local io = require "io" local string = require "string" local table = require "table" ---HTTP Fingerprint files, compiled by Ron Bowes with a special thanks to... -- o Kevin Johnson (@secureideas) for the fingerprints that come with Yokoso -- http://yokoso.inguardians.com -- o Jason H. (@jhaddix) for helping out with a whole pile of fingerprints he's -- collected -- o Bob Dooling -- o Robert Rowley for the awesome open source cms and README checks -- http://www.irvineunderground.org -- -- This file is released under the Nmap license; see: -- http://nmap.org/book/man-legal.html -- -- @args http-fingerprints.nikto-db-path Looks at the given path for nikto database. -- It then converts the records in nikto's database into our Lua table format -- and adds them to our current fingerprints if they don't exist already. -- Unfortunately, our current implementation has some limitations: -- * It doesn't support records with more than one 'dontmatch' patterns for -- a probe. -- * It doesn't support logical AND for the 'match' patterns. -- * It doesn't support sending additional headers for a probe. -- That means, if a nikto fingerprint needs one of the above features, it -- won't be loaded. At the time of writing this, 6546 out of the 6573 Nikto -- fingerprints are being loaded successfully. This runtime Nikto fingerprint integration was suggested by Nikto co-author Chris Sullo as described at http://seclists.org/nmap-dev/2013/q4/292 -- -- Although this format was originally modeled after the Nikto format, that ended -- up being too restrictive. The current format is a simple Lua table. There are many -- advantages to this technique; it's powerful, we don't need to write custom parsing -- code, anybody who codes in Lua can easily add checks, and we can write converters -- to read Nikto and other formats if we want to. -- -- The 'fingerprints' table is the key. It's an array of checks that will be run in the -- order they're given. Each check consists of a path, zero or more matches, output text, -- and other optional fields. Here are all the currently defined fields: -- -- fingerprint.probes -- A list of one or more probes to send to the server. Each probe is either a table containing -- the key 'path' (and potentially others), or it's a string indicating the path. -- -- fingerprint.probes[i].path -- The URI to check, optionally containing GET arguments. This should start with a '/' -- and, if it's a directory, end with a '/'. -- -- fingerprint.probes[i].method [optional; default: 'GET'}}] -- The HTTP method to use when making requests ('GET'}}, 'POST', 'HEAD', 'PUT', 'DELETE', etc -- -- fingerprint.ignore_404 [optional; default: false] -- If set, the automatic checks for 404 and custom 404 pages are disabled for that check. -- Every page will be included unless fingerprint.matches.dontmatch excludes it. -- -- fingerprint.severity [optional; default: 1] -- Give a severity rating, if it's a vulnerability. The scale is: -- 1 - Info -- 2 - Low priority -- 3 - Warning -- 4 - Critical -- -- fingerprint.matches -- An array of tables, each of which contains three fields. These will be checked, starting -- from the first, until one is matched. If there is no 'match' text, it will fire as long -- as the result isn't a 404. This match is not case sensitive. -- -- fingerprint.matches[i].match -- A string (specifically, a Lua pattern) that has to be found somewhere in the output to -- count as a match. The string can be in the status line, in a header, or in the body. -- In addition to matching, this field can contain captures that'll be included in the -- output. See: http://lua-users.org/wiki/PatternsTutorial -- -- fingerprint.matches[i].dontmatch -- A string (specifically, a lua pattern) that cannot be found somewhere in the output. -- This takes precedence over any text matched in the 'match' field -- -- fingerprint.matches[i].output -- The text to output if this match happens. If the 'match' field contains captures, these -- captures can be used with \1, \2, etc. -- -- If you have any questions, feel free to email dev@nmap.org or contact Ron Bowes! -- -- CHANGELOG: -- Added 120 new signatures taken from exploit-db.com archives from July 2009 to July 2011 [Paulino Calderon] -- Added the option to read nikto's database and make use of its fingerprints. [George Chatzisofroniou] -- fingerprints = {}; ------------------------------------------------ ---- GENERAL CHECKS ---- ------------------------------------------------ -- These are checks for generic paths, like /wiki, /images, /admin, etc table.insert(fingerprints, { category = 'general', probes = { { path = '/', method = 'GET' } }, matches = { { match = 'Index of .*(Apache.*) Server at', output = 'Root directory w/ listing on \'\\1\'' }, { match = '<title>Index of', output = 'Root directory w/ directory listing' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/blog/', method = 'HEAD' }, { path = '/weblog/', method = 'HEAD' }, { path = '/weblogs/', method = 'HEAD' }, { path = '/wordpress/', method = 'HEAD' } }, matches = { { output = 'Blog' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/wiki/', method = 'HEAD' }, { path = '/mediawiki/', method = 'HEAD' }, { path = '/wiki/Main_Page', method = 'HEAD' } }, matches = { { output = 'Wiki' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/tikiwiki/', method = 'HEAD' } }, matches = { { output = 'Tikiwiki' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-bin/mj_wwwusr', method = 'HEAD' }, { path = '/majordomo/mj_wwwusr', method = 'HEAD' } }, matches = { { match = '', output = 'Majordomo2 Mailing List' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/j2ee/examples/servlets/', method = 'HEAD' }, { path = '/j2ee/examples/jsp/', method = 'HEAD' } }, matches = { { match = '', output = 'Oracle j2ee examples' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/dsc/', method = 'HEAD' } }, matches = { { match = '', output = 'Trend Micro Data Loss Prevention Virtual Appliance' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/reg_1.htm', method = 'HEAD' } }, matches = { { match = '', output = 'Polycom IP phone' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/adr.htm', method = 'HEAD' }, { path = '/line_login.htm?l=1', method = 'HEAD' }, { path = '/tbook.csv', method = 'HEAD' } }, matches = { { match = '', output = 'Snom IP Phone' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/globalSIPsettings.html', method = 'HEAD' }, { path = '/SIPsettingsLine1.html', method = 'HEAD' } }, matches = { { match = '', output = 'Aastra IP Phone' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/websvn/', method = 'HEAD' } }, matches = { { match = '', output = 'WEBSVN Repository' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/repos/', method = 'GET' }, { path = '/repo/', method = 'GET' }, { path = '/svn/', method = 'GET' }, { path = '/cvs/', method = 'GET' } }, matches = { { match = 'realm=".-Subversion.-"', output = 'Subversion Repository' }, { match = '', output = 'Possible code repository' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/archiva/index.action', method = 'GET' }, { path = '/index.action', method = 'GET' } }, matches = { { match = '.*">Apache Archiva (.-)</a>', output = 'Apache Archiva version \\1' }, { match = 'Apache Archiva (%d-%..-)\n', output = 'Apache Archiva version \\1' }, { match = '<title>Apache Archiva \\', output = 'Apache Archiva' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/login.stm', method = 'HEAD' } }, matches = { { match = '', output = 'Belkin G Wireless Router' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/tools_admin.php', method = 'HEAD' } }, matches = { { match = '', output = 'D-Link DIR-300' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/bsc_lan.php', method = 'HEAD' } }, matches = { { match = '', output = 'D-Link DIR-300, DIR-320, DIR-615 revD' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/Manage.tri', method = 'HEAD' } }, matches = { { match = '', output = 'Linksys WRT54G2' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/logo_t.gif', method = 'HEAD' } }, matches = { { match = 'IP_SHARER WEB', output = 'Arris 2307' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '//system.html', method = 'HEAD' } }, matches = { { match = '', output = 'CMNC-200 IP Camera' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/main_configure.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Intellinet IP Camera' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/OvCgi/Toolbar.exe', method = 'HEAD' } }, matches = { { match = '', output = 'HP OpenView Network Node Manager' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/frontend/x3/', method = 'HEAD' } }, matches = { { match = '', output = 'CPanel' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/awstatstotals/awstatstotals.php', method = 'HEAD' }, { path = '/awstats/awstatstotals.php', method = 'HEAD' }, { path = '/awstatstotals.php', method = 'HEAD' }, { path = '/awstats/index.php', method = 'HEAD' }, { path = '/awstatstotals/index.php', method = 'HEAD' } }, matches = { { match = '', output = 'AWStats Totals' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/egroupware/', method = 'HEAD' } }, matches = { { match = '', output = 'eGroupware' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/calendar/cal_search.php', method = 'HEAD' }, { path = '/cal_search.php', method = 'HEAD' } }, matches = { { match = '', output = 'ExtCalendar' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/a_viewusers.php', method = 'HEAD' }, { path = '/aphpkb/', method = 'HEAD' } }, matches = { { match = '', output = 'Andys PHP Knowledgebase' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/webedition/we/include/we_modules/', method = 'HEAD' }, { path = '/webedition/', method = 'HEAD' } }, matches = { { match = '', output = 'Web Edition' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/Examples/', method = 'HEAD' } }, matches = { { match = '', output = 'Possible documentation files' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/LightNEasy.php?do=login', method = 'HEAD' } }, matches = { { match = '', output = 'LightNEasy' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/channel_detail.php', method = 'HEAD' } }, matches = { { match = '', output = 'DzTube' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-bin/vcs', method = 'HEAD' } }, matches = { { match = '', output = 'Mitel Audio and Web Conferencing (AWC)' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/ocsreports/', method = 'HEAD' } }, matches = { { match = '', output = 'OCS Inventory' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/vbseo.php', method = 'HEAD' } }, matches = { { match = '', output = 'vBSEO' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/forum/', method = 'HEAD' }, { path = '/forums/', method = 'HEAD' }, { path = '/smf/', method = 'HEAD' }, { path = '/phpbb/', method = 'HEAD' } }, matches = { { output = 'Forum' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/manager/', method = 'HEAD' }, { path = '/admin.php', method = 'HEAD' }, { path = '/admin/', method = 'HEAD' }, { path = '/admin/admin/', method = 'HEAD' }, { path = '/administrator/', method = 'HEAD' }, { path = '/moderator/', method = 'HEAD' }, { path = '/webadmin/', method = 'HEAD' }, { path = '/adminarea/', method = 'HEAD' }, { path = '/bb-admin/', method = 'HEAD' }, { path = '/adminLogin/', method = 'HEAD' }, { path = '/admin_area/', method = 'HEAD' }, { path = '/panel-administracion/', method = 'HEAD' }, { path = '/instadmin/', method = 'HEAD' }, { path = '/memberadmin/', method = 'HEAD' }, { path = '/administratorlogin/', method = 'HEAD' }, { path = '/adm/', method = 'HEAD' }, { path = '/admin/account.php', method = 'HEAD' }, { path = '/admin/index.php', method = 'HEAD' }, { path = '/admin/login.php', method = 'HEAD' }, { path = '/admin/admin.php', method = 'HEAD' }, { path = '/joomla/administrator', method = 'HEAD' }, { path = '/login.php', method = 'HEAD' }, { path = '/admin_area/admin.php', method = 'HEAD' }, { path = '/admin_area/login.php', method = 'HEAD' }, { path = '/siteadmin/login.php', method = 'HEAD' }, { path = '/siteadmin/index.php', method = 'HEAD' }, { path = '/siteadmin/login.html', method = 'HEAD' }, { path = '/admin/index.html', method = 'HEAD' }, { path = '/admin/login.html', method = 'HEAD' }, { path = '/admin/admin.html', method = 'HEAD' }, { path = '/admin_area/index.php', method = 'HEAD' }, { path = '/bb-admin/index.php', method = 'HEAD' }, { path = '/bb-admin/login.php', method = 'HEAD' }, { path = '/bb-admin/admin.php', method = 'HEAD' }, { path = '/admin/home.php', method = 'HEAD' }, { path = '/admin_area/login.html', method = 'HEAD' }, { path = '/admin_area/index.html', method = 'HEAD' }, { path = '/admin/controlpanel.php', method = 'HEAD' }, { path = '/admincp/', method = 'HEAD' }, { path = '/admincp/index.asp', method = 'HEAD' }, { path = '/admincp/index.html', method = 'HEAD' }, { path = '/admincp/login.php', method = 'HEAD' }, { path = '/admin/account.html', method = 'HEAD' }, { path = '/adminpanel.html', method = 'HEAD' }, { path = '/webadmin.html', method = 'HEAD' }, { path = '/webadmin/index.html', method = 'HEAD' }, { path = '/webadmin/admin.html', method = 'HEAD' }, { path = '/webadmin/login.html', method = 'HEAD' }, { path = '/admin/admin_login.html', method = 'HEAD' }, { path = '/admin_login.html', method = 'HEAD' }, { path = '/panel-administracion/login.html', method = 'HEAD' }, { path = '/admin/cp.php', method = 'HEAD' }, { path = '/cp.php', method = 'HEAD' }, { path = '/administrator/index.php', method = 'HEAD' }, { path = '/administrator/login.php', method = 'HEAD' }, { path = '/nsw/admin/login.php', method = 'HEAD' }, { path = '/webadmin/login.php', method = 'HEAD' }, { path = '/admin/admin_login.php', method = 'HEAD' }, { path = '/admin_login.php', method = 'HEAD' }, { path = '/administrator/account.php', method = 'HEAD' }, { path = '/administrator.php', method = 'HEAD' }, { path = '/admin_area/admin.html', method = 'HEAD' }, { path = '/pages/admin/admin-login.php', method = 'HEAD' }, { path = '/admin/admin-login.php', method = 'HEAD' }, { path = '/admin-login.php', method = 'HEAD' }, { path = '/bb-admin/index.html', method = 'HEAD' }, { path = '/bb-admin/login.html', method = 'HEAD' }, { path = '/bb-admin/admin.html', method = 'HEAD' }, { path = '/admin/home.html', method = 'HEAD' }, { path = '/modelsearch/login.php', method = 'HEAD' }, { path = '/moderator.php', method = 'HEAD' }, { path = '/moderator/login.php', method = 'HEAD' }, { path = '/moderator/admin.php', method = 'HEAD' }, { path = '/account.php', method = 'HEAD' }, { path = '/pages/admin/admin-login.html', method = 'HEAD' }, { path = '/admin/admin-login.html', method = 'HEAD' }, { path = '/admin-login.html', method = 'HEAD' }, { path = '/controlpanel.php', method = 'HEAD' }, { path = '/admincontrol.php', method = 'HEAD' }, { path = '/admin/adminLogin.html', method = 'HEAD' }, { path = '/adminLogin.html', method = 'HEAD' }, { path = '/home.html', method = 'HEAD' }, { path = '/rcjakar/admin/login.php', method = 'HEAD' }, { path = '/adminarea/index.html', method = 'HEAD' }, { path = '/adminarea/admin.html', method = 'HEAD' }, { path = '/webadmin.php', method = 'HEAD' }, { path = '/webadmin/index.php', method = 'HEAD' }, { path = '/webadmin/admin.php', method = 'HEAD' }, { path = '/admin/controlpanel.html', method = 'HEAD' }, { path = '/admin.html', method = 'HEAD' }, { path = '/admin/cp.html', method = 'HEAD' }, { path = '/cp.html', method = 'HEAD' }, { path = '/adminpanel.php', method = 'HEAD' }, { path = '/moderator.html', method = 'HEAD' }, { path = '/administrator/index.html', method = 'HEAD' }, { path = '/administrator/login.html', method = 'HEAD' }, { path = '/user.html', method = 'HEAD' }, { path = '/administrator/account.html', method = 'HEAD' }, { path = '/administrator.html', method = 'HEAD' }, { path = '/login.html', method = 'HEAD' }, { path = '/modelsearch/login.html', method = 'HEAD' }, { path = '/moderator/login.html', method = 'HEAD' }, { path = '/adminarea/login.html', method = 'HEAD' }, { path = '/panel-administracion/index.html', method = 'HEAD' }, { path = '/panel-administracion/admin.html', method = 'HEAD' }, { path = '/modelsearch/index.html', method = 'HEAD' }, { path = '/modelsearch/admin.html', method = 'HEAD' }, { path = '/admincontrol/login.html', method = 'HEAD' }, { path = '/adm/index.html', method = 'HEAD' }, { path = '/adm.html', method = 'HEAD' }, { path = '/moderator/admin.html', method = 'HEAD' }, { path = '/user.php', method = 'HEAD' }, { path = '/account.html', method = 'HEAD' }, { path = '/controlpanel.html', method = 'HEAD' }, { path = '/admincontrol.html', method = 'HEAD' }, { path = '/panel-administracion/login.php', method = 'HEAD' }, { path = '/wp-login.php', method = 'HEAD' }, { path = '/adminLogin.php', method = 'HEAD' }, { path = '/admin/adminLogin.php', method = 'HEAD' }, { path = '/adminarea/index.php', method = 'HEAD' }, { path = '/adminarea/admin.php', method = 'HEAD' }, { path = '/adminarea/login.php', method = 'HEAD' }, { path = '/panel-administracion/index.php', method = 'HEAD' }, { path = '/panel-administracion/admin.php', method = 'HEAD' }, { path = '/modelsearch/index.php', method = 'HEAD' }, { path = '/modelsearch/admin.php', method = 'HEAD' }, { path = '/admincontrol/login.php', method = 'HEAD' }, { path = '/adm/admloginuser.php', method = 'HEAD' }, { path = '/admloginuser.php', method = 'HEAD' }, { path = '/admin2.php', method = 'HEAD' }, { path = '/admin2/login.php', method = 'HEAD' }, { path = '/admin2/index.php', method = 'HEAD' }, { path = '/adm/index.php', method = 'HEAD' }, { path = '/adm.php', method = 'HEAD' }, { path = '/affiliate.php', method = 'HEAD' }, { path = '/adm_auth.php', method = 'HEAD' }, { path = '/memberadmin.php', method = 'HEAD' }, { path = '/administratorlogin.php', method = 'HEAD' }, { path = '/account.cfm', method = 'HEAD' }, { path = '/admin/account.cfm', method = 'HEAD' }, { path = '/admin/index.cfm', method = 'HEAD' }, { path = '/admin/login.cfm', method = 'HEAD' }, { path = '/admin/admin.cfm', method = 'HEAD' }, { path = '/admin.cfm', method = 'HEAD' }, { path = '/admin/admin_login.cfm', method = 'HEAD' }, { path = '/admin_login.cfm', method = 'HEAD' }, { path = '/adminpanel.cfm', method = 'HEAD' }, { path = '/admin/controlpanel.cfm', method = 'HEAD' }, { path = '/admincontrol.cfm', method = 'HEAD' }, { path = '/panel-administracion/login.cfm', method = 'HEAD' }, { path = '/admin/cp.cfm', method = 'HEAD' }, { path = '/pages/admin/admin-login.cfm', method = 'HEAD' }, { path = '/admincp/index.cfm', method = 'HEAD' }, { path = '/admincp/login.cfm', method = 'HEAD' }, { path = '/admin_area/admin.cfm', method = 'HEAD' }, { path = '/admin_area/login.cfm', method = 'HEAD' }, { path = '/moderator/login.cfm', method = 'HEAD' }, { path = '/administrator/login.cfm', method = 'HEAD' }, { path = '/moderator.cfm', method = 'HEAD' }, { path = '/modelsearch/index.cfm', method = 'HEAD' }, { path = '/panel-administracion/admin.cfm', method = 'HEAD' }, { path = '/adm/admloginuser.cfm', method = 'HEAD' }, { path = '/adm.cfm', method = 'HEAD' }, { path = '/adm_auth.cfm', method = 'HEAD' }, { path = '/administratorlogin.cfm', method = 'HEAD' }, { path = '/webadmin.cfm', method = 'HEAD' }, { path = '/webadmin/index.cfm', method = 'HEAD' }, { path = '/modelsearch/login.cfm', method = 'HEAD' }, { path = '/login.cfm', method = 'HEAD' }, { path = '/administrator.cfm', method = 'HEAD' }, { path = '/administrator/account.cfm', method = 'HEAD' }, { path = '/adminLogin.cfm', method = 'HEAD' }, { path = '/siteadmin/login.cfm', method = 'HEAD' }, { path = '/admin2/index.cfm', method = 'HEAD' }, { path = '/adm/index.cfm', method = 'HEAD' }, { path = '/admin_area/index.cfm', method = 'HEAD' }, { path = '/bb-admin/index.cfm', method = 'HEAD' }, { path = '/bb-admin/login.cfm', method = 'HEAD' }, { path = '/bb-admin/admin.cfm', method = 'HEAD' }, { path = '/siteadmin/index.cfm', method = 'HEAD' }, { path = '/memberadmin.cfm', method = 'HEAD' }, { path = '/admin2/login.cfm', method = 'HEAD' }, { path = '/admloginuser.cfm', method = 'HEAD' }, { path = '/admincontrol/login.cfm', method = 'HEAD' }, { path = '/administrator/index.cfm', method = 'HEAD' }, { path = '/modelsearch/admin.cfm', method = 'HEAD' }, { path = '/panel-administracion/index.cfm', method = 'HEAD' }, { path = '/adminarea/login.cfm', method = 'HEAD' }, { path = '/adminarea/admin.cfm', method = 'HEAD' }, { path = '/adminarea/index.cfm', method = 'HEAD' }, { path = '/admin/adminLogin.cfm', method = 'HEAD' }, { path = '/webadmin/login.cfm', method = 'HEAD' }, { path = '/webadmin/admin.cfm', method = 'HEAD' }, { path = '/user.cfm', method = 'HEAD' }, { path = '/controlpanel.cfm', method = 'HEAD' }, { path = '/moderator/admin.cfm', method = 'HEAD' }, { path = '/cp.cfm', method = 'HEAD' }, { path = '/admin-login.cfm', method = 'HEAD' }, { path = '/admin/admin-login.cfm', method = 'HEAD' }, { path = '/admin/home.cfm', method = 'HEAD' }, { path = '/adm1n/', method = 'HEAD' }, { path = '/4dm1n/', method = 'HEAD' }, { path = '/account.asp', method = 'HEAD' }, { path = '/admin/account.asp', method = 'HEAD' }, { path = '/admin/index.asp', method = 'HEAD' }, { path = '/admin/login.asp', method = 'HEAD' }, { path = '/admin/admin.asp', method = 'HEAD' }, { path = '/admin_area/admin.asp', method = 'HEAD' }, { path = '/admin_area/login.asp', method = 'HEAD' }, { path = '/admin_area/index.asp', method = 'HEAD' }, { path = '/bb-admin/index.asp', method = 'HEAD' }, { path = '/bb-admin/login.asp', method = 'HEAD' }, { path = '/bb-admin/admin.asp', method = 'HEAD' }, { path = '/admin/home.asp', method = 'HEAD' }, { path = '/admin/controlpanel.asp', method = 'HEAD' }, { path = '/admin.asp', method = 'HEAD' }, { path = '/pages/admin/admin-login.asp', method = 'HEAD' }, { path = '/admin/admin-login.asp', method = 'HEAD' }, { path = '/admin-login.asp', method = 'HEAD' }, { path = '/admin/cp.asp', method = 'HEAD' }, { path = '/cp.asp', method = 'HEAD' }, { path = '/administrator/account.asp', method = 'HEAD' }, { path = '/administrator.asp', method = 'HEAD' }, { path = '/login.asp', method = 'HEAD' }, { path = '/modelsearch/login.asp', method = 'HEAD' }, { path = '/moderator.asp', method = 'HEAD' }, { path = '/moderator/login.asp', method = 'HEAD' }, { path = '/administrator/login.asp', method = 'HEAD' }, { path = '/moderator/admin.asp', method = 'HEAD' }, { path = '/controlpanel.asp', method = 'HEAD' }, { path = '/user.asp', method = 'HEAD' }, { path = '/admincp/login.asp', method = 'HEAD' }, { path = '/admincontrol.asp', method = 'HEAD' }, { path = '/adminpanel.asp', method = 'HEAD' }, { path = '/webadmin.asp', method = 'HEAD' }, { path = '/webadmin/index.asp', method = 'HEAD' }, { path = '/webadmin/admin.asp', method = 'HEAD' }, { path = '/webadmin/login.asp', method = 'HEAD' }, { path = '/admin/admin_login.asp', method = 'HEAD' }, { path = '/admin_login.asp', method = 'HEAD' }, { path = '/panel-administracion/login.asp', method = 'HEAD' }, { path = '/adminLogin.asp', method = 'HEAD' }, { path = '/admin/adminLogin.asp', method = 'HEAD' }, { path = '/home.asp', method = 'HEAD' }, { path = '/adminarea/index.asp', method = 'HEAD' }, { path = '/adminarea/admin.asp', method = 'HEAD' }, { path = '/adminarea/login.asp', method = 'HEAD' }, { path = '/panel-administracion/index.asp', method = 'HEAD' }, { path = '/panel-administracion/admin.asp', method = 'HEAD' }, { path = '/modelsearch/index.asp', method = 'HEAD' }, { path = '/modelsearch/admin.asp', method = 'HEAD' }, { path = '/administrator/index.asp', method = 'HEAD' }, { path = '/admincontrol/login.asp', method = 'HEAD' }, { path = '/adm/admloginuser.asp', method = 'HEAD' }, { path = '/admloginuser.asp', method = 'HEAD' }, { path = '/admin2.asp', method = 'HEAD' }, { path = '/admin2/login.asp', method = 'HEAD' }, { path = '/admin2/index.asp', method = 'HEAD' }, { path = '/adm/index.asp', method = 'HEAD' }, { path = '/adm.asp', method = 'HEAD' }, { path = '/adm_auth.asp', method = 'HEAD' }, { path = '/memberadmin.asp', method = 'HEAD' }, { path = '/administratorlogin.asp', method = 'HEAD' }, { path = '/siteadmin/login.asp', method = 'HEAD' }, { path = '/siteadmin/index.asp', method = 'HEAD' }, { path = '/account.aspx', method = 'HEAD' }, { path = '/admin/account.aspx', method = 'HEAD' }, { path = '/admin/index.aspx', method = 'HEAD' }, { path = '/admin/login.aspx', method = 'HEAD' }, { path = '/admin/admin.aspx', method = 'HEAD' }, { path = '/admin_area/admin.aspx', method = 'HEAD' }, { path = '/admin_area/login.aspx', method = 'HEAD' }, { path = '/admin_area/index.aspx', method = 'HEAD' }, { path = '/bb-admin/index.aspx', method = 'HEAD' }, { path = '/bb-admin/login.aspx', method = 'HEAD' }, { path = '/bb-admin/admin.aspx', method = 'HEAD' }, { path = '/admin/home.aspx', method = 'HEAD' }, { path = '/admin/controlpanel.aspx', method = 'HEAD' }, { path = '/admin.aspx', method = 'HEAD' }, { path = '/pages/admin/admin-login.aspx', method = 'HEAD' }, { path = '/admin/admin-login.aspx', method = 'HEAD' }, { path = '/admin-login.aspx', method = 'HEAD' }, { path = '/admin/cp.aspx', method = 'HEAD' }, { path = '/cp.aspx', method = 'HEAD' }, { path = '/administrator/account.aspx', method = 'HEAD' }, { path = '/administrator.aspx', method = 'HEAD' }, { path = '/login.aspx', method = 'HEAD' }, { path = '/modelsearch/login.aspx', method = 'HEAD' }, { path = '/moderator.aspx', method = 'HEAD' }, { path = '/moderator/login.aspx', method = 'HEAD' }, { path = '/administrator/login.aspx', method = 'HEAD' }, { path = '/moderator/admin.aspx', method = 'HEAD' }, { path = '/controlpanel.aspx', method = 'HEAD' }, { path = '/user.aspx', method = 'HEAD' }, { path = '/admincp/index.aspx', method = 'HEAD' }, { path = '/admincp/login.aspx', method = 'HEAD' }, { path = '/admincontrol.aspx', method = 'HEAD' }, { path = '/adminpanel.aspx', method = 'HEAD' }, { path = '/webadmin.aspx', method = 'HEAD' }, { path = '/webadmin/index.aspx', method = 'HEAD' }, { path = '/webadmin/admin.aspx', method = 'HEAD' }, { path = '/webadmin/login.aspx', method = 'HEAD' }, { path = '/admin/admin_login.aspx', method = 'HEAD' }, { path = '/admin_login.aspx', method = 'HEAD' }, { path = '/panel-administracion/login.aspx', method = 'HEAD' }, { path = '/adminLogin.aspx', method = 'HEAD' }, { path = '/admin/adminLogin.aspx', method = 'HEAD' }, { path = '/home.aspx', method = 'HEAD' }, { path = '/adminarea/index.aspx', method = 'HEAD' }, { path = '/adminarea/admin.aspx', method = 'HEAD' }, { path = '/adminarea/login.aspx', method = 'HEAD' }, { path = '/panel-administracion/index.aspx', method = 'HEAD' }, { path = '/panel-administracion/admin.aspx', method = 'HEAD' }, { path = '/modelsearch/index.aspx', method = 'HEAD' }, { path = '/modelsearch/admin.aspx', method = 'HEAD' }, { path = '/administrator/index.aspx', method = 'HEAD' }, { path = '/admincontrol/login.aspx', method = 'HEAD' }, { path = '/adm/admloginuser.aspx', method = 'HEAD' }, { path = '/admloginuser.aspx', method = 'HEAD' }, { path = '/admin2.aspx', method = 'HEAD' }, { path = '/admin2/login.aspx', method = 'HEAD' }, { path = '/admin2/index.aspx', method = 'HEAD' }, { path = '/adm/index.aspx', method = 'HEAD' }, { path = '/adm.aspx', method = 'HEAD' }, { path = '/adm_auth.aspx', method = 'HEAD' }, { path = '/memberadmin.aspx', method = 'HEAD' }, { path = '/administratorlogin.aspx', method = 'HEAD' }, { path = '/siteadmin/login.aspx', method = 'HEAD' }, { path = '/siteadmin/index.aspx', method = 'HEAD' }, { path = '/account.jsp', method = 'HEAD' }, { path = '/admin/index.jsp', method = 'HEAD' }, { path = '/admin/login.jsp', method = 'HEAD' }, { path = '/admin/admin.jsp', method = 'HEAD' }, { path = '/admin_area/admin.jsp', method = 'HEAD' }, { path = '/admin_area/login.jsp', method = 'HEAD' }, { path = '/admin_area/index.jsp', method = 'HEAD' }, { path = '/bb-admin/index.jsp', method = 'HEAD' }, { path = '/bb-admin/login.jsp', method = 'HEAD' }, { path = '/bb-admin/admin.jsp', method = 'HEAD' }, { path = '/admin/home.jsp', method = 'HEAD' }, { path = '/admin/controlpanel.jsp', method = 'HEAD' }, { path = '/admin.jsp', method = 'HEAD' }, { path = '/pages/admin/admin-login.jsp', method = 'HEAD' }, { path = '/admin/admin-login.jsp', method = 'HEAD' }, { path = '/admin-login.jsp', method = 'HEAD' }, { path = '/admin/cp.jsp', method = 'HEAD' }, { path = '/cp.jsp', method = 'HEAD' }, { path = '/administrator/account.jsp', method = 'HEAD' }, { path = '/administrator.jsp', method = 'HEAD' }, { path = '/login.jsp', method = 'HEAD' }, { path = '/modelsearch/login.jsp', method = 'HEAD' }, { path = '/moderator.jsp', method = 'HEAD' }, { path = '/moderator/login.jsp', method = 'HEAD' }, { path = '/administrator/login.jsp', method = 'HEAD' }, { path = '/moderator/admin.jsp', method = 'HEAD' }, { path = '/controlpanel.jsp', method = 'HEAD' }, { path = '/user.jsp', method = 'HEAD' }, { path = '/admincp/index.jsp', method = 'HEAD' }, { path = '/admincp/login.jsp', method = 'HEAD' }, { path = '/admincontrol.jsp', method = 'HEAD' }, { path = '/admin/account.jsp', method = 'HEAD' }, { path = '/adminpanel.jsp', method = 'HEAD' }, { path = '/webadmin.jsp', method = 'HEAD' }, { path = '/webadmin/index.jsp', method = 'HEAD' }, { path = '/webadmin/admin.jsp', method = 'HEAD' }, { path = '/webadmin/login.jsp', method = 'HEAD' }, { path = '/admin/admin_login.jsp', method = 'HEAD' }, { path = '/admin_login.jsp', method = 'HEAD' }, { path = '/panel-administracion/login.jsp', method = 'HEAD' }, { path = '/adminLogin.jsp', method = 'HEAD' }, { path = '/admin/adminLogin.jsp', method = 'HEAD' }, { path = '/home.jsp', method = 'HEAD' }, { path = '/adminarea/index.jsp', method = 'HEAD' }, { path = '/adminarea/admin.jsp', method = 'HEAD' }, { path = '/adminarea/login.jsp', method = 'HEAD' }, { path = '/panel-administracion/index.jsp', method = 'HEAD' }, { path = '/panel-administracion/admin.jsp', method = 'HEAD' }, { path = '/modelsearch/index.jsp', method = 'HEAD' }, { path = '/modelsearch/admin.jsp', method = 'HEAD' }, { path = '/administrator/index.jsp', method = 'HEAD' }, { path = '/admincontrol/login.jsp', method = 'HEAD' }, { path = '/adm/admloginuser.jsp', method = 'HEAD' }, { path = '/admloginuser.jsp', method = 'HEAD' }, { path = '/admin2.jsp', method = 'HEAD' }, { path = '/admin2/login.jsp', method = 'HEAD' }, { path = '/admin2/index.jsp', method = 'HEAD' }, { path = '/adm/index.jsp', method = 'HEAD' }, { path = '/adm.jsp', method = 'HEAD' }, { path = '/adm_auth.jsp', method = 'HEAD' }, { path = '/memberadmin.jsp', method = 'HEAD' }, { path = '/administratorlogin.jsp', method = 'HEAD' }, { path = '/siteadmin/login.jsp', method = 'HEAD' }, { path = '/siteadmin/index.jsp', method = 'HEAD' }, { path = '/admin1.php', method = 'HEAD' }, { path = '/administr8.asp', method = 'HEAD' }, { path = '/administr8.php', method = 'HEAD' }, { path = '/administr8.jsp', method = 'HEAD' }, { path = '/administr8.aspx', method = 'HEAD' }, { path = '/administr8.cfm', method = 