windows/ cpe:/a:typsoft:typsoft_ftp_server:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Pablo's FTP Server\r\n| p/Pablo's ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 PowerLogic FTP Server ready\.\r\n| p/PowerLogic embedded device ftpd/ d/specialized/ match ftp m|^220 INTERMEC 540\+/542\+ FTP Printer Server V([\d.]+) .* ready\.\r\n| p|Intermec 540+/542+ printer ftpd| v/$1/ d/printer/ match ftp m|^220 EthernetBoard OkiLAN 8100e Ver ([\d.]+) FTP server\.\r\n| p/OkiLAN 8100e print server/ v/$1/ d/print server/ match ftp m|^220 OKI-([\w+]+) Version ([\d.]+) ready\.\r\n| p/OkiData $1 printer ftpd/ v/$2/ d/printer/ # SpeedStream 5660 ADSL modem/router match ftp m|^220 VxWorks \(ENI-ftpd ([\d.]+)\) FTP server ready\r\n| p/SpeedStream 5660 ADSL router/ i|Runs ENI-ftpd/$1 on VxWorks| d/router/ o/VxWorks/ cpe:/o:windriver:vxworks/a match ftp m|^220--------------------------------------------------------------------------------\r\n220-This is the \"Banner\" message for the Mac OS X Server's FTP server process\.\r\n.*220 ([-\w_.]+) FTP server \(Version: Mac OS X Server ([\d.]+) - \+GSSAPI\) ready\.\r\n|s p/Mac OS X Server ftpd/ i/MacOS X $2/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a match ftp m|^220--------------------------------------------------------------------------------\r\n220-This is the \"Banner\" message for the Mac OS X Server's FTP server process\.\r\n| p/Mac OS X Server ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220 Welcome to U\.S\.Robotics SureConnect ADSL Ethernet/USB Router update FTP server v([\d.]+)\.\r\n| p/USRobotics SureConnect ADSL router ftpd/ v/$1/ d/router/ match ftp m|^220-Welcome to Xerver Free FTP Server ([\d.]+)\.\r\n220-\r\n220-You can login below now\.\r\n220 Features: \.\r\n| p/Xerver Free ftpd/ v/$1/ match ftp m|^220 ([-\w_.]+) FTP server \(tnftpd ([\w._+-]+)\) ready\.\r\n| p/tnftpd/ v/$2/ h/$1/ match ftp m|^220 ([-\w_.]+) FTP server \(LundFTPD ([\d.]+) .*\) ready\.\r\n| p/LundFTPd/ v/$2/ h/$1/ match ftp m|^220 HD316\r FTP server\(Version([\d.]+)\) ready\.\r\n| p/Panasonic WJ-HD316 Digital Disk Recorder/ v/$1/ d/media device/ cpe:/h:panasonic:wj-hd316/ match ftp m|^220 ([\w._-]+)\r FTP server\(Version([\w._-]+)\) ready\.\r\n| p/Panasonic WJ-HD316 Digital Disk Recorder/ v/$2/ d/media device/ h/$1/ cpe:/h:panasonic:wj-hd316/ match ftp m=^220 (\w+) IBM Infoprint (Color |)(\d+) FTP Server ([\w.]+) ready\.\r\n= p/IBM Infoprint $2$3 ftpd/ v/$4/ d/printer/ h/$1/ match ftp m|^220 ([\w._-]+) IBM Infoprint (\w+) FTP Server ([\w.]+) ready\.\r\n| p/IBM Infoprint $2 ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:ibm:infoprint_$2/a match ftp m|^220 ShareIt FTP Server ([\d.]+) \(WINCE\) Ready\.\r\n| p/ShareIt ftpd/ v/$1/ d/PDA/ match ftp m|^220 ShareIt FTP Pro ([\d.]+) \(WINCE\) Ready\.\r\n| p/ShareIt Pro ftpd/ v/$1/ d/PDA/ match ftp m|^220 ISOS FTP Server for Upgrade Purpose \(([\d.]+)\) ready\r\n| p/Billion 741GE ADSL router/ v/$1/ d/router/ cpe:/h:billion:741ge/a match ftp m|^220 PV11 FTP Server ready\r\n| p/Unknown wireless acces point ftpd/ i/Runs Phar Lap RTOS/ d/router/ match ftp m|^220 Alize Session Manager FTP Server\r\n| p/Alcatel OmniPCX ftpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/ match ftp m|^220-FTP Server ready\r\n220-Welcome to the Sambar FTP Server\r\r\n| p/Sambar ftpd/ cpe:/a:sambar:sambar_server/ match ftp m|^220 SINA FTPD \(Version ([-\d.]+)\).*\r\n| p/Sina ftpd/ v/$1/ match ftp m|^220 DataHive FTP Server ([\d.]+) Ready\.\r\n| p/DataHive ftpd/ v/$1/ match ftp m|^220--- AlterVista FTP, based on Pure-FTPd --\r\n| p/AlterVista ftpd/ i/Based on Pure-ftpd/ match ftp m|^220 Welcome to the ADI Convergence Galaxy update FTP server v([\d.]+)\.\r\n| p/ADI Convergence Galaxy update ftpd/ v/$1/ match ftp m|^421 You are not permitted to make this connection\.\r\n| p/Symantec Raptor Firewall ftpd/ d/firewall/ cpe:/a:symantec:raptor_firewall/ match ftp m|^220 copier2FTP server ready\.\r\n| p/Konica Minolta Di3510 Copier ftpd/ d/printer/ cpe:/h:konicaminolta:di3510/a match ftp m|^220 DrayTek FTP version ([\d.]+)\r\n| p/DrayTek Vigor router ftpd/ v/$1/ d/router/ match ftp m|^220 ([-\w_.]+) FTP server ready \(mod_ftpd/([\d.]+)\)\r\n| p/Apache mod_ftpd/ v/$2/ h/$1/ cpe:/a:apache:http_server/ match ftp m|^220 The Avalaunch FTP system -- enter user name\r\n| p/Avalaunch ftpd/ i/XBox/ d/game console/ match ftp m|^220 Server 47 FTP service\. Welcome\.\r\n| p/bftpd/ o/Unix/ match ftp m%^220-loading\.\.\r\n220-\| W e L c O m E @ SFXP\|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\|\r\n% p/SwiftFXP/ match ftp m|^220 Z-FTP\r\n| p/Z-FTPd/ match ftp m|^220 ([-/.+\w_]+) Dell ([-/.+\w ]+) FTP Server ([\w._-]+) ready\.\r\n| p/Dell $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:dell:$2/ match ftp m|^220 ([-/.+\w_]+) Dell Wireless Printer Adapter ([\w._-]+) FTP Server ready\.\r\n| p/Dell $2 Wireless Printer Adapter ftpd/ d/print server/ h/$1/ cpe:/h:dell:$2/ match ftp m|^220 ([-/.+\w_]+) Dell Laser Printer ([-/.+\w ]+) FTP Server ([\w._-]+) ready\.\r\n| p/Dell $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:dell:$2/ match ftp m|^220 Dell Laser Printer ([\w._-]+)\r\n| p/Dell $1 laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Dell Color Laser ([\w._-]+)\r\n| p/Dell $1 color laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Dell ([\w._-]+) Color Laser\r\n| p/Dell $1 color laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Dell MFP Laser ([\w._-]+)\r\n| p/Dell $1 laser printer ftpd/ d/printer/ cpe:/h:dell:$1/ match ftp m|^220 Plan 9 FTP server ready\r\n| p/Plan 9 ftpd/ o/Plan 9/ cpe:/o:belllabs:plan_9/a match ftp m=^220-\+----------------------\[ UNREGISTERED VERSION \]-----------------------\+\r\n220-\| This site is running unregistered copy of RaidenFTPD ftp server \+\r\n= p/RaidenFTPd/ i/Unregistered/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|220 ([-\w_.]+) FTP server \(Version: Mac OS X Server ([\d.]+) - \+GSSAPI\) ready\.\r\n|s p/MacOS X Server ftpd/ i/MacOS X Server $2/ o/Mac OS X Server/ h/$1/ cpe:/o:apple:mac_os_x_server:$2/ match ftp m|^220 Fastream NETFile FTP Server(?: Ready)?\r\n| p/Fastream NETFile FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP 9500 server \(Version ([\d.]+)\) ready\.\r\n| p|Nokia Smartphone 9300/9500 ftpd| v/$1/ d/phone/ o/Symbian/ cpe:/o:symbian:symbian/ match ftp m|^220 [\d.]+ CVX FTP server \(([\d.]+)\) ready\.\r\n| p/CVX ftpd/ v/$1/ match ftp m|^220-\.:\.\r\n220-\.:+\r\n220-\.::::::::::\. e1137 FTP Server loading \.::::::::::::::\. WinSock ready \.| p/e1137 ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Connect\(active \d+, max active \d+\) session \d+ to RemoteScan Server ([\d.]+) on .*\r\n| p/RemoteScan ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.ArGoSoft FTP Server for Windows NT/2000/XP, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220.ArGoSoft FTP Server, Version [\d.]+ \(([\d.]+)\)\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ArGoSoft FTP Server \.NET v\.([\d.]+) at [^\r\n]*\r\n| p/ArGoSoft ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to the dvd2xbox ftp server\.\r\n| p/dvd2xbox built-in ftpd/ d/game console/ match ftp m|^220 Welcome To WinEggDrop Tiny FTP Server\r\n| p/WinEggDrop ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-\n220-Welcome to the HOME Edition of GlobalSCAPE CuteFTP Server, which limits\n| p/GlobalSCAPE CuteFTPd/ i/HOME Edition/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Gestetner DSm622 FTP server \(([\d.]+)\) ready\.\r\n| p/Gestetner DSm622 copier ftpd/ v/$1/ d/printer/ match ftp m|^220 NRG (\w+) FTP server \(([\d.]+)\) ready\.\r\n| p/NRG $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:nrg:$1/a match ftp m|^220-\r\n| p/Backdoor Pubstro ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 wzd server ready\.\r\n| p/wzdftpd/ match ftp m|^500 Sorry, no server available to handle request on ([-\w_.:]+)\r\n| p/ProFTPD/ i/No server available/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^500 Sorry, no server available to handle request on ([-\w_.:]+)\.\r\n| p/ProFTPD/ i/No server available/ h/$1/ cpe:/a:proftpd:proftpd/a match ftp m|^220 Intel NetportExpress\(tm\) 10/100 Single-port FTP server ready\.\r\n| p/Intel NetportExpress print server ftpd/ d/print server/ match ftp m|^220 NET\+ARM FTP Server ([\d.]+) ready\.\r\n| p/NET+ARM ftpd/ v/$1/ match ftp m|^220- FTPshell Server Service \(Version ([-\w_.]+)\)\r\n220 \r\n| p/FTPshell ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Connected to ([-\w_.]+) ready\.\.\.\r\n| p/TYPSoft ftpd/ o/Windows/ h/$1/ cpe:/a:typsoft:typsoft_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) FTP Server \(LiteServe\) Ready!\r\n| p/Perception LiteServe ftpd/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 BetaFTPD ([-\w_.]+) ready\.\r\n| p/BetaFTPd/ v/$1/ match ftp m|^220 NET Disk FTP Server ready\.\r\n| p|NET Disk/NetStore ftpd| match ftp m|^421 Service not available, closing control connection\.\r\n| p|NET Disk/NetStore ftpd| i/Disabled/ match ftp m|^220 NETWORK HDD FTP Server ready\.\r\n| p/Argosy Research HD363N Network HDD ftpd/ d/storage-misc/ match ftp m|^220 Blue Coat FTP Service\r\n| p/Blue Coat ftp proxy/ d/security-misc/ # Can't find any info on this ftpd. Backdoor? -Doug match ftp m|^220 Homer Ftp Server\r\n| p/Homer ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Personal FTP Server ready\r\n| p/Personal FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Personal FTP Professional Server ready\r\n| p/Personal FTPd Professional/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-InterVations FileCOPA FTP Server Version ([\d.]+) .*\r\n220 Trial Version\. (\d+) days remaining\r\n| p/InterVations FileCOPA ftpd/ v/$1/ i/Trial: $2 days left/ o/Windows/ cpe:/a:intervations:filecopa:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 cab Mach4/(\d+) FTP Server ready\.\r\n| p/CAB MACH 4 label printer ftpd/ i/$1 dpi/ d/printer/ match ftp m|^220 cab A4\+/(\d+) FTP Server ready\.\r\n| p/CAB A4+ label printer ftpd/ i/$1 dpi/ d/printer/ match ftp m|^220 (KM[\w+]+) FTP server \(KM FTPD version ([\d.]+)\) ready\.\r\n| p/Konica Minolta $1 ftpd/ v/$2/ d/printer/ cpe:/h:konicaminolta:$1/a match ftp m|^220 Golden FTP Server ready v([\w._-]+)\r\n| p/Golden ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Golden FTP Server Pro ready v([\w._-]+)\r\n| p/Golden ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Golden FTP Server PRO ready v([\w._-]+)\r\n| p/Golden PRO ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ITC Version ([\d.]+) of [-\d]+ X Kyocera UIO UMC 10base OK \r\n| p/X Kyocera UIO UMC 10base print server ftpd/ v/$1/ d/print server/ cpe:/h:kyocera:uio_umc_10base/a match ftp m|^220 ActiveFax Version ([\d.]+) \(Build (\d+)\) - .*\r\n| p/ActiveFax ftpd/ v/$1 build $2/ match ftp m|^220-Welcome to CrushFTP!\r\n220 CrushFTP Server Ready[!.]\r\n| p/CrushFTPd/ match ftp m|^220-Welcome to CrushFTP([\w._-]+)!\r\n220 CrushFTP Server Ready\.\r\n| p/CrushFTP/ v/$1/ match ftp m|^220 DPO-7300 FTP Server ([\d.]+) ready\.\n| p/NetSilicon DPO-7300 ftpd/ v/$1/ match ftp m|^220 Welcome to WinFtp Server\.\r\n| p/WinFtpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 IBM TCP/IP for OS/2 - FTP Server ver ([\d:.]+) on .* ready\.\r\n| p|IBM OS/2 ftpd| v/$1/ o|OS/2| cpe:/a:ibm:os2_ftp_server:$1/ cpe:/o:ibm:os2/ match ftp m|^220 AudioVAULT FTP server\r\n| p/AudioVault ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 FTP/VPP Server ([\d.]+) / Current Date: [-\d]+ [\d:]+\r\n| p/Verteiltes Printen und Plotten ftpd/ v/$1/ match ftp m|^220 Xerox WorkCentre (\w+) Ver ([\d.]+) FTP server\.\r\n| p/Xerox WorkCentre $1 ftpd/ v/$2/ d/printer/ cpe:/h:xerox:workcentre_$1/a match ftp m|^220 Xerox Phaser (\w+)\r\n| p/Xerox Phaser $1 printer ftpd/ d/printer/ cpe:/h:xerox:phaser_$1/a match ftp m|^220 .* Server \(vftpd ([\d.]+)\) ready\.\r\n| p/vftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Network Camera FTP Server\r\n| p/Vivotek 3102 Camera ftpd/ d/webcam/ match ftp m|^220-TwoFTPd server ready\.\r\n220 Authenticate first\.\r\n| p/TwoFTPd/ o/Unix/ match ftp m|^220 WEB TLC FTP SERVER READY TYPE HELP FOR HELP \r\n| p/Overland Storage Neo2000 ftpd/ d/storage-misc/ match ftp m|^220 ([-/.+\w_]+) Lexmark ([-/.+\w ]+) FTP Server ([-.\w]+) ready\.\r\n| p/Lexmark $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:lexmark:$2/a match ftp m|^220 ([-/.+\w_]+) MarkNet ([-/.+\w ]+) FTP Server ([-.\w]+) ready\.\r\n| p/Lexmark $2 printer ftpd/ v/$3/ d/printer/ h/$1/ cpe:/h:lexmark:$2/a match ftp m|^500 ([\w._-]+) FTP server shut down -- please try again later\.\r\n| p/Mac OS X Server ftpd/ i/disabled/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a match ftp m|^220 \(Ver\. ([^)]+)\) [A-Z][a-z]{2} \d+ 20\d+ ready\.\r\n| p|Canon VB-C10/VB-C10R webcam ftpd| v/$1/ d/webcam/ match ftp m|^220 Cisco \(([\d.]+)\) FTP server ready\r\n| p/Cisco ftpd/ v/$1/ o/IOS/ cpe:/o:cisco:ios/a match ftp m|^220 \"Global Site Selector FTP\"\r\n| p/Cisco Site Selector ftpd/ d/security-misc/ cpe:/h:cisco:global_site_selector:-/ match ftp m|^220 ISOS FTP Server \(([\d.]+)\) ready\r\n| p/Xavi 7768 WAP ftpd/ v/$1/ d/WAP/ cpe:/h:xavi:7768/ match ftp m|^220- smallftpd ([\d.]+)\r\n220- check http://smallftpd\.free\.fr| p/smallftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([-\w_.]+) GridFTP Server ([\w._-]+) \((gcc\w+), [-\d]+\) (?:\[unknown\] )?ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/$3/ h/$1/ match ftp m|^220 ([\w._-]+) GridFTP Server ([\w._-]+) \((gcc\w+), [-\d]+\) \[Globus Toolkit ([\w._-]+)\] ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/Globus Toolkit $4; $3/ h/$1/ match ftp m|^220 ([-\w_.]+) (?:[A-Z]+ )?GridFTP Server ([\d.]+) (GSSAPI type Globus/GSI wu-\S+) \(gcc\w+, [-\d]+\) ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/$3/ h/$1/ match ftp m|^220 ([-\w_.]+) FTP server \(GridFTP Server ([\d.]+) \[(GSI patch v[\d\.]+)\] (wu-\S+) .+\) ready\.\r\n| p/Globus GridFTPd/ v/$2/ i/$4 $3/ h/$1/ match ftp m|^220 Welcome to the OpenDreambox FTP service\.\r\n| p/Dreambox ftpd/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Willkomen auf Ihrer Dreambox\.\r\n| p/Dreambox ftpd/ i/German/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Welcome to the PLi dreambox FTP server\r\n| p/Dreambox ftpd/ i/PLi image/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Welcome to the Pli Jade Server >> OpenDreambox FTP service <<\.\r\n| p/Dreambox ftpd/ i/PLi Jade image/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 ([-\w_.]+) FTP server \(KONICA FTPD version ([\d.]+)\) ready\.\r\n| p/Konica Minolta printer ftpd/ v/$2/ d/printer/ h/$1/ match ftp m|^220 KONICA MINOLTA FTP server ready\.\r\n| p/Konica Minolta bizhub printer ftpd/ d/printer/ match ftp m|^Error loading /etc/ssl/certs/ftpd\.pem:| p/Linux NetKit ftpd/ i/misconfigured/ o/Linux/ cpe:/a:netkit:netkit/ cpe:/o:linux:linux_kernel/a match ftp m|^500 OOPS: cannot locate user entry:([-\w_]+)\r\n500 OOPS: child died\r\n| p/vsftpd/ i/misconfigured; ftp user $1/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220 Welcome to Freebox FTP Server\.\r\n| p/Freebox ftpd/ d/media device/ match ftp m|^220 FTP server \(Medusa Async V([\d.]+) \[experimental\]\) ready\.\r\n| p/Zope Medusa ftpd/ v/$1/ match ftp m|^220- Novonyx FTP Server for NetWare, v([\d.]+) \(| p/Novonyx ftpd/ v/$1/ o/NetWare/ cpe:/o:novell:netware/a match ftp m|^220 ([-\w_.]+) \(Aironet (BR\w+) V([\d.]+)\) ready\r\n| p/Aironet $2 wireless bridge ftpd/ v/$3/ d/WAP/ h/$1/ cpe:/h:cisco:aironet_$2/ match ftp m|^220-Welcome To Rumpus!\r\n220 Service ready for new user\r\n| p/Rumpus ftpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match ftp m|^220 Hello, I'm freeFTPd ([\d.]+)\r\n| p/FreeFTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 PrNET FTP server \(PrNET FTP ([\d.]+)\) ready\.\r\n| p/Panasonic WV-NP1000 webcam ftpd/ v/$1/ d/webcam/ cpe:/h:panasonic:wv-np1000/a match ftp m|^220-Looking up your hostname\.\.\.\r\n220-Welcome to SimpleFTPd v([\w.]+) by MagicalTux| p/SimpleFTPd/ v/$1/ match ftp m|^220 IB-21E Ver ([\d.]+) FTP server\.\r\n| p/Kyocera IB-21E print server ftpd/ v/$1/ d/print server/ cpe:/h:kyocera:ib-21e/a match ftp m|^220 IB-23 Ver ([\d.]+) FTP server\.\r\n| p/Kyocera FS-1000D-series print server ftpd/ v/$1/ d/print server/ match ftp m|^220 SurgeFTP ([-\w_.]+) \(Version ([\w.]+)\)\r\n| p/SurgeFTPd/ v/$2/ h/$1/ cpe:/a:netwin:surgeftp:$2/ match ftp m|^220 Disk Station FTP server at ([-\w_.]+) ready\.\r\n| p/Synology NAS ftpd/ d/storage-misc/ h/$1/ match ftp m|^220 FTP Merak ([\d.-]+)\r\n| p/Merak ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^refused in\.ftpd from [-\w_.]+ logged\n| p/tcpwrapped ftpd/ i/refused/ match ftp m|^220 Ipswitch Notification Server| p/Ipswitch notification ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-?\s+SSH-[\d.]+-([a-zA-Z]+)| p/FTP masquerading as $1/ i/**BACKDOOR**/ match ftp m|^220 Xlight FTP Server ([\d.]+) ready\.\.\.\r\n| p/Xlight ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Xlight Server ([\d.]+) ready\.\.\. \r\n| p/Xlight ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 NetTerm FTP server ready \r\n| p/NetTerm ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 SHARP ([\w-]+) FTP server ready\.\r\n| p/Sharp $1 printer ftpd/ d/printer/ cpe:/h:sharp:$1/a match ftp m|^220 SHARP ([\w-]+) Ver ([\w._-]+) FTP server\.\r\n| p/SHARP $1 printer ftpd/ v/$2/ d/printer/ match ftp m|^220 (FS-\w+) FTP server\.?\r\n| p/Kyocera $1 printer ftpd/ d/printer/ cpe:/h:kyocera:$1/ match ftp m|^220 Scala FTP \(\"Scala InfoChannel Player \d+\" ([\w/.]+)\)\r\n| p/Scala InfoChannel Player ftpd/ v/$1/ d/media device/ match ftp m|^220 FTP Services for ClearPath MCP: Server version ([\d.]+)\r\n| p/Unisys ClearPath MCP ftpd/ v/$1/ match ftp m|^220 Nut/OS FTP ([\d.]+) beta ready at| p|Nut/OS Demo ftpd| v/$1/ o|Nut/OS| cpe:/o:ethernut:nut_os/a match ftp m|^ftpd - accept the connection from [\d.]+\n220-eDVR FTP Server v([\d.]+) \(c\)Copyright WebGate Inc\. \w+-\w+\r\n220-Welcome to (DS\w+)\r\n220 You will be disconnected after 180 seconds of inactivity\.\r\n| p/WebGate $2 eDVR camera ftpd/ v/$1/ d/webcam/ match ftp m|^220 FTP-Backupspace\r\n$| p/STRATO backup ftpd/ match ftp m|^220-.* \(([-\w_.]+)\)\r\n Synchronet FTP Server ([-\w_.]+)-Win32 Ready\r\n| p/Synchronet ftpd/ v/$2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to (DCS-\w+) FTP Server\r\n$| p/D-Link $1 webcam ftpd/ d/webcam/ cpe:/h:dlink:$1/a match ftp m|^220 X5 FTP server \(version ([\d.]+)\) ready\.\r\n| p/Zoom ADSL modem/ i/X5 $1/ d/broadband router/ match ftp m|^220 zFTPServer v([-\w_.]+), build ([-\d]+)| p/zFTPServer/ v/$1 build $2/ o/Windows/ cpe:/a:vaestgoeta-data:zftpserver:$1/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to zFTPServer\r\n| p/zFTPServer/ o/Windows/ cpe:/a:vaestgoeta-data:zftpserver/ cpe:/o:microsoft:windows/a match ftp m|^220 FRITZ!BoxWLAN(\d+)(?:\(UI\))? FTP server ready\.\r\n| p/FRITZ!Box WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!BoxFonWLAN(\w+)(?:\(\w+\))? FTP server ready\.\r\n| p/FRITZ!Box Fon WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!Box Fon WLAN (\d+) FTP server ready\.\r\n| p/FRITZ!Box Fon WLAN $1 WAP ftpd/ d/WAP/ match ftp m|^220 FRITZ!Box(\w+)Cable\(um\) FTP server ready\.\r\n| p/FRITZ!Box $1 cable modem ftpd/ d/broadband router/ match ftp m|^220 CompuMaster SRL, WT-6500 Ftp Server \(Version ([\d.]+)\)\.\r\n| p/CompuMaster WT-6500 ThinClient ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^211 Hello \[[-\w_.]+\], Secure/IP Authentication Server ([-\w_.]+) at your service\.\r\n| p|OpenVMS Secure/IP ftpd| v/$1/ o/OpenVMS/ cpe:/o:hp:openvms/a match ftp m|^220 HP166XC V([-\w_.]+) FUSION FTP server \(Version ([-\w_.]+)\) ready\.\r\n| p/HP166XC $1 Logic Analyzer ftpd/ i/FUSION ftpd $2/ d/specialized/ match ftp m|^220 FTP Server, type 'quote help' for help\r\n$| p/Polycom VSX 8000 ftpd/ d/webcam/ cpe:/h:polycom:vsx_8000/a match ftp m|^550 no more people, max connections is reached\r\n| p/Avalaunch XBOX ftpd/ i/Max connections reached/ d/game console/ match ftp m|^220 Fastream IQ FTP Server\r\n| p/Fastream IQ ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 RICOH Aficio ([\w ._+-]+?) FTP server \(([-\w_.]+)\) ready\.\r\n| p/Ricoh Aficio $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:ricoh:aficio_$1/a match ftp m|^220 RICOH Aficio ([\w ._+-]+?) \(([-\w_.]+)\) FTP server ready\r\n| p/Ricoh Aficio $1 printer ftpd/ v/$2/ d/printer/ cpe:/h:ricoh:aficio_$1/a match ftp m|^220 HIOKI ftp service v([\d.]+)\r\n| p/Hioki HiCorder 8855 ftpd/ v/$1/ d/specialized/ match ftp m|^220 Treck FTP server ready\.\r\n| p/Treck Embedded ftpd/ match ftp m|^220 Microtest SuperCD-cdserver FTP server \(Version V([\w._-]+)\) ready\.\r\n| p/Axonix SuperCD ftpd/ v/$1/ d/media device/ match ftp m|^220 FTP service \(Ftpd ([\d.]+)\) ready on ([\w._-]+) at| p/Minix ftpd/ v/$1/ o/Minix/ h/$2/ cpe:/a:minix:ftpd:$1/ cpe:/o:minix:minix/a match ftp m|^220 Cube Station FTP server at ([\w._-]+) ready\.\r\n| p/Synology CubeStation ftpd/ h/$1/ match ftp m|^220 Xerox Phaser (\w+)\r\n421 Service not available, closing control connection\r\n| p/Xerox Phaser $1 ftpd/ d/printer/ cpe:/h:xerox:phaser_$1/a match ftp m|^220 CrossFTP Server ready for new user\.\r\n| p/CrossFTP java ftpd/ match ftp m|^220 ATAboy2X-\d+ FTP V([\w._-]+) ready\n| p/ATAboy2X ftpd/ v/$1/ d/storage-misc/ match ftp m|^220 Belkin Network USB Hub Ver ([\w._-]+) FTP server\.\r\n| p/Belkin USB hub ftpd/ v/$1/ match ftp m|^220-TCP/IP for VSE FTP Daemon Version ([\w._-]+) | p/VSE ftpd/ v/$1/ o|z/VSE| cpe:/o:ibm:z%2fvse/ match ftp m|^220 FTP server: Lexmark Optra LaserPrinter ready\r\n| p/Lexmark Optra LaserPrinter ftpd/ d/printer/ match ftp m|^220 NSE \(AG (\d+) v([\w._-]+)\) FTP server ready\r\n| p/Nomadix AG $1 ftpd/ v/$2/ d/WAP/ match ftp m|^220 Welcome to Easy File Sharing FTP Server!\r\n| p/Easy File Sharing ftpd/ o/Windows/ cpe:/a:efssoft:easy_file_sharing_ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220- \*+\r\n220- \r\n220- Welcome to Dream FTP Server\r\n220- Copyright 2002 - 2004\r\n220- BolinTech Inc\.\r\n| p/BolinTech Dream FTP Server/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to the Netburner FTP server\.\r\n| p/Netburner embedded device ftpd/ d/specialized/ match ftp m|^220 NetBotz FTP Server ([\w._-]+) ready\.\r\n| p/NetBotz network monitor ftpd/ v/$1/ d/security-misc/ match ftp m|^220 TOSHIBA e-STUDIO5500c FTP server \(([\w._-]+)\) ready\.\r\n| p/Toshiba e-STUDIO5500c printer ftpd/ v/$1/ d/printer/ cpe:/h:toshiba:e-studio5500c/a match ftp m|^220 \(WJ-HD220 FTP Server version ([\w._-]+) Ready\)\r\n| p/Panasonic WJ-HD220 ftpd/ v/$1/ d/media device/ match ftp m|^220 ([\w._-]+) FTP server \(EMC-SNAS: ([\w._-]+)\) ready\.\r\n| p/EMC Scalable Network Accelerator ftpd/ v/$2/ h/$1/ match ftp m|^220-CentOS release ([\w._-]+) .*\r\n220 ProFTPD ([\w._-]+) Server \(ProFTPD Default Installation\)|s p/ProFTPD/ v/$2/ i/CentOS $1/ o/Linux/ cpe:/a:proftpd:proftpd:$2/a cpe:/o:centos:centos/ match ftp m|^220 TCAdmin FTP Server\r\n| p/Balance Servers TCAdmin game hosting ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^.* klogd: klogd started: BusyBox v([\w._-]+) \(.*\)\r\nDoing BRCTL \.\.\.\r\nsetfilter br0 0 \r\n/var/tmp/act_firewall: No such file or directory\r\n| p/Actiontec router ftpd/ i/firewall broken; BusyBox $1/ d/broadband router/ cpe:/a:busybox:busybox:$1/ # these should be fine. embyte match ftp m|^220 .*BlackJumboDog Version ([^ ]+)| p/Blackjumbodog FTPd/ v/$1/ match ftp m|^220[- ] ?[Cc]rob FTP [Ss]erver [Vv]?([-.\d\w]+)| p/Crob FTPd/ v/$1/ match ftp m|^220.* GlobalSCAPE Secure FTP Server \(v\. ([^\)]+)\)| p/GlobalSCAPE Secure FTPd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 GlobalSCAPE Secure FTP Server\r\n| p/GlobalSCAPE Secure FTPd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Mollensoft FTP Server ([^ ]+) Ready\.| p/Mollensoft FTPd/ v/$1/ match ftp m|^220 Welcome to Ocean FTP Server.| p/Ocean FTPd/ match ftp m|^220 4dftp .* FTP Service \(Version ([^)]+)\)| p/WebStar 4dftp/ v/$1/ match ftp m|^220 IBM NPS 540\+/542\+ FTP Printer Server V([\w._-]+) | p|IBM NPS 540+/542+ print server ftpd| v/$1/ d/print server/ match ftp m|^220 ([\w._-]+) FTP server \(mmftpd \(([\w._/-]+)\)\) ready\r\n| p/mmftpd/ v/$2/ h/$1/ match ftp m|^220 C500 FTP Server ([\w._-]+) ready\.\n| p/Lexmark C500 printer ftpd/ v/$1/ d/printer/ cpe:/h:lexmark:c500/a match ftp m|^220-TiMOS-\w+-([\w._-]+) cpm/hops ALCATEL ESS 7450 Copyright \(c\) 2000-2007 Alcatel-Lucent\.\r\n| p/Alcatel-Lucent ESS 7450 router ftpd/ v/$1/ d/router/ o/TiMOS/ cpe:/h:alcatel-lucent:ess_7450/a cpe:/o:alcatel-lucent:timos/ match ftp m|^220 SAVIN 8055 FTP server \(([\w._-]+)\) ready\.\r\n| p/Savin 8055 printer ftpd/ v/$1/ d/printer/ cpe:/h:savin:8055/a match ftp m|^220 TANDBERG Satellite Modulator SM6600\r\n| p/Tandberg SM6600 Satellite Modulator ftpd/ d/media device/ match ftp m|^220 SUN StorEdge 3511 RAID FTP server ready\.\r\n| p/Sun StorEdge 3511 ftpd/ d/storage-misc/ match ftp m|^220 IFT ([\w._-]+) RAID FTP server ready\.\r\n| p/Infortrend EonStor $1 ftpd/ d/storage-misc/ match ftp m|^421 Closing non-secure connections in Secure Mode\. \r\n| p/Polycom VSX 7000A VoIP phone ftpd/ d/VoIP phone/ cpe:/h:polycom:vsx_7000a/a match ftp m|^220-Sami FTP Server ([\w._-]+)\r\n| p/KarjaSoft Sami ftpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 DrFTPD ([\w._-]+) http://drftpd\.org\r\n| p/DrFTPD/ v/$1/ match ftp m|^220 DrFTPD\+ ([\w._-]+) \(\+STABLE\+\) \$Revision: (\d+) \$ http://drftpd\.org\r\n| p/DrFTPD/ v/$1 revision $2/ match ftp m|^220 Conti FTP Server ready\r\n| p/Conti ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Mobile File Service\r\n\r\n| p|HTC P4000 PDA/Phone ftpd| d/PDA/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to Topfield PVR FTP server\r\n| p/Topfield HDPVR satellite decoder ftpd/ d/media device/ match ftp m|^220 ([\w._-]+) FTP server \(WS2000 FTPD Server\) ready\.\r\n| p|Motorola/Symbol WS2000 WAP ftpd| d/WAP/ h/$1/ match ftp m|^220 ADH FTP SERVER READY TYPE HELP FOR HELP \r\n| p/AD Network Video Dedicated Micros DVR ftpd/ d/webcam/ match ftp m|^220 TDS400 FTP Service \(Version ([\w._-]+)\)\.\r\n| p/TDS400 printer ftpd/ v/$1/ d/printer/ match ftp m|^220 ---freeFTPd 1\.0---warFTPd 1\.65---\r\n| p/Nepenthes HoneyTrap fake vulnerable ftpd/ match ftp m|^220- \w+\r\n220 FTP Server powered by: Quick 'n Easy FTP Server\r\n| p/Quick 'n Easy FTP Server/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220-National Instruments FTP\r\n220 Service Ready \r\n| p/National Instruments LabVIEW ftpd/ d/specialized/ cpe:/a:ni:labview/ # The ASCII spells "FREETZ". match ftp m=^220- __ _ __ __ ___ __\r\n220- \|__ \|_\) \|__ \|__ \| /\r\n220- \| \|\\ \|__ \|__ \| /_\r\n220-\r\n220- The fun has just begun\.\.\.\r\n220 \r\n= p/vsftpd/ i/Freetz firmware for AVM Fritz!Box/ d/WAP/ cpe:/a:vsftpd:vsftpd/ match ftp m|Permission denied\.\(Please check access control list\)\r\nPermission denied\.\(Please check access control list\)\r\n\n\rSystem administrator is connecting from [\d.]+\n\rReject the connection request !!!\n\r\n\rSystem administrator is connecting from [\d.]+\n\rReject the connection request !!!\n\r| p/DrayTek Vigor 2820 ADSL router ftpd/ i/access denied/ d/broadband router/ cpe:/h:draytek:vigor_2820/a match ftp m|^550 Permission denied\.\(Too many user login!!!\)\r\nPermission denied\.\(Please check access control list\)\r\n| p/DrayTek Vigor 2820n ADSL router ftpd/ i/access denied/ d/broadband router/ cpe:/h:draytek:vigor_2820n/a match ftp m|^220-FTPSERVE IBM VM Level (\d)(\d+) at ([\w._-]+), [^\r\n]*\r\n220 Connection will close if idle for more than 5 minutes\.\r\n| p/IBM FTPSERVE/ o|z/VM $1.$2| h/$3/ cpe:/o:ibm:z%2fvm:$1.$2/ match ftp m|^220 MeritFTP ([\d.]+) at ([\d.]+) ready\.\r\n| p/Merit Megatouch game device ftpd/ v/$1/ d/specialized/ h/$2/ match ftp m|^220 NET\+OS ([\d.]+) FTP server ready\.\r\n503 Bad sequence of commands\r\n| p/NET+OS ftpd/ i/NET+OS $1/ o/NET+OS/ cpe:/o:digi:net%2bos:$1/ match ftp m|^220 Welcome to the NSLU2 vsftp daemon\.\r\n| p/vsftpd/ i/NSLU2 NAS device/ d/storage-misc/ cpe:/a:vsftpd:vsftpd/ match ftp m|^220- Menuet FTP Server v([\d.]+)\r\n220 Username and Password required\r\n| p/Menuet FTP Server/ v/$1/ o/MenuetOS/ cpe:/o:menuetos:menuetos/ match ftp m|^220 Xyratex (\w+) RAID FTP server ready\.\r\n| p/Xyratex $1 RAID NAS device ftpd/ d/storage-misc/ match ftp m|^220 MLT-57066 Version ([\w.]+) ready\.\r\n| p/Minolta PagePro 20 printer ftpd/ v/$1/ cpe:/h:minolta:pagepro_20/a match ftp m|^220 tandem FTP SERVER \w+ \(Version ([\w.]+) TANDEM \w+\) ready\.\r\n| p/Tandem FTP server/ v/$1/ i/Tandem Himalaya K2000/ o/GuardianOS/ cpe:/o:tandem:guardian/ match ftp m|^220 ZBR-(\d+) Version ([\d.]+) ready\.\r\n| p/Zebra print server ftpd/ v/$2/ i/firmware $1/ match ftp m|^220 ([\w._-]+) pSOSystem FTP server \(@\(#\)\(#\)pVER IA/MIPS, Version ([\w._ -]+), Built on ([\d/]+)\) ready\.\r\n| p/pSOSystem ftpd/ v/$2/ i/MIPS; build date $3/ o/pSOS/ h/$1/ cpe:/o:scg:psos/ match ftp m|^220 ([\w._-]+) pSOSystem FTP server \(@\(#\)\(#\)pVER IA/PPC, Version ([\w._ -]+), Built on ([\d/]+)\) ready\.\r\n| p/pSOSystem ftpd/ v/$2/ i/PowerPC; build date $3/ o/pSOS/ h/$1/ cpe:/o:scg:psos/ match ftp m|^220 ([\w._-]+) pSOSystem FTP server \(Network Utilities for /68k-MRI/([\w._-]+) - Network Utility\) ready\.\r\n| p/pSOSystem ftpd/ v/$2/ i/m68k/ o/pSOS/ h/$1/ cpe:/o:scg:psos/ match ftp m|^220 Star IFBD-HE05/06 FTP Server\.\r\n| p/Star Micronics TSP828L printer ftpd/ d/printer/ cpe:/h:starmicronics:tsp828l/a match ftp m|^220 Welcome to Baby FTP Server\r\n| p/Baby FTP Server/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 ([\w_.-]+) FTP server \(witelcom ([\d.]+)\) ready\r\n| p/Witelcom router ftpd/ v/$2/ d/router/ h/$1/ match ftp m|^220 SwiFTP ready\r\n| p/SwiFTP/ i/Android phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 SwiFTP ([\w._-]+) ready\r\n| p/SwiFTP/ v/$1/ i/Android phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 EFI FTP Print server ready\.\r\n| p/EFI Fiery ftpd/ d/print server/ match ftp m|^220 infotec IS (\d+) FTP server \(([\w.]+)\) ready\.\r\n| p/Infotec IS $1 ftpd/ v/$2/ match ftp m|^220- Print Server ([\d.]+ \([^)]*\))\r\n220 FTP server \(Version ([^)]*)\) ready\.\r\n| p/Roland plotter print server ftpd/ v/$2/ i/print server version $1/ match ftp m|^220 FTP Server \(ZyWALL (USG \w+)\) \[[\w._-]+\]\r\n| p/ZyWALL $1 firewall ftpd/ d/firewall/ match ftp m|^220 Connected to IndiFTPD\r\n| p/IndiFTPD/ match ftp m|^220 EasyCoder FTP Server v\.([\d.]+) ready\.\r\n| p/Intermec PM4i printer ftpd/ v/$1/ d/printer/ cpe:/h:intermec:pm4i/a match ftp m|^220 ALFTP Server ready\. \^-\^\)/~\r\n| p/ALFTP/ match ftp m|^220 ftp server corona \(([\w._-]+)\)\r\n| p/THEOS Corona ftpd/ v/$1/ o/THEOS/ cpe:/o:theos:theos/ match ftp m|^220 vxTarget FTP server \(VxWorks ([\d.]+)\) ready\.\r\n| p/vxTarget ftpd/ i/VxWorks $1/ o/VxWorks/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220-Welcome to the S60 Dumb FTP Server \(dftpd\)\r\n| p/Dumb FTP Server (dftpd)/ d/phone/ o/Symbian/ cpe:/o:symbian:symbian/ match ftp m|^220-Local time is now [\d:]+\r\n220 You will be disconnected after 300 seconds of inactivity\.\r\n| p/DViCO TVIX 6500A set top box ftpd/ d/media device/ match ftp m|^220 ET(\w+) ([\w-]+) Series FTP Server ready\.\r\n| p/Lexmark $2 series printer ftpd/ i/MAC: $1/ d/printer/ match ftp m|^220 aFTPServer ready \(cwd is /\)\r\n$| p/FTPServer/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 BCB1COOL Server \(Proftpd FTP Server\) \[([\w._-]+)\]\r\n| p/ProFTPD/ h/$1/ cpe:/a:proftpd:proftpd/ match ftp m|^220 FTP version ([\w.]+)\r\n| p/DrayTek Vigor 2820 ADSL router ftpd/ v/$1/ d/broadband router/ cpe:/h:draytek:vigor_2820/a match ftp m|^220 FTP version ([\w.]+)\r\n331 Enter PASS command\r\n$| p/DrayTek Vigor 2820 ADSL router ftpd/ v/$1/ d/broadband router/ cpe:/h:draytek:vigor_2820/a match ftp m|^220 Core FTP Server Version ([\w._-]+, build \d+), installed (\d+ days ago) Registered\r\n| p/Core FTP Server/ v/$1/ i/installed $2/ cpe:/a:coreftp:core_ftp:$1/ match ftp m|^220 Core FTP Server Version ([\w._-]+, build \d+) Registered\r\n| p/Core FTP Server/ v/$1/ cpe:/a:coreftp:core_ftp:$1/ match ftp m|^220-.*\r\n220 ([\w._-]+) FTP Server \(Apache/([\w._-]+) \(Linux/SUSE\)\) ready\.\r\n| p/Apache mod_ftpd/ v/$2/ o/Linux/ h/$1/ cpe:/a:apache:http_server/ cpe:/o:linux:linux_kernel/a match ftp m|^220 pyftpdlib ([\w._-]+) ready\.\r\n| p/pyftpdlib/ v/$1/ match ftp m|^220 Simple FTP daemon coming up!\r\n| p/A+V Link NVS-4000 surveillance system ftpd/ d/webcam/ match ftp m|^220 DiskStation FTP server ready\.\r\n| p/Synology DiskStation NAS ftpd/ d/storage-misc/ match ftp m|^220 DiskStation-([\w._-]+) FTP server ready\.\r\n| p/Synology Disk Station DS-$1 NAS ftpd/ d/storage-misc/ # "1.0" number doesn't seem to reflect the true version number. match ftp m=^220- Ftp Site Powerd by BigFoolCat Ftp Server 1\.0 \(meishu1981@(?:163\.com|gmail\.com)\)\r\n220- Welcome to my ftp server\r\n220 \r\n= p/EasyFTP Server ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 <\w+> Tenor Multipath Switch FTP server \(Version VxWorks([\w._-]+)\) ready\.\r\n| p/Tenor Multipath Switch ftpd/ d/switch/ o/VxWorks $1/ cpe:/o:windriver:vxworks:$1/ match ftp m|^220 Welcome to Tenor Multipath Switch\.\r\n| p/Tenor Multipath Switch ftpd/ d/switch/ match ftp m|^220 Imagistics ZB3500080 Ver ([\w._-]+) FTP server\.\r\n| p/Sharp AR-C260M or AR-M351N printer ftpd/ v/$1/ d/printer/ match ftp m|^220 ([\w._-]+) FTP SERVER T9552G07 \(Version ([\w._-]+) TANDEM ([\w._-]+)\) ready\.\r\n| p/HP Tandem NonStop ftpd/ v/$2 $3/ h/$1/ match ftp m|^220 iFTP server v([\w._-]+)\n| p/inLighten iBox digital signage ftpd/ v/$1/ d/media device/ match ftp m|^120 The user queue is full, please try again later\.\r\n| p/Huawei Quidway AR28-09 WAP ftpd/ i/user queue is full/ d/WAP/ cpe:/h:huawei:quidway_ar28-09/a match ftp m|^220 Mabry \(FtpServX COM Object\) server ready\.\r\n| p/Mabry FTPServX/ match ftp m|^220 ([\w._-]+) FTP server \(InterCon version ([\w._-]+)\) ready\.\r\n| p/Kyocera Mita TASKalfa 300ci printer ftpd/ v/$2/ h/$1/ cpe:/h:kyocera:mita_taskalfa_300ci/a match ftp m|^220 [\w._-]+Citizen_CLP([\w._-]+) FTP server \(InterCon version ([\w._-]+)\) ready\.\n| p/Citizen CLP-$1 label printer ftpd/ v/$2/ d/printer/ match ftp m|^220 FileApp - FTP Server\r\n| p/DigiDNA FileApp ftpd/ o/iOS/ cpe:/o:apple:iphone_os/a match ftp m=^220 (?:SHARP|Sharp) ([\w._-]+) Ver ([\w._+-]+) FTP server\.\r\n= p/Sharp $1 printer ftpd/ v/$2/ cpe:/h:sharp:$1/a match ftp m|^220 Nucleus FTP Server \(Version ([\w._-]+)\) ready\.\r\n| p/Nucleus ftpd/ v/$1/ match ftp m|^220 -= HyNetOS FTP Server =-\r\n500 Command \(null\) not understood\r\n| p/HyNetOS ftpd/ cpe:/o:hyperstone:hynetos/ match ftp m|^230 User logged in\.\r\n214-The following commands are recognized\.\r\n214-USER\r\n214-PASS\r\n214-XPWD\r\n214-PWD\r\n214-TYPE\r\n214-PORT\r\n214-EPRT\r\n214-PASV\r\n214-EPSV\r\n214-ALLO\r\n214-STOR\r\n214-APPE\r\n214-RETR\r\n214-LIST\r\n214-NLST\r\n214-SYST\r\n214-MDTM\r\n214-XCWD\r\n214-CWD\r\n214-XCUP\r\n214-CDUP\r\n214-DELE\r\n214-XMKD\r\n214-MKD\r\n214-XRMD\r\n214-RMD\r\n214-NOOP\r\n214-RNFR\r\n214-RNTO\r\n214-REST\r\n214-SIZE\r\n214-QUIT\r\n214-HELP\r\n214-STAT\r\n214-SITE\r\n214-FEAT\r\n214-ADMIN_LOGIN\r\n214-MGET\r\n214-MPUT\r\n214-OPTS\r\n214 End of help\r\n$| p/Netgear 3500L WAP ftpd/ d/WAP/ cpe:/h:netgear:3500l/a match ftp m|^220-\*{53}\r\n220-Welcome to FTP\r\n220-Please use your email address and password to login\.\r\n220-If you are registered for more than one site then your login name must be: yourcompany\.com/you@youremail\.com\.\r\n220-\*{53}\r\n220-\r\n220 FTP Server Ready\r\n| p/Adobe Business Catalyst CMS ftpd/ match ftp m|^220 Welcome to the ftp service\r\n| p/Dionaea honeypot ftpd/ match ftp m|^220 silex ([\w._-]+) Ver ([\w._-]+) FTP server\.\r\n| p/Silex $1 USB server ftpd/ v/$2/ match ftp m|^220-Tracker RIA, 12090011\r\n220-Local time ([\d:]+)\r\n220 You will be disconnected after 180 seconds of inactivity\.\r\n| p/Bomara Tracker 2740 multipurpose server ftpd/ i/local time: $1/ match ftp m|^220 Comau ([\w._-]+) FTP server \(Version ([\w._-]+); Sys_id:([\w._-]+)\) [\d-]+ ready\.\r\n| p/Comau $1 robot control unit ftpd/ v/$2/ i/system id: $3/ d/specialized/ match ftp m|^220 CW([\w._-]+) FTP Service \(Version ([\w._-]+)\)\.\r\n| p/Océ ColorWave $1 printer ftpd/ v/$2/ d/printer/ match ftp m|^220 CONNECT:Enterprise Gateway ([\w._-]+)\. FTP Server ready\.\.\.\r\n| p/Sterling Connect:Enterprise ftpd/ v/$1/ cpe:/a:ibm:sterling_connect:$1/ match ftp m|^220-Playstation 3 FTP \r\n220 Copyleft \(c\) \d+ multiMAN \(login as anonymous\) \r\n| p/multiMAN ftpd/ i/PlayStation 3/ d/game console/ match ftp m|^220 ([\w._-]+) (BV[\w._-]+) FTP server \(V([\w._-]+)\) ready\.\r\n| p/OKI $2 VoIP adapter ftpd/ v/$3/ d/VoIP adapter/ h/$1/ match ftp m|^220 ([\w._-]+) \(Libra FTP daemon ([\w._ -]+)\)\r\n| p/Libra ftpd/ v/$2/ h/$1/ match ftp m|^220 (KM-[\w._-]+) FTP server\r\n| p/Kyocera Mita $1 printer ftpd/ d/printer/ cpe:/h:kyocera:mita_$1/a match ftp m|^220 Welcome to Solar FTP Server \(http://solarftp\.com\)\r\n| p/Solar FTP Server/ o/Windows/ cpe:/o:microsoft:windows/ match ftp m|^220 Indy FTP-Server bereit\.\r\n| p/Indy FTP server/ i/German/ cpe:/a:indy:ftp_server::::de/ match ftp m|^220-Welcome to the Ascotel FTP server\r\n220 \r\n| p/Aastra A150 VoIP phone ftpd/ d/VoIP phone/ cpe:/h:aastra:a150/a match ftp m|^220 \(none\) FTP server \(Version ([\w._-]+/OpenBSD/Linux-ftpd-[\w._-]+)\) ready\.\r\n| p/Topfield TF7100HDPVRt DVR ftpd/ v/$1/ d/media device/ match ftp m|^220 EthernetBoard OkiLAN ([\w._-]+) Ver ([\w._-]+) FTP server\.\r\n| p/OkiDATA OkiLAN $1 print server ftpd/ v/$2/ d/print server/ match ftp m|^220 Comtrend FTP firmware update utility\r\n| p/Comtrend FTP firmware update utility/ match ftp m|^220 Wing FTP Server ([\w._-]+) ready\.\.\.\r\n| p/Wing FTP Server/ v/$1/ cpe:/a:wingftp:wing_ftp_server:$1/ match ftp m|^220 Wing FTP Server ready\.\.\. \(UNREGISTERED WING FTP SERVER\)\r\n| p/Wing FTP Server/ i/unregistered/ cpe:/a:wingftp:wing_ftp_server/ match ftp m|^220-\xa1\xee Sonic FTP Server \(Version ([\w._-]+)\)\.\r\n220-\xa1\xee | p/Sonic FTP Server/ v/$1/ match ftp m|^220 Aos FTP Server ready\.\r\n| p/A2 ftpd/ o/A2/ cpe:/o:eth:a2/ match ftp m|^220 Serveur FTP ::ffff:[\d.]+ pr\xc3\xaat\r\n| p/ProFTPD/ i/French/ cpe:/a:proftpd:proftpd::::fr/ match ftp m|^220 FreeFloat Ftp Server \(Version ([\w._-]+)\)\.\r\n| p/FreeFloat ftpd/ v/$1/ o/Windows/ cpe:/a:freefloat:freefloat_ftp_server:$1/ cpe:/o:microsoft:windows/ match ftp m|^220 FreeFlow Accxes FTP server ready\r\n| p/Xerox FreeFlow Accxess ftpd/ d/print server/ cpe:/a:xerox:freeflow_print_server/ match ftp m|^220 [\d.]+ FTP Server \(Apache/([\w._-]+) \(Ubuntu\) (.*)\) ready\.\r\n| p/Apache FTP Protocol Module/ v/$1/ i/Ubuntu; $2/ o/Linux/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:canonical:ubuntu_linux/ cpe:/o:linux:linux_kernel/ match ftp m|^220 Welcome to This FTP Server\. Service ready for new user\.\r\n214-The following commands are recognised:\r\nUSER\r\nPASS\r\nCWD\r\nQUIT\r\nTYPE\r\nPORT\r\nRETR\r\nSTOR\r\nSTOU\r\nAPPE\r\nRNFR\r\nRNTO\r\nABOR\r\nDELE\r\nCDUP\r\nRMD\r\nMKD\r\nPWD\r\nLIST\r\nNLST\r\nHELP\r\nNOOP\r\nXCUP\r\nXCWD\r\nXPWD\r\nXRMD\r\nXMKD\r\n214 List End\.\r\n| p/Toshiba CTX PBX ftpd/ d/PBX/ match ftp m|^220 Wind River FTP server ([\w._-]+) ready\.\r\n| p/Wind River FTP server/ v/$1/ o/VxWorks/ cpe:/a:windriver:ftp_server:$1/ cpe:/o:windriver:vxworks/ match ftp m|^220 FTP Server \(ZyWALL (USG \w+)\) \[::ffff:[\d.]+\]\r\n| p/ZyXEL ZyWALL $1 firewall ftpd/ cpe:/h:zyxel:zywall_$1/ match ftp m|^220 Authentication_Required\r\n| p/glFTPd/ o/Unix/ match ftp m|^220 Ftp firmware update utility\r\n| p/D-Link DLS-2750U ftp firmward update/ d/WAP/ cpe:/h:dlink:dls-2750u/ match ftp m|^550 Permission denied ,please check access control list\r\nPermission denied\.\(Please check access control list\)\r\n| p/DrayTek ADSL router ftpd/ match ftp m|^220 RIEDEL Artist FTP Server\r\n| p/Riedel Artist intercom system ftpd/ cpe:/h:riedel:artist/ match ftp m|^220 (ZXDSL [\w._-]+) FTP version ([\w._-]+) ready at .*\r\n| p/ZyXEL $1 ADSL modem ftpd/ v/$2/ d/broadband router/ cpe:/h:zyxel:$1/ match ftp m|^ - error: no valid servers configured\n - Fatal: error processing configuration file '/etc/proftpd/proftpd\.conf'\n$| p/ProFTPD/ cpe:/a:proftpd:proftpd/ match ftp m|^220 SoftDataCable ([\w._-]+) ready\r\n| p/Software Data Cable ftpd/ v/$1/ match ftp m|^220 Operation successful\r\n$| p/BusyBox ftpd/ i/D-Link DCS-932L IP-Cam camera/ d/webcam/ cpe:/a:busybox:busybox/ cpe:/h:dlink:dcs-932l/ match ftp m|^220-\*\*\* Running an unlicensed copy of TurboFTP Server \*\*\*\r\n220 TurboFTP Server ([\w._-]+) ready\.\r\n| p/TurboSoft TurboFTP/ v/$1/ o/Windows/ cpe:/a:turbosoft:turboftp:$1/ cpe:/o:microsoft:windows/a match ftp m|^200 Welcome to BarracudaBackupFTPd\.\r\n| p/Barracuda Backup 490 appliance ftpd/ d/storage-misc/ match ftp m|^220 awaiting Input\r\n| p/Encrypted FTP/ o/Windows/ cpe:/o:microsoft:windows/a match ftp m|^220 Welcome to the Cisco (TelePresence MCU [\w._-]+), version ([\w._()-]+)\r\n| p/Cisco $1 videoconferencing bridge/ v/$2/ d/VoIP adapter/ cpe:/h:cisco:$1/ match ftp m|^220 Multicraft ([\w._-]+) FTP server\r\n| p/Multicraft ftpd/ v/$1/ match ftp m|^220 [\d.]+ BECO FTP server \(Version ([\w._-]+)\) ready\.\r\n| p/Kaba B-web 93 00 timeclock ftpd/ v/$1/ match ftp m|^220-TiMOS-B-([\w._-]+) both/hops ALCATEL SR ([\w._-]+) Copyright \(c\) \d+-\d+ Alcatel-Lucent\.\r\n220-All rights reserved\. All use subject to applicable license agreements\.\r\n220-Built on (.*) by builder in /rel[\w._-]+/[\w._-]+/[\w._-]+/panos/main\r\n220-\r\n220-This is a Maxcom, system restricted to authorized individuals\. This system is subject to monitoring\. Unauthorized users, access, and/or modification will be prosecuted\.\r\n220 FTP server ready\r\n| p/Alcatel $2 Service Router ftpd/ i/build date: $3/ d/router/ o/TiMOS $1/ cpe:/h:alcatel:$2_service_router/ cpe:/o:alcatel:timos:$1/ match ftp m|^220 ASTRA-Super FTP server ready\.\r\n$| p/Ishida Astra counter-top scale ftpd/ match ftp m|^220 ucftpd FTP server ready\.\r\n| p/MontaVista ucftpd/ o/Linux/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Welcome to Stupid-FTPd server\.\r\n| p/Stupid-FTPd/ match ftp m|^220 FTP v([\d.]+) at ([\w.-]+) ready\.\r\n| p/OpenRG ftpd/ v/$1/ d/broadband router/ h/$2/ match ftp m|^220 FRITZ!Box(\w+)\(kdg\) FTP server ready\.\r\n| p/AVM FRITZ!Box ftpd/ i/model: $1; Kabel Deutschland/ d/broadband router/ match ftp m|^220-Welcome to cc-ftpd\.\r\n220-You are user number (\d+ of \d+) allowed\.\r\n220-Local time is now ([\d:]+)\. Server port: \d+\.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this server\.\r\n220 You will be disconnected after 15 minutes of inactivity\.\r\n| p/Centova Cast ftpd/ i/user $1; local time $2/ match ftp m|^220 ([\w.-]+) FTP server \(QNXNTO-ftpd (\d{8})\) ready\.\r\n| p/QNX ftpd/ v/$2/ o/QNX/ h/$1/ cpe:/o:qnx:qnx/a match ftp m|^220-Cerberus FTP Server - Home Edition\r\n220-This is the UNLICENSED Home Edition and may be used for home, personal use only\r\n220-Welcome to Cerberus FTP Server\r\n220 Created by Cerberus, LLC\r\n| p/Cerberus FTP Server/ i/Home Edition/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-220-Welcome to Cerberus FTP Server\r\n220 220 Created by Cerberus, LLC\r\n| p/Cerberus FTP Server/ o/Windows/ cpe:/a:cerberusftp:ftp_server/ cpe:/o:microsoft:windows/a match ftp m|^220-Welcome to my Server\r\n220-\r\n220 ICS FTP Server ready\.\r\n| p/Overbyte Internet Component Suite ftpd/ match ftp m|^220 ADAM2 FTP Server ready\r\n| p/Texas Instruments ADAM2 bootloader ftpd/ match ftp m|^220-Idea FTP Server v([\d.]+) \(([\w.-]+)\) \[[\d.]+\]\r\n220 Ready\r\n| p/home.pl Idea ftpd/ v/$1/ h/$2/ match ftp m|^220 ([\w.-]+) Lexmark ([\w]+) FTP Server ([\w.-]+) ready\.\r\n| p/Lexmark printer ftpd/ v/$3/ i/model $2/ h/$1/ cpe:/h:lexmark:$2/ match ftp m|^220 FTP Utility FTP server \(Version ([\d.]+)\) ready\.\r\n| p/Konica Minolta FTP Utility ftpd/ v/$1/ match ftp m|^220 PocketPro (\w+) FTP server ready\.\r\n| p/TROY PocketPro $1 print server ftpd/ match ftp m|^220 FTP Version ([\d.]+) on (IQ\w+)\r\n| p/IQinVision IQeye ftpd/ v/$1/ i/model $2/ match ftp m|^220 FRITZ!Box(\d+(?:\(UI\))?) FTP server ready\.\r\n| p/AVM FRITZ!Box ftpd/ i/model $1/ d/broadband router/ match ftp m|^220 220 RMNetwork FTP\r\n$| p/Ramnit worm ftpd/ i/malware/ match ftp m|^220 Monarch (\d+) Print Adapter FTP server ready\.\r\n| p/Avery-Dennison Monarch $1 print server ftpd/ match ftp m|^220-TCP/IP for VSE Internal FTPDAEMN ([\d.]+ ?[A-Z]) (\d{8}) \d\d\.\d\d\r\n Copyright \(c\) 1995,2006 Connectivity Systems Incorporated\r\n220 Ready for new user\r\n| p|IBM z/VSE ftpd| v/$1/ i/build date $2/ o|z/VSE| cpe:/o:ibm:z%2fvse/ match ftp m|^220- \r\n {14}_/_/_/_/ \*\*\* eXo Platform JCR FTP Server {8}_/_/_/_/\r\n| p/eXo Platform JCR ftpd/ match ftp m|^220 RT-IP FTP Server ready\. Type HELP for help\r\n| p/Computer Solutions RT-IP ftpd/ match ftp m|^220 Welcome to ([\w.-]+)'s Everything ETP Server version ([\d.]+)\r\n| p|Everything ETP/FTP server| v/$2/ h/$1/ match ftp m|^220 Welcome to HD Media Box !\r\n| p|O2Media/Ellion HMR-600 ftpd| d/media device/ # SurgeFTP 2.3a3 match ftp m|^550 There is no place for you to log in\. Create domain for IP [\d.]+\.\r\n| p/NetWin SurgeFTP ftpd/ cpe:/a:netwin:surgeftp/ match ftp m|^220 SAVIN (\w+) FTP server \(([\d.]+)\) ready\.\r\n| p/Savin printer ftpd/ v/$2/ i/model $1/ d/printer/ cpe:/h:savin:$1/ match ftp m|^220 ([\w.-]+) FTP server \(StarOS\) ready\.\r\n| p/Cisco StarOS ftpd/ o/StarOS/ h/$1/ cpe:/o:cisco:staros/ match ftp m|^220- FTP Server \(RTOS-UH\) ready\. \(c\)IEP Version: ([\d.]+)\r\n220 Connection is automatically closed if idle for 10 Minutes\r\n| p/RTOS-UH ftpd/ v/$1/ o/RTOS-UH/ cpe:/o:universitathanover:rtos-uh/ match ftp m|^220 iosFtp server ready\.\r\n| p/ios-ftp-server ftpd/ o/iOS/ cpe:/o:apple:iphone_os/ match ftp m|^220 SP (C?\d+\w*) \([a-f0-9]+\) FTP server ready\r\n| p/Ricoh Aficio SP $1 ftpd/ d/printer/ cpe:/h:ricoh:aficio_sp_$1/a match ftp m|^220 Sharp - NetScan Tool\r\n| p/Sharp Scan to Desktop ftpd/ match ftp m|^220 Welcome to ALPHA -FTPd server\.\r\n| p/Alpha ftpd/ match ftp m|^220 IPCamera FtpServer\(www\.maygion\.com\),do NOT change firmware unless you know what you are doing!\r\n| p/Maygion IPCamera ftpd/ d/webcam/ match ftp m|^220 AXIS ([\w._-]+) Video Encoder ([\w._-]+) \(\d\d\d\d\) ready\.\r\n| p/AXIS $1 video encoder ftpd/ v/$2/ d/media device/ match ftp m|^220 Star (IFBD-HE[\d/]+) FTP Server\.\r\n| p/Star $1 ftpd/ d/print server/ match ftp m|^220 Welcome to the HomeWorks Processor\r\n| p/Lutron HomeWorks ftpd/ # http://sourceforge.net/projects/open-ftpd/ match ftp m|^220- \*{29}\r\n {5}\*\* {8}Welcome on {7}\*\*\r\n {5}\* {5}Gabriel's FTP Server \*\r\n {5}\*\* {6}([\w./_-]+) Release \*\*\r\n220 \*{29}\r\n| p/Open-FTPD/ v/$1/ cpe:/a:gabmuf:open-ftpd:$1/ match ftp m|^220-Debian GNU/Linux (\d+)\r\n220 ProFTPD ([\w._-]+) Server | p/ProFTPD/ v/$2/ i/Debian $1/ o/Linux/ cpe:/a:proftpd:proftpd:$2/a cpe:/o:debian:debian_linux:$1/ cpe:/o:linux:linux_kernel/a match ftp m|^220 Praim Srl, ([\w._-]+) Ftp Server \(Version ([\w._-]+) \[[\w :]+\]\)\.\r\n| p/Praim thin terminal ftpd/ v/$2/ i/model: $1/ d/terminal/ cpe:/h:praim:$1/ match ftp m|^220 Harris BCD FTP Ready\r\n$| p/Harris FlexStar radio broadcast exciter ftpd/ d/specialized/ # http://www.foxgate.ua/downloads/FoxGate%20S6224-S2%20user%20manual.pdf match ftp m|^220 welcome your using ftp server\.\.\.\r\n| p/FoxGate switch ftpd/ d/switch/ match ftp m|^220 DSC ftpd 1\.0 FTP Server ready\.\r\n| p/Ricoh DC SR-10 ftpd/ o/Windows/ cpe:/a:ricoh:dc_software/ cpe:/o:microsoft:windows/a #(insert ftp) # These look too generic, but didn't match anything else yet match ftp m|^220 FTP Server 2\.1 ready\r\n| p/Android ftpd/ v/2.1/ match ftp m|^220 FTP Server ready\.\.\.\r\n| p/Gene6 ftpd/ # not already sure about the next. maybe too generic? it exists already above a signature for openftpd. embyte match ftp m|^220 OpenFTPD server([^ ]+)?| p/OpenFTPD/ v/$1/ match ftp-proxy m|^220 Ftp service of Jana-Server ready\r\n| p/JanaServer ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 FTP Gateway at Jana Server ready\r\n| p/JanaServer ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 ([-.\w]+) FTP proxy \(Version (\d[-.\w]+)\) ready\.\r\n| p/Gauntlet FTP proxy/ v/$2/ h/$1/ # Frox FTP Proxy (frox-0.6.5) on Linux 2.2.X - http://frox.sourceforge.net/ match ftp-proxy m|^220 Frox transparent ftp proxy\. Login with username\[@host\[:port\]\]\r\n| p/Frox ftp proxy/ match ftp-proxy m|^501 Proxy unable to contact ftp server\r\n| p/Frox ftp proxy/ match ftp-proxy m|^220 ([-.+\w]+) FTP AnalogX Proxy (\d[-.\w]+) \(Release\) ready\r\n| p/AnalogX FTP proxy/ v/$2/ h/$1/ cpe:/a:analogx:proxy:$2/ match ftp-proxy m|^220 Secure Gateway FTP server| p/Symantec Enterprise Firewall FTP proxy/ d/firewall/ cpe:/a:symantec:enterprise_firewall/ match ftp-proxy m|^220-Sidewinder ftp proxy\. You must login to the proxy first| p/Sidewinder FTP proxy/ match ftp-proxy m|^220-\r\x0a220-Sidewinder ftp proxy|s p/Sidewinder FTP proxy/ match ftp-proxy m|^220 webshield2 FTP proxy ready\.\r\n| p/Webshield2 FTP proxy/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 WinProxy FTP Gateway ready, enter username@host\[:port\]\r\n| p/WinProxy FTP proxy/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 WinProxy \(Version ([^)]+)\) ready\.\r\n| p/WinProxy FTP proxy/ v/$1/ o/Windows/ cpe:/a:bluecoat:winproxy/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 Proxy602 Gateway ready, enter user@host\[:port\]\r\n| p/Proxy602 ftp proxy/ d/firewall/ match ftp-proxy m|^220 Java FTP Proxy Server \(usage: USERID=user@site\) ready\.\r\n| p/Java FTP Proxy/ match ftp-proxy m|^220 ([-\w_.]+) FTP proxy \(Version V([\d.]+)\) ready\.\r\n| p/Generic FTP proxy/ v/$2/ h/$1/ match ftp-proxy m|^220 CoolProxy FTP server & firewall\r\n| p/CoolProxy ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 Finjan SurfinGate Proxy - Server Ready\.\r\n| p/Finjan SurfinGate ftp proxy/ match ftp-proxy m|^220 ([-\w_.]+) \(NetCache\) .*\r\n| p/NetApp NetCache ftp proxy/ h/$1/ cpe:/a:netapp:netcache/ match ftp-proxy m|^220 Welcome to ([-\w_.]+) Ftp Proxy Service\.\r\n| p/Proxy Suite ftp proxy/ h/$1/ match ftp-proxy m|^220 Hi! Welcome \w+ UserGate| p/UserGate ftpd/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 Webwasher FTP Proxy ([\d.]+) build (\d+)\r\n| p/Webwasher ftp proxy/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220- ([-\w_.]+) PROXY-FTP server \(DeleGate/([\d.]+)\) ready\.\r\n| p/DeleGate ftp proxy/ v/$2/ h/$1/ match ftp-proxy m|^500 WinGate Engine Access Denied\r\n| p/WinGate ftp proxy/ i/access denied/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 IWSS FTP proxy ready\r\n| p/Trend Micro InterScan Web Security Suite ftp proxy/ cpe:/a:trendmicro:interscan_web_security_suite/ match ftp-proxy m|^220 ezProxy FTP Proxy Server Ready \r\n| p/ezProxy ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 FTP proxy \(v([\d.]+)\) ready\r\n530 Login incorrect\. Expected USER command\r\n| p/jftpgw ftp proxy/ v/$1/ match ftp-proxy m|^220-Welcome to SpoonProxy V([\w._-]+) by Pi-Soft Consulting, LLC\r\n| p/Pi-Soft SpoonProxy ftp proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220-CCProxy FTP Service\(Unregistered\)\r\n| p/CCProxy ftp proxy/ i/unregistered/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220-CCProxy FTP Service\r\n220-you need to input userid@site as login name\.\r\n220 Example: user anonymous@ftp\.netscape\.com\r\n| p/CCProxy ftp proxy/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 kingate\(([\w._-]+)-win32\) ftp proxy ready\r\n| p/kingate ftp proxy/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match ftp-proxy m|^220 FileCatalyst Server Enterprise v([^\r\n]*)\r\n$| p/FileCatalyst ftp proxy/ v/$1/ match ftp-proxy m|^220 ([\w._-]+), KEN! DSL FTP-Gateway\r\n| p/AVM KEN! ftp proxy/ h/$1/ match ftp-proxy m|^220 ([\w._-]+), KEN! FTP-Gateway\r\n| p/AVM KEN! ftp proxy/ h/$1/ match ftp-proxy m|^220 server ready - login please\r\n| p/Squid ftp proxy/ cpe:/a:squid-cache:squid/ match ftp-proxy m|^421 Proxy is closed \(unknown user location\)\r\n$| p/Zscaler ftp proxy/ match ftp-proxy m|^220 Cleo VLProxy/([\w._-]+) FTP server ready\.\r\n$| p/Cleo VLProxy ftp proxy/ v/$1/ match ftp-proxy m|^220 McAfee Web Gateway ([\d.]+ build \d+)\r\n| p/McAfee Web Gateway ftp proxy/ v/$1/ cpe:/a:mcafee:web_gateway:$1/ match ftp-proxy m|^220-Firewall ftp proxy\. You must login to the proxy first\.\r\n220 Use proxy-user:auth-method@destination\.\r\n| p/Secure Computing Sidewinder firewall ftp proxy/ d/firewall/ cpe:/h:securecomputing:sidewinder/ # DAZ Studio 4.5, port 27997 match valentinadb m|^dddd\0\0\0\0\0\0\0\x0b| p/Valentina DB/ match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish HTTP accelerator CLI.\n-----------------------------\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n| p/Varnish Cache CLI/ v/2.1.0 - 2.1.3/ i/open/ cpe:/a:varnish-cache:varnish:2.1/ # vident field is uname -s,uname -r,uname -m match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish HTTP accelerator CLI.\n-----------------------------\n([^,]+),([^,]+),[^\n]*\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n| p/Varnish Cache CLI/ v/2.1.4/ o/$1 $2/ cpe:/a:varnish-cache:varnish:2.1.4/ match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish Cache CLI 1.0\n-----------------------------\n([^,]+),([^,]+),[^\n]*\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n\n| p/Varnish Cache CLI/ v/2.1.5 - 3.0.3/ o/$1 $2/ cpe:/a:varnish-cache:varnish/ match varnish-cli m|^200 \d+ +\n-----------------------------\nVarnish Cache CLI 1.0\n-----------------------------\n([^,]+),([^,]+),[^\n]*\nvarnish-([\w._-]+) revision [0-9a-f]+\n\nType 'help' for command list\.\nType 'quit' to close CLI session\.\n\n| p/Varnish Cache CLI/ v/$3/ o/$1 $2/ cpe:/a:varnish-cache:varnish:$3/ match varnish-cli m|^107 59 \n[a-z]{32}\n\nAuthentication required\.\n\n| p/Varnish Cache CLI/ i/authentication required/ cpe:/a:varnish-cache:varnish/ # TODO kerio? #match ftp m|^421 Service not available \(The FTP server is not responding\.\)\n$| v/unknown FTP server//service not responding/ match vdr m|^220 (\S+) SVDRP VideoDiskRecorder (\d[^\;]+);| p/VDR/ v/$2/ d/media device/ h/$1/ match vdr m|^Access denied!\n$| p/VDR/ d/media device/ softmatch ftp m|^220 Welcome to ([-.\w]+) FTP.*\r\n$|i h/$1/ softmatch ftp m|^220 ([-.\w]+) [-.\w ]+ftp.*\r\n$|i h/$1/ softmatch ftp m|^220-([-.\w]+) [-.\w ]+ftp.*\r\n220|i h/$1/ softmatch ftp m|^220 [-.\w ]+ftp.*\r\n$|i softmatch ftp m|^220-[-.\w ]+ftp.*\r\n220|i softmatch ftp m|^220[- ].*ftp server.*\r\n|i softmatch ftp m|^220-\r?\n220 - ftp|i match freeswitch-event m|^Content-Type: auth/request\n\n| p/FreeSWITCH mod_event_socket/ cpe:/a:freeswitch:freeswitch/ match fsae m|^\0\0\0\\\x80\x06\0\0\0\n\x01\x03\0...\0\0\0\n\x10\x03\0\0\0.\0\0\0\x15\x11\x05FSAE server ([\w._-]+)\0\0\0\x16\x12\x01................\0\0\0\x17\x13\x01FSAE_SERVER_\d+$|s p/Fortinet Server Authentication Extension/ v/$1/ match fw1-rlogin m|^\0Check Point FireWall-1 authenticated RLogin server running on ([-.\w]+)\r\n\r| p/Check Point FireWall-1 authenticated RLogin server/ i/$1/ cpe:/a:checkpoint:firewall-1/ match fyre m|^220 Fyre rendering server ready\n| p/Fyre rendering cluster node/ match g15daemon m|^G15 daemon HELLO$| p/g15daemon/ i/Logitech G15 keyboard control/ match galaxy m|^\0\0\0\t\0\0\0\x80\0\0\0\0\0\0\0\0\0\0\x042\0\0\0\x01\0\0\t_\0\0\0h| p/Galaxy Client Event Manager/ o/Windows/ cpe:/o:microsoft:windows/a match gamebots m|^HELLO_BOT\r\n| p/GameBots for Unreal Tournament 2004/ match gamebots-control m|^HELLO_CONTROL_SERVER\r\n| p/GameBots for Unreal Tournament 2004 control server/ # http://www.galaxysys.com/data/docs/SG%20Software%20User%20Guide%20%2810.4%29.pdf match gcs-clientgw m|^\x04\0\0\0....$| p/Galaxy Control Systems Client GW/ d/security-misc/ match geovision-mobile m|^D3\x22\x11\0\0\0\0\xc6\x11\0\0\xae\x15\0\0$| p/Geovision mobile device support/ match gnats m|^200 ([-.\w]+) GNATS server (\d[-.\w]+) ready\.\r\n| p/GNATS bugtracking system/ v/$2/ h/$1/ cpe:/a:gnu:gnats:$2/ match ganglia m|^<\?xml version=\"1\.0\".*.*\n \n|s p/Ganglia XML Grid monitor/ # Port 5400. Looks like UTF-16-LE-encoded pseudo-XML with embedded base64: # m|^\xde\xad\xad\xdeZ\x03\0\0\x7e\x9bxeVersion\x7c1024\x7cuGSY...AQAB\x7c$| match genetec-5400 m|^\xde\xad\xad\xdeZ\x03\0\0\x7e\x9bxeV\0e\0r\0s\0i\0o\0n\0\x7c\x001\x000\x002\x004\0\x7c\0<\0R\0S\0A\0K\0e\0y\0V\0a\0l\0u\0e\0>\0<\0M\0o\0d\0u\0l\0u\0s\0>\0(?:[\w/+=]\0)+<\0/\0M\0o\0d\0u\0l\0u\0s\0>\0<\0E\0x\0p\0o\0n\0e\0n\0t\0>\0(?:[\w/+=]\0)+<\0/\0E\0x\0p\0o\0n\0e\0n\0t\0>\0<\0/\0R\0S\0A\0K\0e\0y\0V\0a\0l\0u\0e\0>\0\x7c\0$| p/Genetec Security Center/ match genetec-5500 m|^\xde\xad\xad\xde\0\x01\0\0\xd6\xa0L\xc2\x0b\0\r\xcf\x88\"\xf2\xb7\xc9D\x81\x08\xe3\"\x16\x9a\x86\xb9\r\xcf\x88\"\xf2\xb7\xc9D\x81\x08\xe3\"\x16\x9a\x86\xb9\x04\0\0\0\0\0\0\0\0\x01\0\0\r\xcf\x88\"\xf2\xb7\xc9D\x81\x08\xe3\"\x16\x9a\x86\xb9\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/Genetec Security Center/ match git-daemon m|^Unknown option: --inetd\nusage: git \[--version\] \[--exec-path\[=GIT_EXEC_PATH\]\] \[--html-path\] \[-p\x7c--paginate\x7c--no-pager\] \[--bare\] \[--git-dir=GIT_DIR\] \[--work-tree=GIT_WORK_TREE\] \[--help\] COMMAND \[ARGS\]\n| p/git-daemon/ i/misconfigured/ cpe:/a:git:git/ match telnet m|^\xff\xfe\x01Domain 2 \(STUDENT03\)\r\n\r\n\r\n\r\n\r\n======================\r\n Main menu\r\n======================\r\n\?\) Help\r\nx\) Exit\r\n$| p/Genetec Security Center/ match telnet m|^\xff\xfe\x01Genetec Synergis Access Manager \(STUDENT03\)\r\n\r\n\r\n\r\n\r\n======================\r\n Main menu \r\n======================\r\n1\) Status\r\n\?\) Help\r\nx\) Exit\r\n| p/Genetec Synergis Access Manager/ match telnet m|^\xff\xfe\x01Genetec Directory \(STUDENT03\)\r\n\r\n\r\n\r\n\r\n======================\r\n Main menu\r\n======================\r\n1\) Status\r\n\?\) Help\r\nx\) Exit\r\n| p/Genetec Directory/ match telnet m|^\xff\xfe\x01Genetec Integration Service \(STUDENT03\)\r\n\r\n\r\n\r\n========================================================================\r\n Integration Service Main Menu\r\n========================================================================\r\n\r\n 1\) CONFIG\r\n Displays the configuration settings for the service\r\n\r\n 2\) STATUS\r\n Displays the status of the external systems being run by this\r\n service\.\r\n\r\n \?\) Help\r\n\r\n x\) Exit\r\n========================================================================\r\n| p/Genetec Integration Service/ match goldsync m|^%%QU%%QU%%QU$| p/GoldMine GoldSync synchronization/ # Probably not general enough... match gnatbox m|^GBPK\xfb\xf7n\x93W\xaf\x86\x93x@\xa9\x0e\xca\*\x9bS\0| p/Global Technology Associates Gnat Box firewall administration/ d/firewall/ match gnupg m|^OK GNU Privacy Guard's OpenPGP server ([\w._-]+) ready\n| p/GnuPG server mode/ v/$1/ cpe:/a:gnupg:gnupg:$1/ softmatch gkrellm m|^\nClient limit exceeded\.\n| p/GKrellM System Monitor/ softmatch gkrellm m|^\nConnection not allowed from .*\n| p/GKrellM System Monitor/ match gopher m|^3Connection to [\d.]+ is denied -- no authorization\.\r\n$| match g6-remote m|^200 1400\r\n$| p/G6 ftpd remote admin/ o/Windows/ cpe:/o:microsoft:windows/a match giop m|^GIOP\x01...\0\0\0\0|s p/CORBA naming service/ match guildwars2-heartbeat m|^\x17\0\0\0\0\t\0\0\0Heartbeat \0\0\0\x046\0\0\0\0\n\0\0\0Compressed \0\0\0\x04\x1a| p/Guild Wars 2 game heartbeat/ # CompTek AquaGateKeeper (Telephony package) http://aqua.comptek.ru match H.323-gatekeeper m|^\x03\0\0.*@|s p/CompTek AquaGateKeeper/ # OpenH323 Gatekeeper 2.0.3 match H.323-gatekeeper m|^\xff\xfd\x03\xff\xfb\x05.*Version:\r\nGatekeeper\(GNU\) Version\(([\d.]+)\) Ext\(.*\) Build\(.*\) Sys\(Linux .*\)\r\n| p/OpenH323 Gatekeeper/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a # Causes false matches with telnet. # match H.323-gatekeeper m|^\xff\xfd.$| p|GNU Gatekeeper| match H.323-gatekeeper m|^\xff\xfd\x03\xff\xfb\x05\xff\xfe\x01\r\nAccess forbidden!\r\n$| p/GNU Gatekeeper/ cpe:/a:gnugk:gnu_gatekeeper/ match H.323-gatekeeper m|^\x03\0\0\.\x08\x02\0\0Z~\0\"\x05%\xc0\x06\0\x08\x91J\0\x02X\x08\x11\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x80\x01\0$| p/GNU Gatekeeper/ cpe:/a:gnugk:gnu_gatekeeper/ # Returns ASCII data in the following format: # |HardDrive1DevName|HardDrive1HardwareID|HardDrive1Temp|TempUnit| # |HardDrive2DevName|HardDrive2HardwareID|HardDrive2Temp|TempUnit| match hddtemp m=^\|/dev/[hs]\w\w\|= p/hddtemp hard drive info server/ match hddtemp m=^\|$= p/hddtemp hard drive info server/ match helpdesklog m|^Helpdesk Advanced ([\d.]+) License Logging Service| p/Helpdesk Advanced license server/ v/$1/ match honeywell-ripsd m|^\0\x10\x03\x0c$| p/Honeywell ripsd power management server/ match hptsvr m|^\(\0\0\0hpt_stor\x01..\xbf\0\0\0\0\0\0\0\0....\.\.\.E\0\0\0\0\0\0\0\0$|s p/HighPoint RAID management service/ v/3.13/ match hptsvr m|^\(\0\0\0\0\0\0\0..`\0\x01\xff\xff\xff\xcc\xfa\x85\0C\x1d\xe6whfnk\.\.\.E\0\0\0\0\0\0\0\0$| p/HighPoint RAID management service/ # version unknown softmatch hptsvr m|^\(\0\0\0hpt_stor\x01..\0\0\0\0\0\0\0\0\0....\.\.\.E\0\0\0\0\0\0\0\0$|s p/HighPoint RAID management service/ match hpiod m|^msg=MessageError\nresult-code=5\n$| p/HP Linux Imaging and Printing System/ o/Linux/ cpe:/a:hp:linux_imaging_and_printing_project/ cpe:/o:linux:linux_kernel/a # And now for some SORRY web servers that just blurt out an http "response" upon connection!!! match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\nJAP\n| p/Java Anonymous Proxy/ match http m|^HTTP/1.0 500\r\nContent-type: text/plain\r\n\r\nNo Scan Capable Devices Found\r\n| p/HP Embedded Web Server remote scan service/ i/no scanner found/ d/printer/ # SMC Barricade 7004ABR match http m|^HTTP/1\.0 301 Moved\r\nLocation: http://\d+\.\d+\.\d+\.\d+:88\r\n| p/SMC Barricade broadband router/ i/simply redirects to real web admin port 88/ d/broadband router/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: SonicWALL\r\n| p/SonicWALL firewall http config/ d/firewall/ match http m|^HTTP/1\.0 500 Internal Server Error\r\nDate: .*\r\nContent-type: text/html\r\nExpires: .*\r\n\r\n

