local io = require "io"
local string = require "string"
local table = require "table"
---HTTP Fingerprint files, compiled by Ron Bowes with a special thanks to...
-- o Kevin Johnson (@secureideas) for the fingerprints that come with Yokoso
-- http://yokoso.inguardians.com
-- o Jason H. (@jhaddix) for helping out with a whole pile of fingerprints he's
-- collected
-- o Bob Dooling
-- o Robert Rowley for the awesome open source cms and README checks
-- http://www.irvineunderground.org
--
-- This file is released under the Nmap license; see:
-- http://nmap.org/book/man-legal.html
--
-- @args http-fingerprints.nikto-db-path Looks at the given path for nikto database.
-- It then converts the records in nikto's database into our Lua table format
-- and adds them to our current fingerprints if they don't exist already.
-- Unfortunately, our current implementation has some limitations:
-- * It doesn't support records with more than one 'dontmatch' patterns for
-- a probe.
-- * It doesn't support logical AND for the 'match' patterns.
-- * It doesn't support sending additional headers for a probe.
-- That means, if a nikto fingerprint needs one of the above features, it
-- won't be loaded. At the time of writing this, 6546 out of the 6573 Nikto
-- fingerprints are being loaded successfully. This runtime Nikto fingerprint integration was suggested by Nikto co-author Chris Sullo as described at http://seclists.org/nmap-dev/2013/q4/292
--
-- Although this format was originally modeled after the Nikto format, that ended
-- up being too restrictive. The current format is a simple Lua table. There are many
-- advantages to this technique; it's powerful, we don't need to write custom parsing
-- code, anybody who codes in Lua can easily add checks, and we can write converters
-- to read Nikto and other formats if we want to.
--
-- The 'fingerprints' table is the key. It's an array of checks that will be run in the
-- order they're given. Each check consists of a path, zero or more matches, output text,
-- and other optional fields. Here are all the currently defined fields:
--
-- fingerprint.probes
-- A list of one or more probes to send to the server. Each probe is either a table containing
-- the key 'path' (and potentially others), or it's a string indicating the path.
--
-- fingerprint.probes[i].path
-- The URI to check, optionally containing GET arguments. This should start with a '/'
-- and, if it's a directory, end with a '/'.
--
-- fingerprint.probes[i].method [optional; default: 'GET'}}]
-- The HTTP method to use when making requests ('GET'}}, 'POST', 'HEAD', 'PUT', 'DELETE', etc
--
-- fingerprint.ignore_404 [optional; default: false]
-- If set, the automatic checks for 404 and custom 404 pages are disabled for that check.
-- Every page will be included unless fingerprint.matches.dontmatch excludes it.
--
-- fingerprint.severity [optional; default: 1]
-- Give a severity rating, if it's a vulnerability. The scale is:
-- 1 - Info
-- 2 - Low priority
-- 3 - Warning
-- 4 - Critical
--
-- fingerprint.matches
-- An array of tables, each of which contains three fields. These will be checked, starting
-- from the first, until one is matched. If there is no 'match' text, it will fire as long
-- as the result isn't a 404. This match is not case sensitive.
--
-- fingerprint.matches[i].match
-- A string (specifically, a Lua pattern) that has to be found somewhere in the output to
-- count as a match. The string can be in the status line, in a header, or in the body.
-- In addition to matching, this field can contain captures that'll be included in the
-- output. See: http://lua-users.org/wiki/PatternsTutorial
--
-- fingerprint.matches[i].dontmatch
-- A string (specifically, a lua pattern) that cannot be found somewhere in the output.
-- This takes precedence over any text matched in the 'match' field
--
-- fingerprint.matches[i].output
-- The text to output if this match happens. If the 'match' field contains captures, these
-- captures can be used with \1, \2, etc.
--
-- If you have any questions, feel free to email dev@nmap.org or contact Ron Bowes!