'HEAD' }, { path = '/administr8/', method = 'HEAD' }, { path = '/administer/', method = 'HEAD' }, { path = '/administracao.php', method = 'HEAD' }, { path = '/administracao.asp', method = 'HEAD' }, { path = '/administracao.aspx', method = 'HEAD' }, { path = '/administracao.cfm', method = 'HEAD' }, { path = '/administracao.jsp', method = 'HEAD' }, { path = '/administracion.php', method = 'HEAD' }, { path = '/administracion.asp', method = 'HEAD' }, { path = '/administracion.aspx', method = 'HEAD' }, { path = '/administracion.jsp', method = 'HEAD' }, { path = '/administracion.cfm', method = 'HEAD' }, { path = '/administrators/', method = 'HEAD' }, { path = '/adminpro/', method = 'HEAD' }, { path = '/admins/', method = 'HEAD' }, { path = '/admins.cfm', method = 'HEAD' }, { path = '/admins.php', method = 'HEAD' }, { path = '/admins.jsp', method = 'HEAD' }, { path = '/admins.asp', method = 'HEAD' }, { path = '/admins.aspx', method = 'HEAD' }, { path = '/maintenance/', method = 'HEAD' }, { path = '/Lotus_Domino_Admin/', method = 'HEAD' }, { path = '/hpwebjetadmin/', method = 'HEAD' }, { path = '/_admin/', method = 'HEAD' }, { path = '/_administrator/', method = 'HEAD' }, { path = '/_administrador/', method = 'HEAD' }, { path = '/_admins/', method = 'HEAD' }, { path = '/_administrators/', method = 'HEAD' }, { path = '/_administradores/', method = 'HEAD' }, { path = '/_administracion/', method = 'HEAD' }, { path = '/_4dm1n/', method = 'HEAD' }, { path = '/_adm1n/', method = 'HEAD' }, { path = '/_Admin/', method = 'HEAD' }, { path = '/system_administration/', method = 'HEAD' }, { path = '/system-administration/', method = 'HEAD' }, { path = '/system-admin/', method = 'HEAD' }, { path = '/system-admins/', method = 'HEAD' }, { path = '/system-administrators/', method = 'HEAD' }, { path = '/administracion-sistema/', method = 'HEAD' }, { path = '/Administracion/', method = 'HEAD' }, { path = '/Admin/', method = 'HEAD' }, { path = '/Administrator/', method = 'HEAD' }, { path = '/Manager/', method = 'HEAD' }, { path = '/Adm/', method = 'HEAD' }, { path = '/systemadmin/', method = 'HEAD' }, { path = '/AdminLogin.asp', method = 'HEAD' }, { path = '/AdminLogin.php', method = 'HEAD' }, { path = '/AdminLogin.jsp', method = 'HEAD' }, { path = '/AdminLogin.aspx', method = 'HEAD' }, { path = '/AdminLogin.cfm', method = 'HEAD' }, { path = '/admin108/', method = 'HEAD' }, { path = '/pec_admin/', method = 'HEAD' }, { path = '/system/admin/', method = 'HEAD' }, { path = '/plog-admin/', method = 'HEAD' }, { path = '/ESAdmin/', method = 'HEAD' }, { path = '/axis2-admin/', method = 'HEAD' }, { path = '/_sys/', method = 'HEAD' }, { path = '/admin_cp.asp', method = 'HEAD' }, { path = '/sitecore/admin/', method = 'HEAD' }, { path = '/sitecore/login/admin/', method = 'HEAD' } }, matches = { { match = '<title>Index of', output = 'Possible admin folder w/ directory listing' }, { output = 'Possible admin folder' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/backup/', method = 'GET' }, { path = '/backup', method = 'GET' }, { path = '/backup.sql', method = 'GET' }, { path = '/backup.sql.gz', method = 'GET' }, { path = '/backup.sql.bz2', method = 'GET' }, { path = '/backup.zip', method = 'GET' }, { path = '/backups/', method = 'GET' }, { path = '/bak/', method = 'GET' }, { path = '/back/', method = 'GET' }, { path = '/cache/backup/', method = 'GET' }, { path = '/admin/backup/', method = 'GET' }, { path = '/dbbackup.txt', method = 'GET' } }, matches = { { match = '<title>Index of', output = 'Backup folder w/ directory listing' }, { match = '', output = 'Possible backup' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/b.sql', method = 'HEAD' }, { path = '/db.sql', method = 'HEAD' }, { path = '/ddb.sql', method = 'HEAD' }, { path = '/users.sql', method = 'HEAD' }, { path = '/database.sql', method = 'HEAD' }, { path = '/mysql.sql', method = 'HEAD' }, { path = '/dump.sql', method = 'HEAD' }, { path = '/respaldo.sql', method = 'HEAD' }, { path = '/data.sql', method = 'HEAD' }, { path = '/old.sql', method = 'HEAD' }, { path = '/usuarios.sql', method = 'HEAD' }, { path = '/bdb.sql', method = 'HEAD' }, { path = '/1.sql', method = 'HEAD' }, { path = '/admin/download/backup.sql', method = 'HEAD' } }, matches = { { match = '', output = 'Possible database backup' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/clientaccesspolicy.xml', method = 'HEAD' }, }, matches = { { output = 'Microsoft Silverlight crossdomain policy' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/atom/', method = 'HEAD' }, { path = '/atom.aspx', method = 'HEAD' }, { path = '/atom.php', method = 'HEAD' }, { path = '/atom.xml', method = 'HEAD' }, { path = '/atom.jsp', method = 'HEAD' }, { path = '/rss/', method = 'HEAD' }, { path = '/rss.aspx', method = 'HEAD' }, { path = '/rss.php', method = 'HEAD' }, { path = '/rss.xml', method = 'HEAD' }, { path = '/rss.jsp', method = 'HEAD' } }, matches = { { output = 'RSS or Atom feed' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/etc/passwd', method = 'GET' }, { path = '/boot.ini', method = 'GET' } }, matches = { { match = 'root:', output = 'Webroot appears to be in / (Linux)' }, { match = 'boot loader', output = 'Webroot appears to be in c:\\ (Windows)' }, { match = '', output = 'Webroot might be in root folder' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/example/', method = 'GET' }, { path = '/examples/', method = 'GET' }, { path = '/iissamples/', method = 'GET' }, { path = '/j2eeexamples/', method = 'GET' }, { path = '/j2eeexamplesjsp/', method = 'GET' }, { path = '/sample/', method = 'GET' }, { path = '/ncsample/', method = 'GET' }, { path = '/fpsample/', method = 'GET' }, { path = '/cmsample/', method = 'GET' }, { path = '/samples/', method = 'GET' }, { path = '/mono/1.1/index.aspx', method = 'GET' } }, matches = { { match = '<title>Index of .*(Apache.*) Server at', output = 'Sample scripts w/ listing on \'\\1\'' }, { match = '<title>Index of', output = 'Sample scripts w/ directory listing' }, { match = '', output = 'Sample scripts' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/login/', method = 'HEAD' }, { path = '/login.htm', method = 'HEAD' }, { path = '/login.jsp', method = 'HEAD' } }, matches = { { match = '', output = 'Login page' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/test.asp', method = 'HEAD' }, { path = '/test.class', method = 'HEAD' }, { path = '/test/', method = 'HEAD' }, { path = '/test.htm', method = 'HEAD' }, { path = '/test.html', method = 'HEAD' }, { path = '/test.php', method = 'HEAD' }, { path = '/test.txt', method = 'HEAD' } }, matches = { { match = '', output = 'Test page' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/webmail/', method = 'HEAD' }, { path = '/mail/', method = 'HEAD' } }, matches = { { match = '', output = 'Mail folder' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/log/', method = 'HEAD' }, { path = '/log.htm', method = 'HEAD' }, { path = '/log.php', method = 'HEAD' }, { path = '/log.asp', method = 'HEAD' }, { path = '/log.aspx', method = 'HEAD' }, { path = '/log.jsp', method = 'HEAD' }, { path = '/logs/', method = 'HEAD' }, { path = '/logs.htm', method = 'HEAD' }, { path = '/logs.php', method = 'HEAD' }, { path = '/logs.asp', method = 'HEAD' }, { path = '/logs.aspx', method = 'HEAD' }, { path = '/logs.jsp', method = 'HEAD' }, { path = '/wwwlog/', method = 'HEAD' }, { path = '/wwwlogs/', method = 'HEAD' }, { path = '/mail_log_files/', method = 'HEAD' } }, matches = { { match = '', output = 'Logs' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/images/rails.png', method = 'HEAD' }, }, matches = { { match = '', output = 'Ruby on Rails' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/mono/', method = 'HEAD' }, }, matches = { { match = '', output = 'Mono' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/robots.txt', method = 'HEAD' }, }, matches = { { match = '', output = 'Robots file' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/crossdomain.xml', method = 'HEAD' }, }, matches = { { output = 'Adobe Flash crossdomain policy' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/css/cake.generic.css', method = 'HEAD' }, { path = '/img/cake.icon.gif', method = 'HEAD' }, { path = '/img/cake.icon.png', method = 'HEAD' }, { path = '/js/vendors.php', method = 'HEAD' } }, matches = { { match = '', output = 'CakePHP application' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-bin/ffileman.cgi?', method = 'HEAD' } }, matches = { { match = '', output = 'Ffileman Web File Manager' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/fshow.php', method = 'HEAD' } }, matches = { { match = '', output = 'Horizon Web App' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/admin/upload.php', method = 'HEAD' } }, matches = { { match = '', output = 'Admin File Upload' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/upload_multiple_js.php', method = 'HEAD' } }, matches = { { match = '', output = 'NAS Uploader' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/uploadtester.asp', method = 'HEAD' } }, matches = { { match = '', output = 'Free ASP Upload Shell' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/info.php', method = 'HEAD' }, { path = '/phpinfo.php', method = 'HEAD' } }, matches = { { match = '', output = 'Possible information file' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/kusabax/manage_page.php', method = 'HEAD' } }, matches = { { match = '', output = 'Kusabax Image Board' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/plus/lurking.php', method = 'HEAD' } }, matches = { { match = '', output = 'phpMyChat Plus' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/adm/barra/assetmanager/assetmanager.php', method = 'HEAD' } }, matches = { { match = '', output = '360 Web Manager' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/eyeos/', method = 'HEAD' } }, matches = { { match = '', output = 'Possible eyeOS installation' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/NETWARE.HTM', method = 'HEAD' } }, matches = { { match = '', output = 'Planet FPS-1101' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/setup.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Linksys Cisco Wag120n or similar' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/debug.