500 Internal Server Error

\r\n\r\n\r\n| p/Cisco Catalyst http config/ d/switch/ o/IOS/ cpe:/o:cisco:ios/a match http m|^HTTP/1\.1 200 OK\nMax-Age: 0\nExpires: 0\nCache-Control: no-cache\nCache-Control: private\nPragma: no-cache\nContent-type: multipart/x-mixed-replace;boundary=BoundaryString\n\n--BoundaryString\n| p/Motion Webcam gateway httpd/ match http m|^HTTP/1\.[01] 200 OK\r\nServer: Motion/([\d.]+)\r\n| p/Motion Camera httpd/ v/$1/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\nServer: Motion-httpd/([\d.]+)\r\n| p/Motion-httpd/ v/$1/ d/webcam/ match http m|^HTTP/1\.1 \d\d\d .*\nServer: Motion/([\d.]+)\n.*\nContent-type: image/jpeg\n|s p/Motion webcam httpd/ v/$1/ match http m|^HTTP/1\.1 \d\d\d .*\r\nContent-Type: text/plain\r\nServer: WPA/([-\w_.]+)\r\n\r\n| p/Glucose WeatherPop Advanced httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.0 503 R\r\nContent-Type: text/html\r\n\r\nBusy$| p/D-Link router http config/ d/router/ match http m|^501 Not Implemented\n

501 Not Implemented

\nThe server has not implemented your request type\.
\n\r\n$| p/Hummingbird Document Manager httpd/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\n\n
  • \n[^<]+\n
    • \nNice\n
      • \nNumber: \d+
      \nProgramArguments\n
        \n
      1. String: [^<]+
      2. \n| p/Apple launchd_debug httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\n\n
        • \ncom\.apple\.KernelEventAgent\n| p/Apple launchd_debugd httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.0 400 Bad Request\r\nServer: Speed Touch WebServer/([\d.]+)\r\n| p|Alcatel/Thomson SpeedTouch ADSL http config| v/$1/ d/broadband router/ match http m|^HTTP/1\.1 408 Request Time-Out\r\nConnection: Close\r\n\r\n$| p/Konica Minolta bizhub printer http config/ d/printer/ match http m|^HTTP/1\.1 400 Bad Request\r\n.*\r\n\r\n

          Bad Request \(Invalid Verb\)

          |s p/Microsoft IIS httpd/ o/Windows/ cpe:/a:microsoft:iis/ cpe:/o:microsoft:windows/a match http m|^
          Authentication failed
          \r\n$| p/InterSect Alliance SNARE http config/ cpe:/a:intersectalliance:system_intrusion_analysis_and_reporting_environment/ match http m|^HTTP/1\.1 408 Request Timeout\nContent-Length:0\nContent-Type:text/html;charset=UTF-8\n\n$| p/Finchsync PocketPC Synchonizer httpd/ match http m|^HTTP/1\.1 200 OK\nServer: NetSupport Gateway/([\d.]+) \(Windows NT\)\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 14\nConnection: Keep-Alive\n\nCMD=HEARTBEAT\n$| p/NetSupport Gateway httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\nTransfer-Encoding: chunked\r\nServer: Allegro-Software-RomPager/([\d.]+)\r\n\r\n| p/Allegro RomPager/ v/$1/ i/Dell DRAC config/ d/remote management/ cpe:/a:allegro:rompager:$1/ # This can inhibit a more informative GetRequest. # match http m|^HTTP/1\.1 400 Bad Request\r\nServer: micro_httpd\r\n| p/micro_httpd/ cpe:/o:acme:micro_httpd/ # http://code.google.com/p/free-android-apps/wiki/Project_LocalHTTPD match http m|^HTTP/1\.0 500 Internal Server Error \r\nContent-Type: text/plain\r\nDate: .*\r\n\r\nSERVER INTERNAL ERROR: Invalid ip\.$| p/Local HTTPD/ i/based on NanoHTTPD/ d/phone/ match http m|^HTTP/1\.0 400 Bad Request\r\nServer: httpd-impacct/([^\r\n]+)\r\nContent-type: text/html\r\n\r\n400 Bad Request\n