--
-- CHANGELOG:
-- Added 120 new signatures taken from exploit-db.com archives from July 2009 to July 2011 [Paulino Calderon]
-- Added the option to read nikto's database and make use of its fingerprints. [George Chatzisofroniou]
--
fingerprints = {};
------------------------------------------------
---- GENERAL CHECKS ----
------------------------------------------------
-- These are checks for generic paths, like /wiki, /images, /admin, etc
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/',
method = 'GET'
}
},
matches = {
{
match = '
Index of .*(Apache.*) Server at',
output = 'Root directory w/ listing on \'\\1\''
},
{
match = 'Index of',
output = 'Root directory w/ directory listing'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/blog/',
method = 'HEAD'
},
{
path = '/weblog/',
method = 'HEAD'
},
{
path = '/weblogs/',
method = 'HEAD'
},
{
path = '/wordpress/',
method = 'HEAD'
}
},
matches = {
{
output = 'Blog'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/wiki/',
method = 'HEAD'
},
{
path = '/mediawiki/',
method = 'HEAD'
},
{
path = '/wiki/Main_Page',
method = 'HEAD'
}
},
matches = {
{
output = 'Wiki'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/tikiwiki/',
method = 'HEAD'
}
},
matches = {
{
output = 'Tikiwiki'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-bin/mj_wwwusr',
method = 'HEAD'
},
{
path = '/majordomo/mj_wwwusr',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Majordomo2 Mailing List'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/j2ee/examples/servlets/',
method = 'HEAD'
},
{
path = '/j2ee/examples/jsp/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Oracle j2ee examples'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/dsc/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Trend Micro Data Loss Prevention Virtual Appliance'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/reg_1.htm',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Polycom IP phone'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/adr.htm',
method = 'HEAD'
},
{
path = '/line_login.htm?l=1',
method = 'HEAD'
},
{
path = '/tbook.csv',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Snom IP Phone'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/globalSIPsettings.html',
method = 'HEAD'
},
{
path = '/SIPsettingsLine1.html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Aastra IP Phone'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/websvn/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'WEBSVN Repository'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/repos/',
method = 'GET'
},
{
path = '/repo/',
method = 'GET'
},
{
path = '/svn/',
method = 'GET'
},
{
path = '/cvs/',
method = 'GET'
}
},
matches = {
{
match = 'realm=".-Subversion.-"',
output = 'Subversion Repository'
},
{
match = '',
output = 'Possible code repository'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/archiva/index.action',
method = 'GET'
},
{
path = '/index.action',
method = 'GET'
}
},
matches = {
{
match = '.*">Apache Archiva (.-)',
output = 'Apache Archiva version \\1'
},
{
match = 'Apache Archiva (%d-%..-)\n',
output = 'Apache Archiva version \\1'
},
{
match = 'Apache Archiva \\',
output = 'Apache Archiva'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/login.stm',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Belkin G Wireless Router'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/tools_admin.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'D-Link DIR-300'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/bsc_lan.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'D-Link DIR-300, DIR-320, DIR-615 revD'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/Manage.tri',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Linksys WRT54G2'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/logo_t.gif',
method = 'HEAD'
}
},
matches = {
{
match = 'IP_SHARER WEB',
output = 'Arris 2307'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '//system.html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'CMNC-200 IP Camera'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/main_configure.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Intellinet IP Camera'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/OvCgi/Toolbar.exe',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'HP OpenView Network Node Manager'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/frontend/x3/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'CPanel'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/awstatstotals/awstatstotals.php',
method = 'HEAD'
},
{
path = '/awstats/awstatstotals.php',
method = 'HEAD'
},
{
path = '/awstatstotals.php',
method = 'HEAD'
},
{
path = '/awstats/index.php',
method = 'HEAD'
},
{
path = '/awstatstotals/index.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'AWStats Totals'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/egroupware/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'eGroupware'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/calendar/cal_search.php',
method = 'HEAD'
},
{
path = '/cal_search.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'ExtCalendar'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/a_viewusers.php',
method = 'HEAD'
},
{
path = '/aphpkb/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Andys PHP Knowledgebase'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/webedition/we/include/we_modules/',
method = 'HEAD'
},
{