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Linksys WRT54G' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/ehcp/?op=applyforftpaccount', method = 'HEAD' }, { path = '/ehcp/?op=applyforaccount', method = 'HEAD' }, { path = '/ehcp/?op=applyfordomainaccount', method = 'HEAD' }, { path = '/vhosts/ehcp/?op=applyforftpaccount', method = 'HEAD' }, { path = '/vhosts/ehcp/?op=applyforaccount', method = 'HEAD' }, { path = '/vhosts/ehcp/?op=applyfordomainaccount', method = 'HEAD' }, }, matches = { { match = '', output = 'Easy Hosting Control Panel' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/tools_admin.cgi?', method = 'HEAD' } }, matches = { { match = '', output = 'D-Link WBR-1310' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/level/15', method = 'HEAD' }, { path = '/exec/show/log/CR', method = 'HEAD' }, { path = '/level/15/exec/-/configure/http', method = 'HEAD' }, { path = '/level/15/exec/-', method = 'HEAD' } }, matches = { { match = 'cisco-IOS', output = 'Cisco 2811' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/appServer/jvmReport.jsf?instanceName=server&pageTitle=JVM%20Report', method = 'HEAD' }, { path = '/common/appServer/jvmReport.jsf?pageTitle=JVM%20Report', method = 'HEAD' }, { path = '/common/appServer/jvmReport.jsf?reportType=summary&instanceName=server', method = 'HEAD' } }, matches = { { match = '', output = 'Oracle GlashFish Server Information' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/console/login/loginForm.jsp', method = 'HEAD' } }, matches = { { match = '', output = 'Oracle WebLogic Server Administration Console' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/login_img.jpg', method = 'HEAD' } }, matches = { { match = 'RapidLogic', output = 'AIRAYA WirelessGRID' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cirronetlogo.gif', method = 'HEAD' } }, matches = { { match = 'Cirronet Wavebolt-AP', output = 'Cirronet Wavebolt' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/browserId/wizardForm.jhtml', method = 'HEAD' }, { path = '/webline/html/forms/callback.jhtml', method = 'HEAD' }, { path = '/webline/html/forms/callbackICM.jhtml', method = 'HEAD' }, { path = '/webline/html/agent/AgentFrame.jhtml', method = 'HEAD' }, { path = '/webline/html/agent/default/badlogin.jhtml', method = 'HEAD' }, { path = '/callme/callForm.jhtml', method = 'HEAD' }, { path = '/webline/html/multichatui/nowDefunctWindow.jhtml', method = 'HEAD' }, { path = '/browserId/wizard.jhtml', method = 'HEAD' }, { path = '/admin/CiscoAdmin.jhtml', method = 'HEAD' }, { path = '/msccallme/mscCallForm.jhtml', method = 'HEAD' }, { path = '/webline/html/admin/wcs/LoginPage.jhtml', method = 'HEAD' } }, matches = { { match = '', output = 'Cisco Collaboration Server' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/restoreinfo.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Sagem router' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/confirminvite.php', method = 'HEAD' } }, matches = { { match = '', output = 'phpMyBitTorrent' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/sourcebans/', method = 'HEAD' } }, matches = { { match = '', output = 'SourceBans - Steam server application' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/swfupload/index.php', method = 'HEAD' } }, matches = { { match = '', output = 'SWFUpload' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/mymarket/shopping/index.php', method = 'HEAD' } }, matches = { { match = '', output = 'MyMarket' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/myshop_start.php', method = 'HEAD' } }, matches = { { match = '', output = 'FozzCom shopping' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/piranha/secure/passwd.php3', method = 'HEAD' } }, matches = { { match = '', output = 'RedHat Piranha Virtual Server' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-bin/ck/mimencode', method = 'HEAD' } }, matches = { { match = '', output = 'ContentKeeper Web Appliance' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-bin/masterCGI?', method = 'HEAD' } }, matches = { { match = '', output = 'Alcatel-Lucent OmniPCX Enterprise' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/tiny_mce/plugins/filemanager/', method = 'HEAD' } }, matches = { { match = '', output = 'Tiny MCE File Upload' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/upload/scp/ajax.php', method = 'HEAD' } }, matches = { { match = '', output = 'osTicket / AJAX File Upload' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-mod/view_help.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Barracuda Networks Spam & Virus Firewall' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-mod/index.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Barracuda Web Application Firewall' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-mod/smtp_test.cgi', method = 'HEAD' } }, matches = { { match = '', output = 'Barracuda IM Firewall' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/TopToolArea.html', method = 'HEAD' }, { path = '/switchSystem.html', method = 'HEAD' } }, matches = { { match = '', output = 'Alteon OS BBI (Nortell)' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/intruvert/jsp/module/Login.jsp', method = 'HEAD' } }, matches = { { match = '', output = 'McAfee Network Security Manager' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/ajaxfilemanager/', method = 'HEAD' } }, matches = { { match = '', output = 'AJAX File Manager' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/upload/data/settings.cdb', method = 'HEAD' } }, matches = { { match = '', output = 'CF Image Hosting DB' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/fm.php', method = 'HEAD' } }, matches = { { match = '', output = 'Simple File Manager' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/nagios3/cgi-bin/statuswml.cgi', method = 'HEAD' }, { path = '/nagios3/', method = 'HEAD' } }, matches = { { match = '', output = 'Nagios3' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/test/logon.html', method = 'HEAD' } }, matches = { { match = '', output = 'Jetty' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cal_cat.php', method = 'HEAD' }, { path = '/calendar/cal_cat.php', method = 'HEAD' }, { path = '/cal/cal_cat.php', method = 'HEAD' } }, matches = { { match = '', output = 'Calendarix' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/private/sdc.tgz', method = 'HEAD' } }, matches = { { match = '', output = 'IBM Bladecenter Management Logs' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cacti/', method = 'HEAD' } }, matches = { { match = '', output = 'Cacti Web Monitoring' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/cgi-bin/awstats.pl', method = 'HEAD' } }, matches = { { match = '', output = 'AWStats' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/wiki/rankings.php', method = 'HEAD' } }, matches = { { match = '', output = 'Bit Weaver' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/reqdetails.php', method = 'HEAD' } }, matches = { { match = '', output = 'BtiTracker' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/shared/help.php', method = 'HEAD' } }, matches = { { match = '', output = 'OpenBiblio/WebBiblio Subject Gateway System' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/seti.php', method = 'HEAD' } }, matches = { { match = '', output = 'PHP SETI@home' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/imc/', method = 'HEAD' }, { path = '/imcws/', method = 'HEAD' } }, matches = { { match = '', output = '3Com Intelligent Management Center' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/partymgr/', method = 'HEAD' } }, matches = { { match = '', output = 'Apache OFBiz' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/Base/upload.php', method = 'HEAD' }, { path = '/Base/example_1.php', method = 'HEAD' } }, matches = { { match = '', output = 'MassMirror Uploader' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/YUI-upload/html', method = 'HEAD' } }, matches = { { match = '', output = 'YUI Images / File Upload' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/tools/filemanager/skins/mobile/admin1.template.php', method = 'HEAD' } }, matches = { { match = '', output = 'ispCP Omega' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/Uploadify/', method = 'HEAD' } }, matches = { { match = '', output = 'Uploadify' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/syssite/', method = 'HEAD' } }, matches = { { match = '', output = 'ShopEx' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/updown.php', method = 'HEAD' } }, matches = { { match = '', output = 'PHP Uploader Downloader' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/modules/docmanager/doctypetemplates/myuploadedfile', method = 'HEAD' } }, matches = { { match = '', output = 'Achievo' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/ReqWebHelp/advanced/workingSet.jsp', method = 'HEAD' } }, matches = { { match = '', output = 'IBM Rational RequisitePro/ReqWebHelp' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/dhost/', method = 'HEAD' } }, matches = { { match = '', output = 'Novell eDirectory' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/engine/api/api.class.php', method = 'HEAD' } }, matches = { { match = '', output = 'DatalifeEngine' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/jsft_resource.jsf', method = 'HEAD' }, { path = '/scales_static_resource.jsf', method = 'HEAD' } }, matches = { { match = '', output = 'JSFTemplating/Mojarra Scales/GlassFish Application Server' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/setup/password_required.html', method = 'HEAD' } }, matches = { { match = '', output = '2WIRE GATEWAY' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/zp-core/', method = 'HEAD' } }, matches = { { match = '', output = 'Zen Photo' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/amember/', method = 'HEAD' } }, matches = { { match = '', output = 'aMember' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/.hgignore', method = 'HEAD' }, { path = '/.gitignore', method = 'HEAD' }, { path = '/.bzrignore', method = 'HEAD' } }, matches = { { match = '', output = 'Revision control ignore file' } } }); ------------------------------------------------ ---- SECURITY SOFTWARE ---- ------------------------------------------------ -- These checks will find specific installed software. If possible, it will also -- find versions, etc. table.insert(fingerprints, { category = 'security', probes = { { path = '/CSS/Miniweb.css', method = 'GET' } }, matches = { { match = 'ad_header_form_sprachauswahl', output = 'SCADA Siemens SIMATIC S7' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/S7Web.css', method = 'GET' }, { path = '/Portal0000.htm', method = 'GET' } }, matches = { { match = '<td class="Title_Area_Name">(.