          400 Bad Request

          \nYour request has bad syntax or is inherently impossible to satisfy\.\n
          \n\n$| p/thttpd/ v/$1/ i/Asotel Vector 1908 switch http config/ d/switch/ cpe:/a:acme:thttpd:$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: DVBViewer \(Windows\)\r\nContent-Type: video/mpeg2\r\n\r\n\r\n| p/DVBViewer digital TV viewer httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 400 Bad Request\r\nserver: kolibri-([\w._-]+)\r\ncontent-type: text/plain\r\ncontent-length: 11\r\n\r\nBad Request$| p/Kolibri httpd/ v/$1/ cpe:/a:senkas:kolibri:$1/ match http m|^HTTP/1\.1 405 Method Not Allowed\r\nServer: remote-potato-v([\w._-]+)\r\n| p/Remote Potato media player/ v/$1/ # The date reveals the time zone instead of using GMT. match http m|^HTTP/1\.1 405 Method Not Allowed\r\nDate: ([^\r]+)\r\nServer: Embedthis-Appweb/([\w._-]+)\r\n| p/Embedthis-Appweb/ v/$2/ i/date: $1/ cpe:/a:mbedthis:appweb:$2/ match http m|^HTTP/1\.0 503 Service Unavailable\r\nDate: .* GMT\r\nServer: Embedthis-Appweb/([\w._-]+)\r\n| p/Embedthis-Appweb/ v/$1/ i/Sharp Open System Architecture/ d/printer/ cpe:/a:mbedthis:appweb:$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Microsoft-Cassini/([\w._-]+)\r\n| p/Microsoft Cassini httpd/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 408 Request Timeout\r\nServer: WebSphere Application Server/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: 117\r\n| p/IBM WebSphere Application Server/ v/$1/ cpe:/a:ibm:websphere_application_server:$1/ match http m|^HTTP/1\.0 200 Ok Welcome to VOC\r\nServer: Voodoo chat daemon ver ([\w._ -]+)\r\nContent-type: text/html\r\nExpires: Mon, 08 Apr 1976 19:30:00 GMT\+3\r\nConnection: close\r\nKeep-Alive: max=0\r\nCache-Control: no-store, no-cache, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\n\r\n$| p/Voodoo http chat daemon/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nServer: Cassini/([\w._-]+)\r\n.*\n\n
          \n

          Invalid Access

          \n
          \n

          \n\n\n\n| p/Cisco ATA186 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:cisco:ata186/a match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\nContent-type: text/html; charset=\(null\)\r\n.*\n$|s p/QNAP TS-109 NAS http config/ v/$1/ d/storage-misc/ cpe:/h:qnap:ts-109/ match http m|^HTTP/1\.0 200 OK\r\nServer: http server ([\w._-]+)\r\n.*NAS\n\n|s p/QNAP Turbo or TS-459 Pro+ NAS http config/ v/$1/ d/storage-misc/ match http m|^HTTP/1\.0 404 no application for: /\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Application Port http config/ d/media device/ match http m|^HTTP/1\.0 404 File not found\r\nServer: HttpServer\r\n\r\n$| p/Galleon TiVo Publishing Port http config/ d/media device/ match http m|^HTTP/1\.1 302 Redirect\r\nServer: GoAhead-Webs\r\nDate: .*\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://\(null\)/config/log_off_page\.htm\r\n\r\n| p/GoAhead WebServer/ i/Dell PowerConnect Gigabit switch http config/ d/switch/ cpe:/a:goahead:goahead_webserver/a match http m|^HTTP/1\.0 301 Moved Permanently\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /main/main\.html\r\nServer: debut/([\w._-]+)\r\n\r\n| p/debut httpd/ v/$1/ i/Brother MFC-8860DN printer http config/ d/printer/ cpe:/h:brother:mfc-8860dn/a match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nServer: Avocent DSView ([\w._/-]+)\r\nLocation: https://([\w._-]+)/dsview/\r\nConnection: close\r\n\r\n| p/Avocent DSView remote management httpd/ v/$1/ h/$2/ match http m|^HTTP/1\.0 \d\d\d .*\r\nDate: .*\r\nServer: RAID HTTPServer/([\w._-]+)\r\n| p/Sun StorEdge 3511 http config/ v/$1/ d/storage-misc/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\n.*Samsung Printer Status.*var contentURI = \"/general/printerDetails\.htm\"|s p/Samsung printer http config/ d/printer/ match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nServer: Ubicom/([\w._-]+)\r\n.*NETGEAR WNHDE111 |s p/Ubicom httpd/ v/$1/ i/Netgear WNHDE111 WAP http config/ d/WAP/ cpe:/a:ubicom:httpd:$1/ cpe:/h:netgear:wnhde111/a match http m|^HTTP/1\.0 200 .*\r\nServer: Server\r\n.*<title>[nN]euf ?box - Accueil|s p/SFR Neuf Box DSL modem http config/ d/broadband router/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Axigen-Webmail\r\n|s p/Axigen webmail httpd/ o/Unix/ cpe:/a:gecad:axigen_mail_server/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: Axigen-Webadmin\r\n|s p/Axigen webadmin httpd/ o/Unix/ cpe:/a:gecad:axigen_mail_server/ match http m|^HTTP/1\.0 200 .*\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n\n\n.*\n\n(.*) - VSX 7000A| p/NetPort httpd/ v/$1/ i/Polycom VSX 7000A http config; name $2/ d/webcam/ cpe:/h:polycom:vsx_7000a/a match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Virata-EmWeb/R([\w._-]+)\r\nLocation: https://[\w._-]+/\+webvpn\+/index\.html\r\n| p/Virata-EmWeb/ v/$SUBST(1,"_",".")/ i/Cisco WebVPN http config/ d/security-misc/ cpe:/a:virata:emweb:$SUBST(1,"_",".")/a match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n(UX-\w+)| p/dtHTTPd/ v/$1/ i/Sharp Broadband $2 Fax http config/ d/printer/ cpe:/h:sharp:$2/ match http m|^HTTP/1\.0 200 OK\r\nServer: dtHTTPd/([\w._-]+)\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nConnection: close\r\n\r\n(FO-\w+)| p/dtHTTPd/ v/$1/ i/Sharp $2 printer http config/ d/printer/ cpe:/h:sharp:$2/ match http m|^HTTP/1\.1 200 OK\r\nServer: Conexant-EmWeb/R([\w._-]+) SIPGT/([\w._-]+)\r\n.*Login page.*NOTE: The requested URL could not be retrieved.*background-image: url\(/html/de/images/bg_ramp\.jpg\);\r\n|s p/AVM FRITZ!Box WAP http config/ d/WAP/ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n.*Note: The requested URL could not be retrieved\..*background-image: url\(\.\./\.\./de/images/bg_ramp\.jpg\);\n|s p/AVM FRITZ!Box WLAN 7270 WAP http config/ d/WAP/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: \d+\r\nContent-Type: text/html.*\r\nPragma: no-cache\r\nServer: Webserver\r\nWWW-Authenticate: Basic realm=\"HTTPS Access\"\r\n\r\n401 Unauthorized \(ERR_ACCESS_DENIED\)

          401 Unauthorized


          ERR_ACCESS_DENIED
          Webserver| p/AVM FRITZ!Box WAP http config/ d/WAP/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: lighttpd[/ ]([\d.]+) \(([^)]+)\)\r\n|si p/lighttpd/ v/$1/ i/$2/ cpe:/a:lighttpd:lighttpd:$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: lighttpd[/ ]([\d.]+)\r\n|si p/lighttpd/ v/$1/ cpe:/a:lighttpd:lighttpd:$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: lighttpd|si p/lighttpd/ cpe:/a:lighttpd:lighttpd/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\nCache-Control: no-cache\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"U\.S\. Robotics ADSL Router\"\r\n| p/micro_httpd/ i/USRobotics USR9107A ADSL http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\nDate: .*\n\n\n\n\r\n$| p/RapidLogic httpd/ v/$1/ i/3Com 3CRWE454G75 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:3com:3crwe454g75/a match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\n\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Netgear WAG102 WAP http config/ d/WAP/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:netgear:wag102/a match http m|^HTTP/1\.0 302 Moved Temporarily\r\nServer: RapidLogic/([\d.]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html; charset=UTF-8\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nLocation: /main\.html\r\n\r\n\r\n$| p/RapidLogic httpd/ v/$1/ i/Sharp MX-2700N printer/ d/printer/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:sharp:mx-2700n/a match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: ZING-(\d+/[\d.]+) \([0-9a-f]{32}; [\w-]+\) ([^\r\n]*)\r\n\r\n$| p/ZING httpd/ v/$1/ i/SanDisk Sansa Connect MP3 player; $2/ d/media device/ match http m|^HTTP/1\.0 503 Service Unavailable\r\nContent-Type: text/html\r\nContent-Length: 169\r\n\r\n503 Service Unavailable

          503 Service Unavailable

          The service is not available\. Please try again later\.

          $| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/ match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-type: text/html\r\nConnection: close\r\n\r\n401 Unauthorized\n

          401 Unauthorized

          \nAuthorization required\.\n
          \n\n$| p/Alcatel-Lucent OmniPCX PBX httpd/ d/PBX/ cpe:/a:alcatel-lucent:omnipcx/ match http m|^HTTP/1\.0 301 Moved Permanently \r\nContent-Type: text/html\r\nDate: .*\r\nLocation: /fusionreactor/\r\n\r\nRedirecting, please wait\.$| p/FusionReactor web server monitor/ match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: wgt_http ([\d.]+)\r\nWWW-Authenticate: Basic realm=\"Anlage\"\r\nConnection: close\r\n$| p/wgt_http/ v/$1/ i/Eumex 704PC ADSL router/ d/broadband router/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Alvarion-Webs\r\nDate: THU JAN 01 01:04:22 1970\r\nWWW-Authenticate: Basic realm=\"Alvarion\"\r\n.*Document Error: Unauthorized\r\n\t\t

          Access Error: Unauthorized

          \r\n\t\t

          Access to this document requires a User ID

          \r\n\r\n$|s p/Alvarion-Webs/ i/Alvarion BreezeMAX WiMAX WAP http config/ d/WAP/ match http m|^HTTP/1\.0 400 Bad Request\r\nPragma: no-cache\r\nContent-type: text/html\r\n\r\n\n \n 400 Bad Request !!!| p/DrayTek Vigor 2800-series ADSL router httpd/ d/broadband router/ match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n\nJacarta interSeptor\n| p/Jacarta interSeptor environmental monitor http/ d/specialized/ match http m|^HTTP/1\.0 302 Document Follows\r\nLocation: http:///index\.htm\r\nConnection: close\r\n\r\n| p/Dell PowerVault TL4000 http config/ d/storage-misc/ match http m|^HTTP/1\.0 302 Found\r\nConnection: close\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nLocation: https?://[\d.]+/login\.htm\r\n\r\n.*Click Here to proceed\.\n|s p/3Com Baseline Switch 2948-SFP Plus web config/ d/switch/ match http m|^HTTP/1\.0 401 Unauthorized\.\r\nWWW-Authenticate: Basic realm=\"GAI-Tronics\"\r\nContent-Type: text/html\r\n\r\n401 Unauthorized\.\r\n\r\n

          401 Unauthorized

          The requested URL / requires authorization\.

          \r\n


          \r\n\r\n$| p/GAI-Tronics Commander VoIP phone http config/ d/VoIP phone/ match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 0\r\nServer: HBHTTP POGOPLUG - ([\d.]+) - Linux\r\nDate: .*\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOPRO - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n$| p/HBHTTP/ v/$1/ i/Pogoplug Pro NAS device/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nExpires: Thu, 26 Oct 1995 00:00:00 GMT\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n.*Emerson Network Power IntelliSlot Web/(\d+) Card|s p/Allegro RomPager/ v/$1/ i|Emerson Network Power IntelliSlot Web/$2 card| d/power-device/ cpe:/a:allegro:rompager:$1/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w.]+)/?\r\nConnection: close\r\nContent-Length: 0\r\n\r\n|s p/VMware Server 2 http config/ h/$1/ cpe:/a:vmware:server:2/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nServer: WindWeb/([\d.]+)\r\nDate: .*\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"HP\"\r\n.*\r\n|s p/SimpleHelp remote desktop httpd/ match http m|^HTTP/1\.0 302 Object Moved\r\n.*Location: /\+CSCOE\+/logon\.html\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\n|s p/Cisco ASA firewall http config/ d/firewall/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n.*\r\nSet-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure\r\nSet-Cookie: webvpn=;.*/\+CSCOE\+/logon\.html|s p/Cisco ASA firewall http config/ d/firewall/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\n.*Server: Mbedthis-Appweb/([\d.]+)\r\n.*Set-Cookie: _appwebSessionId_=|s p/Mbedthis-Appweb/ v/$1/ i/Iomega StorCenter ix2 NAS device/ d/storage-misc/ cpe:/a:mbedthis:appweb:$1/ cpe:/h:iomega:storcenter_ix2/a match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nLocation: /EnterpriseController\r\n| p/GoogleMini search appliance httpd/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: micro_httpd\r\n.*WWW-Authenticate: Basic realm=\"Huawei SmartAX (\w+)\"\r\n|s p/micro_httpd/ i/Huawei SmartAX $1 ADSL router http config/ d/broadband router/ cpe:/a:acme:micro_httpd/ cpe:/h:huawei:smartax_$1/a match http m|^HTTP/1\.0 200 OK Content-type: text/html\r\n\r\n.*

          57066 Minolta Network Configuration Sheet 1 of 2\n\n

          .*Serial Number: *(\d+)\n.*Ethernet Address: *([0-9A-F.]+).*F/W Version: *([\w.]+ \(\w+\)).*Print Server Name: *([\w_.-]+)|s p/Minolta PagePro 20 printer http config/ i/serial number: $1, MAC: $2, firmware $3/ d/printer/ h/$4/ cpe:/h:minolta:pagepro_20/a match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n.*Server: WIC-2300\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n.*Server: DCS-\w+\r\n|s p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.0 401 Authorization Required\r\nWWW-Authenticate: BASIC realm=(DCS-\w+)\r\n\r\nPassword Error\. $| p/D-Link $1 webcam http config/ d/webcam/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.0 400 bad url /\r\nServer: TinyHTTPProxy/([\d.]+) ([^\r\n]+)\r\n| p/TinyHTTPProxy/ v/$1/ i/$2/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\n.*|s p/Juniper SA2000 or SA4000 VPN gateway http config/ d/proxy server/ match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\r\n\r\n\r\nFMS : Freenet Message System| p/Freenet Message System web client/ match http m|^HTTP/1\.1 400 Bad Request\r\n.*Server: Profense\r\n|s p/Profense web application firewall/ d/firewall/ match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\d.]+)\r\n.*Touchstone Status|s p/NET-DK/ v/$1/ i/Arris Touchstone TM702B VoIP modem/ d/VoIP adapter/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: MediaBox HTTPd Server/([\d.]+) \(Unix\)\r\n|s p/MediaBox HTTPd Server/ v/$1/ o/Unix/ match http m|^HTTP/1\.1 200 OK\r\nServer: cab/([\d.]+) \(([^)]+)\)\r\n.*cab AdminApplet|s p/cab/ v/$1/ i/AdminApplet $2/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n\r\nEverything| p/voidtools Everything search engine httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 OK\r\n.*Set-Cookie: sessionId=.*\n\n\nCisco Systems Login\n|s p/Cisco 4400 wireless LAN controller httpd/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\n.*:: ThinStation ::.*

          Thinstation ([\w._-]+) on ([\w._-]+) :: Main page

          |s p/ThinStation http admin/ v/$1/ o/Linux/ h/$2/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: \r\n.*WWW-Authenticate: Basic realm=\"ADSL Router \(ANNEX B\)\"\r\n.*.*|s p/Allnet ALL0277DSL ADSL router http config/ d/broadband router/ cpe:/h:allnet:all0277dsl/a match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 56\r\n\r\n

          301 Moved Permanently

          $| p/VMware ESXi Server httpd/ h/$1/ cpe:/o:vmware:esxi/ match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"PCS-1 Web Control\"\r\n.*Server: Allegro-Software-RomPager/([\d.]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Sony PCS-1 video conferencing http config/ d/webcam/ cpe:/a:allegro:rompager:$1/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: Ubicom/([\d.]+)\r\n.*D-Link Gaming Router :\r\n\t\t Login\r\n\t|s p/Ubicom/ v/$1/ i/D-Link DGL-4500 WAP http config/ d/WAP/ cpe:/h:dlink:dgl-4500/a match http m|^HTTP/1\.1 307 Temporary Redirect\r\nConnection: keep-alive,close\r\n.*Location: http://([\w._-]+)/servlet/StartServlet\r\nServer: PEWG/([\d.]+)\r\n|s p/PEWG/ v/$2/ i/OCE print server/ d/print server/ h/$1/ match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\w+)v(\d+)POE \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/firmware $2; MAC $3/ d/VoIP phone/ match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"(\d+)i \(([0-9A-F]{12})\)\"\r\n|s p/InterTel $1 VoIP phone http config/ i/MAC $2/ match http m|^HTTP/1\.1 401 Authorization Required\r\n.*www-authenticate:Basic realm=\"IP Resource Card \(IPRC\)\(id=[0-9A-F]+\)\"\r\n|s p/InterTel IPRC VoIP management card/ d/PBX/ match http m|^HTTP/1\.1 200 OK\r\n.*Ethernetov\xfd teplom\xecr TME od Papouch s\.r\.o\.|s p/Papouch TME Ethernet thermometer http interface/ match http m|^HTTP/1\.1 200 OK\r\nServer: SMC Internet Update Manager\r\nConnection: Keep-Alive\r\nContent-Type: text\r\nDate: .*\r\nContent-Length: 61\r\n\r\nAvira Internet Update Manager ist betriebsbereit$| p/Avira SMC Internet Update Manager/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nDate: .*\r\nLocation: https://([\w._-]+)/\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/VMware ESX 3.5 Server httpd/ h/$1/ cpe:/o:vmware:esx:3.5/ match http m|^HTTP/1\.0 200 Ok\r\nServer: httpd\r\n.*.*.*.*\r\n\r\n\r\n\r\n\r\n$|s p/GoldStar iPECS 50B PBX http config/ d/PBX/ match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure\r\n.*VMware View Portal|s p/VMware View Manager httpd/ match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure; HttpOnly\r\n.*VMwareView Portal|s p/VMware View Manager httpd/ match http m|^HTTP/1\.1 200 OK\r\ncache-control: no-cache\r\nContent-Length: \d+\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nSet-Cookie: JSESSIONID=[0-9A-F]+; Path=/; Secure.*VMware View Portal|s p/VMware View Manager httpd/ match http m|^HTTP/1\.1 404 Not Found\r\nDate: .* GMT\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n\r\n\r\nVMware View| p/VMware View Manager httpd/ match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\d.]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 90\r\n\r\nNorman Security Error

          403 - Forbidden

          $| p/Norman Security Endpoint Protection httpd/ v/$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Norman Security/([\d.]+)\r\n.*Norman Security Error

          401 - Unauthorized

          $|s p/Norman Security Endpoint Protection httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*.*Oracle Applications Rapid Install|s p/Oracle Rapid Install httpd/ match http m|^HTTP/1\.1 200 OK\r\n.*\r\n\r\n\r\n\r\n
          |s p/HP Procurve 1810G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1810g/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.0 302\r\nLocation: /Portal0000\.htm\r\n.*Error\r\n

          /

          302 : MOVED TEMPORARILY

          $|s p/Siemens Simatic S7-300 PLC httpd/ d/specialized/ match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.mwsl\r\n\r\n$| p/Siemens Simatic S7-1200 PLC httpd/ d/specialized/ match http m|^HTTP/1\.0 302 Object Moved\r\nContent-Type:text/html\r\nContent-Length: 0\r\nConnection: close\r\nLocation: /Default\.html\r\n\r\n$| p/Siemens Simatic HMI MiniWeb httpd/ d/specialized/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"Web Management\"\r\n\r\n401 Unauthorized401 Unauthorized$| p/Foundry EdgeIron switch http config/ d/switch/ match http m|^HTTP/1\.1 404 Not Found\r\nConnection: Close\r\nContent-Type: text/html\r\n\r\nThe specified URL cannot be found\r\n| p/Barracuda Web Application Firewall/ d/firewall/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nSet-Cookie: DLILPC=\"\"; Version=1; Max-Age=0; Path=/\r\n\r\n.*Power Controller \n \n|s p/Digital Loggers Web Power Switch II http config/ d/power-device/ match http m|^HTTP/1\.1 403 Directory Listing Denied\r\nContent-Type: text/plain\r\nContent-Length: 12\r\n\r\nError: 403\r\n$| p/HP Dream Screen media player http config/ d/media device/ match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*Seagate NAS - ([\w._-]+)\n\n|s p/Seagate Black Armor 440 NAS http config/ i/PHP $1/ h/$2/ cpe:/a:php:php:$1/ match http m|^HTTP/1\.0 200 OK\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*My Book World Edition - ([\w._-]+)\n.*\n|s p/Western Digital My Book http config/ i/PHP $1/ d/storage-misc/ h/$2/ cpe:/a:php:php:$1/ match http m|^HTTP/1\.1 302 Found\r\n.*Location: https://([\w._-]+)/site-web/home\.seam\r\n|s p/Seam web framework/ h/$1/ match http m|^HTTP/1\.0 200 OK\r\n.*Print server homepage\n\n\n|s p/Citizen CLP-521 or Kyocera Mita KM-1530 printer http config/ d/printer/ cpe:/h:kyocera:mita_km-1530/a match http m|^HTTP/1\.1 404 Not Found\r\nContent-Length: 19\r\nContent-Type: text/html\r\n\r\n 404 Page Not Found$| p/Kyocera Mita FS-1350DN printer http config/ d/printer/ cpe:/h:kyocera:mita_fs-1350dn/a match http m|^HTTP/1\.0 401 Unauthorized\r\n.*WWW-Authenticate: Basic realm=\"GeneralUser/Administrator\"\r\n\r\n401 Unauthorized\n

          401 Unauthorized

          \n
          \nAuthorization required for the requested URL\.\n\n|s p/thttpd/ i/Panasonic BB-HCM511 IP camera http config/ cpe:/a:acme:thttpd/ match http m|^HTTP/1\.1 307 Redirect\r\nLocation: https?://[^\r\n]*\r\nContent-Length: 0\r\n\r\n$| p/Apache httpd/ v/2.0.X/ cpe:/a:apache:http_server:2.0/ match http m|^HTTP/1\.0 200 OK\r\nServer: RapidLogic/([\w._-]+)\r\n.*OneAccess WCF|s p/RapidLogic httpd/ v/$1/ i/OneAccess ONE100A router http config/ d/router/ o/OneOS/ cpe:/a:rapidlogic:httpd:$1/ cpe:/h:oneaccess:one100a/a cpe:/o:oneaccess:oneos/ match http m|^HTTP/1\.1 200\r\n.*|s p/Nova viaWARP httpd/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 OK\r\n.*Server: Apache ([\w._-]+) in ([^\r\n]+)\r\n|s p/Apache Tomcat $1/ i/in $2/ cpe:/a:apache:tomcat/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-type: text/html\r\nAccept-Ranges: bytes\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"PLC Adaptor\"\r\n\r\n| p/Panasonic PLC Adaptor Ethernet-to-mains bridge http config/ d/bridge/ match http m|^\n501 Method Not Implemented\n\n

          Method Not Implemented

          \n\n$| p/kissdx media player control httpd/ match http m|^HTTP/1\.1 200 OK\r\nServer: yawcam/([\w._-]+)\r\nContent-Length:\d+\r\n| p/Yawcam webcam viewer httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: ACS ([\w._-]+)\r\n|s p/Cisco ACS httpd/ v/$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\n.*Server: WYM/([\w._-]+)\r\n.*WWW-Authenticate: Basic realm=\"Rovio\"\r\n|s p/WYM httpd/ v/$1/ i/Wowwee Rovio webcam/ d/webcam/ match http m|^HTTP/1\.1 \d\d\d .*\r\n.*Server: Kerio Connect ([^\r\n]+)\r\n|s p/Kerio Connect webmail httpd/ v/$1/ cpe:/a:kerio:connect:$1/ match http m|^HTTP/1\.0 500 Internal server error\nServer: M3 Business Engine ([^\r\n]+)\nConnection: close\nContent-Type: text/html; charset=UTF-8\nCache-Control: no-cache\nPragma: no-cache\nExpires: 0\nContent-Type: text/html\n\n\n500 Internal server error\n\n

          500 Internal server error

          \n
          \n
          M3 Business Engine ServerView
          \n\n$| p/M3 Business Engine ServerView httpd/ v/$1/ match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError accessing ''\r\n$| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/ # TODO: hunt down line number/version number correlations match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/plain\r\n\r\nError opening ''\r\n\d+:error:[A-F\d]+:system library:fopen:No such file or directory:bss_file\.c:169:fopen\('','r'\)\n\d+:error:[A-F\d]+:BIO routines:BIO_new_file:no such file:bss_file\.c:172:\n| p/OpenSSL s_server -WWW httpd/ cpe:/a:openssl:openssl/ match http m|^HTTP/1\.0 200 ok\r\nContent-type: text/html\r\n\r\n\n
          \n\n(.*) \nCiphers supported in s_server binary\n| p/OpenSSL s_server -www httpd/ i/command line: $1/ cpe:/a:openssl:openssl/
          match http m|^HTTP/1\.1 302 Moved Temporarily\r\n.*Server: go1984\r\n.*Location: http://([\w._-]+)(?::\d+)?/([\w._-]+)/Default/index\.htm\r\n\r\n|s p/go1984 httpd/ i/session ID $2/ d/webcam/ h/$1/
          match http m|^HTTP/1\.1 200 OK\r\n.*Connection: close\r\nContent-Type: text/html\r\n.*.*.*.*\r\n\tvar PIN_change_attempted = false;\r\n\tvar Login_failed = false;\r\n\tvar password_label = \"\";\r\n\r\n.*|s p/Wind River Web Server/ v/$1/ i/Fujitsu-Siemens FibreCAT SX80 NAS device http config/ d/storage-misc/
          match http m|^HTTP/1\.1 200 OK\r\nServer: WindRiver-WebServer/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n.*.*.*HP StorageWorks MSA Storage Management Utility|s p/Wind River Web Server/ v/$1/ i/HP StorageWorks MSA http config/ d/storage-misc/
          match http m|^HTTP/1\.1 200 OK\r\n.*Server: MarratechPortal/([\w._-]+) \(Java ([\w._-]+); Windows ([^)]+)\) build/(\d+)\r\n|s p/Marratech Portal/ v/$1 build $4/ i/Java $2; Windows $3/ o/Windows/ cpe:/o:microsoft:windows/a
          match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: BBVS\r\nContent-type: text/plain\r\n.*WWW-Authenticate: Basic realm=\"SecuritySpy Web Server\"\r\n\r\n401 Unauthorized\r\n$|s p/SecuritySpy webcam viewer httpd/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
          match http m|^HTTP/1\.1 200 OK\r\nServer: BBVS/([\w._-]+)\r\nKeep-Alive: timeout=20, max=100\r\nConnection: Keep-Alive\r\nAccept-Ranges: bytes\r\nContent-Length: 6258\r\nContent-Type: text/html\r\n\r\n\n\nSecuritySpy Web Server\n| p/SecuritySpy webcam viewer httpd/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
          match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\nExpires:0\r\npragma:no-cache\r\n\r\n\r\n\r\n\r\n\r\n$| p/TED 5000 power use monitor/ d/power-device/
          # http://java423.vicp.net:8652/infoserver.central/data/syshbk/collections/TECHNICALINSTRUCTION/1-61-208775-1.html
          match http m|^HTTP/1\.0 400 Malformed Header in \r\nContent-Type: text/html\r\n\r\n$| p/Sun ScApp bytecode transfer httpd/
          match http m|^HTTP/1\.1 200 OK\r\n\r\nFile SharePublic
          $| p/File Share httpd/ i/Android mobile phone/ d/phone/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\n.*VoIP Gateway.*|s p/D-Link DVS-4088S, DVS-5088S, or DVG-7062S VoIP gateway http config/ d/VoIP adapter/ match http m|^HTTP/1\.0 200 OK\r\nServer: BEJY V([\w._-]+) HTTP ([\w._-]+) \r\n| p/BEJY httpd/ v/$2/ i/BEJY $1/ match http m|^HTTP/1\.0 404 Not Found\r\nServer: Xfire\r\nConnection: close\r\n\r\n\r\n$| p/Xfire httpd/ match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-type: text/html\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/ match http m|^HTTP/1\.0 302 Found\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/ match http m|^HTTP/1\.0 303 See Other\r\nLocation: http://guide(?:test)?\.[\w._-]*opendns\.com/\?url=\r\nContent-Length: 0\r\nConnection: close\r\nDate: .*\r\nServer: OpenDNS Guide\r\n\r\n$| p/OpenDNS Guide/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Language: en\r\n.*Content-Location: /default\.html\r\n.*ExpertAssist/([\w._-]+)\r\nSet-Cookie: RASID=\w+; path=/\r\n\r\n ExpertAssist|s p/ExpertAssist/ v/$1/ i/ScriptLogic Remote Desktop/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n(DocuPrint [\w._-]+) - ([\w._-]+)\r\n| p/Fuji Xerox $1 printer http config/ d/printer/ h/$2/ cpe:/h:xerox:$1/a match http m|^HTTP/1\.1 502 Bad Gateway\r\nContent-Type: text/html\r\nContent-Length: 487\r\n\r\n\n\n\n\nContent Server Message\n\n\n\nNetwork message format error\. Unable to parse browser environment or content item\. Unable to parse properties\. Name-value pairs are missing an '='\.\n\n$| p/Oracle Universal Content Management httpd/ match http m|^HTTP/1\.0 400 Bad Request\r\nContent-Length: 0\r\n\r\n$| p/IDentifier NameTracer Pro httpd/ match http m|^HTTP/1\.1 200 OK\r\nContent-Length: 155\r\nConnection: close\r\n.*<FortiClient Download Portal|s p/FortiClient firewall http config/ d/firewall/ match http m|^HTTP/1\.1 200 OK\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n \n\n [\w._-]+ \n\n\n\n|s p/Fortinet FortiGate SSL VPN remote http login/ match http m|^HTTP/1\.1 200 OK\r\n.*Last-Modified: Tue, 03 Oct 2006 19:21:12 GMT\r\nETag: \"85f_52_4522b828\"\r\n.*Content-Length: 82\r\n.*location=\"/remote/index\";\n\n\n\n\0{605}$|s p/Fortinet FortiGate-5001 SSL VPN remote http login/ match http m|^HTTP/1\.1 200 OK\r\n.*Last-Modified: Wed, 11 Jan 2012 03:34:20 GMT\r\nETag: \"610_4f_4f0d033c\"\r\n.*Content-Length: 79\r\n.*location=\"/login\";\n\n\n\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/ match http m|^HTTP/1\.1 200 OK\r\n.*Last-Modified: Fri, 21 Apr 2000 00:53:33 GMT\r\nETag: W/\"685_4f_4d082ec4\"\r\n.*Content-Length: 79\r\n.*location=\"/login\";\n\n\n\n|s p/Fortinet FortiGate firewall http proxy admin/ d/firewall/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"View Home & Status Web Pages\"\r\n.*Server: Allegro-Software-RomPager/([\w._-]+)\r\n|s p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a match http m|^HTTP/1\.1 302 Found\r\nLocation: https://[\d.]+/home\.html\r\nContent-Length: 0\r\nServer: Allegro-Software-RomPager/([\w._-]+)\r\n\r\n$| p/Allegro RomPager/ v/$1/ i/Xerox Phaser 8560DN printer http config/ d/printer/ cpe:/a:allegro:rompager:$1/ cpe:/h:xerox:phaser_8560dn/a match http m|^HTTP/1\.1 200 OK\r\n.*XenServer ([\w._-]+)|s p/Citrix Xen Simple HTTP Server/ i/XenServer $1/ match http m|^HTTP/1\.0 200 OK\r\n.*ETag: \"-127477461\"\r\n.*Server: none\r\n.*Fireware XTM User Authentication|s p/WatchGuard FireBox XTM firewall http config/ d/firewall/ match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"uTorrent\"\r\n\r\n| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 300 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a # uTorrent 2.0.2 match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 15\r\nContent-Type: text/html\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid request$| p/uTorrent WebUI/ o/Windows/ cpe:/a:utorrent:utorrent/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.0 200 OK\r\n.*Server: WYM/([\w._-]+)\r\n.*Content-Length: 1029\r\nLast-Modified: Tue, 19 May 2009 02:17:02 GMT\r\n\r\n\xef\xbb\xbf\r\n\r\nNVS|s p/WYM httpd/ v/$1/ i/A+V Link NVS-4000 surveillance system http config/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\nLast-Modified: Mon, 07 Apr 2009 04:00:00 GMT\r\nContent-Type: TEXT/HTML\r\nDate: \w\w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT00:00 GMT\r\nServer: ICOM ([\w._-]+) from SBS\r\nMIME-Version: 1\.0\r\nServer: ICOM [\w._-]+ from SBS\r\nConnection: close\r\nContent-Length: 861\r\n\r\n\r\n\r\nUltraQuest Index HTML| p/ICOM httpd/ v/$1/ i/UltraQuest mainframe reporting/ o|OS/390| cpe:/o:ibm:os_390/a match http m|^HTTP/1\.0 404 Not Found\r\nContent-type: text/html\r\nDate: Sat, 31 Dec 2005 23:02:28 GMT\r\nConnection: close\r\n\r\n404 Not Found\n

          404 Not Found

          \nThe requested URL was not found on this server\.\n\n$| p/BusyBox httpd/ i/Sphairon Turbolink IAD ADSL modem http config/ o/Linux/ cpe:/a:busybox:busybox/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 302\r\nLocation: /login\.vibe\r\n\r\n$| p/VibeStreamer streaming media httpd/ match http m|^\r\n\r\n\r\n\r\n\r\n\r\n<\?xml version=\"1\.0\" encoding=\"ISO-8859-1\"\?>\r\n\r\n\r\n\r\n\r\n\r\n\r\nRealSecure SiteProtector.*\n\n302 Found\n\n

          Found

          \n

          The document has moved here\.

          \n

          Additionally, a 302 Found\nerror was encountered while trying to use an ErrorDocument to handle the request\.

          \n\n$| p/HP System Management httpd/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\n.*DVR WebViewer\r\n\r\n.*\r\n\r\n|s p/MicroDigital MDR-4600 DVR httpd/ i/Resolution $1x$2; CmdPort $3; StreamPort $4/ d/media device/ match http m|^HTTP/1\.0 200 OK\r\nServer: Senturion/([\w._-]+)\r\n.*Sensatronics: Senturion ([\w._-]+).*Willkommen zur Administration des Telefons|s p/Atcom AT-320 VoIP phone http config/ v/$2/ i/PalmMicro $1 chipset/ cpe:/h:atcom:at-320/a match http m|^HTTP/1\.1 200 OK\r\n.*Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*Dashboard.*|s p/Red Condor antispam appliance http config/ d/proxy server/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\", qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*BMC HTTP Server\r\n.*\"\"|s p/HP Integrated Lights-Out http config/ d/remote management/ cpe:/h:hp:integrated_lights-out/ match http m|^HTTP/1\.0 300 Multiple Choices\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\nConnection: close\r\nLocation: http://[\w._-]+/localmenus\.cgi\?func=604\r\nContent-type: text/html\r\n\r\n.*HTTP/1\.0 404 Not Found\r\nServer: Rockpile Web Server\r\nDate: Sun, 00 Jan 1900 00:00:00 GMT\r\n|s p/Rockpile httpd/ i/Cisco 7937 VoIP phone http config/ d/VoIP phone/ cpe:/h:cisco:7937/a match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"CentreWare Internet Services\"\r\n.*\r\n\r\n\r\nFAILED\r\n|s p/FujiXerox ApeosPort-IV C4470 http config/ d/printer/ match http m|^HTTP/1\.1 404 Not Found\r\n.*Server: iTP Secure WebServer/([\w._() -]+)\r\nMIME-version: 1\.0\r\nContent-type: text/html\r\nConnection: close\r\n\r\nNot Found

          Not Found

          \n The requested object was not found on this server\.$|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: iTP Secure WebServer/([\w._() -]+)\r\n.*Index of /|s p/iTP Secure WebServer/ v/$1/ i/HP Tandem NonStop/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\n.*Server: iTP WebServer with NSJSP/([\w._() -]+) \(HTTP/1\.1 Connector\)\r\nLocation: http://([\w._-]+):\d+/index\.html\r\n|s p/iTP WebServer with NSJSP/ v/$1/ i/HP Tandem NonStop/ h/$2/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Indy/([\w._-]+)\r\n.*GregHSRWLib - RemObjects SDK for \.NET v([\w._-]+)|s p/Indy httpd/ v/$1/ i/.NET $2; Acer Registration Service; greghsrw.exe/ cpe:/a:indy:httpd:$1/ match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n.*Server: null\r\n.*HP - Data Center Fabric Manager|s p/HP Data Center Fabric Manager http config/ match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"[\d-]+\"\r\n.*Server: censhare hyena/([\w._-]+)\r\n|s p/censhare hyena httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*ETag: W/\"[\d-]+\"\r\n.*Server: Undefined\r\n.*|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/ match http m|^HTTP/1\.1 200 OK\r\n.*ETag: W/\"[\d-]+\"\r\n.*Server: Undefined\r\n.*|s p/McAfee ePolicy Orchestrator http interface/ cpe:/a:mcafee:epolicy_orchestrator/ match http m|^HTTP/1\.1 401 \r\nDate: Sat, 21 Dec 1996 12:00:00 GMT\r\nWWW-Authenticate: Basic realm=\"Default password:1234\"\r\n\r\n401 Unauthorized - User authentication is required\.$| p/Edimax PS-1206P print server/ d/print server/ match http m|^HTTP/1\.1 301 Moved Permanently\r\n.*Server: Noelios-Restlet-Engine/([\w._-]+)\r\nLocation: http://([\w._-]+)/index\.html\r\nVary: Accept-Charset,Accept-Encoding,Accept-Language,Accept,User-Agent\r\nContent-Length: 0\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n$|s p/Noelios Restlet Framework/ v/$1/ i/Sonatype Nexus Maven Repository Manager/ h/$2/ match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*Content-Type: text/html\r\nConnection: close\r\n\r\n\nError response\n\n\n

          Error response

          \n

          Error code 501\.\n

          Message: Not Implemented\.\n

          Error code explanation: 501 = Server does not support this operation\.\n\n$|s p/SimpleHTTPServer/ v/$1/ i/rPath Appliance Platform Agent; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: CMSHTTPD/([\w._-]+) z_VM/([\w._-]+) ([^\r\n]+)\r\n|s p/CMSHTTPD/ v/$1/ i|z/VM $2; $3| o|z/VM| cpe:/o:ibm:z%2fvm:$2/ match http m|^HTTP/1\.0 200 OK\nServer: Cardax Embedded Interface\n.*

          CardaxFT Controller # (\d+) \(ETS\)

          .*
          Version: v([\w._/-]+) BootMon-([\w._-]+)\n$|s p/Cardax FT security system http interface/ v/$2/ i/Controller #$1; BootMon $3/ d/security-misc/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nAllow: GET,POST,HEAD\r\nMIME-Version: 1\.0\r\nServer: (MA\w+) Server ([\w._-]+)\r\nLocation: http://0\.0\.0\.0\r\n\r\n$| p/Huawei $1 WAP http config/ v/$2/ cpe:/h:huawei:$1/a match http m|^HTTP/1\.0 200 OK\r\nServer: ZyXEL SSLVPN Server v([\w._-]+)\r\n.*ZyWALL SSL(\d+)|s p/ZyXEL ZyWALL SSL $2 SSL-VPN applicance http config/ v/$1/ d/firewall/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: \r\n.*ZyWALL ([^<]+)|s p/ZyXEL ZyWALL $1 firewall http config/ d/firewall/ cpe:/h:zyxel:zywall_$1/a match http m|^HTTP/1\.0 200 OK\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\nLogin\n\n| p/D-Link DGS-1200T-series switch http config/ d/switch/ match http m|^HTTP/1\.1 505 HTTP Version not supported\r\nContent-Length: 0\r\nDate: .*\r\nAccept-Ranges: bytes\r\n\r\n$| p/Virtual Mic http synchronization/ d/media device/ o/iOS/ cpe:/o:apple:iphone_os/a match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*Server: Wireless Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*Server: Network Camera with Pan/Tilt\r\n|s p/Vivotek Network Camera http config/ d/webcam/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n.*Server: Network Camera\r\n|s p/Vivotek IP7131 Network Camera http config/ d/webcam/ cpe:/h:vivotek:ip7131/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Remote-Motion CCD Network Camera\"\r\nContent-Type: text/html\r\nServer: Vivotek Network Camera\r\n\r\n\n\nProtected Object\n

          Protected Object

          This object on the server is protected\.

          \n$| p/Vivotek Network Camera http config/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Web Server\r\n.*NetGear ([\w._-]+)|s p/Netgear $1 switch http config/ d/switch/ cpe:/h:netgear:$1/ match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\n.*Management.*\n\n\n|s p/Tandberg MXP video conferencing http config/ d/webcam/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: HyNetOS/([\w._-]+)\r\n.*(CS\d+) SNMP/Web Adapter|s p/Effekta MH 6000 UPS http config/ i|$2 SNMP/Web adapter; HyNetOS $1| d/power-device/ o/HyNetOS/ cpe:/o:hyperstone:hynetos:$1/ match http m|^HTTP/1\.1 200 OK\r\nX-Cocoon-Version: ([\w._-]+)\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\n.*F-Secure Policy Manager Web Reporting|s p/F-Secure Policy Manager http interface/ i/Apache Cocoon $1/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: ShellHTTPD/([\w._-]+)\r\n.*Dachstein LEAF Firewall|s p/ShellHTTPD/ v/$1/ i/Dachstein LEAF firewall/ d/firewall/ o/Linux 2.2/ cpe:/o:linux:linux_kernel:2.2/ match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: Thu, 01 Jan 1970 00:00:00 GMT\r\nnServer: avtech/([\w._-]+)\.\.Expires: 0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-type: text/html;charset=ISO-8859-1\r\nWWW-Authenticate: Basic realm=server\r\nContent-Length: 163\r\n| p/avtech httpd/ v/$1/ i/Postef-8840 ADSL router/ d/broadband router/ match http m|^HTTP/1\.0 200 Script output follows\r\nServer: shinGETsu/([\w._-]+) \(Saku/([\w._-]+)\) Python/([\w._-]+)\r\n| p/Saku/ v/$2/ i/client for shinGETsu $1 BBS; Python $3/ cpe:/a:python:python:$3/ match http m|^HTTP/1\.1 503 HTTP is not licensed\.

          To set up this filer, use /api \.\r\nServer: Data ONTAP/([\w._-]+)\r\n| p/NetApp http vFiler/ o/Data ONTAP $1/ cpe:/a:netapp:data_ontap:$1/ match http m|^HTTP/1\.1 503 HTTP is not licensed\.