-)</td>', output = 'SCADA Siemens PCS7: \\1' }, { match = '', output = 'SCADA Siemens PCS7' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/arcsight/', method = 'HEAD' }, { path = '/arcsight/images/logo-login-arcsight.gif', method = 'HEAD' }, { path = '/arcsight/images/navbar-icon-logout-on.gif', method = 'HEAD' }, { path = '/images/logo-arcsight.gif', method = 'HEAD' }, { path = '/logger/monitor.ftl', method = 'HEAD' }, }, matches = { { output = 'Arcsight' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/beef/', method = 'HEAD' }, { path = '/BEEF/', method = 'HEAD' }, { path = '/beef/images/beef.gif', method = 'HEAD' } }, matches = { { output = 'BeEF Browser Exploitation Framework' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/gfx/form_top_left_corner.gif', method = 'HEAD' }, { path = '/gfx/logout_24.png', method = 'HEAD' }, { path = '/gfx/new_logo.gif', method = 'HEAD' }, { path = '/javascript/sorttable.js', method = 'HEAD' } }, matches = { { match = '', output = 'Secunia NSI' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/images/btn_help_nml.gif', method = 'HEAD' }, { path = '/images/hdr_icon_homeG.gif', method = 'HEAD' }, { path = '/spControl.php', method = 'HEAD' }, { path = '/images/isslogo.gif', method = 'HEAD' }, { path = '/deploymentmanager/', method = 'HEAD' }, }, matches = { { match = '', output = 'IBM Proventia' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/i18n/EN/css/foundstone.css', method = 'HEAD' }, { path = '/i18n/EN/images/external_nav_square.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'Foundstone' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/officescan/console/html/cgi/cgiChkMasterPwd.exe', method = 'HEAD' }, { path = '/officescan/console/html/ClientInstall/officescannt.htm', method = 'HEAD' }, { path = '/officescan/console/html/images/icon_refresh.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'Trend Micro OfficeScan Server' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/picts/BC_bwlogorev.gif', method = 'HEAD' }, { path = '/picts/menu_leaf.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'BlueCoat Reporter' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/theme/images/en/login1.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'Fortinet VPN/Firewall' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/', method = 'GET' }, }, matches = { { match = 'id="NessusClient"', output = 'Nessus' }, { match = 'NessusClient.swf', output = 'Nessus' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/NessusClient.swf', method = 'HEAD' }, }, matches = { { match = '', output = 'Nessus' } } }); table.insert(fingerprints, { category = 'security', probes = { { path = '/dotDefender/', method = 'HEAD' }, }, matches = { { match = '', output = 'dotDefender Web Application Firewall' } } }); -- http://www.rapid7.com/db/modules/payload/windows/meterpreter/reverse_hop_http -- "GET /hop.php?/control" will grab all pending messages, but is unreliable if -- there are no pending messages. table.insert(fingerprints, { category = 'security', probes = { { path = '/hop.php?/12345', method = 'GET' }, }, matches = { { -- TODO: this only works for Meterpreter payloads. Find a more generic means? match = 'METERPRETER_TRANSPORT_HTTP', output = 'Metasploit reverse_hop_http hop point' }, } }); -- http://carnal0wnage.attackresearch.com/2015/02/cisco-asa-version-grabber-cve-2014-3398.html table.insert(fingerprints, { category = 'security', probes = { { path = '/CSCOSSLC/config-auth', method = 'GET' }, }, matches = { { match = '<version who="sg">([^<]+)</version>', output = 'Cisco ASA, firmware \\1' }, } }); ------------------------------------------------ ---- MANAGEMENT SOFTWARE ---- ------------------------------------------------ table.insert(fingerprints, { category = 'management', probes = { { path = '/vmware/', method = 'HEAD' }, { path = '/vmware/imx/vmware_boxes-16x16.png', method = 'HEAD' }, { path = '/ui/', method = 'HEAD' }, { path = '/ui/imx/vmwareLogo-16x16.png', method = 'HEAD' }, { path = '/ui/imx/vmwarePaperBagLogo-16x16.png', method = 'HEAD' }, { path = '/ui/vManage.do', method = 'HEAD' }, { path = '/client/VMware-viclient.exe', method = 'HEAD' }, { path = '/en/welcomeRes.js', method = 'HEAD' } }, matches = { { output = 'VMWare' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/citrix/', method = 'HEAD' }, { path = '/Citrix/', method = 'HEAD' }, { path = '/Citrix/MetaFrame/auth/login.aspx', method = 'HEAD' }, { path = '/images/ctxHeader01.jpg', method = 'HEAD' }, { path = '/images/Safeword_Token.jpg', method = 'HEAD' }, { path = '/sw/auth/login.aspx', method = 'HEAD' }, { path = '/vpn/images/AccessGateway.ico', method = 'HEAD' }, { path = '/citrix/AccessPlatform/auth/clientscripts/', method = 'HEAD' }, { path = '/AccessPlatform/auth/clientscripts/', method = 'HEAD' }, { path = '/Citrix//AccessPlatform/auth/clientscripts/cookies.js', method = 'HEAD' }, { path = '/Citrix/AccessPlatform/auth/clientscripts/login.js', method = 'HEAD' }, { path = '/Citrix/PNAgent/config.xml', method = 'HEAD' }, }, matches = { { output = 'Citrix' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/cgi-bin/image/shikaku2.png', method = 'HEAD' }, }, matches = { { match = '', output = 'TeraStation PRO RAID 0/1/5 Network Attached Storage' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/config/public/usergrp.gif', method = 'HEAD' }, { path = '/pictures/buttons/file_view_mark.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'AXIS StorPoint' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/cpqlogin.htm?RedirectUrl=/&RedirectQueryString=', method = 'HEAD' }, { path = '/hplogo.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'HP System Management Homepage' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/ie_index.htm', method = 'HEAD' }, { path = '/ilo.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'HP Integrated Lights Out' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/images/icon_server_connected.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'HP Blade Enclosure' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/mxhtml/images/signin_logo.gif', method = 'HEAD' }, { path = '/mxhtml/images/status_critical_15.gif', method = 'HEAD' }, { path = '/mxportal/home/en_US/servicetools.gif', method = 'HEAD' }, { path = '/mxportal/home/MxPortalFrames.jsp', method = 'HEAD' }, }, matches = { { match = '', output = 'HP Insight Manager' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/xymon/menu/menu.css', method = 'HEAD' }, }, matches = { { match = '', output = 'Xymon' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/rrc.htm', method = 'HEAD' }, }, matches = { { match = '', output = 'Raritan Remote Client' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/manager/html/upload', method = 'HEAD' }, { path = '/manager/html', method = 'HEAD' } }, matches = { { match = '', output = 'Apache Tomcat' } } }); table.insert(fingerprints, { category = 'general', probes = { { path = '/axis2/axis2-web/HappyAxis.jsp', method = 'HEAD' }, { path = '/axis2/', method = 'HEAD' }, { path = '/happyaxis.jsp', method = 'HEAD' } }, matches = { { match = '', output = 'Apache Axis2' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/web-console/ServerInfo.jsp', method = 'HEAD' }, { path = '/web-console/Invoker', method = 'HEAD' }, { path = '/invoker/', method = 'HEAD' }, { path = '/jmx-console/', method = 'HEAD' }, { path = '/admin-console/', method = 'HEAD' } }, matches = { { match = '', output = 'JBoss Console' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/CFIDE/administrator/enter.cfm', method = 'HEAD' }, { path = '/CFIDE/administrator/entman/index.cfm', method = 'HEAD' }, { path = '/cfide/install.cfm', method = 'HEAD' }, { path = '/CFIDE/administrator/archives/index.cfm', method = 'HEAD' }, { path = '/CFIDE/wizards/common/_logintowizard.cfm', method = 'HEAD' }, { path = '/CFIDE/componentutils/login.cfm', method = 'HEAD' }, { path = '/CFIDE/Administrator/startstop.html', method = 'HEAD' }, }, matches = { { match = '', output = 'ColdFusion Admin Console' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/common/help/en/go/login_ts.html', method = 'HEAD' }, { path = '/system/login/', method = 'HEAD' }, { path = '/system/login/reset?next=%2Fsystem%2Flogin&set-lang=en', method = 'HEAD' }, { path = '/common/images/logos/img_logoMain.jpg', method = 'HEAD' }, }, matches = { { match = 'URL=http://www.macromedia.com/go/breeze_login_help_en', output = 'Adobe Acrobat Connect Pro' }, { match = '<title>Connect Pro Central Login', output = 'Adobe Acrobat Connect Pro' }, { match = 'Forgot your password?', output = 'Adobe Acrobat Connect Pro' }, { match = 'Server: JRun Web Server', output = 'Adobe Acrobat Connect Pro' }, } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/Dashboard/Dashboard.html', method = 'GET' } }, matches = { { match = 'Server: Kodak-RulesBasedAutomation', output = 'Prinergy Dashboard Client Login' }, { match = 'Dashboard', output = 'Prinergy Dashboard Client Login' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/flexfm/', method = 'HEAD' } }, matches = { { match = '', output = 'Flex File Manager' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/lib/usermanagement/userInfo.php', method = 'HEAD' } }, matches = { { match = '', output = 'Testlink TestManagement' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/security/xamppsecurity.php', method = 'HEAD' } }, matches = { { match = '', output = 'XAMPP' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/lc/system/console', method = 'HEAD' }, }, matches = { { match = 'OSGi Management Console', output = 'Adobe LiveCycle Management Console' } } }); table.insert(fingerprints, { category = 'management', probes = { { path = '/dm-albums/dm-albums.php', method = 'HEAD' } }, matches = { { match = '', output = 'DM FileManager' } } }); ------------------------------------------------ ---- PRINTERS, WEBCAMS, PROJECTORS ---- ------------------------------------------------ table.insert(fingerprints, { category = 'printer', probes = { { path = '/x_logo.gif', method = 'HEAD' } }, matches = { { match = '', output = 'Xerox printer' } } }); table.insert(fingerprints, { category = 'printer', probes = { { path = '/gif/hp.gif', method = 'HEAD' }, { path = '/gif/hp_invent_logo.gif', method = 'HEAD' }, { path = '/gif/printer.gif', method = 'HEAD' }, { path = '/hp/device/this.LCDispatcher', method = 'HEAD' }, { path = '/hp/device/webAccess/index.htm', method = 'HEAD' }, { path = '/PageSelector.class', method = 'HEAD' } }, matches = { { match = '', output = 'HP Printer' } } }); table.insert(fingerprints, { category = 'printer', probes = { { path = '/images/lexbold.gif', method = 'HEAD' }, { path = '/images/lexlogo.gif', method = 'HEAD' }, { path = '/images/printer.gif', method = 'HEAD' }, { path = '/printer/image', method = 'HEAD' } }, matches = { { match = '', output = 'Lexmark Printer' } } }); table.insert(fingerprints, { category = 'printer', probes = { { path = '/images/mute_alloff.gif', method = 'HEAD' }, { path = '/images/pic_bri.