          To administer this filer, use /na_admin/ \.\r\nServer: NetApp//([\w._-]+)\r\n| p/NetApp http vFiler/ v/$1/ o/Data ONTAP/ cpe:/a:netapp:data_ontap/ cpe:/o:netapp:data_ontap/a match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\n401 Unauthorized\n\n

          401 Unauthorized

          \nAuthorization required\.\n\n\n| p/m0n0wall FreeBSD firewall web interface/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\"\.\"\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\n401 Unauthorized\n\n

          401 Unauthorized

          \nAuthorization required\. HuaCheng Technologies\n\n\n| p/HuaCheng firewall http config/ d/firewall/ match http m|^HTTP/1\.0 501 Not Implemented\r\nDate: .*\r\nCache-Control: no-cache,no-store\r\nContent-Type: text/html; charset=%s\r\nConnection: close\r\n\r\n\n501 Not Implemented\n\n

          501 Not Implemented

          \nThat method is not implemented\.\n\n\n$| p/Western Digital My Book http config/ d/storage-misc/ match http m|^HTTP/1\.1 200 OK\r\nServer: Axeda Agent Web Server/([\w._-]+)\r\n.*Last-Modified: 1200004200\r\n.*IM_v8_Data \r\n\r\n\r\n
          \r\n
          \r\n Server at ([\w._-]+) Port \d+|s p/ZyXEL ZyWALL USG 200 firewall http config/ i/redirect to port $1/ d/firewall/ h/$2/ cpe:/h:zyxel:zywall_usg_200/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\n.*\n\t\n\t\n\t\n\t|s p/Buffalo NAS BitTorrent download manager http interface/ d/storage-misc/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\nContent-Encoding: gzip\r\nCache-Control: max-age=600, must-revalidate\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\0\0| p/Modtronix SBC65EC Web Server/ match http m|^HTTP/1\.0 301\r\n.*Server: OKWS/([\w._-]+)\r\n|s p/OKWS httpd/ v/$1/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n.*PowerDownTop\n\n\n$|s p/thttpd/ i/Panasonic IP camera http viewer/ d/webcam/ cpe:/a:acme:thttpd/ match http m|^HTTP/1\.0 200 OK\r\nServer: ZK Web Server\r\nPragma: no-cache\r\nCache-control: no-cache\r\n.*|s p/ZK Web Server/ i/ZKSoftware ZEM500 fingerprint reader; MIPS/ d/security-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 404 Not Found\r\nContent-Length: 69\r\nContent-Type: text/html; charset=UTF-8\r\nServer: TornadoServer/([\w._-]+)\r\n\r\n404: Not Found404: Not Found$| p/Tornado httpd/ v/$1/ cpe:/a:tornadoweb:tornado:$1/a match http m|^HTTP/1\.1 301 0\w\w\w, \d\d \w\w\w \d\d\d\d \d\d:\d\d:\d\d GMT\r\nServer: Agranat-EmWeb/R([\d_]+)\r\nLocation: https://[\d.]+/web/content/index\.html\r\n| p/Agranat-EmWeb/ v/$SUBST(1,"_",".")/ i/Alcatel 7800 switch http config/ d/switch/ cpe:/a:agranat:emweb:$SUBST(1,"_",".")/a cpe:/h:alcatel:7800/a # Juniper SRX-240H UTM firewall # Juniper EX2200-48T-4G switch match http m|^HTTP/1\.0 200 OK\r\n.*Server: Mbedthis-Appweb/([\w._-]+)\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nETag: \"[0-9a-f-]+\"\r\n.*X-Powered-By: PHP/([\w._-]+)\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n.*Log In - Juniper Web Device Manager|s p/Mbedthis-Appweb/ v/$1/ i/PHP $2/ d/firewall/ o/JUNOS/ cpe:/a:mbedthis:appweb:$1/ cpe:/a:php:php:$2/ cpe:/o:juniper:junos/a match http m|^HTTP/1\.0 403 Not Authorized\r\nContent-Type: text/html\r\nContent-Length: 379\r\n\r\n<\?xml version=\"1\.0\" encoding=\"US-ASCII\"\?>.*

          Will not send listings for this directory\.

          \r\n\r\n\r\n|s p/Ashd httpd/ match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: \d+\r\n.*\r\n.*Phoenix PowerAgent GP|s p/Phoenix PowerAgent GP power monitor http interface/ d/power-device/ match http m|^HTTP/1\.0 200 OK\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 4240\r\nContent-Type: text/html; charset=ISO-8859-1\r\n.*Server: IST OIS\r\n.*Allworx Hosted Web Site|s p/Allworx 6x VoIP phone http config/ d/VoIP phone/ cpe:/h:allworx:6x/a match http m|^HTTP/1\.0 403 Forbidden\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Encoding: identity\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nDate: .*\r\nServer: IST OIS\r\n\r\n$| p/Allworx VoIP network server http admin/ d/VoIP adapter/ match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"ACEswitch@[\d.]+\"\r\n\r\n401 Unauthorized\r\n$| p/Alteon 2424-SSL load balancer http config/ d/load balancer/ match http m|^HTTP/1\.0 302 Found\r\nConnection: Close\r\nLocation: /search\?site=default_collection&client=default_frontend&output=xml_no_dtd&proxystylesheet=default_frontend&proxycustom=\r\nContent-Type: text/html\r\nContent-Length: 0\r\n\r\n$| p/Google Mini search appliance httpd/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Apache/x\.x\.x \(Unix\) mod_ssl/x\.x\.x OpenSSL/([\w._-]+)\r\n.* FASTORA Filer Storage Manager .*classid=\"clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11\">|s p/Apache httpd/ i/Fastora NAS T2 NAS device; OpenSSL $1/ d/storage-misc/ o/FreeBSD/ cpe:/a:apache:http_server/ cpe:/a:openssl:openssl:$1/ cpe:/o:freebsd:freebsd/a match http m|^HTTP/1\.1 400 Bad Request\r\nDate: .*\r\nCache-Control: private\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 13\r\n\r\nParsing error$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/ match http m|^HTTP/1\.0 301 Moved Permanently\r\nDate: .*\r\nCache-Control: private\r\nLocation: /index\.html\r\nServer: IPOffice/([\w._()-]+)\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nRedirect to index\.html$| p/Avaya IP Office VoIP PBX httpd/ v/$1/ d/PBX/ match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nServer: SimpleHTTPtutorial v([\w._-]+)\r\n\r\n$| p/SimpleHTTPtutorial httpd/ v/$1/ match http m|^HTTP/1\.0 200 OK\n.*Server: uClinux-httpd ([\w._-]+)\nExpires: 0\n\n.*DxClient NetViewer.*Welcome.*\n\n\n| p/Speakerbus iD101 VoIP phone http config/ d/VoIP phone/ cpe:/h:speakerbus:id101/ match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html; charset=iso-8859-1\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n.*

          Username / Password is still (\w+/\w+)\. Please update\.

          |s p/ServersCheck Monitoring Server httpd/ v/$1/ i/credentials: $2/ match http m|^HTTP/1\.0 401 Unauthorized\nContent-Type: text/html\nExpires: Thu, 01 Dec 1994 23:12:40 GMT\nServer: ServersCheck_Monitoring_Server/([\w._-]+)\n|s p/ServersCheck Monitoring Server httpd/ v/$1/ match http m|^HTTP/1\.1 505 HTTP Version Not Supported\r\n.*VMware View|s p/VMware ESX Server httpd/ cpe:/o:vmware:esx/ match http m|^HTTP/1\.1 200 Ok\r\nServer: PMSoftware-SWS/([\w._-]+)\r\n| p/PMSoftware Simple Web Server/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\ncontent-type: text/html\r\ncontent-length: \d+\r\nlast-modified: .*\r\netag: [0-9a-f]+\r\nConnection: close\r\n\r\n| p/Node.js/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: (DPH-\w+)\r\n| p/D-Link $1 VoIP phone http config/ d/VoIP phone/ cpe:/h:dlink:$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: Mango DSP HTTP Stack\r\n.*Mango IP Node Configuration|s p/Mango DSP AVS Raven-M video server http config/ d/media device/ # Last-Modified has time zone. match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nLast-Modified: .* [-+]\d+\r\nExpires: .*\r\n\r\n| p/OpenText FirstClass webmail httpd/ match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: LOGSSLCHECK=nossl; path=/; expires=.*\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Language: en\r\nContent-Length: \d+\r\nContent-Location: /default\.html\r\n.*ExpertAssist|s p/ScriptLogic ExpertAssist remote management httpd/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nExpires: -1\r\nContent-Type: text/html\r\n\r\n\r\n\r\n\r\n Thomson Gateway - Startseite| p/Thomson SpeedTouch 536i router http config/ d/router/ cpe:/h:thomson:536i/ match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 240\r\n\r\n\r\n\r\nWeb-Manager ([\w._-]+)\r\n\r\n\r\n
          \r\n\r\n\r\n\r\n\r\n\r\n$| p/Napco Netlink NL-MOD http config/ v/$1/ match http m|^\r\n\r\n\r\n
          ERF-Gateway Settings & States
          \r\n\r\n\r\n| p/LaCrosse GW-1000U weather station httpd/ v/$1 $2/ match http m|^HTTP/1\.0 200 OK\r\nServer: \$ProjectRevision: ([\w._-]+) \$\r\nContent-Type: text/html\r\n\r\n\n\n \n \n| p/Teradici PCoIP remote management http config/ v/$1/ d/remote management/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: https://\(null\)/\r\nContent-Length: 2\r\n\r\n\r\n| p/Teradici PCoIP remote management http config/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nContent-Length: 131\r\nContent-Type: text/html\r\n\r\n\n\n\n\n\n\n\n\n\n$| p/Digital Stream DPS-1000 set-top box http config/ d/media device/ match http m|^HTTP/1\.0 200 OK\nConnection: close\nContent-type: text/html\nContent-Length: \d+\n\n\n\n\n\n\nNetcool/ISM Login\n| p/IBM Netcool Internet Service Monitors httpd/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Z-World Rabbit\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n\r\nSafetyNet Series 5| p/Z-World Rabbit microcontroller httpd/ i/SafetyNet Series 5 environmental monitor/ d/specialized/ match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 48\r\nServer: Indy/([\w._-]+)\r\n\r\nThe requested URL / was not found on this server$| p/Indy httpd/ v/$1/ i/Avaya VoIP phone upgrade service/ cpe:/a:indy:httpd:$1/a match http m|^HTTP/1\.1 200 OK\r\nCONTENT-ENCODING: gzip\r\nEXPIRES: .*\r\nCONTENT-LENGTH: \d+\r\nLAST-MODIFIED: .*\r\nDATE: .*\r\nCONTENT-TYPE: text/html; charset=UTF-8\r\nCACHE-CONTROL: max-age=0, no-cache, public\r\nSERVER: Linux/([\w._-]+) Motorola/([\w._-]+) DAV/2\r\n| p/Moto Phone Portal httpd/ i/Linux $1; Motorola Defy $2/ d/phone/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$1/ match http m|^HTTP/1\.1 302 Found\r\nServer: httpd\r\nDate: .*\r\nLocation: login\.html\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nConnection: close\r\n\r\n$| p/Green Packet DX230 WAP http config/ d/WAP/ cpe:/h:green_packet:dx230/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: Radware-web-server\r\nWWW-Authenticate: Basic realm=\"Radware\"\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\nDocument Error: Unauthorized| p/Radware OnDemand switch http config/ d/switch/ match http m|^HTTP/1\.0 401 Unauthorized\nServer: Gnat-Box/([\w._-]+)\n| p/Global Technology Associates Gnat Box firewall http config/ v/$1/ d/firewall/ match http m|^HTTP/1\.1 400 Bad Request\r\nDate: Mon, 21 Feb 2011 17:38:00 GMT\r\nContent-Length: 0\r\n\r\n$| p/Apple TV httpd/ d/media device/ cpe:/a:apple:apple_tv/ match http m|^HTTP/1\.1 307 Temporary Redirect\r\n.*Content-Length: 0\r\nConnection: keep-alive\r\nServer: AmazonS3\r\n\r\n$|s p/Amazon S3 httpd/ match http m|^HTTP/1\.1 200 OK\nServer: BO/([\w._-]+)\nDate: .*\nContent-type: text/html\nPublic: GET, POST\nConnection: keep-alive\n\n| p/BO2K built-in httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nHello, non-Bayeux request\. Yet another one$| p/Node.js/ i/Faye Bayeux protocol/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.0 500 Internal Server Error\r\nCONTENT-TYPE: text/html\r\nDate: .*\r\nServer: IBM_CICS_Transaction_Server/([\w._-]+)\(zOS\)\r\n| p/IBM CICS Transaction Server/ v/$1/ o|z/OS| cpe:/o:ibm:z%2fos/ match http m|^HTTP/1\.1 200 OK\r\nServer: corehttp-([\w._-]+)\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n
          | p/CoreHTTP/ v/$1/ i/directory listing/
          # http://code.google.com/p/webfinger/
          match http m|^HTTP/1\.1 400 Bad request\r\n\r\n$| p/WebFinger httpd/
          match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\nFailure: 500 Internal Server Error\r\nnull\r\n\r\n$| p/Eucalyptus httpd/
          match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html; charset=utf-8\r\nContent-Length: 204\r\n\r\n\nDirectory listing for /\n\n

          Directory listing for /

          \n
          \n\n
          \n\n\n$| p/Dionaea honeypot httpd/ # http://www.erlang.org/doc/man/inets.html match http m|^HTTP/1\.0 200 OK\r\nServer: inets/([\w._-]+)\r\n| p/inets/ v/$1/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nContent-Encoding: gzip\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n\x1f\x8b\x08\0\0\0\0\0\x02\x03\xa5\x93Mo| p/HP ProCurve 1800-24G switch http config/ d/switch/ cpe:/h:hp:procurve_switch_1800/ cpe:/o:hp:procurve_switch_software/ match http m|^HTTP/1\.1 200 OK\r\nServer: afts/([\w._-]+)\r\n| p/afts/ v/$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: OBi(\w+)\r\n| p/Obihai OBi$1 VoIP adapter http config/ d/VoIP adapter/ cpe:/h:obihai:obi$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n1\.0\n(?:\d\d\d\d-\d\d-\d\d\n)+| p/OpenStack Nova httpd/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": \[{\"status\": \"CURRENT\", \"id\": \"v([\w._-]+)\"}\]}| p/OpenStack Nova httpd/ v/$1/ # http://www.fastpath.it/products/palantir/index.php match http m|^HTTP/1\.0 200 OK\r\nContent-Type: multipart/x-mixed-replace; boundary=--mp-boundary\r\nExpires: .*\r\nPragma: no-cache\r\nCache-Control: no-store, no-cache\r\nX-Protocol-Version: (\d+)\r\nX-Greeting: Livefeed\r\n\r\n--mp-boundary\r\n| p/Palantir media streaming httpd/ i/protocol $1/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: MediaMallServer/([\w._-]+)\r\n| p/PlayOn MediaMallServer httpd/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\nI-O DATA Broadband Router ETX-R| p/I-O Data ETX-R router http config/ d/router/ match http m|^HTTP/1\.0 401 com\.wm\.app\.b2b\.server\.AccessException: com\.wm\.app\.b2b\.server\.AccessException: \[ISS\.0084\.9004\] Access Denied\r\nWWW-Authenticate: Basic realm=\"webMethods\"\r\n| p/Software AG webMethods httpd/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"Secure Area\"\r\nContent-Type: text/html\r\n\r\nError401 Unauthorized$| p/ScriptLogic Image Center remote agent httpd/ d/remote management/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nExpires: .*\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\n\r\nWelcome to (963)| p/Trend $1 building control system httpd/ d/security-misc/ cpe:/h:trend:$1/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWww-Authenticate: Basic REALM=\"elmeg\"\r\nContent-Type: text/plain\r\nContent-Length: 22\r\n\r\nUnauthorized request\r\n$| p/Elmeg IP 290 VoIP phone http config/ d/VoIP phone/ cpe:/h:elmeg:ip_290/ match http m|^HTTP/1\.1 401 Authorization Required\nDate: .* ([-+]\d+)\nServer: WebPidginZ \n([\w._-]+)\nWWW-Authenticate: Digest realm=\"WebPidginZLoginDigest\", nonce=\"[0-9a-f]+\", opaque=\"0000000000000000\", stale=false, algorithm=MD5, qop=\"auth\"\nConnection: close\nContent-type: text/html\n\n\n\n$| p/WebPidgin-Z instant messaging interface/ v/$2/ i/time zone: $1/ match http m|^HTTP/1\.0 \d\d\d [\w ]+\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n{.*\"name\" : \"([^"]+)\",\r?\n \"version\" : {\r?\n \"number\" : \"([^"]+)\",.*\"lucene_version\" : \"([^"]+)\"\r?\n },\r?\n \"tagline\" : \"You Know, for Search\"\r?\n}|s p/Elasticsearch REST API/ v/$2/ i/name: $1; Lucene version: $3/ match http m|^HTTP/1\.0 200 OK\r\n.*Content-Type: application/json; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n{\n \"ok\" : true,\n \"name\" : \"[\w._ -]+\",\n \"version\" : {\n \"number\" : \"([\w._-]+)\",\n \"date\" : \"(\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d)\",\n \"snapshot_build\" : \w+\n },\n|s p/ElasticSearch/ v/$1 $2/ match http m|^HTTP/1\.0 200 OK\r\n.*Content-Type: application/json; charset=UTF-8\r\nContent-Length: \d+\r\n\r\n{.*\n \"name\" : \"([^"]+)\",.*\n \"version\" : {\n \"number\" : \"([\w._-]+)\",\n \"snapshot_build\" : false\n },|s p/ElasticSearch/ v/$2/ i/name: $1/ match http m|^HTTP/1\.0 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"NETWORK\"\r\nContent-Type: text/html\r\nServer: Lancam Server\r\n\r\n| p/American Dynamics EDVR security recorder/ d/security-misc/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: Muratec Server Ver\.([\w._-]+)\r\n.*Administration tool for IF-300\r\n|s p/Muratec IF-300 network module http config/ v/$1/ i/for F-320 printer/ d/printer/ cpe:/h:muratec:f-320/ cpe:/h:muratec:if-300/ match http m|^HTTP/1\.0 401 Unauthorized\r\n.*Server: Muratec Server Ver\.([\w._-]+)\r\nWWW-Authenticate: Basic Realm=\"Pages for SERVICE PERSON\"\r\nContent-Type: text/html\r\nContent-Length: 51\r\n\r\n

          401 Unauthorized

          $|s p/Muratec F-320 printer http config/ v/$1/ d/printer/ cpe:/h:muratec:f-320/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: RedTitan-eNterpriseQueue/([\w._-]+)\r\n.*Enterprise Portal\r\n|s p/RedTitan-eNterpriseQueue/ v/$1/ i/RedTitan Print2PC parallel-to-USB bridge/ d/bridge/ cpe:/h:redtitan:print2pc/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: UPnP/1\.0\r\n.*HDHomeRun\r\n.*
          Model: ([\w._-]+)
          Device ID: ([\w._-]+)
          Firmware: ([\w._-]+)
          |s p/SiliconDust HDHomeRun $1 DVR http config/ v/$3/ i/device ID: $2/ d/media device/ cpe:/h:silicondust:hdhomerun/ match http m|^HTTP/1\.1 200 OK\r\n.*SERVER: HDHomeRun/1\.0\r\n.*HDHomeRun\r\n.*
          Model: ([\w._-]+)
          Device ID: ([\w._-]+)
          Firmware: ([\w._-]+)
          |s p/SiliconDust HDHomeRun $1 DVR http config/ v/$3/ i/device ID: $2/ d/media device/ cpe:/h:silicondust:hdhomerun/ # http://www.ibm.com/developerworks/systems/library/es-nweb/index.html match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\n\r\nnweb\r\n| p/IBM nweb/ cpe:/a:ibm:nweb/ match http m|^HTTP/1\.0 504 Gateway Timeout\r\nPragma: no-cache\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n\r\nConnection to server failed \(Connection actively refused by the server\.\)

          {600}| p/Kerio WinRoute http proxy/ o/Windows/ cpe:/a:kerio:winroute/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .*\r\nX-Cascade: pass\r\nContent-Type: text/html\r\nContent-Length: 409\r\n\r\n\n\n\n \n\n\n

          Sinatra doesn't know this ditty\.

          \n \n
          \n Try this:\n
          get '/' do\n  \"Hello World\"\nend
          \n
          \n\n\n$| p/Sinatra web framework built-in httpd/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\n.*Server: webcam 7\r\n\r\n|s p/webcam 7 httpd/ o/Windows/ cpe:/o:microsoft:windows/ match http m|^HTTP/1\.1 301 Movprm\r\nLocation: https://[\d.]+/\r\nContent-Length: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n$| p/Konica Minolta bizhub 423 printer http config/ d/printer/ cpe:/h:konicaminolta:bizhub_423/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nServer: Catwalk\r\nDate: .*\r\nLocation: https://null:8443/\r\nContent-Length: 0\r\nConnection: close\r\n\r\n$| p/Catwalk/ i/Canon imageRUNNER C5000-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_c5000/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nExpires: .*\r\nCache-control: private\r\nContent-type: text/html\r\n\r\n
          SoftwareERF-Gateway V([\w._-]+)
          Compilation Date(\d\d/\d\d/\d\d)

          Enistic Smart Energy Controller

          | p/Enistic Smart Energy Controller httpd/ d/power-misc/ match http m|^HTTP/1\.1 401 Unauthorized\nWWW-Authenticate: Basic realm='unRAID SMU'\n$| p/Lime Technology unRAID Server httpd/ v/4.X/ d/storage-misc/ cpe:/o:lime_technology:unraid_server:4/ # http://code.google.com/p/unraid-unmenu/ match http m|^HTTP/1\.1 200 OK\r\nConnection: Close\r\nPragma: no-cache\r\nCache-Control: private, max-age=0\r\nDate: .*\r\nExpires: -1\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nRefresh: 60; URL=\r\n\r\n[0-9a-f]+\r\n([\w._-]+) unRAID Server| p/Lime Technology unRAID Server Unmenu http config/ d/storage-misc/ h/$1/ cpe:/o:lime_technology:unraid_server:4/ match http m|^\0\0\0\0\x81HTTP/1\.0 403 Forbidden\r\nServer: ServletExecAS/([\w._-]+)\r\nContent-type: text/html\r\n\r\nRequests from [\d.]+ are not allowed\.$| p/New Atlanta ServletExec/ v/$1/ cpe:/a:newatlanta:servletexec:$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"\"\r\n\r\n$| p/Z-World Rabbit microcontroller httpd/ i/Redline AN-50 wireless bridge http config/ cpe:/h:redline:an-50/ match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nConnection: Close\r\n\r\n\n\nZyXEL (ZyAIR [\w._-]+)| p/ZyXEL $1 WAP http config/ d/WAP/ cpe:/h:zyxel:$1/ match http m|^HTTP/1\.1 200\r\nContent-type: text/html\r\nConnection: close\r\nCONTENT-LENGTH: 81\r\n\r\n\r\n\r\n\r\n$| p/SolarLog 400e power monitor httpd/ d/power-misc/ cpe:/h:solarlog:400e/ match http m|^HTTP/1\.1 200 OK\r\naccept-ranges: none\r\ncache-control: no-cache\r\ncontent-type: text/html; charset=utf-8\r\ndate: .*\r\nexpires: 0\r\nserver: Ocsigen\r\n\r\n| p/Ocsigen/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nSet-Cookie: Netio\w+=\w+; path=/\r\n\r\n\n\n(NETIO-\w+) WebControl\n| p/Koukaam $1 power controller http config/ d/power-device/ cpe:/h:koukaam:$1/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Omniture DC/([\w._-]+)\r\nxserver: ([\w._-]+)\r\n| p/Omniture DC/ v/$1/ h/$2/ # ABS Megacam # Ubiquity AirCam.v1.1.1 / Airvision v1.1.1 match http m|^HTTP/1\.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 47\r\n\r\n

          File not found

          $| p/GM Streaming Server httpd/ d/webcam/ match http m|^\n \n \n \n \n \n \t
          \n \n \n \n
          VoIP Router \n| p/Inteno X5669B broadband router/ d/broadband router/ cpe:/h:inteno:x5669b/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nX-Powered-By: PHP/([\w._-]+)\r\n.*Server: WMI Http Server\r\n.*Xtreamer Media Server\n|s p/WMI HTTP Server/ i/Xtreamer Pro media server; PHP $1/ d/media device/ cpe:/a:php:php:$1/ match http m|^HTTP/1\.1 400 OK\r\n.*Server: Ability Server ([\w._-]+) by Code-Crafters\r\n|s p/Code Crafters Ability httpd/ v/$1/ cpe:/a:code-crafters:ability_server:$1/ match http m|^HTTP/1\.0 200 Ok\r\nServer: NET-DK/([\w._-]+)\r\n.*\n\n\n\n\n|s p/NET-DK/ v/$1/ i/Motorola SB5101 or SB6120 cable modem http config/ d/broadband router/ cpe:/h:motorola:sb5101/ cpe:/h:motorola:sb6120/ match http m|^HTTP/1\.0 401 Unauthorized\n.*Server: SAINT/([\w._-]+)\n.*\n\nBad client authentication code\n\n\n\n

          Bad client authentication code

          \nThe command: GET / HTTP/1\.0\r\n was not properly authenticated\.\n\n\n$|s p/SAINTexploit http interface/ v/$1/ match http m|^HTTP/1\.0 200 OK\n.*Server: SAINT/([\w._-]+)\n.*SAINT Login|s p/SAINTexploit http interface/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nCache-Control: no-cache\r\n\r\n



          LevelOne (GSW-\w+)| p/LevelOne $1 switch http config/ d/switch/ cpe:/h:levelone:$1/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n\n\n|s p/Port25 Solutions PowerMTA http status/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(IPCamera_Logo\)\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nConnection: close\r\nLast-Modified: .*\r\nCache-Control: max-age=60\r\n\r\n\xef\xbb\xbf| p/Maygion IPCamera http interface/ i/RTSP on same port/ # Verizon FIOS? match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=\"IgdAuthentication\", domain=\"/\", nonce=\"\w{35}=\", qop=\"auth\", algorithm=MD5, opaque=\"5ccc09c403ebaf9f0171e9517f40e41\" \r\n\r\n| p/TL-069 remote access/ match http m|^HTTP/1\.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 0\r\nWWW-Authenticate: Digest realm=IgdAuthentication, domain=\"/\", qop=\"auth\", algorithm=MD5, nonce=\"\w{9}\"\r\n\r\n| p/TL-069 remote access/ match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 23\r\nServer: MySQL Aggregator\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"CTA\"\r\nContent-Type: text/plain\r\n\r\nAuthorization required\n| p/MySQL Enterprise Agent Aggregator/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache \r\nServer: Bukkit Webby\r\nConnection: Close\r\n\r\n| p/Bukkit Webby Minecraft http admin/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: /console/index\.html\r\nConnection: close\r\nDate: .* GMT\r\n\r\n$| p/JBoss Administrator/ match http m|^HTTP/1\.1 200 OK\r\nCache-Control: max-age=0\r\nPragma: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nX-UA-Compatible: IE=Edge\r\nConnection: close\r\nSet-Cookie: web_session_id=\w+; path=/; HttpOnly; \r\n\r\n.*PA Server Monitor|s p/Power Admin Server Monitor http admin/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: SentinelKeysServer/([\w._-]+)\r\nMIME-Version: 1\.1\r\nContent-Type: text/html\r\n| p/SafeNet Sentinel Keys License Monitor httpd/ v/$1/ i/Java Console/ cpe:/a:safenet-inc:sentinel_keys_server:$1/ # The version numbers don't line up. Need more info or more fingerprints to figure out. # Also, this matches 4 or 5 different services within CloudView. No further info. match http m|^HTTP/1\.0 \d\d\d .*\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: .*\r\nDate: .*\r\nHost: 0\.0\.0\.0\r\nServer: NG/6\.0\.16943\r\n| p/Exalead CloudView/ v/5.1.12.31472/ match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\nEtag: .*\r\nServer: ngconvert/6\.0\.16943 edoc/1\.4\.36592 \(BUILD=6\.0\.16943;EDOC=1\.4\.36592;AUTOMIME=1\.03;CONFEX=0\.153;XPDFTEXTLIB=3\.02\.24\)\r\n\r\n| p/Exalead CloudView/ v/5.1.12.31472/ match http m|^HTTP/1\.1 200 OK\r\n.*\r\n\r\n\n\n\n
          pageok
          \n\n$|s p/GoDaddy error/ match http m|^HTTP/1\.1 400 Bad Request \(5\)\r\nServer: httpd\r\nDate: .*\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/Cisco small business router VPN/ match http m|^HTTP/1\.0 401 Unauthorized\r\nServer: HTS/tvheadend\r\nCache-Control: no-cache\r\nWWW-Authenticate: Basic realm=| p/Tvheadend http config/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .* ([+-]\d+)\r\nContent-Length: 0\r\nServer: com\.novell\.zenworks\.httpserver/([\w._-]+)\r\n\r\n| p/Novell ZENworks httpd/ v/$2/ i/time zone: $1/ cpe:/a:novell:zenworks:$2/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/plain\n\nTable: Links\nLocal IP\tRemote IP\tHyst\.\tLQ\tNLQ\tCost\n| p/olsrd txtinfo plugin/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nDate: .*? ([A-Z]+)\r\nExpires: .*\r\n\r\n.*

          DVR (\w+) WatchDog \(([\w._-]+)\)

          |s p/March Networks $2 DVR http config/ i/time zone: $1/ h/$3/ match http m|^HTTP/1\.0 200 OK\r\n.*Server: Speclab WebServer/([\w._-]+) (Instinct-\d+ Release \d+)\r\n|s p/Speclab WebServer/ v/$1/ i/Goal $2/ match http m|^HTTP/1\.1 200 OK\r\nMIME-Version: 1\.0\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n {332}\n\n\t.*|s p/SOGo groupware http interface/ i/build: $1/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close \r\nContent-Type: text/html\r\nCache-control: no-cache\r\n\r\n.*top\.location\.href=\"login_page\.html\";Paradox IP Module|s p/Paradox security system IP module httpd/ d/security-misc/ match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) vom \d+\.\w+\.\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/German/ match http m|^HTTP/1\.1 200 OK\r\nServer: WIBU-SYSTEMS HTTP Server/ Version ([\w._-]+) of \w+/\d+/\d+\r\n| p/Wibu CodeMeter httpd/ v/$1/ i/English/ match http m|^HTTP/1\.1 200 OK\r\nContent-Length:\d+\r\nContent-Type:text/html\r\nConnection:close\r\n\r\n

          Mendeley Desktop

          | p/Mendeley Desktop httpd/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nLast-Modified: \d+/\d+/\d+ \d+:\d+:\d+ [AP]M\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n\r\n\r\nHomeWorks Illumination Web Keypad| p/Lutron HomeWorks web keypad/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: \d+\r\nCache-Control: no-cache\r\n\r\nUnified Protocol version ([\d.]+)| p/Samsung CLP printer httpd/ i/Unified Protocol $1/ d/printer/ # BIND 9.5 or later match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/xml\r\n.*Server: libisc\r\n.*|s p/BIND stats httpd/ i/XML statistics version $1/ cpe:/a:isc:bind/ match http m|^HTTP/1\.1 200 OK\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n.*\r\n\r\n\r\n\t\r\n\t|s p/LANDesk html5 remote control/ cpe:/a:landesk:landesk_management_suite/ match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: 345\r\nConnection: close\r\nDate: .*\r\nServer: Swift1\.0\r\n\r\n| p/Samsung Swift httpd/ v/1.0/ d/media device/ match http m|^HTTP/1\.1 200 OK\r\nSERVER: HDHomeRun/([\w._-]+)\r\n.*
          Model: ([\w._-]+)
          Device ID: [\w._-]+
          Firmware: ([\w._-]+)
          |s p/Silicondust HDHomeRun set top box http config/ v/$1/ i/model: $2; firmware: $3/ d/media device/ match http m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\nDate: .*\r\nServer: KM-MFP-http/V([\w._-]+)\r\nContent-Type: text/html\r\n\r\n\r\n\r\n\r\n\r\n| p/Kyocera MFP printer http config/ v/$1/ d/printer/ match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: NSG\r\nWWW-Authenticate: Basic Realm=Security\r\n| p/Harmonic NSG QAM video delivery httpd/ d/media device/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: Httpd/1\.0\r\nDate: \w+ \w+ +\d+ \d+:\d+:\d+ \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http:///login\.asp\r\n\r\n| p/CJ HelloVision DVW-2300N router http redirector/ d/WAP/ match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Avaya Push Agent Ver x\.x\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\n| p/Avaya Push Agent/ d/VoIP phone/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: GS-Webs\r\nDate: .*\r\nLocation: http://\x07/index\.html\r\n\r\n|s p/Huacam Cyclops IP camera http config/ d/webcam/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: IP-Phone-Web\r\nDate: [A-Z]+ [A-Z]+ \d+ \d+:\d+:\d+ \d+\r\n| p|TalkSwitch/FortiVoice web manager| d/VoIP phone/ match http m|^HTTP/1\.1 502 Bad Request\r\nContent-Length: \d+\r\n\r\n\r\n\r\nError 502 - Bad Request
          \r\nThe server could not resolve your request for uri: http://[\d.]+/\r\n\r\n| p/Blackberry phone httpd/ d/phone/ match http m|^HTTP/1\.1 403 Forbidden\r\nDate: [A-Z]+ [A-Z]+ \d\d \d\d:\d\d:\d\d \d\d\d\d\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\n\r\nDocument Error: Forbidden\r\n\t\t

          Access Error: Forbidden

          \r\n\t\t

          HTTP/1\.0 403 Forbidden\n

          \r\n\r\n| p/Avaya 9670 VoIP Phone httpd/ d/VoIP phone/ cpe:/h:avaya:9670/a match http m|^HTTP/1\.1 302 Found\r\nLocation: http://([\w._-]+)/\?cfru=aHR0c.*\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n\r\nRedirect\r\n\r\n\r\n\r\n
          \r\n
          \r\n
          \r\n
          | p/Cisco 7912G IP Phone/ d/VoIP phone/ cpe:/h:cisco:7912g/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"[\d.]+\", qop=\"auth\", nonce=\"[0-9a-f]+\"\r\n.*BMC HTTP Server\r\n|s p/BMC HTTP Server/ i/HP Integrated Lights-Out remote management/ d/remote management/ cpe:/h:hp:integrated_lights-out/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*\r\nConnection: close\r\nLast-Modified: .*\r\nContent-length: \d+\r\n.*RGB VIA Platform Home Page\r\n|s p/BusyBox httpd/ i/RGB Modular Media Converter http config/ d/media device/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"Web UI Access\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\", stale=\"false\", algorithm=\"MD5\", qop=\"auth\"\r\n\r\n$| p/qBittorrent Web UI/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n\r\n\r\n\r\n\r\n\r\n

          SDR-IP

          by

          RFSPACE

          \r\n\r\n\r\n$| p/RF-Space SDR-IP software radio http config/ d/specialized/ cpe:/h:rf-space:sdr-ip/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nConnection: close\r\nContent-type: text/html\r\nServer: Flumotion/([\w._-]+)\r\n| p/Fluendo Flumotion httpd/ v/$1/ match http m|^HTTP/1\.0 200 ;OK\r\nServer: \?\?\?\?\?\?\?\?\?\?\?\?\?\?\r\nContent-Type: text/html\r\nConnection: Close\r\n\r\n\n\n\nEATON\n| p/Eaton Powerware Environmental Rack Monitor httpd/ d/power-misc/ match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nPlasma Monitor web control system\r\n| p/Pioneer PRO-141 monitor http config/ d/media device/ cpe:/h:pioneer:pro-141/ match http m|^HTTP/1\.0 200 200 OK\r\n.*Server: Ubicom/([\w._-]+)\r\n.*Microtek WES : Login\r\n|s p/Ubicom/ v/$1/ i/Microtek ML-WES WAP http config/ d/WAP/ cpe:/h:microtek:ml-wes/ match http m|^HTTP/1\.0 200 OK\r\nCache-Control: no-cache\r\nContent-Type:text/html\r\nContent-Length: *\d+\r\n\r\n\n\n\n\n| p/ISPmanager SSL redirector/ match http m|^HTTP/1\.0 200 OK\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nContent-type: text/html; charset=utf-8\r\nDate: .*\r\n\r\n\r\nJointSpace| p/jointSPACE TV application framework/ d/media device/ match http m|^HTTP/1\.1 200 OK\r.*\nlibAbsinthe: (r[\d.]+)\r\n|s p/Legify Absinthe/ v/$1/ match http m|^HTTP/1\.1 200 OK\r\n.*Server: Web Server\r\nContent-Type: text/html\r\n.*\r\n\r\n \r\nNETGEAR ([^<]+)|s p/Netgear $1 http config/ d/switch/ cpe:/h:netgear:$1/a match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Basic realm=\"Domoticz\.com\"\r\n\r\n|s p/Domoticz home automation httpd/ match http m|^HTTP/1\.0 302 Redirect\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ match http m|^HTTP/1\.1 401 Unauthorized\r\nSet-Cookie: mainServerInstance=; path=/\r\nSet-Cookie: CrushAuth=| p/CrushFTP web interface/ match http m|^HTTP/1\.1 200 OK\r\nServer: pyTivo/([\d.]+)\r\n| p/pyTivo http interface/ v/$1/ d/media device/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: DVRDVS-Webs\r\n| p/Hikvision DVR http interface/ d/media device/ match http m|^HTTP/1\.1 302 FOUND\r\nX-Hue-Jframe-Path: /\r\n| p/Cloudera Hue http Hadoop UI/ match http m=^HTTP/1\.1 200 OK\r.*\nLiferay-Portal: Liferay Portal (Community|Enterprise) Edition ([^(]+) \([A-Z][a-z]+ / Build (\d+) / [^)]+\)\r.*\nServer: Apache\r\n=s p/Liferay Portal $1 Edition/ v/$2/ i/build $3; Apache Tomcat/ cpe:/a:apache:tomcat/ match http m|^HTTP/1\.1 401 Unauthorized\nContent-Type: text/html;\nConnection: close\nWWW-Authenticate: Basic realm=\"Default: admin/admin\"\nContent-Length: \r\n\r\nSitecom Multi-Functional USB Server ([^<]+)| p/Sitecom $1 http config/ match http m|^HTTP/1\.0 200 OK\r\nCache-control: no-cache\r\nPragma: no-cache\r\nExpires: \"[^"]+\"\r\nContent-length: \d+\r\nContent-type: text/html\r\n\r\n\n\nILV701PL Web Configuration - Authentication| p/LEXCOM ILV701PL IPTV receiver http config/ d/media device/ match http m|^HTTP/1\.0 500 Server Error\nContent-Type: text/html\n\nhaserl CGI Error
          \n\[string \"([^"]+)\"\]:\d+:| p/Haserl CGI wrapper/ i/CGI path: "$1"/
          match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html\r\nWWW-Authenticate: Basic realm=\"yhhtpd\r\n| p/Neutrino yhttpd 3.X/
          match http m|^HTTP/1\.0 200 OK\r\nServer: xLightweb/([\d.]+)\r\nContent-Length: 0\r\nConnection: close\r\nAccess-Control-Allow-Origin: \*\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Headers: device-os, device-mo, app-build, device-id, device-no, device-ip, tracker, sub-id, sid\r\n\r\n| p/xLightweb httpd/ v/$1/
          match http m|^HTTP/1\.0 200 Document follows\r\nServer: XCD WebAdmin\r\nContent-Type: text/html\r\n\r\n| p/Intermec EasyLAN print server http admin/ d/print server/
          match http m|^HTTP/1\.1 200 OK\r\nServer: Dump1090\r\n| p/Dump1090 Mode S decoder http viewer/
          match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nETag: \"[^"]\"\r\nAccept-Ranges: bytes\r\nContent-Length: \d+\r\nConnection: close\r\nContent-Type: text/html\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n\n| p/Fortinet FortiGate SSL VPN/ d/security-misc/
          match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: qHTTPs\r\n| p/AEG Powersolutions UPS View http viewer/ d/power-device/
          match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: sid=[^;]+; path=/; httponly\r\nSet-Cookie: sid\.sig=[^;]+; path=/; httponly\r\nDate: .*\r\nConnection: close\r\n\r\n.*

          Webhook Deployer v([\w._-]+)|s p/Node.js/ i/Webhook Deployer v$1/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nContent-Length: \d+\r\nServer: SIMP LIGHT\r\n\r\nSIMP Light web server \[ver\. ([\w._-]+)\]| p/SIMP Light SCADA httpd/ v/$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 91\r\nContent-Type: text/html\r\nX-Plex-Protocol: 1\.0\r\n| p/Plex Media Center httpd/ match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n]*friendlyName=\"([^"]*)\" [^>]*platform=\"([^"]+)\" platformVersion=\"([^"]+)\" [^>]*version=\"([^"]+)| p/Plex Media Server httpd/ v/$4/ i/friendlyName: $1; OS version $3/ o/$2/ cpe:/a:plex:plex_media_server:$4/ # Sometimes the version is too far down the page :( match http m|^HTTP/1\.[01] 200 OK\r\nContent-Type: text/xml;charset=utf-8\r\nContent-Length: \d+\r\nConnection: close\r\nX-Plex-Protocol: 1\.0\r\nCache-Control: no-cache\r\n\r\n<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n]*friendlyName=\"([^"]*)\" [^>]*platform=\"([^"]+)\" platformVersion=\"([^"]+)\"| p/Plex Media Server httpd/ i/friendlyName: $1; OS version $3/ o/$2/ cpe:/a:plex:plex_media_server/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nSet-Cookie: cookie_session_id_0=\d+; path=/;\r\nCache-Control: public\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: Thu, 01 Jan 1970 00:00:00 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLocation: https?://[\w._-]+:\d+/index\.cgi\?active%5fpage=9091&req%5fmode=0\r\n\r\n| p/OpenRT httpd/ o/OpenRT/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"(iRMC S\d)@iRMC([0-9A-F]{6})\", qop=\"auth\", nonce=\"[0-9a-f-]+\", opaque=\"[0-9a-f]+\", stale=\"FALSE\" \r\n(?:Connection: close\r\n)?Cache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\n\r\n296\r\n| p/Fujitsu $1 httpd/ i/Host ID (MAC) $2/ d/remote management/ match http m|^HTTP/1\.1 400 Bad Request\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nProxy-Connection: close\r\nConnection: close\r\nContent-Length: 727\r\n\r\n\r\nRequest Error\r\n\r\n\r\n\r\n
          | p/ISPConfig http control panel/ match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Digest realm=\"(TV-IP\d\d\d\w*)\",qop=\"auth\", nonce=\"[a-f0-9]+\"\r\n\r\n| p/TRENDnet $1 httpd/ d/webcam/ cpe:/h:trendnet:$1/a #example $2 = "MediaCloset\0" match http m|^HTTP/1\.0 200 OK\r\nContent-type: text/html\r\n\r\nAPC Back-UPS ([^(]+)\(([^)]+)\)| p/APC Back-UPS $1 http admin/ i/$P(2)/ match http m|^HTTP/1\.1 401 UNAUTHORIZED\r\nWWW-Authenticate: Basic realm=\"Login Required\"\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 90\r\nDate: .*\r\nServer: ([\w._-]+)\r\n\r\nCould not verify your access level for that URL\.\nYou have to login with proper credentials| p/Maraschino XBMC http interface/ h/$1/ match http m|^HTTP/1\.0 200 OK\r\nSet-Cookie: session=[0-9a-f]{40}; Path=/; HttpOnly\r\nX-Auth-Status: none\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\nContent-Length: \d+\r\n\r\n.* href=\"/ajenti:static/|s p/Ajenti http control panel/ cpe:/a:ajenti:ajenti/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Hydra/([\w._-]+)\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n\n\nIntelligent Switch>\n| p/Hydra httpd/ v/$1/ i/ZyXEL GS1600 or GS1900 switch/ d/switch/ cpe:/a:nikos_mavroyanopoulos:hydra:$1/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: \d+\r\nLast-Modified: .*\r\nETag: \"[^"]+\"\r\nContent-Type: text/html\r\n\r\n\n\nIntelligent Switch>\n| p/Hydra httpd/ i/ZyXEL GS1600 or GS1900 switch/ d/switch/ cpe:/a:nikos_mavroyanopoulos:hydra/ match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: \r\n\r\n| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/ # version 8.6 has Secure; HttpOnly match http m|^HTTP/1\.1 200 OK\r\nSet-Cookie: JSESSIONID=[0-9A-F]{32}; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\nServer: \r\n\r\n| p/Cisco Unified Communications Manager httpd/ cpe:/a:cisco:unified_communications_manager/ match http m|^HTTP/1\.0 500 No such header: Host\r\nserver: Ag \[47\]\r\ncontent-type: text/html\r\n\r\n\n\n\n\n

          500: No such header: Host

          \n\n\r\n| p/ZyXEL Keenetic http admin/ d/broadband router/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\n\r\nBasic Status\n| p/NetComm Wireless ADSL router http admin/ d/WAP/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Easy Chat Server/([\w._-]+)\r\n| p/Easy Chat Server httpd/ v/$1/ match http m|^HTTP/1\.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: \d+\r\nX-Iinfo: ?[\d-]+ .NNN RT\(\d+ \d+\) q\([ 0-9-]+\) r\([ 0-9-]+\)| p/Incapsula CDN httpd/ match http m|^Evolis TCP/IP\r\n| p/Evolis ID card printer httpd/ d/printer/ match http m|^HTTP/1\.0 200 OK\r\nServer: pilight\r\n| p/pilight home automation webGUI/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nX_Language: .*\r\nContent-Type: text/html\r\nServer: Embedthis-http\r\nLocation: https://([^/]+)/start\.html\n\r\n| p/Embedthis httpd/ i/Dell iDRAC 7/ d/remote management/ h/$1/ cpe:/h:dell:idrac7/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nContent-Type: text/html\r\nContent-Length: 165\r\nLocation: http://oishare/DCIM\r\n\r\n\r\n301 Moved Permanently\r\n

          301 Moved Permanently

          \r\n\r\n\r\n| p/Olympus camera httpd/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: \r\nCache-Control: no-cache, private\r\nPragma: no-cache\r\nExpires: .*\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n\r\n\r\n\r\n(NWA[\w-]+)| p/ZyXEL $1 http config/ d/WAP/ cpe:/h:zyxel:$1/a match http m|^HTTP/1\.0 404 Not Found\r\nServer: thttpd/([\w.]+)-Avtrex/([\w._-]+)\r\n| p/thttpd/ v/$1/ i/Avtrex $2/ d/media device/ cpe:/a:acme:thttpd:$1/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nConnection:close\r\n\r\n\r\n\r\n\r\n\tBerryz WebShare| p/Berryz WebShare/ match http m|^HTTP/1\.1 500 Internal error\r\nCache: no-cache\r\nContent-Type: text/plain\r\nContent-Length: 28\r\n\r\nCardo Updater Internal error| p/Cardo Updater/ match http m|^HTTP/1\.1 200 OK\r\nCONTENT-TYPE: text/html\r\nCONTENT-LENGTH: 260\r\n\r\n.*

          PRESENTATION PAGE

          |s p/Pioneer VSX-921, Denon DNP-720AE, or Marantz AV7005 AV receiver http config/ d/media device/ match http m|^HTTP/1\.1 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"Fhem: login required\"\r\nContent-Length: 0\r\n\r\n| p/FHEMWEB Fhem frontend/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\n\r\nYouLess energy monitor| p/YouLess energy monitor httpd/ d/power-device/ match http m|^HTTP/1\.1 500 Server Error\r\nContent-Length: 0\r\nServer: HBHTTP POGOMVOFFICE - ([\w._-]+) - Linux\r\nDate: .*\r\nConnection: close\r\n\r\n| p/Pogoplug Office NAS httpd/ v/$1/ d/storage-misc/ o/Linux/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 404 Not Found\r\n.*\r\nServer: AmazonS3\r\n\r\n404|s p/Amazon S3 httpd/ match http m|^HTTP/1\.0 404 Not Found\r\nX-Powered-By: Servlet/([\d.]+)\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n

          SRVE0255E: A WebGroup/Virtual Host to handle / has not been defined\.


          SRVE0255E: A WebGroup/Virtual Host to handle localhost:\d+ has not been defined\.


          IBM WebSphere Application Server| p/IBM Tivoli Enterprise Portal/ i/Servlet $1/ cpe:/a:ibm:websphere_application_server/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nLocation: http://([\w.-]+)/index\.do\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nDate: .*\r\nConnection: close\r\nServer: ThinkFree Server\r\n\r\n| p/ThinkFree Server Integrator/ h/$1/ match http m|^HTTP/1\.1 \d\d\d .*
          nginx/([\d.]+)
          \r?\n\r?\n[\r\n]+$|s p/nginx/ v/$1/ cpe:/a:igor_sysoev:nginx:$1/ match http m|^HTTP/1\.1 302 Found\r\nDate: .*\r\nCache-Control: no-cache\r\nX-Runtime: \d+\r\nSet-Cookie: spiceworks_session=[^;]+; path=/; HttpOnly\r\nLocation: https?://([\w.-]+):\d+/login\r\n| p/Spiceworks http admin/ h/$1/ match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nServer: Clearswift\r\n| p/Clearswift Secure Web Gateway/ d/security-misc/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nETag: \"[^"]+\"\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nConnection: close\r\nDate: .*\r\nServer: dcs-lig-httpd\r\n\r\n| p/lighttpd/ i/D-Link DCS IP camera/ d/webcam/ cpe:/a:lighttpd:lighttpd/a match http m|^HTTP/1\.1 200 OK\r\nContent-type: text/html\r\nExpires: .*\r\nConnection: close\r\nPragma: no-cache\r\nContent-Length: \d+\r\n\r\n\n\n\n Xfinity| p/Xfinity router http config/ d/broadband router/ # Panasonic TX-P55VTW60 match http m|^HTTP/1\.0 404 Not Found\r\nServer: Panasonic AVC Server/([\w._-]+)\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nContent-Length: 0\r\n\r\n| p/Panasonic AVC httpd/ v/$1/ d/media device/ match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Length: 15\r\nContent-Type: text/html\r\nAccess-Control-Allow-Origin: \*\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\n\r\nInvalid request| p/Amazon MP3 Downloader httpd/ match http m|^HTTP/1\.1 303 See Other\r\nContent-Type: text/html\r\nContent-Length: 0\r\nLocation: https://([\w.-]+):\d+/webvpn\.html\r\nSet-Cookie: webvpncontext=00@[\w._-]+; path=/\r\nConnection: Keep-Alive\r\n\r\n| p/Cisco SSLVPN/ h/$1/ match http m|^HTTP/1\.0 302 Redirect\r\nServer: Hikvision-Webs\r\nDate: .*\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nLocation: http://([\w.-]+):\d+/index\.[asphtm]+\r\n\r\n| p/Hikvision DVR httpd/ d/media device/ h/$1/ match http m|^HTTP/1\.1 400\r\nContent-Length: 22\r\nContent-Type: text/plain\r\n\r\nMalformed Request-Line| p/SABnzbd newsreader httpd/ match http m|^HTTP/1\.1 200 OK\r\nServer: HP_Compact_Server\r\nContent-Length: \d+\r\n-onnection: keep-alive\r\nContent-Type: text/html\r\n| p/HP LaserJet printer http admin/ d/printer/ # ntopng <= 1.1 (r7342) had an auth bypass because processing isn't terminated after redirect. match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\nHTTP/1\.1 200 OK\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nServer: ntopng ([\d.]+) \((r\d*)\)\r\n| p/ntopng http interface/ v/$1/ i/SVN $2; auth bypass/ cpe:/a:ntop:ntopng:$1/ match http m|^HTTP/1\.1 302 Found\r\nSet-Cookie: session=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT; max-age=0; HttpOnly\r\nLocation: /login\.html\r\n\r\n$| p/ntopng http interface/ v/1.2 or later/ cpe:/a:ntop:ntopng/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\nServer: owhttpd\r\nLast-Modified: .*\r\nContent-Type: text/html\r\n\r\n| p/OWFS httpd/ match http m|^HTTP/1\.0 401 Unauthorized\r\nPragma: no-cache\r\nWWW-Authenticate: Digest realm=\"([^"]+)\", domain=\"/\", nonce=\"[\da-f]+\", algorithm=\"MD5\", qop=\"auth\"\r\nWWW-Authenticate: Basic realm=\"\1\"\r\nContent-Type: text/html\r\n.*\r\n\r\nError 401|s p/Tandberg videoconference httpd/ i/"$1"/ match http m|^HTTP/1\.0 200 OK\r\nContent-Type: text/html\r\nSet-Cookie: rg_cookie_session_id=.*.*(MP\d\w+)|s p/Audiocodes $1 gateway http config/ d/VoIP adapter/ match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/html\r\nDate: .*\r\nConnection: close\r\n\r\n\n\n \n rabbit\.js and Socket\.IO publish/subscribe example| p/Node.js/ i/rabbit.js messaging example page/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.0 200 OK\nContent-type: text/html\r\nDate: .*?\r\nConnection: close\r\n\r\n.*\n|s p/DVRWeb viewer/ v/$SUBST(1,",",".")/ i/CmdPort $2; StreamPort $3/ match http m|^HTTP/1\.0 200 OK\r\nServer: KwikNet Web Server\r\n| p/Kadak KwikNet httpd/ match http m|^HTTP/1\.1 406 Not Acceptable\r\nContent-Type: text/html\r\nServer: MineloadHTTPD\r\n\r\nInvalid XML password\.| p/Mineload Bukkit plugin/ match http m|^HTTP/1\.1 401 Unauthorized\r\nDate: .*\r\nServer: cPanel\r.*\nWWW-Authenticate: Basic realm=\"cPanel WebDisk\"\r\n|s p/cPanel httpd/ i/unauthorized/ match http m|^HTTP/1\.1 200 OK\r\nPragma: no-cache\r\nCache-control: no-cache\r\nDate: .*\r\nServer: eXtensible UPnP agent\r\nAccept-Ranges: none\r\nConnection: close\r\nContent-Type: text/html\r\nEXT:\r\n\r\n.*Uptime: (\d+ days, [\d:]+).*Model: xupnpd-([\w._-]+)|s p/xupnpd http admin/ v/$2/ i/uptime: $1/ match http m|^HTTP/1\.1 200 OK\r\nServer: fexsrv\r\nLast-Modified: .*\r\nContent-Length: \d+\r\nContent-Type: text/html\r\n\r\n| p/F*EX (Frams' Fast File EXchange) server/ cpe:/a:ulli_horlacher:fex/ match http m|^HTTP/1\.0 403 Forbidden\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: \d+\r\nPragma: no-cache\r\n\r\n\r\n\r\n\r\n\r\n \" >| p/Novell Access Gateway/ match http m|^HTTP/1\.0 302 Moved Temporarily\r\nContent-Type: text/html\r\nSet-Cookie: wbm_cookie_session_id=[\dA-F]+; path=/; HttpOnly\r\nCache-Control: public,max-age=86400\r\nPragma: cache\r\nExpires: .*\r\nDate: .*\r\nLast-Modified: .*\r\nAccept-Ranges: bytes\r\nConnection: close\r\nLocation: /main\.cgi\?page=index\.html\r\n\r\n| p/Vodafone Station http config/ d/WAP/ # Also responds to GenericLines (v6.60) match http m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: \d+ +\r\n\r\n.+>Dual DHCP DNS Server Version ([\w._-]+ Windows Build \d+)<|s p/Dual DHCP DNS Server http viewer/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match http m|^HTTP/1\.1 200 Ok\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nRefresh: 5;url=/\r\n\r\n.*

          PowerMTA™ ([\w._-]+) 
          \r\n
          \r\n\r\nRedirect \(authentication_redirect_to_virtual_host\)| p/Pitney Bowes Business Manager BMDLAService/ h/$1/ match http m|^HTTP/1\.0 401 Unauthorized\r.*\nServer: phionEntegraHTTP\r\nAllow: GET, HEAD, DELETE\r\nWWW-Authenticate: Basic realm=phion Transparent Agent authentication\r\n|s p/phion Entegra SSL VPN client/ match http m|^HTTP/1\.0 404 Not Found\r\nServer: 2Wire TR-069\r\nContent-Length: 0\r\nAllow: GET\r\nWWW-Authenticate: d=\d+ +set_mask=0x[\da-f]+ +handle_evt=0x[\da-f]+.+\r\n| p/2Wire TR-069 access/ match http m|^HTTP/1\.1 302 Found\r\nX-UA-Compatible: IE=edge,chrome=1\r\nSet-Cookie: JSESSIONID=[\dA-F]+; Path=/; Secure; HttpOnly\r\nDate: .*\r\nLocation: /login\.html\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nVary: Accept-Encoding\r\nConnection: close\r\nServer: NSC/([\w._-]+) \(JVM\)\r\n\r\n| p/Nexpose Security Console/ v/$1/ cpe:/a:rapid7:nexpose:$1/ match http m|^HTTP/1\.1 302 Found\r\nX-UA-Compatible: IE=edge,chrome=1\r\nSet-Cookie: JSESSIONID=[\dA-F]+; Path=/; Secure; HttpOnly\r\nDate: .*\r\nLocation: /maintenance-login\.html\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nVary: Accept-Encoding\r\nConnection: close\r\nServer: NSC/([\w._-]+) \(JVM\)\r\n\r\n| p/Nexpose Security Console/ v/$1/ i/maintenance mode/ cpe:/a:rapid7:nexpose:$1/ match http m|^HTTP/1\.1 404 Not Found\r\nX-Powered-By: Sinopia/([\w._-]+)\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 13\r\nVary: Accept-Encoding\r\nX-Status-Cat: http://flic\.kr/p/aV6juR\r\nDate: .*\r\nConnection: close\r\n\r\nCannot GET /\n| p/Sinopia npm proxy/ v/$1/ i/node.js/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.1 300 Multiple Choices\r\nVary: X-Auth-Token\r\nContent-Type: application/json\r\nContent-Length: \d+\r\nDate: .*\r\nConnection: close\r\n\r\n{\"versions\": {\"values\": \[{.*?\"type\": \"application/vnd\.openstack\.identity-v([\d.]+)\+| p/OpenStack Identity API/ v/$1/ match http m|^HTTP/1\.1 200 Ok\r\nServer: ZyXEL Modem\r\n.*\.::Welcome to ZyXEL ([^:<]+?)::\.|s p/ZyXEL $1 modem http config/ d/broadband router/ cpe:/h:zyxel:$1/a match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\nDate: .*\r\nContent-length: \d+\r\nContent-type: text/html; charset=UTF-8\r\nX-powered-by: Servlet/([\w._-]+) JSP/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/ i/Servlet $2; JSP $3/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Oracle-Traffic-Director/([\w._-]+)\r\n| p/Oracle Traffic Director/ v/$1/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nServer: Printopia/([\w._-]+)\r\nLocation: http://www\.ecamm\.com/mac/printopia/instructions\.html\r\nConnection: close\r\n\r\n| p/Printopia for Mac/ v/$1/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match http m|^HTTP/1\.1 401 Unauthorized\r\nServer: httpd\r\nDate: .* GMT\r\nWWW-Authenticate: Basic realm=\"(E\d+)\"\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\n| p/Cisco Linksys $1 router config/ d/broadband router/ cpe:/h:cisco:linksys_$1/a # Blackberry 10.2.1 match http m|^HTTP/1\.0 404 Not Found\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nServer: \r\n\r\n404 Not Found\n

          404 Not Found

          \nindex\.html:
          This item has not been found
          \n| p/Blackberry Universal Device Service/ d/phone/ cpe:/a:blackberry:blackberry_universal_device_service/ match http m|^HTTP/1\.1 404 Service not found\r\nDate: .* GMT\r\nServer: ACE XML Gateway\r\nContent-Type: text/plain\r\nContent-Length: 42\r\nConnection: close\r\n\r\nNo handler was found matching the request\.| p/Cisco Application Control Engine XML Gateway/ d/load balancer/ cpe:/a:cisco:application_control_engine_software/ # Post-2.2 development version has longer content match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Length: 17\r\nWWW-Authenticate: Basic realm=varnish-agent\r\nDate: .*\r\n\r\nAuthorize, please$| p/Varnish Agent/ v/2.2 or older/ cpe:/a:varnish-cache:varnish_agent/ match http m|^HTTP/1\.1 401 Unauthorized\r\nWWW-Authenticate: Digest realm=\"NetAV\", nonce=\"[\da-f]{32}\", algorithm=MD5, domain=\"/netav/\", qop=\"auth\",\r\nPragma: no-cache\r\nCache-control: no-cache, no-store\r\n\r\n$| p/Sony NetAV/ d/media device/ # UUID header added in 0.5.6b match http m|^HTTP/1\.1 400 Bad request\r\nContent-Type: text/html; charset=utf-8\r\nPragma: no-cache\r\nExpires: 0\r\nCache-Control: no-store\r\nConnection: close\r\nX-PageKite-UUID: [\da-f]{40}\r\n\r\n

          400 Bad request

          Invalid request, no Host: found\.

          \n| p/PageKite localhost tunnel/ v/0.5.6b or later/ match http m|^HTTP/1\.1 404 Not Found\r\nDate: .*\r\nServer: Genetic Lifeform and Distributed Open Server ([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html; charset=ISO-8859-1\r\nCache-Control: public, max-age=31536000\r\nContent-Length: 28\r\n\r\nAn error has occurred\. \(404\)| p/Hentai@Home P2P downloader/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request \(missing Host: header\)\r\nConnection: close\r\nDate: .* ([-+]\d\d\d\d)\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n| p/Pandora FMS/ i/timezone: $1/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nContent-Type: text/plain\r\nContent-Length: 24\r\nLocation: /unsupported_browser\.htm\r\nDate: .*\r\nConnection: close\r\nServer: RStudio\r\n\r\n/unsupported_browser\.htm| p/RStudio Server/ match http m|^HTTP/1\.0 401 unknown \r\nServer: ForceLiveTransfer/([\w ]+)\r\nContent-Length: 0\r\nDate: .*\r\nWWW-Authenticate: Basic realm=\"[^"]+\"\r\n\r\n$| p/ForceTech ForceLive Transfer/ v/$1/ d/media device/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-type: text/plain\r\nContent-length: 58\r\n\r\n400 Bad Request\n'json' or 'msgpack' parameter is required\n$| p/fluentd data collector/ v/0.10.48 or later/ match http m|^HTTP/1\.1 301 Moved Permanently\r\nLocation: http://null/console/index\.html\r\nConnection: close\r\nDate: .*\r\n\r\n$| p/HornetQ JMS http admin/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nContent-Type: text/html; charset=UTF-8\r\nServer: gvs ([\d.]+)\r\n.* Error 404 \(Not Found\)!!1|s p/Google Video Server/ v/$1/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/plain\r\nConnection: close\r\nDate: .*\r\nServer: HP-iLO-Server/([\w._-]+)\r\nContent-Length: 0\r\n\r\n| p/HP Integrated Lights-Out web interface/ v/$1/ cpe:/h:hp:integrated_lights-out:$1/ match http m|^HTTP/1\.0 404 Not Found\r\nDate: .*\r\nServer: Brazil/([\d.]+)\r\nConnection: close\r\nContent-Length: 135\r\nContent-Type: text/html\r\n\r\n\n\nError: 404\n\nGot the error: Not Found
          \nwhile trying to obtain /
          \n\n\n| p/Sun Labs Brazil httpd/ v/$1/ o/Android/ cpe:/o:google:android/a cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 403 Forbidden\r\nServer: Norman Security/([\w._-]+)\r\nContent-Type: text/html\r\nConnection: Close\r\nContent-Length: 83\r\n\r\nSecurity Error

          403 - Forbidden

          | p/Norman Security Suite http config/ v/$1/ cpe:/a:norman:security_suite:$1/ match http m|^HTTP/1\.0 401 Unauthorized\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Tadiran MGCP Phone\"\r\nContent-Type: text/html\r\n\r\n| p/Tadiran MGCP phone http config/ d/VoIP phone/ match http m|^HTTP/1\.1 \d\d\d .*\r\nDate: .*\r\nServer: Cosminexus HTTP Server\r\n| p/Hitachi Cosminexus httpd/ cpe:/a:hitachi:cosminexus_application_server/ match http m|^HTTP/1\.1 \d\d\d .*\r\nServer: Intel\(R\) Small Business Technology ([\w._-]+)\r\n|s p/Intel Small Business Technology Platform/ v/$1/ d/remote management/ cpe:/a:intel:small_business_technology_platform:$1/ match http m|^HTTP/1\.0 200 OK\r\nConnection: Close\r\n.*|s p/IBM WebSphere Application Server/ v/$1/ i/Liberty Profile/ cpe:/a:ibm:websphere_application_server:$1:-:liberty_profile/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: DrWebServer/REL-1000-([\w._-]+) ([^/]+)/(\w+) Lua/([\w._-]+) OpenSSL/([\w._-]+) zlib/([\w._-]+) UNICODE/[\d.]+\r\n|s p/Dr.Web Enterprise Security Suite httpd/ v/$1/ i/arch: $3; Lua $4; OpenSSL $5; zlib $6/ o/$SUBST(2,"_"," ")/ cpe:/a:drweb:enterprise_security_suite:$1/ cpe:/a:gnu:zlib:$6/ cpe:/a:openssl:openssl:$5/ cpe:/a:puc-rio:lua:$4/ # aviosys 9060 webcam match http m|^HTTP/1\.0 401 NG \r\nWWW-Authenticate: Basic realm=Camera Name : (.*)\r\n\r\nUnauthorized$| p/Aviosys webcam httpd/ i/camera name: $1/ d/webcam/ match http m|^HTTP/1\.1 400 Bad request\r\nContent-Length: 80\r\n\r\n400 Bad requestBad request| p/Cockpit management console/ o/Linux/ cpe:/a:redhat:cockpit/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 404 Not Found\r\nServer: CPE-SERVER/([\w._-]+) Supports only GET\r\n\r\n| p/CPE Server TR-069 remote access/ v/$1/ d/broadband router/ match http m|^HTTP/1\.1 200 OK\r\nServer: IPCamera HTTP/ONVIF/P2P/RTSP/VOD Multi-Server\r\n| p|DB Power IP Camera HTTP/ONVIF/P2P/RTSP/VOD multi-server| d/webcam/ match http m|^HTTP/1\.1 200 OK\r\nServer: WebServer\(ipcamera\)\r\n| p|DB Power IP Camera HTTP/ONVIF/P2P/RTSP/VOD multi-server| d/webcam/ # Amazon Fire TV match http m|^HTTP/1\.1 \d\d\d [\w ]+ \r\nContent-Type: text/plain\r\nDate: .*\r\nConnection: keep-alive\r\nContent-Length: \d+\r\n\r\nError \d\d\d, [\w ]+\.$| p/Amazon Whisperplay DIAL REST service/ d/media device/ cpe:/a:amazon:whisperplay/ match http m|^HTTP/1\.1 403 HTTP_FORBIDDEN\r\nCache-Control: no-cache\r\nConnection: close\r\nDate: .* \d\d:\d\d:\d\d\r\n\r\n| p/Folding@Home FAHClient/ cpe:/a:stanford:fahclient/ match http m|^HTTP/1\.1 401 Unauthorized\r\nContent-Length: 0\r\nWWW-Authenticate: Digest qop=\"auth\", realm=\"rokudev\", nonce=\"1412736333\"\r\n\r\n| p/Mongoose httpd/ v/3.7/ i/Roku developer interface, firmware 5.2 or later/ cpe:/a:cesanta:mongoose:3.7/ match http m|^HTTP/1\.1 200 Ok\r\nServer: httpd\r\nDate: .* GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: 0\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n| p/milli_httpd/ cpe:/a:acme:milli_httpd/ # Some misconfiguration perhaps? match http m|^HTTP/1\.1 200 OK\r\nContent-Type: text/plain\r\nDate: .* GMT\r\nConnection: close\r\n\r\nNot implemented$| p/Node.js/ cpe:/a:nodejs:node.js/ match http m|^HTTP/1\.0 401 Unauthorized\r\nContent-Type: text/html; charset=utf-8\r\nCache-Control: no-cache\r\nWWW-Authenticate: Digest realm=\"Tixati Web Interface\", qop=\"auth\", nonce=\"[0-9a-f]{32}\", opaque=\"[0-9a-f]{32}\"\r\n\r\n| p/Tixati bittorrent client Web interface/ cpe:/a:tixati:tixati/ match http m|^HTTP/1\.1 401 Not Authorized\r\nWWW-Authenticate: Basic realm=\"Vuze - Vuze Web Remote\"\r\nContent-Length: 15\r\n\r\nAccess Denied\r\n| p/Vuze remote http admin/ cpe:/a:azureus:vuze/ match http m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nDate: .* GMT\r\nContent-Length: 1164\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n| p/Oracle WebLogic admin httpd/ cpe:/a:oracle:weblogic_server/ match http m|^HTTP/1\.1 \d\d\d .*\r\nConnection: Keep-Alive\r\nServer: \r\nContent-Type: text/html\r\nContent-Length: \d+\r\n\r\n\r\n| p/Siemens Gigaset C610 VoIP Phone http admin/ d/VoIP phone/ cpe:/h:siemens:gigaset_c610/a match http m|^HTTP/1\.1 400 Bad Request\r\nSERVER: HDHomeRun/([\w._-]+)\r\n| p/SiliconDust HDHomeRun set top box http admin/ v/$1/ d/media device/ cpe:/h:silicondust:hdhomerun/ match http m|^HTTP/1\.0 401 Unauthorized\r\nDate: .*\r\nContent-type: text/html\r\nContent-Length: 97\r\nWWW-Authenticate: Digest qop=\"auth\", stale=false, algorithm=MD5, realm=\"(ECOR[\w_-]+)\", nonce=\"\d+\"\r\nConnection: keep-alive\r\n\r\n401 Unauthorized\n

          401 Unauthorized

          \n| p/EverFocus $1 DVR http viewer/ d/media device/ cpe:/h:everfocus:$1/ match http m|^HTTP/1\.0 200 OK\r\nDate: .*\r\nServer: Raumfeld Renderer\r\nConnection: close\r\nContent-Type: audio/x-flac\r\n| p/Raumfeld Connector audio streaming httpd/ d/media device/ cpe:/h:teufel:raumfeld_connector/ match http m|^HTTP/1\.1 200 OK\r\nServer: Linux, WEBACCESS/([\w._-]+), (DIR-\w+) Ver ([\w._-]+)\r\n| p/D-Link SharePort web access/ v/$1/ i/model $2, version $3/ d/storage-misc/ o/Linux/ cpe:/a:d-link:shareport_web_access:$1/ cpe:/h:d-link:$2/ cpe:/o:linux:linux_kernel/a match http m|^HTTP/1\.1 400 Bad Request\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/T-Home Telekom Media Reciever httpd/ d/media device/ match http m|^HTTP/1\.1 400 Bad Request\r\nContent-Type: text/html; charset=\"utf-8\"\r\nServer: Linux/([\w._-]+) DoaHTTP\r\nContent-Length: 0\r\nDate: .* GMT\r\n\r\n$| p/com.sec.android.app.FileTransferServer/ o/Android/ cpe:/o:google:android/ cpe:/o:linux:linux_kernel:$1/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: WebIOPi/([\w._-]+)/Python(\d[\w._-]*)\r\n| p/WebIOPi IoT framework/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:trouch:webiopi:$1/ match http m|^HTTP/1\.0 200 OK\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n\n.*\n\n| p/Fortinet SSL VPN/ d/security-misc/ # Netasq/Stormshield match http m|^HTTP/1\.0 302 Moved Temporarily\r\nDate: .*\r\nConnection: Close\r\nLocation: /auth/\r\nCache-Control: no-store,no-cache,must-revalidate\r\nPragma: no-cache\r\nExpires: -1\r\nLast-Modified: Mon, 12 Jan 2000 13:42:42 GMT\r\nContent-Type: text/html\r\n\r\n| p/Stormshield firewall admin httpd/ d/firewall/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a # Despite the 1.4 server header, this can be anything from 1.4 to 2.0: match http m|^HTTP/1\.1 200 OK\r\nETag: W/\"\d\d\d\d-\d+\"\r\nLast-Modified: .*\r\nContent-Type: text/html\r\nContent-Length: \d+\r\nDate: .*\r\nServer: Sun-Java-System/Web-Services-Pack-1\.4\r\nConnection: close\r\n\r\n\n\nJava Web Services Developer Pack ([\d.]+)| p/Java Web Services Developer Pack/ v/$1/ cpe:/a:sun:jwsdp:$1/ match http m|^HTTP/1\.0 301 Moved Permanently\r\nHTTP/1\.0 400 Bad Request\r\n| p/Huawei S5700-series switch httpd/ d/switch/ match http m|^HTTP/1\.0 \d\d\d .*\r\nServer: switch\r\nDate: [a-z,0-9: ]+ GMT\r\nContent-Length: \d\d?\r\nConnection: Close\r\n\r\n| p/Huawei S5700-series switch httpd/ d/switch/ match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(TV-IP\w+)\"\r\n\r\n| p/alphapd httpd/ i/TrendNet $1 IP camera/ d/webcam/ cpe:/h:trendnet:$1/ match http m|^HTTP/1\.0 401 Authorization Required\r\nServer: alphapd\r\nDate: .* \d\d\d\d\r\nCache-Control: no-cache\r\nContent-type: text/html\r\nWWW-Authenticate: Basic realm=\"(DCS-\w+)\"\r\n\r\n| p/alphapd httpd/ i/D-Link $1 IP camera/ d/webcam/ cpe:/h:d-link:$1/ match http m|^HTTP/1\.1 200 OK\r\nServer: Web Server\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n\r\n\n | p/ATEN CN8000 KVM http admin/ cpe:/h:aten:cn8000/ match http m|^HTTP/1\.0 200 OK\r\nContent-Length: \d+\r\nContent-Type: text/html\r\nDate: .*\r\n\r\n\n\n\n \n \n\n\n\n| p/Huawei E5172 router http admin/ d/broadband router/ cpe:/h:huawei:e5172/a match http-proxy m|^HTTP/1\.0 404 Error\r\n.*Extra Systems Proxy Server|s p/Extra Systems http proxy/ o/Windows/ cpe:/o:microsoft:windows/a match http-proxy m|^HTTP/1\.1 502 Bad Gateway\r\nConnection : close\r\n.*\nThe requested URL could not be retrieved\n\n 404 Not Found\n \n

          Not Found

          \n The requested file could not be found\.\n \n\n| p/TightVNC/ cpe:/a:tightvnc:tightvnc/a ##############################NEXT PROBE############################## # ftp://ftp.rfc-editor.org/in-notes/rfc1179.txt Probe TCP LPDString q|\x01default\n| rarity 6 ports 515,2947,3333,32211,19350 match http m|^Error\nYour client sent an invalid \x01default request without a\nprotocol version \(assuming HTTP v0\.9\)\.\n

          The request can not be processed\.$| p/Polycom VVX VoIP phone http config/ d/VoIP phone/ # Port 19350 match fms-core m|^\x01\x01\x14\0\0%\0\0\0\0\0\0\0\x02\0\x08register\0\0\0\0\0\0\0\0\0\x05\x02\0\r_defaultRoot_| p/Adobe Flash Media Server core/ cpe:/a:adobe:flash_media_server/ match printer m|^\0$| match printer m|^default: unknown printer\n$| p/Solaris lpd/ o/Solaris/ cpe:/o:sun:sunos/a # Microsoft Windows 2000 server LPD match printer m|^\x01\x01$| p/Microsoft lpd/ o/Windows/ cpe:/o:microsoft:windows/a # Blackbox Terminal Server (IOLAN v4.03.00 a CDi) # Chase IOLAN terminal server lpd # Bay Networks MicroAnnex XL Comm. Server R10.0 match printer m|^[\x01\x02]$| match printer m|^[-.\w]+: lpsched: unknown printer\n$| p/SGI IRIX lprsrv/ o/IRIX/ cpe:/o:sgi:irix/a match printer m|^Printer default not found \([\w_]+\)\.\n| p/print server/ d/print server/ match printer m|^VSE Line Printer Daemon has rejected this request\.\0\0| p/VSE lpd/ d/print server/ o|z/VSE| cpe:/o:ibm:z%2fvse/ match printer m|^no queue to check\n\0$| p/Wyse Winterm 1200 LE terminal lpd/ d/terminal/ match printer m|^/usr/local/helios/sbin/lpd Printer default doesn't exist! \n$| p/Helios lpd/ match printer m|^\0\x01\r\n Century LPD Service\r\nUnknown printer 'default'\n$| p/Century TinyTERM lpd/ match printer m|^Cirrato printing service \(with PayEx support\)\0| p/Cirrato lpd/ i/with PayEx support/ cpe:/a:cirrato:cirrato/ match rbnb m|^EXM {EXC \0\x1fcom\.rbnb\.api\.SerializeExceptionMSG \0JUnrecognizable parameter read from input stream\.\nElement read was \x01default}\r\nPNG {}\r\n| p/Ring Buffered Network Bus/ i|http://outlet.creare.com/rbnb/| match rfactor-monitor m|^\x02rFactorMonitor\x000400\0$| p/rFactor game monitor/ match gpsd m|^GPSD,D=\?,E=\?,F=([-\w_./]+),A=\?,U=\?,L=\d ([-\w_.]+) abcdefgiklmnopqrstuvwxyz,T=\?\r\n| p/gpsd/ v/$2/ i/Serial port $1/ cpe:/a:gpsd_project:gpsd:$2/ # Ldap bind request, version 2, null DN, AUTH_TYPE simple, null password ##############################NEXT PROBE############################## Probe TCP LDAPBindReq q|\x30\x0c\x02\x01\x01\x60\x07\x02\x01\x02\x04\0\x80\0| rarity 6 ports 256,257,389,390,1702,3268,3892 sslports 636,637,3269 match defrag m|^h\0\0\0\x01\0\0\0\x03\0\0\0\x07\x08\0\0\x02\0\0\0\0d\0\0\0\0\xd9\$\x01\0\0\0\0\0\0T\0\0\0\0\0\0\xb7x\x01\0\0\0\0\0\xc4\x05\0\0\0\0\0\0\xc4\x05\0\0\0\0\0\0\xe2\x0b\0\0\0\0\0\0\xb7\xb5p@\^\xa7\x08\0\0\0\0\0| p/O&O Defrag/ o/Windows/ cpe:/o:microsoft:windows/a match drobo-dsvc m|^(?:DRIDDSVC\x07\x01.\0\0\0..[^\0]*\0)?DRIDDSVC\x07\x01.\0\0\0..\r\n\tESAINFO\r\n\t\d+\r\n\t\d+\r\n\t\w+\r\n\t\w+\r\n\tDrobo(?:-FS)?\r\n\t([][\w._ ]+)\r\n\t([^<]+)\r\n|s p/Drobo-FS DDSVC/ v/$1 ($2)/ match fw1-secureremote m|^[AQ]\0\0\0\0\0\0[^\0]| p/Check Point Firewall-1 SecureRemote/ d/firewall/ cpe:/a:checkpoint:firewall-1/ match fw1-log m|^\0\0\0\t51000000\0\0\0\0[^\0]| p/Check Point Firewall-1 logging service/ d/firewall/ cpe:/a:checkpoint:firewall-1/ # OpenLDAP 2.0.15 on RH Linux 7.3 match ldap m|^0%\x02\x01\x01a \n\x010\x04\0\x04\x19anonymous bind disallowed$| p/OpenLDAP/ i/access denied/ cpe:/a:openldap:openldap/ # OpenLDAP 2.1.22 - doesn't by default allow LDAPv2 request match ldap m|^02\x02\x01\x01a-\n\x01\x02\x04\0\x04&requested protocol version not allowed$| p/OpenLDAP/ v/2.1.X/ cpe:/a:openldap:openldap:2.1/ # OpenLDAP 2.2.8 match ldap m|^0E\x02\x01\x01a@\n\x01\x02\x04\0\x049historical protocol version requested, use LDAPv3 instead| p/OpenLDAP/ v/2.2.X - 2.3.X/ cpe:/a:openldap:openldap/ match ldap m|^0\x84\0\0\0I\x02\x01\x01a\x84\0\0\0@\n\x01\x02\x04\0\x049historical protocol version requested, use LDAPv3 instead$| p/OpenLDAP/ v/2.4.X/ cpe:/a:openldap:openldap:2.4/ match ldap m|^0\x1a\x02\x01\x01a\x15\n\x01\0\x04\0\x04\x0eanonymous bind| p/Nortel CallPilot LDAP/ # Netware 6 # Macintosh 8 # Win 2000 Advanced server. match ldap m|^0\x0c\x02\x01\x01a\x07\n\x01\0\x04\0\x04\0| i/Anonymous bind OK/ # MS Windows Win2K SP4 AD server, also Oracle LDAP on Linux match ldap m|^0\x84\0\0\0\x10\x02\x01\x01a\x84\0\0\0\x07\n\x01\0\x04\0\x04\0$| # PGP Corporation PGP Keyserver 7.0 (relabeled Freeware PGP Keyserver 2.5.8) # PGP LDAP Server 8.x match ldap m|^0\x17\x02\x01\x01a\x12\n\x01\0\x04\0\x04\x0bPGPError #0$| p/PGP Corp. PGP Keyserver/ cpe:/a:pgp:keyserver/ # OctetString VDE Enterprise Edition on Linux 2.4 match ldap m|^0\x0e\x02\x01\x01a\t\n\x01\0\x04\0\x04\0\x87\0$| p/OctetString VDE directory service/ # Lotus Notes 6.5.3 LDAP on W2K3, anonymous bind not allowed, port 637 (ssl) match ldap m|^0\.\x02\x01\x01a\)\n\x010\x04\0\x04\"Failed, anonymous bind not allowed$| p/Lotus Domino 6.x LDAP/ i/access denied/ cpe:/a:ibm:lotus_domino/ # This came off a KIRK Wireless VoIP adapter which I *think* uses Cisco LDAP ?? match ldap m|^0\x0c\x02\x01\x01a\x07\n\x011\x04\0\x04\0$| p/Cisco LDAP server/ match ldap m|^0.\x02.*TLS confidentiality required|s i/TLS required/ match ldap m|^0&\x02\x01\x01a!\n\x01\x02\x04\0\x04\x1aOnly LDAP v3 is supported\.$| p/ApacheDS LDAP/ i/LDAPv3/ match ldap m|^0\x1a\x02\x01\x01a\x15\n\x01\0\x04\0\x04\x0eBind succeeded$| p/Siemens DirX/ # Think this means TLS required? match ldap m|^0 \x02\x01\x01a\x1b\n\x015\x04\0\x04\x14Minimum SSF not met\.| p/Red Hat directory server LDAP/ i/Minimum SSF not met/ o/Linux/ cpe:/a:redhat:ns-slapd/ cpe:/o:redhat:directory_server/ softmatch ldap m|^0.\x02\x01\x01a.\n\x01.\x04\0\x04| # This probe sends a SIP OPTIONS request. # Most of the numbers, usernames, and hostnames are abitrary. ##############################NEXT PROBE############################## Probe TCP SIPOptions q|OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/TCP nm;branch=foo\r\nFrom: ;tag=root\r\nTo: \r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: \r\nAccept: application/sdp\r\n\r\n| rarity 5 ports 406,5060,8081,31337 sslports 5061 fallback GetRequest # Some VoIP phones take longer to respond totalwaitms 7500 match atalla m|^<00#020035#0101##>\r\n<00#020035#0101##>\r\n<00#020035#0101##>\r\n| p/Atalla Hardware Security Module payment system/ d/specialized/ # https://wiki.freenetproject.org/FCPv2 match fcpv2 m|^ProtocolError\nFatal=true\nCodeDescription=ClientHello must be first message\nCode=1\nGlobal=false\nEndMessage\n$| p/Freenet Client Protocol listener/ match honeypot m|^HTTP/1\.0 200 OK\r\nAllow: OPTIONS, GET, HEAD, POST\r\nContent-Length: 0\r\nConnection: close\r\n\r\n| p/Dionaea Honeypot httpd/ match honeypot m|^SIP/2\.0 200 OK\r\nContent-Length: 0\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nFrom: sip:nm@nm;tag=root\r\nAccept: application/sdp\r\nTo: sip:nm2@nm2\r\nContact: sip:nm2@nm2\r\nCSeq: 42 OPTIONS\r\nAllow: REGISTER, OPTIONS, INVITE, CANCEL, BYE, ACK\r\nCall-ID: 50000\r\nAccept-Language: en\r\n\r\n| p/Dionaea Honeypot sipd/ match http m|^SIP/2\.0 501 Not Implemented\r\nServer: Embedded HTTP Server ([\d.]+)\r\n| p/Embedded HTTP Server/ v/$1/ match http m|^HTTP/1\.1 500 Internal Server Error\r\nServer: Catwalk/([\d.]+)\r\n| p/Catwalk/ v/$1/ i/Canon imageRUNNER C5000-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_c5000/ # Canon iR3235 match http m|^HTTP/1\.1 500 Internal Server Error\r\nServer: Catwalk\r\n| p/Catwalk/ i/Canon imageRUNNER printer http config/ d/printer/ match http m|^HTTP/1\.0 404 Resource not found\r\nServer: Opera/([\w._-]+)\r\n.*Set-Cookie: unite-session-id=[0-9a-f]+; Max-Age=2073600; path=/\r\n|s p/Opera Unite httpd/ v/$1/ match http m|^HTTP/1\.0 302 Found\r\nLocation: ([\w:/.-]*)sip:nm\r\nServer: BigIP\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/F5 BIG-IP load balancer httpd/ i/redirecting to $1/ d/load balancer/ match http m|^HTTP/1\.1 401 Access Denied\r\n.*Set-Cookie: logintheme=cpanel; path=/; secure; port=\d+\r\n.*Server: cpsrvd/([\w._-]+)\r\n|s p/cPanel httpd/ v/$1/ match http m|^HTTP/1\.1 401 Access Denied\r\n.*Set-Cookie: logintheme=cpanel; path=/; HttpOnly; port=\d+\r\n.*Server: cpsrvd/([\w._-]+)\r\n|s p/cPanel httpd/ v/$1/ o/Unix/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nLocation: https://[\w._-]+sip:nm\r\nConnection: close\r\n\r\n$| p/Asterisk PBX httpd/ d/PBX/ cpe:/a:digium:asterisk/ match http m|^HTTP/1\.0 501 Document Follows\r\nContent-Type: text/html\r\nContent-Length: 106\r\n\r\n501 Method Not Implemented\r\n

          501 Method Not Implemented

          \r\n$| p/HP StorageWorks MSL2024 tape library httpd/ d/storage-misc/ match http m|^HTTP/2\.0 404 Not Found\r\nDate: .*\r\nServer: Restlet-Framework/([\w._-]+)\r\n.*Status page\n\n\n

          Not Found

          \n

          The server has not found anything matching the request URI

          \n|s p/Serviio media server http status/ i/Restlet framework $1/ cpe:/a:restlet:restlet:$1/ match http m|^HTTP/2\.0 404 Not Found\r\n.*Server: Restlet-Framework/@major-number@\.@minor-number@@release-type@@release-number@\r\n.*