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'NEC Projector' } } }); table.insert(fingerprints, { category = 'printer', probes = { { path = '/scanweb/images/scanwebtm.gif', method = 'HEAD' }, }, matches = { { match = '', output = 'SCAN Web (Webcam)' } } }); table.insert(fingerprints, { category = 'printer', probes = { { path = '/view/index.shtml', method = 'HEAD' }, }, matches = { { match = '', output = 'Axis 212 PTZ Network Camera' } } }); ------------------------------------------------ ---- DATABASES ---- ------------------------------------------------ --phpmyadmin db taken from http://milw0rm.com/exploits/8921 table.insert(fingerprints, { category = 'database', probes = { { path = '/phpmyadmin/', method = 'HEAD' }, { path = '/phpMyAdmin/', method = 'HEAD' }, { path = '/PHPMyAdmin/', method = 'HEAD' }, { path = '/PMA/', method = 'HEAD' }, { path = '/pma/', method = 'HEAD' }, { path = '/dbadmin/', method = 'HEAD' }, { path = '/myadmin/', method = 'HEAD' }, { path = '/php-my-admin/', method = 'HEAD' }, { path = '/phpMyAdmin2/', method = 'HEAD' }, { path = '/phpMyAdmin-2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.2.3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.2.6/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.4/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.5-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.5-rc2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.5/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.5-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.6-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.6-rc2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.6/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.7/', method = 'HEAD' }, { path = '/phpMyAdmin-2.5.7-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-alpha/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-alpha2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-beta1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-beta2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-rc2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-rc3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-pl2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.0-pl3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.1-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.1-rc2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.1-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.1-pl2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.1-pl3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.2-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.2-beta1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.2-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.3-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.3-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.4-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.4-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.4-pl2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.4-pl3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.4-pl4/', method = 'HEAD' }, { path = '/phpMyAdmin-2.6.4/', method = 'HEAD' }, { path = '/phpMyAdmin-2.7.0-beta1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.7.0-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.7.0-pl1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.7.0-pl2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.7.0/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0-beta1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0-rc2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0.1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0.2/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0.3/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.0.4/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.1-rc1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.1/', method = 'HEAD' }, { path = '/phpMyAdmin-2.8.2/', method = 'HEAD' }, { path = '/sqlmanager/', method = 'HEAD' }, { path = '/php-myadmin/', method = 'HEAD' }, { path = '/phpmy-admin/', method = 'HEAD' }, { path = '/mysqladmin/', method = 'HEAD' }, { path = '/mysql-admin/', method = 'HEAD' }, { path = '/websql/', method = 'HEAD' }, { path = '/_phpmyadmin/', method = 'HEAD' } }, matches = { { output = 'phpMyAdmin' } } }); table.insert(fingerprints, { category = 'database', probes = { { path = '/footer1.gif', method = 'HEAD' }, }, matches = { { match = '', output = '(possible) Oracle Web server' } } }); table.insert(fingerprints, { category = 'database', probes = { { path = '/homepage.nsf/homePage.gif?OpenImageResource', method = 'HEAD' }, { path = '/icons/ecblank.gif', method = 'HEAD' }, { path = '/852566C90012664F', method = 'HEAD' }, { path = '/admin4.nsf', method = 'HEAD' }, { path = '/admin5.nsf', method = 'HEAD' }, { path = '/admin.nsf', method = 'HEAD' }, { path = '/agentrunner.nsf', method = 'HEAD' }, { path = '/alog.nsf', method = 'HEAD' }, { path = '/a_domlog.nsf', method = 'HEAD' }, { path = '/bookmark.nsf', method = 'HEAD' }, { path = '/busytime.nsf', method = 'HEAD' }, { path = '/catalog.nsf', method = 'HEAD' }, { path = '/certa.nsf', method = 'HEAD' }, { path = '/certlog.nsf', method = 'HEAD' }, { path = '/certsrv.nsf', method = 'HEAD' }, { path = '/chatlog.nsf', method = 'HEAD' }, { path = '/clbusy.nsf', method = 'HEAD' }, { path = '/cldbdir.nsf', method = 'HEAD' }, { path = '/clusta4.nsf', method = 'HEAD' }, { path = '/collect4.nsf', method = 'HEAD' }, { path = '/da.nsf', method = 'HEAD' }, { path = '/dba4.nsf', method = 'HEAD' }, { path = '/dclf.nsf', method = 'HEAD' }, { path = '/DEASAppDesign.nsf', method = 'HEAD' }, { path = '/DEASLog01.nsf', method = 'HEAD' }, { path = '/DEASLog02.nsf', method = 'HEAD' }, { path = '/DEASLog03.nsf', method = 'HEAD' }, { path = '/DEASLog04.nsf', method = 'HEAD' }, { path = '/DEASLog05.nsf', method = 'HEAD' }, { path = '/DEASLog.nsf', method = 'HEAD' }, { path = '/decsadm.nsf', method = 'HEAD' }, { path = '/decslog.nsf', method = 'HEAD' }, { path = '/DEESAdmin.nsf', method = 'HEAD' }, { path = '/dirassist.nsf', method = 'HEAD' }, { path = '/doladmin.nsf', method = 'HEAD' }, { path = '/domadmin.nsf', method = 'HEAD' }, { path = '/domcfg.nsf', method = 'HEAD' }, { path = '/domguide.nsf', method = 'HEAD' }, { path = '/domlog.nsf', method = 'HEAD' }, { path = '/dspug.nsf', method = 'HEAD' }, { path = '/events4.nsf', method = 'HEAD' }, { path = '/events5.nsf', method = 'HEAD' }, { path = '/events.nsf', method = 'HEAD' }, { path = '/event.nsf', method = 'HEAD' }, { path = '/homepage.nsf', method = 'HEAD' }, { path = '/iNotes/Forms5.nsf/$DefaultNav', method = 'HEAD' }, { path = '/jotter.nsf', method = 'HEAD' }, { path = '/leiadm.nsf', method = 'HEAD' }, { path = '/leilog.nsf', method = 'HEAD' }, { path = '/leivlt.nsf', method = 'HEAD' }, { path = '/log4a.nsf', method = 'HEAD' }, { path = '/log.nsf', method = 'HEAD' }, { path = '/l_domlog.nsf', method = 'HEAD' }, { path = '/mab.nsf', method = 'HEAD' }, { path = '/mail10.box', method = 'HEAD' }, { path = '/mail1.box', method = 'HEAD' }, { path = '/mail2.box', method = 'HEAD' }, { path = '/mail3.box', method = 'HEAD' }, { path = '/mail4.box', method = 'HEAD' }, { path = '/mail5.box', method = 'HEAD' }, { path = '/mail6.box', method = 'HEAD' }, { path = '/mail7.box', method = 'HEAD' }, { path = '/mail8.box', method = 'HEAD' }, { path = '/mail9.box', method = 'HEAD' }, { path = '/mail.box', method = 'HEAD' }, { path = '/msdwda.nsf', method = 'HEAD' }, { path = '/mtatbls.nsf', method = 'HEAD' }, { path = '/mtstore.nsf', method = 'HEAD' }, { path = '/names.nsf', method = 'HEAD' }, { path = '/nntppost.nsf', method = 'HEAD' }, { path = '/nntp/nd000001.nsf', method = 'HEAD' }, { path = '/nntp/nd000002.nsf', method = 'HEAD' }, { path = '/nntp/nd000003.nsf', method = 'HEAD' }, { path = '/ntsync45.nsf', method = 'HEAD' }, { path = '/perweb.nsf', method = 'HEAD' }, { path = '/qpadmin.nsf', method = 'HEAD' }, { path = '/quickplace/quickplace/main.nsf', method = 'HEAD' }, { path = '/reports.nsf', method = 'HEAD' }, { path = '/sample/siregw46.nsf', method = 'HEAD' }, { path = '/schema50.nsf', method = 'HEAD' }, { path = '/setupweb.nsf', method = 'HEAD' }, { path = '/setup.nsf', method = 'HEAD' }, { path = '/smbcfg.nsf', method = 'HEAD' }, { path = '/smconf.nsf', method = 'HEAD' }, { path = '/smency.nsf', method = 'HEAD' }, { path = '/smhelp.nsf', method = 'HEAD' }, { path = '/smmsg.nsf', method = 'HEAD' }, { path = '/smquar.nsf', method = 'HEAD' }, { path = '/smsolar.nsf', method = 'HEAD' }, { path = '/smtime.nsf', method = 'HEAD' }, { path = '/smtpibwq.nsf', method = 'HEAD' }, { path = '/smtpobwq.nsf', method = 'HEAD' }, { path = '/smtp.box', method = 'HEAD' }, { path = '/smtp.nsf', method = 'HEAD' }, { path = '/smvlog.nsf', method = 'HEAD' }, { path = '/srvnam.htm', method = 'HEAD' }, { path = '/statmail.nsf', method = 'HEAD' }, { path = '/statrep.nsf', method = 'HEAD' }, { path = '/stauths.nsf', method = 'HEAD' }, { path = '/stautht.nsf', method = 'HEAD' }, { path = '/stconfig.nsf', method = 'HEAD' }, { path = '/stconf.nsf', method = 'HEAD' }, { path = '/stdnaset.nsf', method = 'HEAD' }, { path = '/stdomino.nsf', method = 'HEAD' }, { path = '/stlog.nsf', method = 'HEAD' }, { path = '/streg.nsf', method = 'HEAD' }, { path = '/stsrc.nsf', method = 'HEAD' }, { path = '/userreg.nsf', method = 'HEAD' }, { path = '/vpuserinfo.nsf', method = 'HEAD' }, { path = '/webadmin.nsf', method = 'HEAD' }, { path = '/web.nsf', method = 'HEAD' }, { path = '/.nsf/../winnt/win.ini', method = 'HEAD' }, { path = '/icons/ecblank.gif', method = 'HEAD' } }, matches = { { match = '', output = 'Lotus Domino' } } }); ------------------------------------------------ ---- MICROSOFT ---- ------------------------------------------------ table.insert(fingerprints, { category = 'microsoft', probes = { { path = '/_layouts/images/helpicon.gif', method = 'HEAD' }, { path = '/Pages/Default.aspx', method = 'HEAD' }, { path = '/PublishingImages/NewsArticleImage.jpg', method = 'HEAD' }, { path = '/_admin/operations.aspx', method = 'HEAD' }, { path = '/_app_bin', method = 'HEAD' }, { path = '/_controltemplates', method = 'HEAD' }, { path = '/_layouts', method = 'HEAD' }, { path = '/_layouts/viewlsts.aspx', method = 'HEAD' }, { path = '/forms/allitems.aspx', method = 'HEAD' }, { path = '/forms/webfldr.aspx', method = 'HEAD' }, { path = '/forms/mod-view.aspx', method = 'HEAD' }, { path = '/forms/my-sub.aspx', method = 'HEAD' }, { path = '/pages/categoryresults.aspx', method = 'HEAD' }, { path = '/categories/viewcategory.aspx', method = 'HEAD' }, { path = '/sitedirectory', method = 'HEAD' }, { path = '/editdocs.aspx', method = 'HEAD' }, { path = '/workflowtasks/allitems.aspx', method = 'HEAD' }, { path = '/lists/tasks/', method = 'HEAD' }, { path = '/categories/allcategories.aspx', method = 'HEAD' }, { path = '/categories/SOMEOTHERDIR/allcategories.aspx', method = 'HEAD' }, { path = '/mycategories.aspx', method = 'HEAD' }, { path = '/lists/', method = 'HEAD' }, { path = '/lists/allitems.aspx', method = 'HEAD' }, { path = '/lists/default.aspx', method = 'HEAD' }, { path = '/lists/allposts.aspx', method = 'HEAD' }, { path = '/lists/archive.aspx', method = 'HEAD' }, { path = '/lists/byauthor.aspx', method = 'HEAD' }, { path = '/lists/calendar.aspx', method = 'HEAD' }, { path = '/lists/mod-view.aspx', method = 'HEAD' }, { path = '/lists/myposts.aspx', method = 'HEAD' }, { path = '/lists/my-sub.aspx', method = 'HEAD' }, { path = '/lists/allcomments.aspx', method = 'HEAD' }, { path = '/lists/mycomments.aspx', method = 'HEAD' }, { path = '/_layouts/userdisp.aspx', method = 'HEAD' }, { path = '/_layouts/help.aspx', method = 'HEAD' }, { path = '/_layouts/download.aspx', method = 'HEAD' } }, matches = { { match = '', output = 'MS Sharepoint' } } }); table.insert(fingerprints, { category = 'microsoft', probes = { { path = '/projectserver/Home/HomePage.asp', method = 'HEAD' }, { path = '/projectserver/images/branding.gif', method = 'HEAD' }, { path = '/projectserver/images/pgHome.gif', method = 'HEAD' }, { path = '/projectserver/images/pgTask.gif', method = 'HEAD' }, { path = '/projectserver/Tasks/Taskspage.asp', method = 'HEAD' }, }, matches = { { match = '', output = 'MS Project Server' } } }); table.insert(fingerprints, { category = 'microsoft', probes = { { path = '/exchweb/bin/auth/owalogon.asp', method = 'HEAD' }, { path = '/images/outlook.jpg', method = 'HEAD' }, { path = '/owa/8.1.375.2/themes/base/lgntopl.gif', method = 'HEAD' }, { path = '/owa/', method = 'HEAD' }, }, matches = { { match = '', output = 'Outlook Web Access' } } }); table.insert(fingerprints, { category = 'microsoft', probes = { { path = '/tsweb/', method = 'HEAD' }, }, matches = { { match = '', output = 'Remote Desktop Web Connection' } } }); table.insert(fingerprints, { category = 'microsoft', probes = { { path = '/reportserver/', method = 'HEAD' } }, matches = { { match = '', output = 'Microsoft SQL Report Service' } } }); ------------------------------------------------ ---- NETWORK EQUIPMENT ---- ------------------------------------------------ -- Routers, switches, etc table.insert(fingerprints, { category = 'network', probes = { { path = '/', method = 'GET' }, }, matches = { { match = 'realm="WRT54G"', output = 'Linksys WRT54g Wireless Router' } } }); table.insert(fingerprints, { category = 'network', probes = { { path = '/HW_logo.html', method = 'HEAD' }, }, matches = { { match = '', output = 'Huawei HG 530' } } }); table.insert(fingerprints, { category = 'network', probes = { { path = '/icons/icon_set_up_2701XX_01.gif', method = 'HEAD' }, { path = '/icons/icon_homeportal_2701XX.gif', method = 'HEAD' }, { path = '/es/images/nav_sl_home_network_01.gif', method = 'HEAD' }, { path = '/en/images/nav_sl_home_network_01.gif', method = 'HEAD' } }, matches = { { match = '', output = '2WIRE 2701HG' } } }); table.insert(fingerprints, { category = 'network', probes = { { path = '/images/stxx__xl.gif', method = 'HEAD' }, { path = '/images/bbc__xl.gif', method = 'HEAD' } }, matches = { { match = '', output = 'Thomson TG585' } } }); ------------------------------------------------ ---- ATTACKS ---- ------------------------------------------------ -- These will search for and possibly exploit vulnerabilities. table.insert(fingerprints, { category = 'attacks', probes = { { path = '/sdk/../../../../../../../etc/vmware/hostd/vmInventory.xml', method = 'GET', nopipeline = true }, { path = '/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml', method = 'GET', nopipeline = true } }, matches = { { match = '', output = 'Path traversal in VMWare (CVE-2009-3733)' }, { match = '', output = 'Possible path traversal in VMWare (CVE-2009-3733)' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/../../../../../../../../../../etc/passwd', method = 'GET', nopipeline = true }, { path = '/../../../../../../../../../../boot.ini', method = 'GET', nopipeline = true } }, matches = { { match = 'root:', output = 'Simple path traversal in URI (Linux)' }, { match = 'boot loader', output = 'Simple path traversal in URI (Windows)' }, { match = '', output = 'Possible path traversal in URI' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/.htaccess', method = 'GET' }, { path = '/.htpasswd', method = 'GET' } }, matches = { -- We look for a '200 OK' message on this one, because most Apache servers return an access denied { match = '200 OK', output = 'Incorrect permissions on .htaccess or .htpasswd files' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/_vti_bin/', method = 'GET' }, { path = '/_vti_cnf/', method = 'GET' }, { path = '/_vti_log/', method = 'GET' }, { path = '/_vti_pvt/', method = 'GET' }, { path = '/_vti_txt/', method = 'GET' }, { path = '/postinfo.html' }, { path = '/_vti_bin/_vti_aut/author.dll' }, { path = '/_vti_bin/_vti_aut/author.exe' }, { path = '/_vti_bin/_vti_aut/dvwssr.dll' }, { path = '/_vti_bin/_vti_adm/admin.dll' }, { path = '/_vti_bin/_vti_adm/admin.exe' }, { path = '/_vti_bin/fpcount.exe?Page=default.asp|Image=3' }, { path = '/_vti_bin/shtml.dll' }, { path = '/_vti_bin/shtml.exe' }, { path = '/_vti_pvt/_x_todo.htm' }, { path = '/_vti_pvt/_x_todoh.htm' }, { path = '/_vti_pvt/access.cnf' }, { path = '/_vti_pvt/administrator.pwd' }, { path = '/_vti_pvt/administrators.pwd' }, { path = '/_vti_pvt/authors.pwd' }, { path = '/_vti_pvt/bots.cnf' }, { path = '/_vti_pvt/botinfs.cnf' }, { path = '/_vti_pvt/deptodoc.btr' }, { path = '/_vti_pvt/doctodep.btr' }, { path = '/_vti_pvt/frontpg.lck' }, { path = '/_vti_pvt/linkinfo.cnf' }, { path = '/_vti_pvt/service.cnf' }, { path = '/_vti_pvt/service.grp' }, { path = '/_vti_pvt/service.lck' }, { path = '/_vti_pvt/service.pwd' }, { path = '/_vti_pvt/Service.stp' }, { path = '/_vti_pvt/services.cnf' }, { path = '/_vti_pvt/services.org' }, { path = '/_vti_pvt/structure.cnf' }, { path = '/_vti_pvt/svcacl.cnf' }, { path = '/_vti_pvt/users.pwd' }, { path = '/_vti_pvt/uniqueperm.cnf' }, { path = '/_vti_pvt/writeto.cnf' }, }, matches = { { match = '200', output = 'Frontpage file or folder' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/.svn/', method = 'GET' }, { path = '/.svn/text-base/.htaccess.svn-base', method = 'GET' }, { path = '/.svn/text-base/.htpasswd.svn-base', method = 'GET' }, { path = '/.svn/text-base/Web.config.svn-base', method = 'GET' } }, matches = { { match = '200', output = 'Subversion folder' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/.git/HEAD', method = 'GET' }, }, matches = { { match = 'ref: refs', output = 'Git folder' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/.hg/requires', method = 'GET' }, }, matches = { { match = 'revlogv1', output = 'Mercurial folder' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/.bzr/README', method = 'GET' }, }, matches = { { match = 'This is a Bazaar', output = 'Bazaar folder' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/downloadFile.php', method = 'GET' }, { path = '/BackupConfig.php', method = 'GET' } }, matches = { { output = 'NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\boot.ini', method = 'GET' }, { path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\MDC\\Tomcat\\webapps\\triveni\\WEB-INF\\classes\\schedule.properties', method = 'GET' }, { path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\lib\\classpath\\com\\cisco\\nm\\cmf\\dbservice2\\DBServer.properties', method = 'GET' }, { path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\log\\dbpwdChange.log', method = 'GET' } }, matches = { { match = 'boot loader', output = 'CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)' }, { match = '', output = 'Possible CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb', method = 'HEAD' } }, matches = { { match = '', output = 'Possible iPhone/iPod/iPad generic file sharing app Directory Traversal (iOS)' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/Info.live.htm', method = 'GET' } }, matches = { { match = '200', output = 'Possible DD-WRT router Information Disclosure (OSVDB 70230)' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config', method = 'GET' } }, matches = { { match = '200', output = 'Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00', method = 'GET' } }, matches = { { match = '200', output = 'OrangeHRM 2.6.3 Local File Inclusion ' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234', method = 'GET' } }, matches = { { match = '200', output = 'TikiWiki < 1.9.9 Directory Traversal Vulnerability' } } }); table.insert(fingerprints, { category = 'attacks', probes = { { path = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20', method = 'GET' } }, matches = { { match = '2.0.11