          The server has not found anything matching the request URI

          |s p/Serviio media server http status/ v/1.2/ cpe:/a:restlet:restlet/ match http m=^HTTP/1\.1 500 Internal Server Error\r\nContent-Length: \d+\r\nContent-Type: text/plain\r\n\r\nTraceback \(most recent call last\):\n File \"([\w._/-]+/(?:sickbeard|Sick-Beard)/cherrypy)/wsgiserver/__init__\.py\", line \d+, in communicate\n= p/CherryPy/ i/Sick Beard PVR; path: $1/ cpe:/a:cherrypy:cherrypy/ match http m|^HTTP/1\.1 501 Unimplimented\r\nConnection: close\r\nContent-Length: 0\r\n\r\n| p/Huawei HG8245T modem http config/ d/broadband router/ cpe:/h:huawei:hg8245t/a match imsp m|^VIA: BAD IMSP busy\r\nFROM: BAD IMSP busy\r\nTO: BAD IMSP busy\r\n| match rtsp m|^RTSP/1\.0 405 Method Not Allowed\r\nCSeq: 42\r\n\r\n| p/Lotus Domino Sametime RTSP/ cpe:/a:ibm:lotus_domino/ match rtsp m|^RTSP/1\.0 200 OK\r\nCSeq: 42 OPTIONS\r\nPublic: OPTIONS, DESCRIBE, PLAY, PAUSE, SETUP, TEARDOWN, SET_PARAMETER, GET_PARAMETER\r\nDate: .*\r\n\r\n| p/Hikvision 7513 POE IP camera rtspd/ d/webcam/ match telnet m|^login: Login incorrect\nlogin: Login incorrect\nlogin: Login incorrect\nlogin: Login incorrect\nlogin: Login incorrect\n| p/McAfee firewall telnetd/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: PolycomSoundStationIP-SSIP_(\d+)-UA/([\d.]+)_(\w+)\r\n|s p/Polycom SoundStation $1/ v/$2/ i/MAC: $3/ d/VoIP phone/ cpe:/h:polycom:soundstation_$1/ match sip m|^SIP/2\.0 .*\r\nUser-Agent: PolycomSoundPointIP-SPIP_(\d+)-UA/([\d.]+)_(\w+)\r\n|s p/Polycom SoundPoint $1/ v/$2/ i/MAC: $3/ d/VoIP phone/ cpe:/h:polycom:soundpoint_$1/ match sip m|^SIP/2\.0 .*\r\nUser-Agent: PolycomSoundPointIP-SPIP_(\d+)-UA/([\d.]+)\r\n|s p/Polycom SoundPoint $1/ v/$2/ d/VoIP phone/ cpe:/h:polycom:soundpoint_$1/ match sip m|^SIP/2\.0 400 Invalid Contact information\r\n.*received=[\d.]+;ms-received-port=\d+;ms-received-cid=\d+\r\n|s p/Microsoft Live SIP client/ o/Windows/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 400 Invalid Contact information\r\n.*Via: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+;ms-received-port=\d+;ms-received-cid=[0-9A-F]{8}\r\nms-diagnostics: \d+;reason=\"Parsing failure\";source=\"([\w._-]+)\"\r\nContent-Length: 0\r\n\r\n$|s p/Microsoft Office Communications Server/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 501 Not Implemented.*\r\nServer: SJphone/([-\w_.]+) \(SJ Labs\)\r\n|s p/SJphone SIP client/ v/$1/ match sip m|^SIP/2\.0 405 Method Not Allowed.*\r\nServer: SJphone/([-\w_.]+) \(SJ Labs\)\r\n|s p/SJphone SIP client/ v/$1/ match sip m|^SIP/2\.0 404 Not Found\r\n.*\r\nUser-Agent: Speedport ([\w._ -]+) \(|s p/T-Com Speedport/ v/$1/ d/broadband router/ match sip m|^SIP/2\.0 404 Not Found\r\n.*\r\nServer: Speedport/([\d.-]+)\r\n|s p/T-Com Speedport/ v/$1/ d/broadband router/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: X-Lite release ([\w._ -]+)\r\n|s p/X-Lite SIP phone/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: X-Lite Beta release ([\w._ -]+)\r\n|s p/X-Lite SIP phone/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 404 Not Found\r\n.*\r\nServer: Twinkle/([\w._-]+)\r\n|s p/Twinkle softphone/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*\r\nUser-Agent: BT Home Hub\r\n|s p/BT HomeHub/ d/VoIP phone/ match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*\r\nUser-Agent: BT Home Hub (\d+)\r\n|s p/BT HomeHub/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: TANDBERG/81 \(([\w._ -]+)\)\r\n|s p/Tandberg MXP VoIP server/ v/$1/ d/VoIP adapter/ match sip m|^SIP/2\.0 \d\d\d .*\r\nServer: TANDBERG/([\w._-]+) \(([\w._ -]+)\)\r\n|s p/Tandberg-$1 VoIP server/ v/$2/ d/VoIP adapter/ match sip m=^SIP/2\.0 \d\d\d .*Server: TANDBERG/(?:69|4098|4100) \(([\w._ -]+)\)\r\n=s p/Tandberg VCS VoIP server/ v/$1/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Transport protocol incorrect\r\n| p/Microsoft Office Communications Service 2005/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nAccept: application/sdp\r\nAccept-Language: en\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO\r\nSupported: replaces\r\nAllow-Events: presence, message-summary, tunnel-info\r\n|s p/3CX VoIP PBX/ d/PBX/ o/Windows/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 405 Method Not Allowed\r\n.*\r\nUser-Agent: ABS ECC\r\n|s p/Alcatel-Lucent OmniTouch Unified Communication VoIP gateway/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: Zoiper (rev\.\d+)\r\n|s p/Zoiper VoIP software/ v/$1/ cpe:/a:securax:zoiper:$1/ match sip m|^SIP/2\.0 404 Not Found\r\n.*Server: Asterisk PBX ([\w._~+-]+)\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO\r\n|s p/Asterisk/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/ match sip m|^SIP/2\.0 404 Not Found\r\n.*Server: Asterisk PBX ([\w._~+-]+)\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\n|s p/Asterisk/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: Asterisk PBX ([\w._~+-]+)\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\n|s p/Asterisk/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/ match sip m|^SIP/2\.0 .*\r\nServer: Glassfish_SIP_([\w._-]+)\r\n|s p/Glassfish SIP Server/ v/$1/ match sip m|^SIP/2\.0 200 OK\r\n.*To: ;tag=[0-9a-f-]+\r\n.*Allow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,INFO,NOTIFY,PRACK,MESSAGE\r\n.*Supported: replaces,timer,100rel\r\nAccept: application/sdp\r\n|s p/Cisco 7940 IP Phone/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Telepathy-SofiaSIP/([\w._-]+) sofia-sip/([\w._-]+)\r\n|s p/Telepathy-SofiaSIP/ v/$1/ i/sofia-sip $2/ match sip m|^SIP/2\.0 503 Service Unavailable\r\n.*Warning: 399 \"Routing failed: ccbid=997 tcpindex=2 socket=nm:\d+'\r\n.*To: ;tag=\d+\r\n|s p/Cisco CallManager 6/ cpe:/h:cisco:call_manager:6/ match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*User-Agent: Thomson Inventel / HW_V[\w._-]+ / FW_V[\w._-]+ / SW_V([\w._-]+)\r\n|s p/Aladino SIP phone/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 406 Not acceptable\r\n.*Server: sipXecs/([\w._-]+) sipXecs/sipxbridge \(Linux\)\r\n|s p/SIPfoundry sipXecs PBX/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: VOIP_Agent_001\r\nAllow: INVITE, ACK, BYE, CANCEL, OPTIONS, SUBSCRIBE, REFER, NOTIFY, UPDATE, MESSAGE, SERVICE, INFO, PING\r\n|s p/D-Link DVG-5121SP VoIP adapter/ d/VoIP adapter/ cpe:/h:dlink:dvg-5121sp/a match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Sipek on PJSUA v([\w._-]+)/win32\r\n|s p/Sipek VoIP/ v/$1/ i/on PJSUA/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: snom([\w._-]+)/([\w._-]+)\r\n|s p/Snom $1 VoIP phone/ v/$2/ d/VoIP phone/ cpe:/h:snom:$1/a match sip m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContact: \r\nAllow: INVITE,ACK,CANCEL,OPTIONS,UPDATE,INFO,NOTIFY,BYE,REFER\r\nAccept: application/sdp,application/media_control\+xml,application/dtmf-relay,application/dtmf,message/sipfrag;version=2\.0\r\nContent-Length: 0\r\n\r\n| p/Tandberg Codian IP GW 3510 VoIP gateway/ d/VoIP adapter/ cpe:/h:tandberg:codian_ip_gw_3510/a match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: (AVM FRITZ!Box Fon WLAN [\w._-]+(?: v\d)?) ([\w._-]+ \(\w+ +\d+ \d+\))|s p/$1 SIP/ v/$2/ d/WAP/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: QIP ([\w._ -]+)\r\n|s p/QIP instant messenger SIP/ v/$1/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: T-Com-IpPbxSrv/([\w._-]+)\r\n|s p/Telekom Netphone VoIP phone SIP/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 403 Not relaying\r\n.*Server: kamailio \(([\w._-]+) \(x86_64/linux\)\)\r\n|s p/Kamailio/ v/$1/ i/x86_64/ o/Linux/ cpe:/o:linux:linux_kernel/ match sip m|^SIP/2\.0 478 Unresolvable destination \(478/SL\)\r\n.*Server: kamailio \(([\w._-]+) \(x86_64/linux\)\)\r\n|s p/Kamailio/ v/$1/ i/x86_64/ o/Linux/ cpe:/o:linux:linux_kernel/ match sip m|^SIP/2\.0 405 Method Not Allowed\r\n.*User-Agent: Patton SN(\w+) 5BIS MxSF v([\w._-]+) [0-9A-F]+ R([\w._-]+) (\d\d\d\d-\d\d-\d\d) H323 SIP BRI\r\n\r\n|s p/Patton SmartNode $1 VoIP adapter http config/ v/$2 $4/ d/VoIP adapter/ o/SmartWare $3/ cpe:/h:patton:sn$1/ cpe:/o:patton:smartware:$3/ match sip m|^SIP/2\.0 404 Not Found\r\nVia: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+\r\nTo: ;tag=\w+\r\nFrom: ;tag=root\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContent-Length: 0\r\n\r\n$| p/Nokia N86 phone SIP/ d/phone/ cpe:/h:nokia:n86/ match sip m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/TCP nm;received=[\d.]+;branch=foo\r\nCall-ID: 50000\r\nFrom: ;tag=root\r\nTo: ;tag=foo\r\nCSeq: 42 OPTIONS\r\nAllow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS\r\nAccept: application/sdp, application/pidf\+xml, application/xpidf\+xml, application/simple-message-summary, message/sipfrag;version=2\.0, application/im-iscomposing\+xml, text/plain\r\nSupported: replaces, 100rel, timer, norefersub\r\nAllow-Events: presence, message-summary, refer\r\nUser-Agent: netTALK\r\n| p/netTALK/ d/phone/ match sip m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nTo: ;tag=\w+\r\nFrom: ;tag=root\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nAllow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,NOTIFY\r\nContent-Type: application/sdp\r\nContent-Length: \d+\r\n\r\nv=0\r\no=- \d+ \d+ IN IP4 [\d.]+\r\ns=-\r\nc=IN IP4 [\d.]+\r\nt=0 0\r\nm=audio 0 RTP/AVP 18 4 3 8 0 101\r\na=rtpmap:101 telephone-event/8000\r\n$| p/eyeP Media VoIP phone SIP/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Aastra (MX-ONE) SN/([\w._-]+)\r\n|s p/Aastra $1 PBX SIP/ v/$2/ d/PBX/ match sip m|^SIP/2\.0 504 Server time-out\r\nms-user-logon-data: RemoteUser\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nContent-Length: 0\r\n\r\n$| p/Microsoft Outlook Web Access SIP/ match sip m|^SIP/2\.0 481 Call Leg/Transaction Does Not Exist\r\nFrom: ;tag=root\r\nTo: ;tag=0-\w+-\w+-\w+-\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;received=[\d.]+;branch=foo\r\nContent-Length: 0\r\n\r\n$| p/Sony PCS-TL50 videoconferencing SIP/ cpe:/h:sony:pcs-tl50/ match sip m|^SIP/2\.0 404 Not found\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nFrom: ;tag=root\r\nTo: ;tag=local-tag\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContact: \r\nContent-Length: 0\r\n\r\n$| p/Edgewater Networks Edgemarc 4500 series VoIP gateway SIP/ d/VoIP adapter/ match sip m|^SIP/2\.0 504 Server time-out\r\nms-user-logon-data: RemoteUser\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nServer: RTC/4\.0\r\nContent-Length: 0\r\n\r\n| p/Microsoft Lync SIP/ cpe:/a:microsoft:lync/ cpe:/a:microsoft:lync/ match sip m|^SIP/2\.0 403 Non-self Request-URI\r\n.*Server: Epygi Quadro SIP User Agent/v([\w._-]+) \(QUADRO-([^\)]*)\)\r\n|s p/Epygi Quadro $2 PBX SIP/ v/$1/ d/PBX/ cpe:/h:epygi:$2/ match sip m|^SIP/2\.0 200 OK\r\n.*Allow: INVITE,ACK,CANCEL,OPTIONS,UPDATE,INFO,NOTIFY,BYE,REFER\r\nAccept: application/sdp,application/media_control\+xml,application/dtmf-relay,application/dtmf,message/sipfrag;version=2\.0\r\n|s p/Cisco TelePresence MCU 4505 videoconference system SIP/ cpe:/h:cisco:telepresence_mcu_4505/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent:Polycom (HDX [\w._ -]+) \(Release - ([\w._-]+)\)\r\n|s p/Polycom $1 videoconference system SIP/ v/$2/ cpe:/h:polycom:$1/ match sip m|^SIP/2\.0 403 Forbidden\r\nContent-Type: application/X-NECSIPEXT2MLv1\r\nSupported: timer\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+\r\nContent-Length: 99\r\n\r\nInd-ErrDsp=nec-code: 1:Non-Registered Access ,2: \(Retry after 10 sec\) ,6:1: EXIT ,10\r\n| p/NEC SL1100 VoIP PBX/ d/PBX/ match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*User-Agent: SpeedTouch (\w+)\r\nX-Serialnumber: (\w+)\r\n|s p/SpeedTouch $1 SIP/ i/serial $2/ d/broadband router/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: PolycomVVX-([\w._]+)-UA/([\d.]+)(?:_[\da-f]+)?\r\n|s p/Polycom $SUBST(1,"_"," ") SIP/ v/$2/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Auerswald COMpact VoIP sofia-sip/([\w._-]+)\r\n|s p/sofia-sip/ v/$1/ i/Auerswald COMpact 5020 VoIP/ d/PBX/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: FRITZ!OS\r\n|s p/AVM FRITZ!OS SIP/ d/VoIP adapter/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: FRITZ!OS\r\n|s p/AVM FRITZ!OS SIP/ d/VoIP adapter/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent:PolycomRealPresenceGroup(\d+)/([\w._-]+)\r\n|s p/Polycom RealPresence Group $1 SIP/ v/$2/ match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*User-Agent: BT Home Hub ([\w._-]+) Build ([\w._-]+)\r\nX-Serialnumber: (\w+)\r\n|s p/BT Home Hub $1 SIP/ v/$2/ i/serial: $3/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Invalid Via Port 0\r\n.*User-Agent: drgos-drg(\d+)-([\w._-]+)\r\n|s p/Genexis DRG $1 SIP/ v/$2/ d/broadband router/ match sip m|^SIP/2\.0 200 OK\r\nFrom: ;tag=root\r\nTo: ;tag=[a-f\d-]{58}\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;received=[\d.]+;branch=foo\r\nSupported: gruu-10,replaces,msrtc-event-categories\r\nContent-Length: 0\r\n\r\n| p/LifeSize UVC Multipoint SIP/ match sip m|^SIP/2\.0 403 Forbidden\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY\r\n.*User-Agent: Wowza Streaming Engine ([\w._-]+) build(\d+)\r\n|s p/Wowza Streaming Engine sipd/ v/$1 build $2/ match sip m|^SIP/2\.0 400 Invalid Contact information\r\nFrom: ;tag=root\r\nTo: ;tag=[0-9A-F]{32}\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+;ms-received-port=\d+;ms-received-cid=[0-9A-F]+\r\nms-diagnostics: 1018;reason=\"Parsing failure\";source=\"([\w._-]+)\"\r\nContent-Length: 0\r\n\r\n| p/Microsoft Office Communications Server sipd/ v/2007 R2/ h/$1/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: AVM FRITZ!Box ([\w._-]+) Cable \(um\) ([\w._-]+) \([\w ]+\)\r\n|s p/AVM FRITZ!Box $1 sipd/ v/$2/ d/broadband router/ match sip m|^SIP/2\.0 \d\d\d .*\r\nUser-Agent: TAU-1M\.IP/([\w._-]+) SN/\w+ sofia-sip/([\w._-]+)\r\n|s p/sofia-sip/ v/$2/ i/Eltex TAU-1M.IP VoIP gateway, version $1/ d/VoIP adapter/ cpe:/a:sofia-sip:sofia-sip:$2/ cpe:/h:eltex:tau-1m.ip:$1/ match sip m|^SIP/2\.0 \d\d\d .*\r\nUser-Agent: Zoiper for Windows ([\d.]+) (r\d+)\r\n|s p/Zoiper for Windows sipd/ v/$1/ i/$2/ o/Windows/ cpe:/a:securax:zoiper_for_windows:$1/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 \d\d\d .*\r\nUser-Agent: CommsMundi Softswitch\r\n|s p/Comms Mundi sipd/ cpe:/a:wireless_mundi:comms_mundi/ match sip m|^SIP/2\.0 \d\d\d .*\r\nUser-Agent:Polycom HDX (\d+) HD \(Release - ([\d.-]+)\)\r\n|s p/Polycom HDX $1 videoconferencing system sipd/ v/$2/ d/webcam/ cpe:/h:polycom:hdx_$1/ match sip m|^SIP/2\.0 \d\d\d .*\r\nServer: TANDBERG/4102 \(X7\.0\.2\)\r\n| match sip-proxy m|^SIP/2\.0 .*\r\nUser-Agent: Asterisk PBX ([\w._+-]+)\r\n|s p/Asterisk PBX/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenS[Ee][Rr] \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/OpenSER SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sip EXpress router \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/SIP Express Router/ v/$1/ i/$2/ # OpenSER and SER have joined to become SIP Router match sip-proxy m|^SIP/2\.0 .*\r\nServer: SIP Router \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/SIP Router/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenSIPS \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/OpenSIPS SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Cisco-SIPGateway/IOS-([-\d\w.]+)\r\n|s p/Cisco SIP Gateway/ i/IOS $1/ d/router/ o/IOS/ cpe:/o:cisco:ios/a match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sphericall/([\w._-]+) Build/(\d+)\r\n|s p/Sphericall VoIP Gateway/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match sip-proxy m|^SIP/2\.0 .*\r\nServer: CommuniGatePro/([\w._-]+)\r\n|s p/CommuniGatePro VoIP Gateway/ v/$1/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sip EXpress router \(([\w._-]+) OpenIMSCore \(i386/linux\)\)\r\n|s p/OpenIMSCore SIP EXpress router/ v/$1/ i/Linux i386/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip-proxy m|^SIP/2\.0 200 OK\r\n.*User-Agent: FreeSWITCH-mod_sofia/([\w._ +~-]+)\r\n|s p/FreeSWITCH mod_sofia/ v/$1/ cpe:/a:freeswitch:freeswitch/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*User-Agent: Configured by 2600hz!\r\n.*Accept: application/sdp\r\nAllow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE\r\n|s p/FreeSWITCH/ d/PBX/ cpe:/a:freeswitch:freeswitch/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: 3CXPhoneSystem ([\w._-]+)\r\n|s p/3CX PhoneSystem PBX/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match sip-proxy m|^SIP/2\.0 503 Remote end of tunnel is not connected\r\n.*\r\nWarning: \d+ \w+ \"Remote end of the bridge is not connected\"\r\n|s p/3CX PhoneSystem PBX/ i/misconfigured/ d/PBX/ o/Windows/ cpe:/o:microsoft:windows/a match sip-proxy m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: ComdasysB2BUA([\w._-]+)\r\n|s p/Comdasys SIP Server/ v/$1/ match sip-proxy m|^SIP/2\.0 405 Method Not Allowed\r\n.*\r\nServer: SIParator/([\w._-]+)\r\n|s p/Ingate SIParator/ v/$1/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: Audiocodes-Sip-Gateway-(Mediant [\w._-]+)/v([\w._-]+)\r\n|s p/Audiocodes $1 SIP gateway/ v/$2/ d/VoIP adapter/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: Audiocodes-Sip-Gateway-(MP-[\w._ -]+)/v\.([\w._-]+)\r\n|s p/Audiocodes $1 SIP gateway/ v/$2/ d/VoIP adapter/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*User-Agent: Berofix VOIP Gateway\r\n|s p/Berofix VoIP gateway/ d/VoIP adapter/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: HiPath ([\w._-]+) V([\w._ -]+) SIP Stack/([\w._-]+)\r\n|s p/Siemens HiPath $1 VoIP gateway/ v/$2/ i/SIP stack $3/ d/VoIP adapter/ cpe:/h:siemens:hipath_$1/a match sip-proxy m|^SIP/2\.0 503 Service Unavailable\r\nVia: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nDate: .*?\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nWarning: \d+ [\w._-]+ \"Unable to find a device handler for the request received on port \d+ from [\d.]+\"\r\nContent-Length: 0\r\n\r\n| p/Cisco Unified Communications Manager/ cpe:/a:cisco:unified_communications_manager/ # CUCM 6.1.2.1001-4 match sip-proxy m|^SIP/2\.0 503 Service Unavailable\r\nDate: .*\r\nWarning: \d+ \"Routing failed: ccbid=\d+ tcpindex=\d+ socket=nm:\d+'\r\nFrom: ;tag=root\r\nContent-Length: 0\r\nTo: ;tag=\d+\r\nCall-ID: 50000\r\nVia: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+\r\nCSeq: 42 OPTIONS\r\n\r\n| p/Cisco Unified Communications Manager/ cpe:/a:cisco:unified_communications_manager/ match sip-proxy m|^SIP/2\.0 100 Trying\r\n.*Server: Sipwise NGCP Proxy ([\w._-]+)\r\n|s p/Sipwise NGCP SIP/ v/$1/ d/PBX/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: NEC-i SL Series ([\w._-]+)/2\.1\r\n|s p/NEC SL-series VoIP PBX/ v/$1/ d/PBX/ match sip-proxy m|^SIP/2\.0 400 Bad Request - Branch in top Via header has no Magic Cookie\r\nv:SIP/2\.0/TCP nm;branch=foo;received=[\d.]+\r\nf:;tag=root\r\nt:;tag=to_tag_[\da-f]+\r\ni:50000\r\nCSeq:42 OPTIONS\r\nl:0\r\n\r\n|s p/Nokia CFX-5000 SIP core controller/ d/PBX/ match sip-proxy m|^SIP/2\.0 403 Forbidden\r\nFrom: ;tag=root\r\nTo: ;tag=\w{16}\r\nCSeq: 42 OPTIONS\r\nCall-ID: 50000\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nContent-Length: 0\r\n\r\n| p/Avaya Session Border Controller/ cpe:/a:avaya:session_border_controller/ match sip-proxy m|^SIP/2\.0 \d\d\d .*\r\nServer: Mediant (\d+)/v\.([\d.]+)[\w.]+\r\n|s p/AudioCodes Mediant $1 session border controller sipd/ v/$2/ cpe:/h:audiocodes:mediant_$1/ # The SIPOptionsProbe can trigger a response out of psyBNC match irc-proxy m|^Login failed\. Disconnecting\.\r\n$| p/psyBNC/ i/Login Failed/ match upnp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: UPnP/([\w._-]+), DLNADOC/([\w._-]+), Platinum/([\w._-]+)\r\n\r\n| p/XBMC UPnP/ i/Platinum $3; DLNADOC $2; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/ # TODO: enumerate version differences between these two? match webdav m|^HTTP/1\.1 200 OK\r\n.*Server: cPanel\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nAllow: UNLOCK,HEAD,MOVE,OPTIONS,LOCK,POST,PUT,COPY,MKCOL,GET,DELETE,PROPFIND\r\nContent-Type: httpd/unix-directory\r\nDAV: 1,2,\r\nKeep-Alive: timeout=15, max=96\r\nMS-Author-Via: DAV\r\n\r\n|s p/cPanel webdav/ o/Linux/ cpe:/o:linux:linux_kernel/a match webdav m|^HTTP/1\.1 200 OK\r\n.*Server: cPanel\r\nPersistent-Auth: false\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nVary: Accept-Encoding\r\nAllow: UNLOCK, HEAD, PROPPATCH, MOVE, OPTIONS, LOCK, POST, PUT, COPY, MKCOL, GET, DELETE, PROPFIND\r\nContent-Length: 0\r\nContent-Type: text/plain\r\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nDAV: 1, 2\r\nKeep-Alive: timeout=15, max=96\r\nMS-Author-Via: DAV\r\n\r\n|s p/cPanel webdav/ o/Linux/ cpe:/o:linux:linux_kernel/a match xmpp m|^$| p/Isode M-Link XMPP/ cpe:/a:isode:m-link/ # internal communication service of Yamaha RX-V2067 AV-Receiver match yamaha-comm m|^@SYS:INPNAMEMULTICH=MULTI CH\r\n@SYS:INPNAMEPHONO=PHONO\r\n@SYS:INPNAMEAV1=Blu-ray\r\n@SYS:INPNAMEAV2=Dreambox\r\n@SYS:INPNAMEAV3=PS 3\r\n@SYS:INPNAMEAV4=AV4\r\n@SYS:INPNAMEAV5=AV5\r\n@SYS:INPNAMEAV6=AV6\r\n@SYS:INPNAMEAV7=AV7\r\n@SYS:INPNAMEVAUX=V-AUX\r\n@SYS:INPNAMEAUDIO1=TV\r\n@SYS:INPNAMEAUDIO2=AUDIO2\r\n@SYS:INPNAMEAUDIO3=AUDIO3\r\n@SYS:INPNAMEAUDIO4=AUDIO4\r\n@SYS:INPNAMEDOCK=DOCK\r\n@SYS:INPNAMEUSB=USB\r\n@TUN:AVAIL=Not Ready\r\n@MAIN:ZONENAME=Main\r\n| p/Yamaha RX-V2067 AV receiver/ d/media device/ cpe:/h:yamaha:rx-v2067/ match zabbix m|^OK$| p/Zabbix Monitoring System/ cpe:/a:zabbix:zabbix/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n.*Server: ([-\w\s/_\.\(\)]+)\r\n|s p/$2/ i/Status: $1/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n| i/SIP end point; Status: $1/ ##############################NEXT PROBE############################## Probe UDP SIPOptions q|OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/UDP nm;branch=foo;rport\r\nFrom: ;tag=root\r\nTo: \r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: \r\nAccept: application/sdp\r\n\r\n| rarity 5 ports 5060 # Some VoIP phones take longer to respond totalwaitms 7500 match sip m|^SIP/2\.0 200 OK\r\n.*Server: FPBX-([\w._\(\)-]+)\r\n|s p/FPBX/ v/$1/ d/PBX/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: Asterisk PBX \(digium\)\r\n|s p/Digium Switchvox PBX/ i/based on Asterisk/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: SAGEM / 3202\.3 / 2601EC \r\n|s p/Sagem ADSL router/ d/broadband router/ match sip m|^SIP/2\.0 408 Request timeout\r\n.*Server: sipXecs/([\w._-]+) sipXecs/sipXproxy \(Linux\)\r\n|s p/SIPfoundry sipXecs PBX/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: AVM (FRITZ!Box Fon WLAN [\w._ -]+) (?:Annex A )?(?:\(UI\) )?([\w._ -]+ \(\w+ +\d+ +\d+\))|s p/AVM $1 SIP/ v/$2/ d/WAP/ cpe:/h:avm:$1/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: NetSapiens SiPBx 1-1205c\r\n|s p/NetSapiens SiPBX SIP switch/ d/switch/ match sip m|^SIP/2\.0 481 Call Leg/Transaction Does Not Exist\r\nFrom: ;tag=root\r\nTo: ;tag=0-\w+-\w+-\w+-\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/UDP nm;received=[\d.]+;rport=\d+;branch=foo\r\nContent-Length: 0\r\n\r\n$| p/Sony PCS-TL50 videoconferencing SIP/ cpe:/h:sony:pcs-tl50/ match sip m|^SIP/2\.0 200 OK\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/UDP nm;branch=foo;rport\r\nFrom: ;tag=root\r\nCall-ID: 50000\r\nTo: \r\nContact: \r\nContent-Length: 0\r\n\r\n$| p/Ekiga SIP/ v/3.2.7/ cpe:/a:ekiga:ekiga:3.2.7/ match sip m|^SIP/2\.0 403 Forbidden\r\n.*From: ;tag=root\r\nTo: ;tag=Mitel-([\w._-]+)_\d+-\d+\r\n|s p/Mitel $1 PBX SIP/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, INFO, REFER, SUBSCRIBE, NOTIFY\r\nAccept: application/sdp,application/dtmf-relay,application/simple-message-summary,message/sipfrag\r\nAccept-Encoding: identity\r\n|s p/Siemens Gigaset DX800A VoIP phone SIP/ d/VoIP phone/ cpe:/h:siemens:gigaset_dx800a/a match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Zoiper rev\.(\d+)\r\n|s p/Zoiper softphone SIP/ v/$1/ cpe:/a:securax:zoiper:$1/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Ekiga/([\w._-]+)\r\n|s p/Ekiga/ v/$1/ cpe:/a:ekiga:ekiga:$1/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: HG4000/([\w._-]+)+\r\n|s p/Hypermedia HG-4000 VoIP GSM gateway SIP/ v/$1/ d/VoIP adapter/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Grandstream (IP\d+) ([\w._-]+)\r\n|s p/Grandstream $1 VoIP phone SIP/ v/$2/ d/VoIP phone/ cpe:/h:grandstream:$1/a match sip m|^SIP/2\.0 \d\d\d .*\r\nUser-Agent: Yealink (SIP-\w+) ([\d.]+)\r\n|s p/Yealink $1 VoIP phone sipd/ v/$2/ d/VoIP phone/ cpe:/h:yealink:$1/ match sip m|^SIP/2\.0 \d\d\d .*\r\nUser-Agent: (VP\d+\w*) ([\d.]+)\r\n|s p/Yealink $1 VoIP phone sipd/ v/$2/ d/VoIP phone/ cpe:/h:yealink:$1/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Asterisk PBX ([\w._+~-]+)\r\n|s p/Asterisk PBX/ v/$1/ d/PBX/ cpe:/a:digium:asterisk:$1/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenS[Ee][Rr] \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/OpenSER SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sip EXpress router \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/SIP Express Router/ v/$1/ i/$2/ # OpenSER and SER have joined to become SIP Router match sip-proxy m|^SIP/2\.0 .*\r\nServer: SIP Router \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/SIP Router/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nUser-Agent: Asterisk PBX\r\n|s p/Asterisk PBX/ cpe:/a:digium:asterisk/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenSIPS \(([\w\d\.-]+) \(([\d\w/]+)\)\)|s p/OpenSIPS SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: ComdasysB2BUA([\w._-]+)\r\n|s p/Comdasys SIP Server/ v/$1/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: NEC-i SL Series ([\w._-]+)/2\.1\r\n|s p/NEC SL-series VoIP PBX/ v/$1/ d/PBX/ match sip-proxy m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/UDP nm;branch=foo;received=[\d.]+;rport=\d+\r\nFrom: ;tag=root\r\nTo: ;tag=as\d+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nServer: -(\d[\w._-]+)\((\d[\w._-]+)\)\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\nSupported: replaces, timer\r\nContact: .*\r\nAccept: application/sdp\r\nContent-Length: 0\r\n\r\n| p/Asterisk/ v/$2/ i/FreePBX $1/ cpe:/a:digium:asterisk:$2/ match sip-proxy m|^SIP/2\.0 400 Bad Request - [A-Z] - 16007\r\nv:SIP/2\.0/UDP nm;branch=foo;rport=\d+;received=[\d.]+\r\nf:;tag=root\r\nt:;tag=\d+\r\ni:50000\r\nCSeq:42 OPTIONS\r\nl:0\r\n\r\n| p/Nokia CFX-5000 SIP core controller/ d/PBX/ match sip-proxy m|^SIP/2\.0 400 Bad Request - [A-Z] - 16007\r\nVia: SIP/2\.0/UDP nm;branch=foo;rport=\d+;received=[\d.]+\r\nFrom: ;tag=root\r\nTo: ;tag=\d+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContent-Length: 0\r\n\r\n| p/Nokia CFX-5000 SIP core controller/ d/PBX/ match sip-proxy m|^SIP/2\.0 404 Not Found\r\n.*Server: Asterisk PBX\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO|s p/Asterisk/ d/PBX/ cpe:/a:digium:asterisk/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n.*Server: ([-\w\s/_\.\(\)]+)\r\n|s p/$2/ i/Status: $1/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n| i/SIP end point; Status: $1/ # Supposed to be multicast, but apparently something answers unicast? match ws-discovery m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\nSOAP-ENV:ClientNo XML element tag| p/Huacam Cyclops ONVIF 1.0 responder/ d/webcam/ # Brother MFC-9340CDW match ws-discovery m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\nSOAP-ENV:ClientHTTP Error: 405 Method Not Allowed| p/Brother WS-Print 1.0 responder/ d/printer/ # Softmatch for now, since submission didn't contain specific device softmatch ws-discovery m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n\n$| p/MegaRaid Monitoring Agent/ match routeros-api m|^\x06!fatal\rnot logged in\0| p/MikroTik RouterOS API/ o/RouterOS/ cpe:/o:mikrotik:routeros/ # Interesting service: Not sure if it's RPC match rpcbind m|^\x18\0\x01\x02Invalid packet length\0| p/Amanda voicemail system/ d/telecom-misc/ # Moved this from SSLSessionReq because it seems more reliable. # May need to generalize and grab the language if we see non-"en" responses match srvloc m|^\x02\x02\0\0\x12\0\0\0\0\0\0\0\0\x02en\0\x02$| p/Apple slpd/ o/Mac OS/ cpe:/o:apple:mac_os/a softmatch svrloc m|^\x02\x02\0\0.\0\0\0\0\0..\0.\w+|s p/SLP Service Agent/ match slp-srvreg m|^\x02\x05\0\0\x12\0\0\0\0\0\0@\0\x02en\xff\xef| p/AIX SLP Directory Agent/ o/AIX/ cpe:/o:ibm:aix/a softmatch slp-srvreg m|^\x02\x05\0\0.\0\0\0\0\0..\0.\w+|s p/SLP Directory Agent/ match thrift-binary m|^\x04\0\0\0\x11Invalid status 58$| p/Hadoop Hive 2/ cpe:/a:apache:hive/ match tibia m|^V\0\x02\0Your terminal version is too old\.\nPlease get a new version at\nhttp://www\.tibia\.com\.\0$| p/Tibia graphical MUD/ match xplorer m|Access violation at address \w+ in module 'Xplorer\.exe'\. Read of address| p/SoftOne Business Xplorer/ o/Windows/ cpe:/o:microsoft:windows/a match pc-anywhere m|\x1bY2\0\x01\x03B\0\0\x01\0\x14....................\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Symantec pcAnywhere/ cpe:/a:symantec:pcanywhere/ ##############################NEXT PROBE############################## Probe TCP DistCCD q|DIST00000001ARGC00000005ARGV00000002ccARGV00000002-cARGV00000006nmap.cARGV00000002-oARGV00000006nmap.oDOTI00000000| rarity 8 ports 3632 match distccd m|^DONE00000001STAT00000000SERR00000000SOUT00000000DOTO.*?GCC: ([^\0]+)| p/distccd/ v/v1/ i/$1/ match distccd m|^DONE00000001STAT00000100SERR000000\w+/tmp/distccd_.*:\d+: internal compiler error: Segmentation fault| p/distccd/ i/broken/ match distccd m|^DONE00000001.*?DOTO00| p/distccd/ v/v1/ i/unknown compiler/ match distccd m|^DONE00000001.*ccache: failed to create /usr/share/distcc/\.ccache \(Permission denied\)\n| p/distccd/ i/broken/ match distccd m|^DONE00000001.*CRITICAL! distcc seems to have invoked itself recursively!\n|s p/distccd/ i/broken/ match distccd m|^[\w._-]+DONE[\w._-]+ .*ERROR: attempt to use unknown compiler aborted: ([\w._-]+)\n|s p/distccd/ i/broken: compiler $1 doesn't exist/ ##############################NEXT PROBE############################## Probe TCP JavaRMI q|\x4a\x52\x4d\x49\0\x02\x4b| rarity 8 ports 706,1098,1099,1981 match rmiregistry m|^\x4e..[0-9.]+\0\0..$|s p/Java RMI/ match rmiregistry m|^\x4e..([\w._-]+)\0\0..$|s p/GNU Classpath grmiregistry/ h/$1/ ##############################NEXT PROBE############################## Probe TCP Radmin q|\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08| ports 4899,9001 rarity 8 match fcgiwrap m|^\x01\x0b\0\0\0\x08\0\0\0\0\0\0\0\0\0\0$| p/fcgiwrap/ match radmin m|^\x01\x00\x00\x00\x25\x09\x00\x01\x10\x08\x01\x00\x09\x08| p/Famatech Radmin/ v/2.X/ i/Windows Authentication/ o/Windows/ cpe:/a:famatech:radmin:2/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x0a\x00\x01\x10\x08\x01\x00\x0a\x08| p/Famatech Radmin/ v/2.X/ i/Radmin Authentication/ o/Windows/ cpe:/a:famatech:radmin:2/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x00\x00\x02\x12\x08\x02\x00\x00\x0a| p/Famatech Radmin/ v/3.X/ i/Radmin Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x71\x00\x02\x12\x08\x02\x00\x71\x0a| p/Famatech Radmin/ v/3.X/ i/Windows Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x08\x00\x02\x12\x08\x02\x00\x08\x0a| p/Famatech Radmin/ v/3.X/ i/Radmin Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x79\x00\x02\x12\x08\x02\x00\x79\x0a| p/Famatech Radmin/ v/3.X/ i/Windows Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x59\x00\x02\x12\x08\x02\x00\x59\x0a| p/Famatech Radmin/ v/3.3/ o/Windows/ cpe:/a:famatech:radmin:3.3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x04\x00\x02\x12\x08\x02\x00\x04\x0a| p/Famatech Radmin/ v/3.0/ o/Windows/ cpe:/a:famatech:radmin:3.0/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x09\x00\x00\x10\x4f\x2f\x10\x00\x00\x04\x00\x00\x00\x1c| p/Famatech Radmin/ v/3.X/ i/Source IP blocked/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a softmatch radmin m|^\x01\x00\x00\x00\x25.\x00..\x08.\x00..|s p/Famatech Radmin/ o/Windows/ cpe:/a:famatech:radmin/ cpe:/o:microsoft:windows/a match srcds m|^\n\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/srcds game server/ ##############################NEXT PROBE############################## Probe UDP Sqlping q|\x02| rarity 6 ports 1434 match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);np;.+;tcp;(\d{1,5});| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1; TCPPort: $3/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);tcp;(\d{1,5});np;.+;$| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1; TCPPort: $3/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);tcp;(\d{1,5});;| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1; TCPPort: $3/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);;| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe UDP NTPRequest q|\xe3\x00\x04\xfa\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc5\x4f\x23\x4b\x71\xb1\x52\xf3| rarity 5 ports 123,5353,9100 match ca-mq m|^\xfa\xfe\0\x10\0\0\x01\0\0\0\0\0\0\0\0\0$| p/CA Message Queuing Server/ cpe:/a:ca:messaging/ match ntp m|^[\x24\x64\xa4]\x01..............................................$|s p/NTP/ v/v4/ i/primary server/ match ntp m|^[\x24\x64\xa4][\x02-\x0f]..............................................$|s p/NTP/ v/v4/ i/secondary server/ # Don't think this is valid, but we can uncomment if we get a submission: #match ntp m|^[\x24\x64\xa4]\x10..............................................$|s p/NTP/ v/v4/ i/unsynchronized/ match ntp m|^\xe4[\0\x10]..............................................$|s p/NTP/ v/v4/ i/unsynchronized/ match ntp m|^\xe4[\x01]..............................................$|s p/NTP/ v/v4/ i/primary server; unsynchronized/ match ntp m|^\xe4[\x01-\x0f]..............................................$|s p/NTP/ v/v4/ i/secondary server; unsynchronized/ match ntp m|^\x1c[\x01-\x0f]..............................................$|s p/NTP/ v/v3/ # This is just unsynchronized NTP v3 match ntp m|^\xdc[\x00-\x0f]..............................................$|s p/Microsoft NTP/ o/Windows/ cpe:/o:microsoft:windows/a match ntp m|^\x5c\x03..............................................$|s p/Microsoft Windows Server 2003 NTP/ v/v3/ o/Windows 2003/ cpe:/o:microsoft:windows_server_2003/a # Solaris Internet Name Server (42/udp), see ien116.txt match nameserver m|^help\r\n\r\n\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a match mdns m|^\0\0\x84\0\0\0\0\x05\0\0\0\0.Lexmark ([\x20-\x7f]+)\x0c_host-config\x04_udp\x05local\0|s p/Lexmark $1 printer mdns/ d/printer/ cpe:/h:lexmark:$1/a match hbn3 m|^\0\0\x84\0\0\0\0\x05\0\0\0\0\x15S300-S400 Series \(32\).+ET(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})| p/Lexmark S300-S400 series HBN3/ i/MAC: $1:$2:$3:$4:$5:$6/ d/printer/ match hbn3 m|^\0\0\x84\0\0\0\0\x05\0\0\0\0\x15S300-S400 Series.+ET(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})| p/Lexmark S300-S400 Series HBN3/ i/MAC: $1:$2:$3:$4:$5:$6/ d/printer/ softmatch mdns m|^\0\0\x84\0\0\0\0\x05\0\0\0\0| match sip m|^SIP/2\.0 200 OK\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE, OPTIONS, MESSAGE, NOTIFY, INFO, REFER\r\n.*User-Agent: SightSpeedClient v\. ([\w._-]+)\r\n|s p/SightSpeedClient sipd/ v/$1/ i/AVM FRITZ!Box Fon WAP/ # These first two probes only serve to determine the NTP version # Nessus uses. The third will match even a newer one, but just show # the NTP as 1.0. So we give the highest rarity to these first two # probes so they will usually only be used for port 1241. But the # third is left with a lower rarity to catch Nessus running on # non-default ports. # # These probes have a high likelihood of triggering false positives because # any service that echos your command back can match. The docs on the # the protocol make me think a ^ anchor can be added to the response so # this should cut down on the the false positives. (Brandon) # # See ntp_white_paper_11.txt for more information on the Nessus protocol # ##############################NEXT PROBE############################## Probe TCP NessusTPv12 q|< NTP/1.2 >\n| rarity 9 ports 1241 sslports 1241 match nessus m|^< NTP/1.2 >\n| p/Nessus Daemon/ i/NTP v1.2/ cpe:/a:tenable:nessus/ ##############################NEXT PROBE############################## Probe TCP NessusTPv11 q|< NTP/1.1 >\n| rarity 9 ports 1241 sslports 1241 match nessus m|^< NTP/1.1 >\n| p/Nessus Daemon/ i/NTP v1.1/ cpe:/a:tenable:nessus/ ##############################NEXT PROBE############################## Probe TCP NessusTPv10 q|< NTP/1.0 >\n| rarity 8 ports 1241 sslports 1241 match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nServer: squid/([\w._+-]+)\r\n| p/Squid/ v/$1/ cpe:/a:squid-cache:squid:$1/ match nessus m|^< NTP/1.0 >\n| p/Nessus Daemon/ i/NTP v1.0/ cpe:/a:tenable:nessus/ match zabbix m|^NOT OK\n$| p/Zabbix Monitoring System/ cpe:/a:zabbix:zabbix/ ##############################NEXT PROBE############################## Probe UDP SNMPv1public q|0\x82\0/\x02\x01\0\x04\x06public\xa0\x82\0\x20\x02\x04\x4c\x33\xa7\x56\x02\x01\0\x02\x01\0\x30\x82\0\x10\x30\x82\0\x0c\x06\x08\x2b\x06\x01\x02\x01\x01\x05\0\x05\0| rarity 4 ports 161 match snmp m|^0.*\x02\x01\0\x04\x06public\xa2.*\x06\x08\+\x06\x01\x02\x01\x01\x05\0\x04[^\0]([^\0]+)|s p/SNMPv1 server/ i/public/ h/$1/ match snmp m|^0.*\x02\x01\0\x04\x06public\xa2|s p/SNMPv1 server/ i/public/ ##############################NEXT PROBE############################## Probe UDP SNMPv3GetRequest q|\x30\x3a\x02\x01\x03\x30\x0f\x02\x02\x4a\x69\x02\x03\0\xff\xe3\x04\x01\x04\x02\x01\x03\x04\x10\x30\x0e\x04\0\x02\x01\0\x02\x01\0\x04\0\x04\0\x04\0\x30\x12\x04\0\x04\0\xa0\x0c\x02\x02\x37\xf0\x02\x01\0\x02\x01\0\x30\0| rarity 4 ports 161 # H.225 bandwidthReject match H.323-gatekeeper-discovery m|^8\x02\x01\x10\0$| p/GNU Gatekeeper discovery/ cpe:/a:gnugk:gnu_gatekeeper/ # Enterprise numbers as used in SNMP engine IDs are here: # http://www.iana.org/assignments/enterprise-numbers # Reserved - SNMP Engine ID 0 \x00\x00 # Netgear GS748TS V5.0.0.23 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\x00|s # Cisco - SNMP Engine ID 9 (CiscoSystems) = \x00\x09 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\x09|s p/Cisco SNMP service/ # Cisco - SNMP Engine ID 99 (SNMP Research) = \x00\x63 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\x63|s p/Cisco SNMP service/ # Xerox - SNMP Engine ID 253 (Xerox) = \x00\xfd match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\xfd|s p/Xerox SNMP service/ # Scientific Atlanta - SNMP Engine ID 1429 = \x05\x95 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x05\x95|s p/Scientific Atlanta SNMP service/ # Brocade - SNMP Engine ID 1588 (Brocade Communications Systems, Inc.) = \x06\x34 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x06\x34|s p/Brocade SNMP service/ # QLogic - SNMP Engine ID 1663 (Ancor Communications) = \x06\x7f match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x06\x7f|s p/QLogic SNMP service/ # IBM - SNMP Engine ID 1104 (First Virtual Holdins Incorporated) = \x04\x50 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x04\x50|s p/IBM SNMP service/ # Huawei - SNMP Engine ID 2011 (HUAWEI Technology Co.,Ltd) = \x07\xdb match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x07\xdb|s p/Huawei SNMP service/ # Lexmark - SNMP Engine ID 2021 (Engine Enterprise ID: U.C. Davis, ECE Dept. Tom) = \x07\xe5 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x07\xe5|s p/Lexmark SNMP service/ # Thomson Inc. - SNMP Engine ID 2863 (Thomson Inc.) = \x0b\x2f match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x0b\x2f|s p/Thomson SNMP service/ # Blue Coat - SNMP Engine ID 3417 (CacheFlow Inc.) = \x0d\x59 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x0d\x59|s p/Blue Coat SNMP service/ # Canon - SNMP Engine ID 4976 (Agent++) = \x13\x70 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x13\x70|s p/Canon SNMP service/ # net-snmp (net-snmp.org) - SNMP Engine ID 8072 (net-snmp) = \x1f\x88 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x1f\x88|s p/net-snmp/ cpe:/a:net-snmp:net-snmp/ # Fortigate-310B v4.0,build0324,110520 (MR2 Patch 7) # Fortinet, Inc. - SNMP Engine ID 12356 = \x30\x44 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\x80\0\x30\x44|s p/Fortinet SNMP service/ d/firewall/ # Aruba Networks - SNMP Engine ID 14823 = \x39\xe7 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x39\xe7|s p/Aruba Networks SNMP service/ # OpenBSD Project - SNMP Engine ID 30155 = \x75\xcb match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x75\xcb|s p/OpenBSD SNMP service/ # Wireshark says for the SNMP Engine ID. match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\x01\0\x02\x03|s p/MikroTik router SNMP service/ d/router/ # Tandberg Video Conferencing equipment match snmp m|^0\x82\0\x37\x02\x01\0\x04\x06public\xa2\x82\0\x28\x02.{41,43}\nSoftW:\x20([^\0\n]+)\nMCU:\x20([^\0\n]+)\n|s p/$2/ i/$1/ # Zebra GX430T label printer match snmp m|^0\x82\0\x37\x02\x01\0\x04\x06public\xa2\x82\0\x28.{20}\x2b\x06\x01\x02\x01\x01\x05\0\x04\nZBR_SPICE0|s p/Zebra GX430T label printer SNMP service/ d/printer/ cpe:/h:zebra:gx430t/ # P-660HW-D1 from Zyxel match snmp m|^0\x82\0\x3a\x02\x01\0\x04\x06public\xa2\x82\0\x2b.{20}\x06\x08\x2b\x06\x01\x02\x01\x01\x05\0\x04\x0bcfr25657985|s p/ZyXEL Prestige 660HW ADSL router/ d/broadband router/ cpe:/h:zyxel:prestige_660hw/ #Generic SNMPv3 matchline softmatch snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04|s p/SNMPv3 server/ ##############################NEXT PROBE############################## Probe TCP WMSRequest q|\x01\0\0\xfd\xce\xfa\x0b\xb0\xa0\0\0\0MMS\x14\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x12\0\0\0\x01\0\x03\0\xf0\xf0\xf0\xf0\x0b\0\x04\0\x1c\0\x03\0N\0S\0P\0l\0a\0y\0e\0r\0/\09\0.\00\0.\00\0.\02\09\08\00\0;\0 \0{\00\00\00\00\0A\0A\00\00\0-\00\0A\00\00\0-\00\00\0a\00\0-\0A\0A\00\0A\0-\00\00\00\00\0A\00\0A\0A\00\0A\0A\00\0}\0\0\0\xe0\x6d\xdf\x5f| rarity 6 ports 1549,1755,5001,9090 match afp m|^\x01\x03\0N........\0\0\0\0........\x8f\xfb.([^\0\x01]+)[\0\x01].*\tMacintosh\x05\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06AFP2\.2\x05\tDHCAST128.*\x04([\w.]+)\x01.afpserver|s p/Apple AFP/ i/name: $1; protocol 3.3; Mac OS X 10.5/ o/Mac OS X/ h/$2/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a match afp m|^\x01\x03\0N........\0\0\0\0........\x8f\xfb.([^\0\x01]+)[\0\x01].*\nMacmini3,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x05\tDHCAST128.*\x04([\w.]+)\x01oafpserver|s p/Apple AFP/ i/name: $1; protocol 3.3; Mac OS X 10.6; Mac mini/ o/Mac OS X/ h/$2/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a # Flags \x9f\xfb. match afp m|^\x01\x03\0\x4e........\0\0\0\0........\x9f\xfb.([^\0\x01]+)[\0\x01].*MacBookAir\d+,\d+\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient Krb v2\x03GSS\x0fNo User Authent.*\x1b\$not_defined_in_RFC4178@please_ignore$|s p/Apple AFP/ i/name: $1; protocol 3.4; Mac OS X 10.6; MacBook Air/ o/Mac OS X/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a match afp m|^\x01\x03\0\x4e........\0\0\0\0........\x9f\xfb.([^\0\x01]+)[\0\x01].*MacBookPro\d+,\d+\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient Krb v2\x03GSS\x0fNo User Authent.*\x1b\$not_defined_in_RFC4178@please_ignore$|s p/Apple AFP/ i/name: $1; protocol 3.4; Mac OS X 10.6; MacBook Pro/ o/Mac OS X/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a match calibre-json m|^\d+\[\d+, {.*?\"calibre_version\": \[(\d+), (\d+), (\d+)\], .*?\"currentLibraryName\": \"([^"]+)\",| p/Calibre Sync JSON/ v/$1.$2.$3/ i/library name: $4/ # http://www.corepointhealth.com/resource-center/hl7-resources/mlp-minimum-layer-protocol match hl7-mlp m|^\x0b\x1c\r| p/HL7 Minimum Layer Protocol/ match jsonrpc m|^{\n \"error\" : {\n \"code\" : -32700,\n \"message\" : \"Parse error\.\"\n },\n \"id\" : 0,\n \"jsonrpc\" : \"([\w._-]+)\"\n}\n| p/XBMC JSON-RPC/ v/$1/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/ match jsonrpc m|^{\"error\":{\"code\":-32700,\"message\":\"Parse error\.\"},\"id\":null,\"jsonrpc\":\"([\w._-]+)\"}| p/XBMC JSON-RPC/ v/$1/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/ match shivahose m|^\x02\x06$| i/Shiva network modem access/ match slingbox m|^\x01\x01\0\xfd\xce\xfa\x0b\xb0\xa0\0\0\0\x0f\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x12$| p/Slingbox streaming video/ # Also www.getmangos.com: Mangos Realms Server. match warcraft m|^\0\0\x09$| p/World of Warcraft game server/ #WMS 4.1.0.3927 match wms m|^\x01\0\0.\xce\xfa\x0b\xb0.\0\0\0MMS .\0{7}.{9}\0\0\0\x01\0\x04\0\0\0\0\0\xf0\xf0\xf0\xf0\x0b\0\x04\0\x1c\0\x03\0\0\0\0\0\0\0\xf0\?\x01\0\0\0\x01\0\0\0\0\x80\0\0...\0.\0\0\0\0\0\0\0\0\0\0\0.\0\0\x00(\d)\0\.\x00(\d)\0\.\x00(\d)\0\.\x00(\d)\x00(\d)\x00(\d)\x00(\d)\0\0\0|s p/Microsoft Windows Media Services/ v/$1.$2.$3.$4$5$6$7/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1.$2.$3.$4$5$6$7/a cpe:/o:microsoft:windows/a match wms m|^\x01\0\0.\xce\xfa\x0b\xb0.\0\0\0MMS .\0{7}.{9}\0\0\0\x01\0\x04\0\0\0\0\0\xf0\xf0\xf0\xf0\x0b\0\x04\0\x1c\0\x03\0\0\0\0\0\0\0\xf0\?\x01\0\0\0\x01\0\0\0\0\x80\0\0...\0.\0\0\0\0\0\0\0\0\0\0\0.\0\0\x00(\d)\0\.\x00(\d)\x00(\d)\0\.\x00(\d)\x00(\d)\0\.\x00(\d)\x00(\d)\x00(\d)\x00(\d)\0\0\0|s p/Microsoft Windows Media Services/ v/$1.$2$3.$4$5.$6$7$8$9/ o/Windows/ cpe:/a:microsoft:windows_media_services:$1.$2$3.$4$5.$6$7$8$9/a cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe TCP oracle-tns q|\0Z\0\0\x01\0\0\0\x016\x01,\0\0\x08\0\x7F\xFF\x7F\x08\0\0\0\x01\0 \0:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\04\xE6\0\0\0\x01\0\0\0\0\0\0\0\0(CONNECT_DATA=(COMMAND=version))| rarity 7 ports 1035,1521,1522,1525,1526,1574,1748,1754,14238,20000 match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\nServer: Boa/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n400 Bad Request\n

          400 Bad Request

          \nYour client has issued a malformed or illegal request\.\n\n$| p/Boa httpd/ v/$1/ i/Prolink ADSL router/ d/broadband router/ cpe:/a:boa:boa:$1/ match iscsi m|^\x3f\x80\x04\0\0\0\x00\x30\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\xf7\0\0\0\0\0\0\0\0\0\0\0\0\0Z\0\0\x01\0\0\0\x016\x01\x2c\0\0\x08\0\x7f\xff\x7f\x08\0\0\0\x01\0\x20\0\x3a\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x004\xe6\0\0$| p/iSCSI/ match iscsi m|^\x3f\x80\x04\0\0\0\x00\x30\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x00\x00\0\0\0\0\0\0\0\0\0\0\0\0\0Z\0\0\x01\0\0\0\x016\x01\x2c\0\0\x08\0\x7f\xff\x7f\x08\0\0\0\x01\0\x20\0\x3a\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x004\xe6\0\0$| p/HP StorageWorks D2D backup system iSCSI/ d/storage-misc/ match palm-hotsync m|^\x01.\0\0\0\x14\x11\x01\0\0\0\0\0\0\0\x20\0\0\0\x06\x01\0..\0\0$|s p/Palm Pilot HotSync/ match oracle-tns m|^\0.\0\0[\x02\x04]\0\0\0.*TNSLSNR for ([-.+/ \w]{2,24}): Version ([-\d.]+) - Production|s p/Oracle TNS Listener/ v/$2/ i/for $1/ match dbsnmp m|^\0.\0\0\x02\0\0\0.*\(IAGENT = \(AGENT_VERSION = ([\d.]+)\)\(RPC_VERSION = ([\d.]+)\)\)|s p/Oracle Intelligent Agent/ v/$1/ i/RPC v$2/ match oracle m|^\0\x20\0\0\x02\0\0\0\x016\0\0\x08\0\x7f\xff\x01\0\0\0\0\x20|s p/Oracle Database/ cpe:/a:oracle:database_server/ match oracle m|^\+\0\0\0$| p/Oracle Database/ cpe:/a:oracle:database_server/ match oracle-tns m|^..\0\0\x04\0\0\0\"\0..\(DESCRIPTION=\(TMP=\)\(VSNNUM=\d+\)\(ERR=1189\)\(ERROR_STACK=\(ERROR=\(CODE=1189\)\(EMFI=4\)\)| p/Oracle TNS Listener/ match oracle-tns m|^..\0\0\x04\0\0\0\"\0..\(DESCRIPTION=\(ERR=12504\)\)\0| p/Oracle TNS listener/ softmatch oracle-tns m|^\0.\0\0[\x02\x04]\0\0\0|s p/Oracle TNS Listener/ match dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 \(CONNECT_DATA=\(COMMAND=version\)\)| p/Oracle DBSNMP/ match hp-radia m|^\xff\xff$| p/HP Radia configuration server/ match winbox m|^\(\x01\0&M2\x01\0\xff\x88\0\0\x02\0\xff\x88\x02\0\x02\0\0\0\0.\0\0\x0b\0\xff\x08\xff\xff\xff\xff\x07\0\xff\x08\x14\0\xfe\0| p/MikroTik WinBox/ cpe:/a:mikrotik:winbox/ ##############################NEXT PROBE############################## Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0| rarity 6 ports 177 match bacnet m|^\x81\n\0\t\x01\0`\x01\t$| p/BACnet building automation/ match xdmcp m|^\0\x01\0\x05..\0\0\0.(.+)\0.(.+)|s p/XDMCP/ i/willing; status: $2/ o/Unix/ h/$1/ match xdmcp m|^\0\x01\0\x06..\0.(.+)\0.(.+)|s p/XDMCP/ i/unwilling; status: $2/ o/Unix/ h/$1/ match tftp m|^\0\x05\0\x04Illegal TFTP operation\0| p/Windows 2003 Server Deployment Service/ o/Windows/ cpe:/o:microsoft:windows_server_2003/a match tftp m|^\0\x05\0\x01File not found\.\0$| p/Enistic zone controller tftpd/ ##############################NEXT PROBE############################## # AFS version probing Probe UDP AFSVersionRequest q|\0\0\x03\xe7\0\0\0\0\0\0\0\x65\0\0\0\0\0\0\0\0\x0d\x05\0\0\0\0\0\0\0\0\0\0| rarity 5 ports 7001 # OpenAFS match afs m|^[\d\D]{28}\s*OpenAFS\s+([\d\.]+)\s+([^\0]+)\0| p/OpenAFS/ v/$1/ i/$2/ cpe:/a:openafs:openafs:$1/ match afs m|^[\d\D]{28}\s*OpenAFS\s+stable\s+([\d\.]+)\s+([^\0]+)\0| p/OpenAFS/ v/$1/ i/$2 stable/ cpe:/a:openafs:openafs:$1/ match afs m|^[\d\D]{28}\s*OpenAFS([\d\.]{3}[^\s\0]*)\s+([^\0]+)\0| p/OpenAFS/ v/$1/ i/$2/ cpe:/a:openafs:openafs:$1/ match afs m|^[\d\D]{28}\s*OpenAFS([\d\.]{3}[^\s\0]*)\0| p/OpenAFS/ v/$1/ cpe:/a:openafs:openafs:$1/ # Transarc AFS match afs m|^[\d\D]{28}\s*Base\sconfiguration\safs([\d\.]+)\s+[^\s\0\;]+[\0\;]| p/Transarc AFS/ v/$1/ # Arla match afs m|^[\d\D]{28}\s*arla-([\d\.]+)\0| p/Arla/ v/$1/ # OpenSSL 0.9.8g: openssl s_server -dtls1 # Alert (21), DTLS 1.0 (0xfeff) match dtls m|^\x15\xfe\xff\0\0\0\0\0\0\0\0\0\x07\x02\x16\0\0\0\0\0$| p/OpenSSL DTLS 1.0/ cpe:/a:openssl:openssl/ match H.323-gatekeeper-discovery m|^\x04\x80\x03\xe7\0\x08\0D\0E\0U\0G\0K\0......$|s p/GNU Gatekeeper discovery/ cpe:/a:gnugk:gnu_gatekeeper/ match H.323-gatekeeper-discovery m|^\x04\x80\x03\xe7\0\x10\0D\0E\0U\0C\0O\0S\0R\0V\x003\0\n\x08\x01\x03\x06\xb7$| p/GNU Gatekeeper discovery/ v/2.3.2/ cpe:/a:gnugk:gnu_gatekeeper:2.3.2/ ### do not slow down the scan Probe TCP mydoom q|\x0d\x0d| rarity 9 ports 706,3127-3198 match mydoom m|\x04\x5b\0\0\0\0\0\0| p/MyDoom virus backdoor/ v/v012604/ match silc m|^\0\x13\0\x01\r\0\x08\0\x01S\x96Rz\xc2\x02\0\xff\0.............4$|s p/SILCd conferencing service/ Probe TCP WWWOFFLEctrlstat q|WWWOFFLE STATUS\r\n| rarity 9 ports 706,8081 match http-proxy-ctrl m|^WWWOFFLE Server Status\n-*\nVersion *: (\d.*)\n| p/WWWOFFLE proxy control/ v/$1/ match http-proxy-ctrl m|^WWWOFFLE Incorrect Password\n| p/WWWOFFLE proxy control/ i/Unauthorized/ match silc m|^\0\x13\0\x01\r\0\x08\0\x01S\x96Rz\xc2\x02\0\xff\0.............4$|s p/SILCd conferencing service/ ########################################################################################################## # Cross Match Verifier E TCP/IP fingerprint reader (http://www.crossmatch.com/products_singlescan_vE.html) # The device runs an embedded Linux # Probe TCP Verifier q|Subscribe\n| rarity 8 ports 1500 totalwaitms 11000 match crossmatchverifier m=^(?:Idle|Notify)\r\n$= p/Cross Match Verifier E fingerprint control/ match secure-socket m|^\0$| p/CA Secure Socket Adapter/ Probe TCP VerifierAdvanced q|Query\n| rarity 8 ports 1501 match crossmatchverifier m|^Settings\r\nGain\x20(\d+)\r\nContrast\x20(\d+)\r\nTime\x20(\d+)\r\nIllumination\x20(\d+)\r\nProcessed\r\n$| p/Cross Match Verifier E fingerprint advanced control/ i/Gain: $1; Contrast: $2; Time: $3; Illumination: $4/ ############ SOCKS PROBES ############ # These are some simple probes that query a SOCKS server as specified in the # following RFCs/documents: # # SOCKS4.Protocol - SOCKS Protocol Version 4 # RFC 1928 - SOCKS Protocol Version 5 # RFC 1929 - Username/Password Authentication for SOCKS V5 # RFC 1961 - GSS-API Authentication Method for SOCKS Version 5 # The following probe is designed to check the status of a SOCKS5 implementation. # # It attempts to create a TCP connection to google.com:80 assuming the SOCKS server # allows unauthenticated connections. The probe also tells the SOCKS server # that we support all major types of authentication so we can determine which # authentication method the server requires. # # We don't try to establish TCP port bindings on the SOCKS server and we don't # try UDP connections though these could easily be added to new probes. Probe TCP Socks5 q|\x05\x04\x00\x01\x02\x80\x05\x01\x00\x03\x0agoogle.com\x00\x50GET / HTTP/1.0\r\n\r\n| rarity 8 ports 199,1080,1090,1095,1100,1105,1109,3128,6588,6660-6669,7777,8000,8008,8010,8080,8088,9481 match caldav m|^HTTP/1\.1 503 Service Unavailable\r\nServer: DavMail Gateway ([\w._-]+)\r\nDAV: 1, calendar-access, calendar-schedule, calendarserver-private-events, addressbook\r\n.*Content-Length: 83\r\n\r\nInvalid header: google\.com\0PGET / HTTP/1\.0, HTTPS connection to an HTTP listener \? |s p/DavMail CalDAV http gateway/ v/$1/ d/proxy server/ # http://freenetproject.org/fcp.html match fcp m|^ProtocolError\nFatal=true\nCodeDescription=ClientHello must be first message\nCode=1\nEndMessage\n$| p/Freenet Client Protocol 2.0/ match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid requestHTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid request| p/uTorrent http admin/ v/3.0/ cpe:/a:utorrent:utorrent:3.0/ match http m|^HTTP/1\.0 500 Unexpected new line: \x05\x04\0\x01\x02\x3f\x05\x01\0\x03\[CRLF\]\.\r\nContent-Type: text/html\r\nContent-Length: 763\r\nConnection: Close\r\n\r\n\r\n \r\n \r\n Unexpected new line: \x05\x04\0\x01\x02\?\x05\x01\0\x03\[CRLF\]\.\r\n \r\n \r\n

          500 - Unexpected new line: \x05\x04\0\x01\x02\?\x05\x01\0\x03\[CRLF\]\.

          \r\n
          System\.InvalidOperationException: Unexpected new line: \x05\x04\0\x01\x02\?\x05\x01\0\x03\[CRLF\]\.\n  at fp\.bb \(Char A_0\) \[0x00000\] in :0 \n  at ha\.d \(\) \[0x00000\] in :0 \n  at ha\.b \(System\.Byte\[\] A_0, Int32 A_1, Int32 A_2\) \[0x00000\] in :0 \n| p/McMyAdmin Minecraft game admin console/ v/2.2.14/
          match http m|^HTTP/1\.0 500 Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\nContent-Type: text/html\r\nContent-Length: 769\r\nConnection: Close\r\n\r\n\r\n    \r\n        \r\n        Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\n    \r\n    \r\n        

          500 - Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.

          \r\n
          System\.InvalidOperationException: Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\n  at fp\.ba \(Char A_0\) \[0x00000\] in :0 \n| p/McMyAdmin Minecraft game admin console/ v/2.2.14/
          match http m|^HTTP/1\.0 500 Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\nContent-Type: text/html\r\nContent-Length: 769\r\nConnection: Close\r\n\r\n\r\n    \r\n        \r\n        Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\n    \r\n    \r\n        

          500 - Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.

          \r\n
          System\.InvalidOperationException: Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\n  at f8\.be \(Char A_0\) \[0x00000\] in :0 \n| p/McMyAdmin Minecraft game admin console/
          
          match http-proxy m|^\nError\n

          400 Can not find method and URI in request

          \r\nWhen trying to load smartcache://url-parse-error\.\n
          \r\nGenerated by smart\.cache \(Smart Cache ([\w._-]+)\)\r\n\r\n$| p/Smart Cache http-proxy/ v/$1/ match socks5 m|^\x05\0\x05\0\0\x01.{6}HTTP|s i/No authentication required; connection ok/ match socks5 m|^\x05\0\x05\x01| i/No authentication; general failure/ match socks5 m|^\x05\0\x05\x02| i/No authentication; connection not allowed by ruleset/ match socks5 m|^\x05\0\x05\x03| i/No authentication; network unreachable/ match socks5 m|^\x05\0\x05\x04| i/No authentication; host unreachable/ match socks5 m|^\x05\0\x05\x05| i/No authentication; connection refused by destination host/ match socks5 m|^\x05\0\x05\x06| i/No authentication; TTL expired/ match socks5 m|^\x05\0\x05\x07| i|No authentication; command not supported/protocol error| match socks5 m|^\x05\0\x05\x08| i/No authentication; address type not supported/ match socks5 m|^\x05\x01| i/GSSAPI authentication required/ match socks5 m|^\x05\x02| i|Username/password authentication required| match socks5 m|^\x05\xFF$| i/No acceptable authentication method/ # When server doesn't buffer our probe properly. Seen on XMPP socks servers like Apple iChat, PyMSN, jabberd match socks5 m|^\x05\0$| i/No authentication; connection failed/ softmatch socks5 m|^\x05| # The following probe is designed to check the status of a SOCKS4 implementation. # # It attempts to create a TCP connection to 127.0.0.1:22. We supply a username root # in the user id string field. We don't try to establish TCP port bindings on # the SOCKS server though this could easily be added to a new probe. Probe TCP Socks4 q|\x04\x01\x00\x16\x7f\x00\x00\x01root\x00| rarity 8 ports 199,1080,1090,1095,1100,1105,1109,3128,6588,6660-6669,8000,8008,8080,8088 match socks4 m|^\0\x5a| i/Connection ok/ match socks4 m|^\0\x5b| i/Connection rejected or failed; connections possibly ok/ match socks4 m|^\0\x5c| i/Connection failed; ident required/ match socks4 m|^\0\x5d| i/Connection failed; username required/ match shell m|^\0Access is denied\n$| p/Windows Services for Unix rsh/ o/Windows/ cpe:/a:microsoft:windows_services_for_unix/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe TCP OfficeScan q|GET /?CAVIT HTTP/1.1\r\n\r\n| rarity 9 ports 12345 match http m|^HTTP/1.0 \d\d\d .*\r\nServer: OfficeScan Client| p/Trend Micro OfficeScan Antivirus http config/ ##############################NEXT PROBE############################## Probe TCP ms-sql-s q|\x12\x01\x00\x34\x00\x00\x00\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x0c\x03\x00\x28\x00\x04\xff\x08\x00\x01\x55\x00\x00\x00\x4d\x53\x53\x51\x4c\x53\x65\x72\x76\x65\x72\x00\x48\x0f\x00\x00| rarity 8 ports 1433 match iscsi m|^\?\x80\x04\0\0\0\x000\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\x12\x01\x004\0\0\0\0\0\0\x15\0\x06\x01\0\x1b\0\x01\x02\0\x1c\0\x0c\x03\0\(\0\x04\xff\x08\0\x01U\0\0\0MSSQLServer\0$| p/iSCSI Target/ d/phone/ o/iOS/ cpe:/o:apple:iphone_os/ # Specific minor version lines. Check bytes 30–33: # \x0a \x32 \x06\x40 → 10.50.1600 match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x00\xc2| p/Microsoft SQL Server 2000/ v/8.00.194; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2000:gold/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x01\x37| p/Microsoft SQL Server 2000/ v/8.00.311; RTMa/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x01\x7e| p/Microsoft SQL Server 2000/ v/8.00.384; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x01\x80| p/Microsoft SQL Server 2000/ v/8.00.384; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\x14| p/Microsoft SQL Server 2000/ v/8.00.532; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\x16| p/Microsoft SQL Server 2000/ v/8.00.534; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\xf8| p/Microsoft SQL Server 2000/ v/8.00.760; SP3/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\xfe| p/Microsoft SQL Server 2000/ v/8.00.766; SP3a/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp3a/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x03\x32| p/Microsoft SQL Server 2000/ v/8.00.818; SP3+ MS03-031/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x07\xf7| p/Microsoft SQL Server 2000/ v/8.00.2039; SP4/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp4/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x08\x02| p/Microsoft SQL Server 2000/ v/8.00.2050; SP4+ MS08-040/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp4/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x08\x07| p/Microsoft SQL Server 2000/ v/8.00.2055; SP4+ MS09-004/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp4/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x05\x77| p/Microsoft SQL Server 2005/ v/9.00.1399; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2005:gold/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x05\x7e| p/Microsoft SQL Server 2005/ v/9.00.1406/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x07\xff| p/Microsoft SQL Server 2005/ v/9.00.2047; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x08\x7a| p/Microsoft SQL Server 2005/ v/9.00.2170; SP1+/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0b\xe2| p/Microsoft SQL Server 2005/ v/9.00.3042; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0b\xee| p/Microsoft SQL Server 2005/ v/9.00.3054; SP2+/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0b\xfc| p/Microsoft SQL Server 2005/ v/9.00.3068; SP2+ MS08-040/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0c\x01| p/Microsoft SQL Server 2005/ v/9.00.3073; SP2+ MS08-052/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0c\x05| p/Microsoft SQL Server 2005/ v/9.00.3077; SP2+ MS09-004/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0c\x08| p/Microsoft SQL Server 2005/ v/9.00.3080; SP2+ MS09-062/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0f\xc3| p/Microsoft SQL Server 2005/ v/9.00.4035; SP3/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0f\xd5| p/Microsoft SQL Server 2005/ v/9.00.4053; SP3+ MS09-062/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x10\x73| p/Microsoft SQL Server 2005/ v/9.00.4211; SP3+/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x13\x88| p/Microsoft SQL Server 2005/ v/9.00.5000; SP4/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp4/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x13\xcd| p/Microsoft SQL Server 2005/ v/9.00.5069; SP4+ MS12-070/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp4/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x04\x33| p/Microsoft SQL Server 2008/ v/10.00.1075; CTP/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x06\x40| p/Microsoft SQL Server 2008/ v/10.00.1600; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2008:gold/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x06\xfb| p/Microsoft SQL Server 2008/ v/10.00.1787; Cumulative Update 3/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x09\xe3| p/Microsoft SQL Server 2008/ v/10.00.2531; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x0a\xba| p/Microsoft SQL Server 2008/ v/10.00.2746; SP1+ Cumulative Update 5/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x0f\xa0| p/Microsoft SQL Server 2008/ v/10.00.4000; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x0f\xe0| p/Microsoft SQL Server 2008/ v/10.00.4064; SP2+ MS11-049/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x15\x7c| p/Microsoft SQL Server 2008/ v/10.00.5500; SP3/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x15\x88| p/Microsoft SQL Server 2008/ v/10.00.5512; SP3+ MS12-070/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x17\x70| p/Microsoft SQL Server 2008/ v/10.00.6000; SP4/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp4/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x06\x40| p/Microsoft SQL Server 2008 R2/ v/10.50.1600; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:gold/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x06\x51| p/Microsoft SQL Server 2008 R2/ v/10.50.1617; RTM+ MS11-049/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x09\xc4| p/Microsoft SQL Server 2008 R2/ v/10.50.2500; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x0f\xa0| p/Microsoft SQL Server 2008 R2/ v/10.50.4000; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x10\xb4| p/Microsoft SQL Server 2008 R2/ v/10.50.4276; SP2+ Cumulative Update 5/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x17\x70| p/Microsoft SQL Server 2008 R2/ v/10.50.6000; SP3/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp3/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00\x08\x34| p/Microsoft SQL Server 2012/ v/11.00.2100; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2012:gold/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00\x0b\xb8| p/Microsoft SQL Server 2012/ v/11.00.3000; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2012:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00\x0c\x38| p/Microsoft SQL Server 2012/ v/11.00.3128; SP1+/ o/Windows/ cpe:/a:microsoft:sql_server:2012:sp1/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00\x13\xc2| p/Microsoft SQL Server 2012/ v/11.00.5058; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2012:sp2/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0c\x00\x07\xd0| p/Microsoft SQL Server 2014/ v/12.00.2000/ o/Windows/ cpe:/a:microsoft:sql_server:2014/ cpe:/o:microsoft:windows/ #Major version match lines - in the event that minor versions do not match softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08| p/Microsoft SQL Server 2000/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/ softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09| p/Microsoft SQL Server 2005/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/ softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00| p/Microsoft SQL Server 2008/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/ softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32| p/Microsoft SQL Server 2008 R2/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2/ cpe:/o:microsoft:windows/ softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00| p/Microsoft SQL Server 2012/ o/Windows/ cpe:/a:microsoft:sql_server:2012/ cpe:/o:microsoft:windows/ softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0c\x00| p/Microsoft SQL Server 2014/ o/Windows/ cpe:/a:microsoft:sql_server:2014/ cpe:/o:microsoft:windows/ softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01| p/Microsoft SQL Server/ o/Windows/ cpe:/a:microsoft:sql_server/ cpe:/o:microsoft:windows/ match ms-sql-s m|^\x04\x01\x00\x2b\x00\x00\x00\x00\x00\x00\x1a\x00\x06\x01\x00\x20\x00\x01\x02\x00\x21\x00\x01\x03\x00\x22\x00\x00\x04\x00\x22\x00\x01\xff\x08\x00\x02\x10\x00\x00\x02\x00\x00| p/Dionaea honeypot MS-SQL server/ ##############################NEXT PROBE############################## # ActiveMQ's STOMP (Streaming Text Orientated Messaging Protocol) Probe TCP HELP4STOMP q|HELP\n\n\0| rarity 8 ports 6163,61613 match stomp m|^ERROR\nmessage:Unknown STOMP action:.+ org\.apache\.activemq\.|s p/Apache ActiveMQ/ cpe:/a:apache:activemq/ # The following line matches IPDS (IBM's Intelligent Printer Data Stream) on port 9600 # match ipds m|^%%\[ Error: syntaxerror; Offending Command:|s p/IPDS Service/ d/printer/ ##############################NEXT PROBE############################## # memcache, text mode protocol Probe TCP Memcache q|stats\r\n| rarity 8 ports 11211 match memcache m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/ cpe:/a:memcached:memcached:$3/ ##############################NEXT PROBE############################## # Beast Trojan v2 Probe TCP beast2 q|666| rarity 9 ports 666,6666 match backdoor m|^666(\d+)\xff(\d+)\xff(\d+)\xff$| p/Beast Trojan/ v/version 2/ i/**BACKDOOR**; No password; New server port: $1; New client ports: $2, $3/ o/Windows/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe TCP firebird q|\0\0\0\x01\0\0\0\x13\0\0\0\x02\0\0\0\x24\0\0\0\x0bservice_mgr\0\0\0\0\x02\0\0\0\x13\x01\x08scanner \x04\x05nmap \x06\0\0\0\0\0\x08\0\0\0\x01\0\0\0\x02\0\0\0\x03\0\0\0\x02\0\0\0\x0a\0\0\0\x01\0\0\0\x02\0\0\0\x03\0\0\0\x04| rarity 8 ports 3050 match firebird m|^\0\0\0\x03\0\0\0\x0a\0\0\0\x01| p/Firebird RDBMS/ v/Protocol version 10/ cpe:/a:firebirdsql:firebird/ softmatch firebird m|^\0\0\0\x03\0\0\0.\0\0\0.|s p/Firebird RDBMS/ cpe:/a:firebirdsql:firebird/ # Following 4 probes created by Tom Sellers: ##############################NEXT PROBE############################## Probe TCP ibm-db2-das q|\0\0\0\0DB2DAS \x01\x04\0\0\0\x10\x39\x7a\0\x01\0\0\0\0\0\0\0\0\0\0\x01\x0c\0\0\0\0\0\0\x0c\0\0\0\x0c\0\0\0\x04| rarity 8 ports 523,9090,50000 match ibm-db2 m|^\0\0\0\0DB2DAS\x20\x20\x20\x20\x20\x20.{28}\x9b\0\0\0\x0c\0\0\0Z\0\0\0\x10\0\0\0\x0c\0\0\0L\0\0\0\0\0\0\0\$\0\0\0\x0c\0\0\0O\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x10\0\0\0\x0c\0\0\0L\0\0\0\0\0\0\0\x19\0\0\0\x0c\0\0\0\x04\0\0\x04\xb8SQL0(\d)(\d\d)(\d+)|s p/IBM DB2 Database Server/ v/$1.$2.$3/ cpe:/a:ibm:db2:$1.$2.$3/ # 8001 = version, 0003 = EXCEPTION match thrift-binary m|^\x80\x01\0\x03\0\0\0\0B2DA\x0b\0\x01\0\0\0\0\x08\0\x02\0\0\0\x02\0| p/Apache Thrift TBinary/ ##############################NEXT PROBE############################## Probe TCP ibm-db2 q|\x01\xc2\0\0\0\x04\0\0\xb6\x01\0\0SQLDB2RA\0\x01\0\0\x04\x01\x01\0\x05\0\x1d\0\x88\0\0\0\x01\0\0\x80\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x08\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x01\0\0\x40\0\0\0\x40\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x02\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\0\0\0\0\x01\0\0\x40\0\0\0\0\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x04\0\0\0\x03\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x08\0\0\0\x01\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x10\0\0\0\x01\0\0\x80\0\0\0\x01\x10\0\0\0\x01\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x80\0\0\0\x01\x04\0\0\0\x03\0\0\x80\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\x01\x04\0\0\x01\0\0\x80\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\x40\0\0\0\x01\0\0\0\0\x01\0\0\x40\0\0\0\0\x20\x20\x20\x20\x20\x20\x20\x20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x7f| rarity 8 ports 523,50000-50025,60000-60025 match ibm-db2 m|(?<=.)DB2/([^\0]+)\0\0\0\0\0\0\0\0.{1,4}\0\0\0\0\0\0\0SQL0(\d)(\d\d)(\d+)|s p/IBM DB2 Database Server/ v/$2.$3.$4/ o/$1/ cpe:/a:ibm:db2:$2.$3.$4/ match ibm-db2 m|^\0\xa9\x10..\x01\0\0SQLDB2RA\x01\0\x05\0.{10,13}SQLCA|s p/IBM DB2 Database Server/ cpe:/a:ibm:db2/ ##############################NEXT PROBE############################## Probe TCP pervasive-relational q|Client string for PARC version 1 Wire Encryption version 1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| rarity 8 ports 1583,3351 match psql m|^\0{255}| p/Pervasive.SQL Server - Relational Engine/ match psql m|^\0Server string for PARC version 1 Wire Encryption version 1\0| p/Pervasive.SQL Server - Relational Engine/ i/encrypted/ ##############################NEXT PROBE############################## Probe TCP pervasive-btrieve q|\x3c\0\x4b\0\0\0\x20\0\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\x0a\x04\xa0\xbe\x53\x03\x55\x52\0\0\x3c\0\0\0\x05\0\0\0\0\0\0\0\0\0\x1a\0\x3c\0\0\0\0\0\x0a\0\0\0\0\0| ports 1583,3351 rarity 8 match psql-btrieve m|^A\0K\0\0\0....\0\0\0\0\0\0\xff\xff\xff\xff\0\0\n\x04\xa0|s p/Pervasive.SQL Server - Btrieve Engine/ # Following probe created by Patrik Karlsson: ##############################NEXT PROBE############################## Probe UDP ibm-db2-das-udp q|DB2GETADDR\0SQL08010\0| rarity 8 ports 523 match ibm-db2 m|^DB2RETADDR\0SQL0(\d)(\d\d)(\d+)\0([^\0]+)\0|s p/IBM DB2 Database Server/ v/$1.$2.$3/ i/Hostname: $4/ cpe:/a:ibm:db2:$1.$2.$3/ ##############################NEXT PROBE############################## # Apache JServe Protocol (ajp) v1.3 Ping request Probe TCP ajp q|\x12\x34\x00\x01\x0a| rarity 8 ports 8008,8009 # AJP 1.3 Ping response match ajp13 m|^\x41\x42\x00\x01\x09$| p/Apache Jserv/ i/Protocol v1.3/ ##############################NEXT PROBE############################## # DNS-based service discovery (DNS-SD). Asks for all services on the host. # http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt, section 9. Probe UDP DNS-SD q|\0\0\0\0\0\x01\0\0\0\0\0\0\x09_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01| rarity 4 ports 5353 match domain m|^\0\0\x80\x80\0\x01\0\0\0\r\0\x0b\t_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01| p/Desktop Authority named/ # mDNSResponder-176.3 # Avahi under Ubuntu match mdns m|^\0\0\x84\0\0\x01..\0\0\0\0\x09_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01|s p/DNS-based service discovery/ match hbn3 m|^\0\0\x84\0\0\0\0\x01\0\0\0\0.Lexmark (\w+)\x0c_host-config\x04_udp\x05local\0\0\x10\0\x01\0\0\0<\x01\x19.IPADDRESS [\d.]+.IPNETMASK [\d.]+.IPGATEWAY [\d.]+.IPNAME \"([\w._-]+)\"\x15MACLAA \"000000000000\"\x15MACUAA \"([0-9A-F]{12})\"|s p/Lexmark hbn3 (DNS-SD-like configuration)/ i/Lexmark $1 printer; MAC $3/ d/printer/ h/$2/ cpe:/h:lexmark:$1/a match isakmp m|^\0\0\0\0\0\x01\0\0\0\0\0\0\t_servic\x0b\x10\x05\0\0\0\0\0\0\0\0\(\0\0\0\x0c\0\0\0\x01\x01\0\0\x05| p/Openswan ISAKMP/ cpe:/a:openswan:openswan/ ##############################NEXT PROBE############################## # HP Printer Job Language, supported on most PostScript printers. # http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13208/bpl13208.pdf # http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13207/bpl13207.pdf Probe TCP hp-pjl q|\x1b%-12345X@PJL INFO ID\x0d\x0a\x1b%-12345X\x0d\x0a| ports 9100-9107 rarity 9 # Most printers respond with the printer version in quotes match hp-pjl m|^@PJL INFO ID\r?\n\"([^"]+)\"\r?\n| p/$1/ d/printer/ # Some respond without the quotes match hp-pjl m|^@PJL INFO ID ?\r?\n([\w\d _-]+)\r?\n| p/$1/ d/printer/ # Some respond with blank info match hp-pjl m|@PJL\x20INFO\x20ID\r?\n\r?\n| d/printer/ # COMMENTING THIS SOFTMATCH OUT. It is meant to stop causing a bunch # of extra printing of probes against PJL ports (those port numbers # are excluded by default anyway), but it caused problems described in # this thread: http://seclists.org/nmap-dev/2010/q2/753 # But it might be useful for people doing pjl testing specifically. # softmatch hp-pjl m|^| i/hp-pjl probe got something back/ ##############################NEXT PROBE############################## # Citrix MetaFrame application discovery service # http://sh0dan.org/oldfiles/hackingcitrix.html Probe UDP Citrix q|\x1e\0\x01\x30\x02\xfd\xa8\xe3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| rarity 5 ports 1604 # Citrix MetaFrame match icabrowser m|^\x30\0\x02\x31\x02\xfd\xa8\xe3\x02\0\x06\x44| p/Citrix MetaFrame/ cpe:/a:citrix:metaframe/ match ntp m|^\x1e\xc0\x010\x02\0\xa8\xe3\0\0\0\0$| p/Digium Switchvox PBX ntpd/ d/PBX/ ##############################NEXT PROBE############################## # Kerberos AS_REQ with realm NM, server name krbtgt/NM, missing client name. Probe UDP Kerberos q|\x6a\x81\x6e\x30\x81\x6b\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\x0a\xa4\x81\x5e\x30\x5c\xa0\x07\x03\x05\0\x50\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x17\x30\x15\xa0\x03\x02\x01\0\xa1\x0e\x30\x0c\x1b\x06krbtgt\x1b\x02NM\xa5\x11\x18\x0f19700101000000Z\xa7\x06\x02\x04\x1f\x1e\xb9\xd9\xa8\x17\x30\x15\x02\x01\x12\x02\x01\x11\x02\x01\x10\x02\x01\x17\x02\x01\x01\x02\x01\x03\x02\x01\x02| rarity 5 ports 88 # MIT 1.2.8 match kerberos-sec m=^~\x81[\x86-\x88]0\x81[\x83-\x85]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa2\x11\x18\x0f\d{14}Z\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01\x06\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\(\x1b&Client not found in Kerberos database\0$=s p/MIT Kerberos/ v/1.2/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:mit:kerberos:5-1.2/ # OS X 10.6.2; MIT 1.3.5, 1.6.3, 1.7. match kerberos-sec m=^~[\x6b-\x6d]0[\x69-\x6b]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa2\x11\x18\x0f\d{14}Z\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01\x06\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\x0e\x1b\x0cNULL_CLIENT\0$=s p/MIT Kerberos/ v/1.3 - 1.8/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:mit:kerberos:5-1/ # Heimdal 1.0.1-5ubuntu4 match kerberos-sec m=^~[\x60-\x62]0[\x5e-\x60]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01<\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\x16\x1b\x14No client in request$=s p/Heimdal Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:heimdal:kerberos/ match kerberos-sec m=^~[\x48-\x4a]0[\x46-\x48]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01D\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM$=s p/Windows 2003 Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ o/Windows/ cpe:/a:microsoft:kerberos/ cpe:/o:microsoft:windows_server_2003/a # DCE RPC Reject match msrpc m|^\x04\x06\x20\0\x10\0\0\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa4\x81\x5e0\x5c\xa0\x07\x03\x05\0\x50\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtg....|s p/Microsoft RPC/ o/Windows/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## # SqueezeCenter discovery Probe UDP SqueezeCenter q|eIPAD\0NAME\0JSON\0VERS\0UUID\0JVID\x06\x12\x34\x56\x78\x12\x34| rarity 8 ports 3483 match squeezecenter m|^ENAME.{1}(.+)JSON.{1}(\d+)VERS.{1}(.+)UUID.{1}(.+)$| p/Logitech SqueezeCenter music server/ v/$3/ i/Server Name: $1, JSON: $2, UUID: $4/ ##############################NEXT PROBE############################## # AFP - Request GetStatus Probe TCP afp q|\x00\x03\0\x01\0\0\0\0\0\0\0\x02\0\0\0\0\x0f\0| rarity 6 ports 548 # See other AFP matches in SSLSessionReq. # Netatalk 3.1.1 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x79.([^\0\x01]+)[\0\x01].*Netatalk([\w._-]+)\x06\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3\x06AFP3\.4|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.4/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ # Netatalk 2.2.2 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x59.([^\0\x01]+)[\0\x01].*Netatalk([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x5d.MyBookWorld[\0\x01].*Netatalk([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$1/ i/Western Digital MyBook World NAS device; name: MyBookWorld; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$1/ # Netatalk 2.2.1dev match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.([^\0\x01]+)[\0\x01].*Netatalk([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ # Netatalk 2.2.0 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x79.([^\0\x01]+)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ # Netatalk 2.2.1 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x79.([\w._-]+)[\0\x01].*Netatalk([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ # Netatalk 2.2.0 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.(FreeNAS)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/FreeNAS; name: $1; protocol 3.3/ o/FreeBSD/ cpe:/a:netatalk:netatalk:$2/ cpe:/o:freebsd:freebsd/ # Netatalk 2.2.1.1-0u match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x5d.([\w._-]+)[\0\x01].*Netatalk\0([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.([^\0\x01]+)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.(MyBookWorld)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$SUBST(2,"-",".")/ i/Western Digital MyBook World NAS device; name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$SUBST(2,"-",".")/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.([\w._-]+)[\0\x01].*Netatalk([\w._-]+)\x08\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$SUBST(2,"-",".")/ i/QNAP NAS TS-219P+; name: $1; protocol 3.3/ o/Linux/ cpe:/a:netatalk:netatalk:$SUBST(2,"-",".")/ cpe:/o:linux:linux_kernel:2.6/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x81\x7d\0\0.*Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x04\x04DHX2\tDHCAST128|s p/Netatalk/ i/protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7f.([^\0\x01]+)[\0\x01].*Netatalk\x04\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2|s p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/ # Netatalk 2.0.5 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7d.([^\0\x01]+)[\0\x01].*\x08Netatalk\x04\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2|s p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7d.([^\0\x01]+)[\0\x01].*\x08Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1|s p/Netatalk/ v/2/ i/name: $1; protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk:2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7d.([^\0\x01]+)[\0\x01].*\x08Netatalk\x07\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2| p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/ # Netatalk 2.0.4 # Netatalk 2.0.3 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x79.([^\0\x01]+)[\0\x01].*\x08Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1|s p/Netatalk/ v/2/ i/name: $1; protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk:2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x79.([^\0\x01]+)[\0\x01].*\x08Netatalk\x04\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2|s p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/ match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x59.([^\0\x01]+)[\0\x01].*\x08Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1|s p/Netatalk/ v/2/ i/name: $1; protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk:2/ # Netatalk 1.6.4 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x80\x7d.([^\0\x01]+)[\0\x01].*\x04unix\x04\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2|s p/Netatalk/ v/1.6/ i/name: $1; protocol 2.2/ o/Unix/ cpe:/a:netatalk:netatalk:1.6/ # Novell NetWare AFP match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\0\xbf.([^\0]+)\0.*\x16Novell NetWare ([0-9.]+)\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x02\x10[^\x16]+\x16|s p/Novell NetWare AFP/ v/$2/ i/name: $1; protocol 3.1/ o/NetWare/ cpe:/o:novell:netware/a # Novell Open Enterprise Server match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\0\xb7.([^\0]+)\0.*\x1fNovell\x20Open\x20Enterprise\x20Server\x202|s p/Novell Open Enterprise Server/ v/2/ i/name: $1/ o/Linux/ cpe:/a:novell:open_enterprise_server:2/ cpe:/o:linux:linux_kernel/a # Windows NT or Windows 2000 match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x80\x7f.([^\0\x01]+)[\0\x01].*\x0aWindows NT\x03\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x03\x10ClearTxt Passwrd\x0eMicrosoft V1\.0\x05MS2\.0|s i/name: $1; protocol 2.1/ o/Windows/ cpe:/o:microsoft:windows/ # Seems to repeat the length in the first reserved field. match afp m|^\x01\x03\0\x01\0\0\0\0................\x03\xff.([^\0\x01]+)[\0\x01].*Windows Version: 5\.0 \(2\) build 2195 Service Pack (\d+) (\d+)-bit \(ExtremeZ-IP ([\w._-]+)x05\)\x03\x06AFP3\.2\x06AFP3\.1\x06AFP2\.2.*afpserver/([\w._@-]+)\0|s p/ExtremeZ-IP AFP/ v/$4/ i/name: $1; afpserver: $5; protocol 3.2; $3-bit/ o/Windows 2000 SP$2/ cpe:/o:microsoft:windows_2000:sp$2/ match afp m|^\x01\x03\0\x01\0\0\0\0................\x03\xff.([^\0\x01]+)[\0\x01].*Windows Version: 5\.1 \(2\) build 2600 Service Pack (\d+) (\d+)-bit \(ExtremeZ-IP ([\w._-]+)x10\)\x02\x06AFP2\.2\x06AFP3\.1.*afpserver/([\w._@-]+)\0|s p/ExtremeZ-IP AFP/ v/$4/ i/name: $1; afpserver: $5; protocol 3.1; $3-bit/ o/Windows XP SP$2/ cpe:/o:microsoft:windows_xp:sp$2/ softmatch afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0.*AFP|s match lsf-mbd m|^\0\"\0\0\x17\0\0\0\0\0\0\0\0\0\0\0| p/Platform Load Sharing Facility MBD/ cpe:/a:platform:load_sharing_facility/ ##############################NEXT PROBE############################## # Quake1 server info Probe UDP Quake1_server_info q|\x80\x00\x00\x0c\x02\x51\x55\x41\x4b\x45\x00\x03| rarity 9 ports 26000-26004 match quake m|^\x80\x00..\x83([^\x00]*)\x00([^\x00]*)\x00| p/Quake 1 server/ i/address: $1, name: $2/ ##############################NEXT PROBE############################## # Quake2 status Probe UDP Quake2_status q|\xff\xff\xff\xffstatus| rarity 8 ports 27910-27914 match quake2 m|^\xff\xff\xff\xffprint\n.*\\version\\([^\\]* Linux)(?=\\).*\\gamename\\data1(?=\\)| p/Alien Arena game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a ##############################NEXT PROBE############################## # Quake3 getstatus Probe UDP Quake3_getstatus q|\xff\xff\xff\xffgetstatus| rarity 8 ports 26000-26004,27960-27964,30720-30724,44400 match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\gamename\\Nexuiz(?=\\).*\\gameversion\\([^\\]*)(?=\\)| p/Nexuiz game server/ v/$1/ match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* linux-[^\\]*)(?=\\).*\\gamename\\baseoa(?=\\)| p/OpenArena game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* freebsd-[^\\]*)(?=\\).*\\gamename\\baseoa(?=\\)| p/OpenArena game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\tremulous ([^\\]* linux-[^\\]*)(?=\\)| p/Tremulous game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\tremulous ([^\\]* freebsd-[^\\]*)(?=\\)| p/Tremulous game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* linux-[^\\]*)(?=\\).*\\gamename\\q3ut4(?=\\)| p/Urban Terror game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* freebsd-[^\\]*)(?=\\).*\\gamename\\q3ut4(?=\\)| p/Urban Terror game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* Linux)(?=\\).*\\gamename\\Warsow(?=\\)| p/Warsow game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* linux-[^\\]*)(?=\\)| p/World of Padman game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* freebsd-[^\\]*)(?=\\)| p/World of Padman game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a ##############################NEXT PROBE############################## # Quake 3 and other games # http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?view=markup # Protocol 68 is a specific revision of Quake 3, but the server should respond # with an empty server list even if it doesn't know that game. Probe UDP Quake3_master_getservers q|\xff\xff\xff\xffgetservers 68 empty full| rarity 9 ports 27950,30710 match quake3-master m|^\xff\xff\xff\xffgetserversResponse| ##############################NEXT PROBE############################## # SqueezeCenter CLI # http://wiki.slimdevices.com/index.php/CLI Probe TCP SqueezeCenter_CLI q|serverstatus\r\n| rarity 8 ports 9090 match squeezecli m|^serverstatus.*version%3A([\.\d]+) uuid%3A([-\w]+) info%20total%20albums%3A\d+ info%20total%20artists%3A\d+ info%20total%20genres%3A\d+ info%20total%20songs%3A(\d+) player%20count%3A\d+ sn%20player%20count%3A\d+ other%20player%20count%3A\d+\r\n|s p/SqueezeCenter CLI/ v/$1/ i/UUID: $2, Total songs: $3/ ##############################NEXT PROBE############################## # Arucer backdoor # http://www.kb.cert.org/vuls/id/154421 # The probe is the UUID for the 'YES' command, which is basically a ping command, encoded by XORing with 0xE5 (the original string is "E2AC5089-3820-43fe-8A4D-A7028FAD8C28"). The response is the string 'YES', encoded the same way. Probe TCP Arucer q|\xC2\xE5\xE5\xE5\x9E\xA0\xD7\xA4\xA6\xD0\xD5\xDD\xDC\xC8\xD6\xDD\xD7\xD5\xC8\xD1\xD6\x83\x80\xC8\xDD\xA4\xD1\xA1\xC8\xA4\xD2\xD5\xD7\xDD\xA3\xA4\xA1\xDD\xA6\xD7\xDD\x98\xE5| rarity 8 ports 7777 match arucer m|^\xbc\xa0\xb6$| p/Arucer backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## # Mac OS X Server serialnumberd; checks for other servers with the same serial # number on the local network. AAAAAA is a dummy value. Probe UDP serialnumberd q|SNQUERY: 127.0.0.1:AAAAAA:xsvr| rarity 8 ports 626 match serialnumber m|^SNRESPS:127\.0\.0\.1:(0x[0-9A-F]{40}):xsvr:(0x[0-9A-F]{40}):(0x[0-9a-f]{8}):(0x[0-9A-F]{40}):127\.0\.0\.1\0$| p/Mac OS X Server serialnumberd/ i/numbers: $1 $2 $3 $4/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match serialnumber m|^SNRESPS:([\w._-]+):(0x[0-9A-F]{40}):xsvr:(0x[0-9A-F]{40}):(0x[0-9a-f]{8}):(0x[0-9A-F]{40}):[\w._-]+\0$| p/Mac OS X Server serialnumberd/ i/numbers: $2 $3 $4 $5/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a ##############################NEXT PROBE############################## # Lotus Domino Console # Probe TCP dominoconsole q|\#ST\n| rarity 8 sslports 2050 match dominoconsole m|^([^/]+)/([\w._-]+):([^:]*):([^:]*):| p/Lotus Domino Console/ i/domain: $1; description: "$4"/ o/$3/ h/$2/ cpe:/a:ibm:lotus_domino/ ##############################NEXT PROBE############################## # Informix probe # Probe TCP informix q|\0\x94\x01\x3c\0\0\0\x64\0\x65\0\0\0\x3d\0\x06IEEEM\0\0lsqlexec\0\0\0\0\0\0\x069.280\0\0\x0cRDS\#R000000\0\0\x05sqli\0\0\0\x01\x33\0\0\0\0\0\0\0\0\0\x01\0\x05nmap\0\0\x05nmap\0ol\0\0\0\0\0\0\0\0\0=tlitcp\0\0\0\0\0\x01\0\x68\0\x0b\0\0\0\x03\0\x05nmap\0\0\0\0\0\0\0\0\0\0\0\0\x6a\0\0\0\x7f| rarity 8 ports 1526,9088-9100 match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([A-Z]\:[^/]*)\0\0t\0\x08\x01Y\0\x06\x01Y\0\0\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ o/Windows/ h/$1/ cpe:/a:ibm:informix_dynamic_server:11.50/ cpe:/o:microsoft:windows/a match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([^\\]*)\0\0t\0\x08\0\0\x03\xe9\0\0\x03\xe9\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ h/$1/ cpe:/a:ibm:informix_dynamic_server:11.50/ ##############################NEXT PROBE############################## # The DRDA protocol is used by both Informix and DB2 # Probe TCP drda q|\0\x32\xd0\x01\0\x01\0\x2c\x10\x41\0\x04\x11\x5e\0\x04\x11\x6d\0\x04\x11\x5a\0\x18\x14\x04\x14\x03\x00\x07\x24\x07\0\x08\x24\x0f\x00\x08\x14\x40\0\x08\x14\x74\0\x08\0\x04\x11\x47| rarity 8 ports 50000,60000,1526,1527,9088-9100 softmatch drda m|^\0.......\x14\x43..\x11\x5e.*\x11\x47| ##############################NEXT PROBE############################## # MQ Initial Packet Queue-manager=nmap-probe; channel=SYSTEM.ADMIN.SRVCONN # Probe TCP ibm-mqseries q|TSH\x20\x00\x00\x00\xEC\x01\x01\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x04\xB8\x00\x00\x49\x44\x20\x20\x0A\x26\x00\x00\x00\x00\x00\x00\x00\x00\x7F\xF6\x06\x40\x00\x00\x00\x00\x00\x00SYSTEM\.ADMIN\.SVRCONN\x51\x00\x04\xB8nmap-probe\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x00\x00\x00\x01\x00\x6A\x00\x00\x00\xFF\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02MQJB00000000CANNED_DATA\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20| rarity 8 ports 1414-1420 match ibm-mqseries m|^TSH\x20\0\0\0\xec\x02\x01\x02\0\0\0\0\0\0\0\0\0\x11\x01\x00\x00..\0\0ID\x20\x20\x08&\0\x98\0\0\0\0\xf6\x7f\x00\x00\0\x00\x40\0\0\0\0\0([^\s]*)\s*\x2c\x01\0\0\0\0\0\0\0\xff\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02MQJB00000000CANNED_DATA\s*$|s p/IBM WebSphere MQ/ v/6.0/ i/channel: $1/ cpe:/a:ibm:websphere_mq:6.0/ match ibm-mqseries m|^TSH\x20\0\0\0\xec\x02\x01\x02\0\0\0\0\0\0\0\0\0\x11\x01\x00\x00..\0\0ID\x20\x20\x0a&\0\x90\0\0\0\0\xf6\x7f\x00\x00\0\x00\x40\0\0\0\0\0([^\s]*)\s*\x51\x00\xb5\x01([^\s]*)\s*\x2c\x01\0\0\0\0\0\0\0\xff\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\0\0\0\0\0\n\0\0\0\0\0\0\0..\0\0.\0\0\0.\0\0\0[^\s]*\s*$|s p/IBM WebSphere MQ/ v/7.0/ i/queue manager: $2, channel: $1/ cpe:/a:ibm:websphere_mq:7.0/ match ibm-mqseries m|^TSH\x20\0\0\0\xec\x01\x01\x02\0\0\0\0\0\0\0\0\0\x00\x00\x01\x11..\0\0ID\x20\x20\x0a&\0\x90\0\0\0\0\x00\x00\x7f\xf6\0\x40\x00\0\0\0\0\0([^\s]*)\s*\x00\x00\x01\x2c\0\0\0\0\0\xff\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\n\0\0\0\0\0.*MQMM07000107JJ\.PRD\.(QM02_\d\d\d\d-\d\d-\d\d_\d+\.\d+\.\d+)\s*$|s p/IBM WebSphere MQ/ v/7.0/ i/channel: $1; $2/ cpe:/a:ibm:websphere_mq:7.0/ match ibm-mqseries m|^TSH\x20\0\0\0\$\x01\x05\n\0\0\0\0\0\0\0\0\0\0\0\x02\"\x04\xb8\0\0\0\0\0\x08\0\0\0\x01$| p/IBM WebSphere MQ/ v/7.0.1/ cpe:/a:ibm:websphere_mq:7.0.1/ softmatch ibm-mqseries m|^TSH\x20\0\0\0| p/IBM WebSphere MQ/ cpe:/a:ibm:websphere_mq/ ##############################NEXT PROBE############################## # Queries iPhoto for the /server-info url containing the shared library name # Probe TCP apple-iphoto q|GET /server-info HTTP/1.1\r\nClient-DPAP-Version: 1\.1\r\nUser-Agent: iPhoto/9.1.1 (Macintosh; N; PPC)\r\n\r\n| rarity 8 ports 8770 match apple-iphoto m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nDPAP-Server: iPhoto/(.*)\r\nContent-Type: application/x-dmap-tagged\r\nContent-Length: \d+\r\n\r\nmsrv\0\0\0\x83mstt\0\0\0\x04\0\0\0\xc8mpro\0\0\0\x04\0\x02\0\0ppro\0\0\0\x04\0\x01\0\x01minm\0\0\0.(.*)mslr\0\0\0\x01\0mstm\0\0\0\x04\0\0\x07\x08msal\0\0\0\x01\0msau\0\0\0\x01\x02msas\0\0\0\x01\x03msix\0\0\0\x01\0msdc\0\0\0\x04\0\0\0\x01$| p/Apple iPhoto/ v/$1/ i/Library name: $2/ cpe:/a:apple:iphoto:$1/ ##############################NEXT PROBE############################## # Zend Java Bridge, vulnerable control port, see # # GetClassName called on an empty string. Probe TCP ZendJavaBridge q|\0\0\0\x1f\0\0\0\0\0\0\0\x0cGetClassName\0\0\0\x02\x04\0\0\0\0\x01\0| rarity 9 ports 5000,5001,5002,10001 match sybase-adaptive m|^\x04\x01\0\x28\0\0\0\0\xaa\x14\0\xa2\x0f\0\0\x01\x0eLogin failed\.\n\xfd\x02\0\x02\0\0\0\0\0$| p/Sybase Adaptive Server/ o/Windows/ cpe:/a:sybase:adaptive_server/ cpe:/o:microsoft:windows/a match sybase-monitor m|^\x04\x01\0\x1a\0\0\0\0\xaa\x01\x0eLogin failed\.\n\xfd$| p/Sybase Monitor Server/ o/Windows/ cpe:/a:sybase:monitor_server/ cpe:/o:microsoft:windows/a match zend-java-bridge m|^\0\0\0\x15\x04\0\0\0\x10java\.lang\.String$| ##############################NEXT PROBE############################## # BackOrifice PING message, no password. The probe is the encryption of # "*!*QWTY?\x13\0\0\0\0\0\0\0\x01\0\0". Servers with a password set will # not reply. # http://web.cip.com.br/flaviovs/boproto.html Probe UDP BackOrifice q|\xCE\x63\xD1\xD2\x16\xE7\x13\xCF\x38\xA5\xA5\x86\xB2\x75\x4B\x99\xAA\x32\x58| ports 31337 rarity 9 # Encryption of "*!*QWTY?........\x01 !PONG!1.20!". match BackOrifice m|^\xCE\x63\xD1\xD2\x16\xE7\x13\xCF........\x01\x12\x78\xC4\xE3\xD6\xA6\x65\x51\x75\x51\xEB\x2A\x3F|s p/BackOrifice trojan/ v/1.20/ i/no password/ o/Windows/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe TCP gkrellm q|gkrellm 0.0.0| rarity 9 ports 19150 match gkrellm m|^\n\ngkrellmd ([\w._-]+)\n| p/GKrellM System Monitor/ v/$1/ ##############################NEXT PROBE############################## Probe TCP vmware-esx q|00000001-00000001<_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance| sslports 443 rarity 9 ##############################NEXT PROBE############################## Probe TCP metasploit-xmlrpc q|nmap.probe\n\0| ports 9390,55553 sslports 55553 rarity 9 match metasploit-xmlrpc m|<\?xml\x20version=\"1\.0\"\x20\?>faultCode-99faultStringMethod\x20nmap\.probe\x20missing\x20or\x20wrong\x20number\x20of\x20parameters!\n\0| match omp m|^| p/OpenVAS Management Protocol/ cpe:/a:openvas:openvas_manager/ ##############################NEXT PROBE############################## # MongoDB probe, this is a status request # See http://www.mongodb.org/display/DOCS/Mongo+Wire+Protocol for more details Probe TCP mongodb q|\x41\0\0\0\x3a\x30\0\0\xff\xff\xff\xff\xd4\x07\0\0\0\0\0\0test.$cmd\0\0\0\0\0\xff\xff\xff\xff\x1b\0\0\0\x01serverStatus\0\0\0\0\0\0\0\xf0\x3f\0| rarity 8 ports 27017 match mongodb m|^.*version.....([\.\d]+)|s p/MongoDB/ v/$1/ cpe:/a:mongodb:mongodb:$1/ match mongodb m|^\xcb\0\0\0....:0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\xa7\0\0\0\x01uptime\0\0\0\0\0\0 `@\x03globalLock\09\0\0\0\x01totalTime\0\0\0\0\x7c\xf0\x9a\x9eA\x01lockTime\0\0\0\0\0\0\xac\x9e@\x01ratio\0!\xc6\$G\xeb\x08\xf0>\0\x03mem\0<\0\0\0\x10resident\0\x03\0\0\0\x10virtual\0\xa2\0\0\0\x08supported\0\x01\x12mapped\0\0\0\0\0\0\0\0\0\0\x01ok\0\0\0\0\0\0\0\xf0\?\0$|s p/MongoDB/ cpe:/a:mongodb:mongodb/ ##############################NEXT PROBE############################## # Sybase SQL Anywhere Ping Probe Probe UDP sybaseanywhere q|\x1b\0\0\x3d\0\0\0\0\x12CONNECTIONLESS_TDS\0\0\0\x01\0\0\x04\0\x05\0\x05\0\0\x01\x02\0\0\x03\x01\x01\x04\x08\0\0\0\0\0\0\0\0\x07\x02\x04\xb1| rarity 7 ports 2638 match sybaseanywhere m|^\x1b\0\0.\0\0\0\0\x12CONNECTIONLESS_TDS\0\0\0\x01\x01\0\x04\0\x05\0\x05\0.(.*)\0\x01\x02..\x03\x01\x02\x04\x08\0\0\0\0\0\0\0\0\x07\x02\x04\xb1|s p/Sybase SQL Anywhere/ i/Instance name: $1/ cpe:/a:sybase:sql_anywhere/ ##############################NEXT PROBE############################## # Vuze DHT PING probe # See http://wiki.vuze.com/w/Distributed_hash_table#PING Probe UDP vuze-dht q|\xff\xf0\x97\x0d\x2e\x60\xd1\x6f\0\0\x04\0\0\x55\xab\xec\x32\0\0\0\0\0\x32\x04\x0a\0\xc8\x75\xf8\x16\0\x5c\xb9\x65\0\0\0\0\x4e\xd1\xf5\x28| rarity 8 ports 17555,49152-49156 match vuze-dht m|^\0\0\x04\x01\0U\xab\xec\xff\xf0\x97\r\.`\xd1o..........|s p/Vuze/ cpe:/a:azureus:vuze/ ##############################NEXT PROBE############################## # PC-Anywhere probe Probe UDP pc-anywhere q|NQ| rarity 8 ports 5632 match pc-anywhere m|^NR([^_]*)_*AHM_3___\0$|s p/Symantec pcAnywhere/ i/Servername: $1/ cpe:/a:symantec:pcanywhere/ ##############################NEXT PROBE############################## # PC-DUO host probe Probe UDP pc-duo q|\0\x80\x80\x08\xff\0| rarity 8 ports 1505 match pc-duo m|^.........(.*)\0|s p/Vector PC-Duo/ i/Servername: $1/ ##############################NEXT PROBE############################## # PC-DUO Gateway probe Probe UDP pc-duo-gw q|\x20\x90\x80\x08\xff\0| rarity 8 ports 2303 match pc-duo-gw m|^.........(.*)\0|s p/Vector PC-Duo Gateway Server/ i/Servername: $1/ ##############################NEXT PROBE############################## # Redis key-value store Probe TCP redis-server q|\*1\r\n\$4\r\ninfo\r\n| rarity 8 ports 6379 match redis m|-ERR operation not permitted\r\n|s p/Redis key-value store/ match redis m|^\$\d+\r\nredis_version:([.\d]+)\r\n|s p/Redis key-value store/ v/$1/ ##############################NEXT PROBE############################## # Memcached distributed memory object caching system Probe TCP memcached q|stats\r\n| rarity 8 ports 11211 match memcached m|^STAT pid \d+\r\nSTAT uptime \d+\r\nSTAT time \d+\r\nSTAT version ([.\d]+)\r\n|s p/Memcached/ v/$1/ cpe:/a:memcached:memcached:$1/ ##############################NEXT PROBE############################## # Memcached distributed memory object caching system Probe UDP memcached q|\0\x01\0\0\0\x01\0\0stats\r\n| rarity 8 ports 11211 match memcached m|^\0\x01\0\0\0\x01\0\0STAT pid \d+\r\nSTAT uptime \d+\r\nSTAT time \d+\r\nSTAT version ([.\d]+)\r\n|s p/Memcached/ v/$1/ cpe:/a:memcached:memcached:$1/ ##############################NEXT PROBE############################## # Sends a ServerInfo PBC request to the Basho Riak distributed database Probe TCP riak-pbc q|\0\0\0\x01\x07| rarity 8 ports 8087 match riak-pbc m|^....\x08..(riak@[\w._-]+)..([\w._-]+)$|s p/Basho Riak/ v/$2/ h/$1/ ##############################NEXT PROBE############################## # Sends a ServerInfo PBC request to the Basho Riak distributed database Probe TCP tarantool q|show info\r\n| rarity 8 ports 33015 match tarantool m|---\r\ninfo:\r\n version: \"([^\"]*)\"\r\n uptime: (\d*)\r\n pid: (\d*)\r\n (?:[._\w\s]*: .*\r\n)* config: \"([^\"]*)\"| p/Tarantool/ v/$1/ i/Uptime: $2, PID: $3, Config: $4/ ##############################NEXT PROBE############################## # Sends a stats request to a Couchbase Membase server Probe TCP couchbase-data q|\x80\x10\0\0\0\0\0\0\0\0\0\0\x15\xf0\xd1\x62\0\0\0\0\0\0\0\0| rarity 8 ports 11210 match couchbase-tap m|^\x81\x10..\0\0\0\0\0\0\0.....\0\0\0\0\0\0\0\0ep_version([._\w]+).*ep_dbname([_\\\/\w\s:]+)|s p/Couchbase Membase/ v/$1/ i/DB name: $2/ match couchbase-tap m|^\x81\x10..\0\0\0\0\0\0\0.....\0\0\0\0\0\0\0\0ep_version([._\w]+)|s p/Couchbase Membase/ v/$1/ ##############################NEXT PROBE############################## # Sends a Get all registered names probe to the EPMD daemon Probe TCP epmd q|\0\x01\x6e| rarity 8 ports 4369 match epmd m|^\0\0\x11\x11| p/Erlang Port Mapper Daemon/ ##############################NEXT PROBE############################## # Voldemort Native Protocol Version 3 connect probe Probe TCP vp3 q|vp3| rarity 8 ports 6666 match vp3 m|^ok$| p/Voldemort/ ##############################NEXT PROBE############################## # Kumofs kumo-server version probe Probe TCP kumo-server q|\x94\0\xcd\xef\xd1\x61\x91\x03| ports 19800,19700 match kumo-server m|^\x94\x01\xcd\xef\xd1\xc0\xda\0.([^\s]+)|s p/Kumofs/ v/$1/ match kumo-manager m|^\x94\x01\xcd\xef\xd1\x05\xc0$| p/Kumofs/ ##############################NEXT PROBE############################## # Metasploit msgpack-based RPC. https://community.rapid7.com/docs/DOC-1516 Probe TCP metasploit-msgrpc q|GET /api HTTP/1.0\r\n\r\n| rarity 9 # http://seclists.org/nmap-dev/2012/q2/971 ports 50505,55552 sslports 3790 match metasploit-msgrpc m|^HTTP/1\.1 200 OK\r\nContent-Type: binary/message-pack\r\nConnection: close\r\nServer: Rex\r\nContent-Length: 1084\r\n\r\n\x85\xa5error\xc3\xaberror_class\xadArgumentError\xacerror_string\xbdInvalid Request Verb: '\"GET\"'\xaferror_backtrace\xdc\x00\x12\xda\x000lib/msf/core/rpc/v10/service\.rb:107:in `process'\xda\x006lib/msf/core/rpc/v10/service\.rb:88:in `on_request_uri'\xda\x006lib/msf/core/rpc/v10/service\.rb:70:in `block in start'\xda\x00/lib/rex/proto/http/handler/proc\.rb:37:in `call'\xda\x005lib/rex/proto/http/handler/proc\.rb:37:in `on_request'\xda\x00| p/Metasploit Remote API/ v/4.4.0-dev/ ##############################NEXT PROBE############################## # svrloc Probe UDP svrloc q|\x02\x01\x00\x006 \x00\x00\x00\x00\x00\x01\x00\x02en\x00\x00\x00\x15service:service-agent\x00\x07default\x00\x00\x00\x00| rarity 8 ports 427 match svrloc m|^\x02\x0b| p/Service Location Protocol/ v/2/ ##############################NEXT PROBE############################## # Hazelcast In-Memory Data Grid >= 1.9-RC http://www.hazelcast.com/ # http://seclists.org/nmap-dev/2013/q2/7 Probe TCP hazelcast-http q|GET /hazelcast/rest/cluster HTTP/1.0\r\n\r\n\r\n| rarity 9 ports 5701-5709 # Sample: # |HTTP/1\.1 200 OK\r\nContent-Length: 114\r\n\r\nCluster \[2\] {\n\tMember \[127\.0\.0\.1\]:5701 this\n\tMember \[127\.0\.0\.1\]:5702\n}\n\nConnectionCount: 1\nAllConnectionCount: 95\n\r\n| match hazelcast m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\n\r\nCluster \[\d+\] {\n\tMember (.*?)}\n\nConnectionCount: (\d+)\nAllConnectionCount: (\d+)\n\r\n$|s p/Hazelcast/ i/ConnectionCount $2; AllConnectionCount $3; $SUBST(1,"\n\tMember",",")/ cpe:/a:hazelcast:hazelcast/ ##############################NEXT PROBE############################## # Minecraft Server List Ping http://mc.kev009.com/Server_List_Ping Probe TCP minecraft-ping q|\xFE\x01| rarity 8 ports 25565 # Fields are Protocol version, Software version, motd, current player count, max players match minecraft m|^\xff\x00.\x00\xa7\x00\x31\x00\x00(.+?)\x00\x00(.+?)\x00\x00(.+?)\x00\x00(.+?)\x00\x00(.+)|s p/Minecraft/ v/$P(2)/ i|Protocol: $P(1), Message: $P(3), Users: $P(4)/$P(5)| ##############################NEXT PROBE############################## # Sends a distribution handshake to an Erlang Distribution Node. # send_name request of protocol version 0, with only capability flags # DFLAG_EXTENDED_REFERENCES and DFLAG_EXTENDED_PIDS_PORTS, and with a node name # of "nm@p" # http://erlang.org/doc/apps/erts/erl_dist_protocol.html#id90729 # http://seclists.org/nmap-dev/2013/q1/360 Probe TCP erlang-node q|\0\x0bn\0\0\0\0\x01\x04nm@p| rarity 9 match erlang-node m|^\0\x03sok\0.n\0\0.{8}(.+).|s p/Erlang Distribution Node/ i/Node name: $1/ match erlang-node m|^\0[^\x03]s(.+)|s p/Erlang Distribution Node/ i/Status: $1/ ##############################NEXT PROBE############################## # UDP ping. "abcdefgh" is an identifier. See # http://mumble.sourceforge.net/Protocol. # http://seclists.org/nmap-dev/2013/q2/413 Probe UDP Murmur q|\0\0\0\0abcdefgh| rarity 9 ports 64738 match murmur m|^\0...abcdefgh............$|s p/Murmur/ v/1.2.X/ ##############################NEXT PROBE############################## # Ventrilo 2.1.2+ # UDP general status request (encrypted). # See http://aluigi.altervista.org/papers.htm#ventrilo # http://seclists.org/nmap-dev/2013/q2/413 Probe UDP Ventrilo q|\x01\xe7\xe5\x75\x31\xa3\x17\x0b\x21\xcf\xbf\x2b\x99\x4e\xdd\x19\xac\xde\x08\x5f\x8b\x24\x0a\x11\x19\xb6\x73\x6f\xad\x28\x13\xd2\x0a\xb9\x12\x75| rarity 9 ports 3784 match ventrilo m|^.{111}|s p/Ventrilo/ v/2.1.2+/ ##############################NEXT PROBE############################## # TeamSpeak 2 TCPQuery "ver" command. # http://seclists.org/nmap-dev/2013/q2/413 Probe TCP teamspeak-tcpquery-ver q|ver\r\n| rarity 9 ports 51234 match teamspeak-tcpquery m|^\[TS\]\r\n([\w._-]+) Win32 ([\w._-]+)\r\nOK\r\n$| p/TeamSpeak 2 TCPQuery/ v/$1/ i/$2/ o/Windows/ cpe:/a:teamspeak:teamspeak2:$1/ cpe:/o:microsoft:windows/a match teamspeak-tcpquery m|^\[TS\]\r\n([\w._-]+) Linux ([\w._-]+)\r\nOK\r\n$| p/TeamSpeak 2 TCPQuery/ v/$1/ i/$2/ o/Linux/ cpe:/a:teamspeak:teamspeak2:$1/ cpe:/o:linux:linux_kernel/a ##############################NEXT PROBE############################## # Login request. # See http://wiki.wireshark.org/TeamSpeak2 # http://seclists.org/nmap-dev/2013/q2/413 Probe UDP TeamSpeak2 q|\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x32\x78\xba\x85\x09\x54\x65\x61\x6d\x53\x70\x65\x61\x6b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x57\x69\x6e\x64\x6f\x77\x73\x20\x58\x50\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x20\x00\x3c\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x6e\x69\x63\x6b\x6e\x61\x6d\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00| rarity 9 ports 8767 # Offset Type Value Comment # 0-1 uint16 0xBEF4 Class: connection # 2-3 uint16 0x0004 Type: login reply # 4-7 uint32 0 Session key; zero on first reply # 8-11 uint32 client id # 12-15 uint32 2 Sequence number; 2 on first reply # 16-19 uint32 some crc32 checksum # 20 uint8 server name length # 21-49 string server name # 50 uint8 platform length # 51-79 string platform # 80-81 uint16 1. version E.g. the "2" in "2.0.23.19" # 82-83 uint16 2. version E.g. the "0" in "2.0.23.19" # 84-85 uint16 3. version E.g. the "23" in "2.0.23.19" # 86-87 uint16 4. version E.g. the "19" in "2.0.23.19" # 88-179 bytes unknown # 180 uint8 welcome message length # 181-435 string welcome message match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00.....([^\0]+)\0*.Win32\0*\x02\x00\x00\x00\x17\x00\x13\x00|s p/TeamSpeak 2/ v/2.0.23.19/ i/name: $1; no password/ o/Windows/ cpe:/a:teamspeak:teamspeak2:2.0.23.19/ cpe:/o:microsoft:windows/ match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00.....([^\0]+)\0*.Linux\0*\x02\x00\x00\x00\x17\x00\x13\x00|s p/TeamSpeak 2/ v/2.0.23.19/ i/name: $1; no password/ o/Linux/ cpe:/a:teamspeak:teamspeak2:2.0.23.19/ cpe:/o:linux:linux_kernel/ match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00....\0{60}.{356}$|s p/TeamSpeak 2/ cpe:/a:teamspeak:teamspeak2/ ##############################NEXT PROBE############################## # UDP login request (encrypted) # http://seclists.org/nmap-dev/2013/q3/72 Probe UDP TeamSpeak3 q|\x05\xca\x7f\x16\x9c\x11\xf9\x89\x00\x00\x00\x00\x02\x9d\x74\x8b\x45\xaa\x7b\xef\xb9\x9e\xfe\xad\x08\x19\xba\xcf\x41\xe0\x16\xa2\x32\x6c\xf3\xcf\xf4\x8e\x3c\x44\x83\xc8\x8d\x51\x45\x6f\x90\x95\x23\x3e\x00\x97\x2b\x1c\x71\xb2\x4e\xc0\x61\xf1\xd7\x6f\xc5\x7e\xf6\x48\x52\xbf\x82\x6a\xa2\x3b\x65\xaa\x18\x7a\x17\x38\xc3\x81\x27\xc3\x47\xfc\xa7\x35\xba\xfc\x0f\x9d\x9d\x72\x24\x9d\xfc\x02\x17\x6d\x6b\xb1\x2d\x72\xc6\xe3\x17\x1c\x95\xd9\x69\x99\x57\xce\xdd\xdf\x05\xdc\x03\x94\x56\x04\x3a\x14\xe5\xad\x9a\x2b\x14\x30\x3a\x23\xa3\x25\xad\xe8\xe6\x39\x8a\x85\x2a\xc6\xdf\xe5\x5d\x2d\xa0\x2f\x5d\x9c\xd7\x2b\x24\xfb\xb0\x9c\xc2\xba\x89\xb4\x1b\x17\xa2\xb6| rarity 9 ports 9987 # These are the bytes in common, but a lot of the bytes are close in value # #match ts3 m|^........\x00\x00\x02......\xef.....\x19|s p/TeamSpeak 3 server/ match ts3 m|^........\x00\x00\x02\x97\x76\x8b\x54\xad\x79\xe3\xaf\x87\xeb\xaa\x1a\x19\xba\xcf\x41\xe0\x16\xa2\x32\x6c\xf3\xcf\xf4\x8e\x3c\x44\x83\xc8\x8d\x51\x45\x6f\x90\x95\x23\x33\x08\x86\x2d\x40|s p/TeamSpeak 3 server/ cpe:/a:teamspeak:teamspeak3/ match ts3 m|^........\x00\x00\x02\x9bj\x90O\xb6/\xef\xb3\xca\xbf\xf6L\x19\xb6\xd0V\xb5\x14\xf33Y\xdc\xd4\xf8\xcd\x12n\xc2\xcb\x8c\x15\x19T\xde\xc7v%\t\x938\x18\(\xd3W\xc4U\xdc\xd5m\xf7Z\xcd~@\x8e\x8fN\x97h|s p/TeamSpeak 3 server/ cpe:/a:teamspeak:teamspeak3/ ##############################NEXT PROBE############################## # xmlsysd info request # http://www.phy.duke.edu/~rgb/brahma/Resources/xmlsysd.php Probe TCP xmlsysd q|init\noff all\non identity version\nsend\nquit\n| rarity 9 ports 7887 match xmlsysd m|^Content-Length: [0-9]+\n\n<\?xml version=\"1\.0\"\?>\s*\s*\s*\s*([^<]*)\s*([^<]*)\s*\s*\s*\s*([^<]*)\s*\s*|s p/xmlsysd daemon/ i/IP: $2/ o/$3/ h/$1/ cpe:/a:wulfware:xmlsysd/ ##############################NEXT PROBE############################## # Freelancer game server status query # http://sourceforge.net/projects/gameq/ # (relevant files: games.ini, packets.ini, freelancer.php) Probe UDP FreelancerStatus q|\x00\x02\xf1\x26\x01\x26\xf0\x90\xa6\xf0\x26\x57\x4e\xac\xa0\xec\xf8\x68\xe4\x8d\x21| rarity 9 ports 2302 match freelancer m|^\x00\x03\xf1\x26.{88}(.*)\0\0(?:.*?:){5}(.*)\0\0$|s p/Freelancer/ i/name: $P(1); description: $P(2)/ # All-Seeing Eye service provided by some game servers for querying # the server's status # For more info on the protocol see: # http://int64.org/docs/gamestat-protocols/ase.html # http://aluigi.altervista.org/papers.htm#ase # http://sourceforge.net/projects/gameq/ # (relevant files: games.ini, packets.ini, ase.php) Probe UDP ASE q|s| rarity 9 ports 1258,2126,3123,12444,13200,23196,26000,27138,27244,27777,28138 match allseeingeye m=^EYE1.(.*?)(\x02\d|\x03\d{2}|\x04\d{3}|\x05\d{4}|\x06\d{5})=s p/All-Seeing Eye/ i/game: $1; port: $P(2)/ ##############################NEXT PROBE############################## Probe UDP AndroMouse q|AMSNIFF| rarity 9 ports 8888 match AndroMouse m|^GOTBACK$|s p/AndroMouse Android remote mouse server/ ##############################NEXT PROBE############################## Probe UDP AirHID q|from:airhid| rarity 9 ports 13246 match AirHID m|^andReceiver-\d+\.\d+\.\d+$|s p/AirHID Andrioid remote mouse server/ ##############################NEXT PROBE############################## Probe UDP NetMotionMobility q|\0\x40\x50\0\0\0\0\x85\x5d\xb4\x91\x28\0\0\0\0\0\x01\x7c\x91\x40\0\0\0\xaa\x39\xda\x42\x37\x65\xcf\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| rarity 7 ports 5008 match NetMotionMobility m|^\0\x40\x51\0\0\0\0| p/NetMotion Mobility VPN/ ##############################NEXT PROBE############################## # Queries Docker APIs for the /version url containing version information. # https://docs.docker.com/reference/api/docker_remote_api/ # Probe TCP docker q|GET /version HTTP/1.1\r\n\r\n| rarity 8 ports 2375 sslports 2376 match docker m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nJob-Name: version\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n{.*\"ApiVersion\":\"([^"]+)\",.*\"KernelVersion\":\"([^"]+)\",.*\"Os\":\"([^"]+)\",.*\"Version\":\"([^"]+)\"| p/Docker remote API/ v/$4/ i/API $1; KernelVersion $2/ o/$3/ cpe:/a:docker:docker:$4/ # Ordering doesn't matter, we'd like to at least grab ApiVersion and Version match docker m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nJob-Name: version\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n{.*\"ApiVersion\":\"([^"]+)\",.*\"Version\":\"(["]+)\"| p/Docker remote API/ v/$2/ i/API $1/ cpe:/a:docker:docker:$2/ match docker m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nJob-Name: version\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n{.*\"Version\":\"([^"]+)\",.*\"ApiVersion\":\"(["]+)\"| p/Docker remote API/ v/$1/ i/API $2/ cpe:/a:docker:docker:$1/ # API spec only lists Version, GoVersion, ApiVersion (in API >= 1.12), and GitCommit. # Assuming the above matches will get ApiVersion if it's present, this one can report ApiVersion <= 1.11 match docker m|^HTTP/1\.1 200 OK\r\nContent-Type: application/json\r\nJob-Name: version\r\nDate: .*\r\nContent-Length: \d+\r\n\r\n{.*\"Version\":\"([^"]+)\"| p/Docker remote API/ v/$1/ i/API 1.11 or older/ cpe:/a:docker:docker:$1/ ##############################NEXT PROBE############################## # VERSIONS cell indicating support for protocol versions 3, 4, 5, and 6. # https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt (see sections 3 and 4.1) # Versions 5 and 6 don't exist as of 2015, but send them in the hope of # catching future changes. # Structure is: # CircID 2 bytes # Command (7) 1 byte # Length 2 bytes # array of 2-byte version numbers # We can't detect protocol versions 1 and 2, because those require you to # do the SSL handshake in a particular way (version 1 requires you to use # specific ciphersuites and send a client certificate ("the v1 handshake") # and version 2 requires a renegotiation after the initial handshake ("the # v2 handshake")). Probe TCP tor-versions q|\x00\x00\x07\x00\x08\x00\x03\x00\x04\x00\x05\x00\x06| rarity 8 sslports 443,9001,9002 # Since 0.2.4.11-alpha - 2013-03-11. # https://gitweb.torproject.org/tor.git/tree/ChangeLog: "Support a new version # of the link protocol that allows 4-byte circuit IDs." # https://trac.torproject.org/projects/tor/ticket/7351 # https://gitweb.torproject.org/torspec.git/tree/proposals/214-longer-circids.txt match tor-orport m|^\x00\x00\x07\x00\x04\x00\x03\x00\x04| p/Tor/ v/0.2.4.11 or later/ i/supported protocol versions: 3, 4/ cpe:/a:torproject:tor/ # 0.2.3.6-alpha - 2011-10-26 # https://gitweb.torproject.org/tor.git/tree/ChangeLog: "This release also # features support for a new v3 connection handshake protocol..." # # Also matches this independent JavaScript implementation: https://github.com/Ayms/node-Tor # You can distinguish node-Tor from mainstream tor because it sends a response # with version 3 even if you indicate client support for only versions 1 and 2. # But that requires sending another version probe. match tor-orport m|^\x00\x00\x07\x00\x02\x00\x03| p/Tor/ v/0.2.3.7 - 0.2.4.11/ i/supported protocol versions: 3/ # An independent implementation that "only returns the highest # understood version matching what the server supports, instead of a # list of all supported versions." # https://github.com/tvdw/gotor # https://lists.torproject.org/pipermail/tor-dev/2015-January/008135.html match tor-orport m|^\x00\x00\x07\x00\x02\x00\x04| p/GoTor/ i/supported protocol versions: 4/