path = '/webedition/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Web Edition'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/Examples/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Possible documentation files'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/LightNEasy.php?do=login',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'LightNEasy'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/channel_detail.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'DzTube'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-bin/vcs',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Mitel Audio and Web Conferencing (AWC)'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/ocsreports/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'OCS Inventory'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/vbseo.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'vBSEO'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/forum/',
method = 'HEAD'
},
{
path = '/forums/',
method = 'HEAD'
},
{
path = '/smf/',
method = 'HEAD'
},
{
path = '/phpbb/',
method = 'HEAD'
}
},
matches = {
{
output = 'Forum'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/manager/',
method = 'HEAD'
},
{
path = '/admin.php',
method = 'HEAD'
},
{
path = '/admin/',
method = 'HEAD'
},
{
path = '/admin/admin/',
method = 'HEAD'
},
{
path = '/administrator/',
method = 'HEAD'
},
{
path = '/moderator/',
method = 'HEAD'
},
{
path = '/webadmin/',
method = 'HEAD'
},
{
path = '/adminarea/',
method = 'HEAD'
},
{
path = '/bb-admin/',
method = 'HEAD'
},
{
path = '/adminLogin/',
method = 'HEAD'
},
{
path = '/admin_area/',
method = 'HEAD'
},
{
path = '/panel-administracion/',
method = 'HEAD'
},
{
path = '/instadmin/',
method = 'HEAD'
},
{
path = '/memberadmin/',
method = 'HEAD'
},
{
path = '/administratorlogin/',
method = 'HEAD'
},
{
path = '/adm/',
method = 'HEAD'
},
{
path = '/admin/account.php',
method = 'HEAD'
},
{
path = '/admin/index.php',
method = 'HEAD'
},
{
path = '/admin/login.php',
method = 'HEAD'
},
{
path = '/admin/admin.php',
method = 'HEAD'
},
{
path = '/joomla/administrator',
method = 'HEAD'
},
{
path = '/login.php',
method = 'HEAD'
},
{
path = '/admin_area/admin.php',
method = 'HEAD'
},
{
path = '/admin_area/login.php',
method = 'HEAD'
},
{
path = '/siteadmin/login.php',
method = 'HEAD'
},
{
path = '/siteadmin/index.php',
method = 'HEAD'
},
{
path = '/siteadmin/login.html',
method = 'HEAD'
},
{
path = '/admin/index.html',
method = 'HEAD'
},
{
path = '/admin/login.html',
method = 'HEAD'
},
{
path = '/admin/admin.html',
method = 'HEAD'
},
{
path = '/admin_area/index.php',
method = 'HEAD'
},
{
path = '/bb-admin/index.php',
method = 'HEAD'
},
{
path = '/bb-admin/login.php',
method = 'HEAD'
},
{
path = '/bb-admin/admin.php',
method = 'HEAD'
},
{
path = '/admin/home.php',
method = 'HEAD'
},
{
path = '/admin_area/login.html',
method = 'HEAD'
},
{
path = '/admin_area/index.html',
method = 'HEAD'
},
{
path = '/admin/controlpanel.php',
method = 'HEAD'
},
{
path = '/admincp/',
method = 'HEAD'
},
{
path = '/admincp/index.asp',
method = 'HEAD'
},
{
path = '/admincp/index.html',
method = 'HEAD'
},
{
path = '/admincp/login.php',
method = 'HEAD'
},
{
path = '/admin/account.html',
method = 'HEAD'
},
{
path = '/adminpanel.html',
method = 'HEAD'
},
{
path = '/webadmin.html',
method = 'HEAD'
},
{
path = '/webadmin/index.html',
method = 'HEAD'
},
{
path = '/webadmin/admin.html',
method = 'HEAD'
},
{
path = '/webadmin/login.html',
method = 'HEAD'
},
{
path = '/admin/admin_login.html',
method = 'HEAD'
},
{
path = '/admin_login.html',
method = 'HEAD'
},
{
path = '/panel-administracion/login.html',
method = 'HEAD'
},
{
path = '/admin/cp.php',
method = 'HEAD'
},
{
path = '/cp.php',
method = 'HEAD'
},
{
path = '/administrator/index.php',
method = 'HEAD'
},
{
path = '/administrator/login.php',
method = 'HEAD'
},
{
path = '/nsw/admin/login.php',
method = 'HEAD'
},
{
path = '/webadmin/login.php',
method = 'HEAD'
},
{
path = '/admin/admin_login.php',
method = 'HEAD'
},
{
path = '/admin_login.php',
method = 'HEAD'
},
{
path = '/administrator/account.php',
method = 'HEAD'
},
{
path = '/administrator.php',
method = 'HEAD'
},
{
path = '/admin_area/admin.html',
method = 'HEAD'
},
{
path = '/pages/admin/admin-login.php',
method = 'HEAD'
},
{
path = '/admin/admin-login.php',
method = 'HEAD'
},
{
path = '/admin-login.php',
method = 'HEAD'
},
{
path = '/bb-admin/index.html',
method = 'HEAD'
},
{
path = '/bb-admin/login.html',
method = 'HEAD'
},
{
path = '/bb-admin/admin.html',
method = 'HEAD'
},
{
path = '/admin/home.html',
method = 'HEAD'
},
{
path = '/modelsearch/login.php',
method = 'HEAD'
},
{
path = '/moderator.php',
method = 'HEAD'
},
{
path = '/moderator/login.php',
method = 'HEAD'
},
{
path = '/moderator/admin.php',
method = 'HEAD'
},
{
path = '/account.php',
method = 'HEAD'
},
{
path = '/pages/admin/admin-login.html',
method = 'HEAD'
},
{
path = '/admin/admin-login.html',
method = 'HEAD'
},
{
path = '/admin-login.html',
method = 'HEAD'
},
{
path = '/controlpanel.php',
method = 'HEAD'
},
{
path = '/admincontrol.php',
method = 'HEAD'
},
{
path = '/admin/adminLogin.html',
method = 'HEAD'
},
{
path = '/adminLogin.html',
method = 'HEAD'
},
{
path = '/home.html',
method = 'HEAD'
},
{
path = '/rcjakar/admin/login.php',
method = 'HEAD'
},
{
path = '/adminarea/index.html',
method = 'HEAD'
},
{
path = '/adminarea/admin.html',
method = 'HEAD'
},
{
path = '/webadmin.php',
method = 'HEAD'
},
{
path = '/webadmin/index.php',
method = 'HEAD'
},
{
path = '/webadmin/admin.php',
method = 'HEAD'
},
{
path = '/admin/controlpanel.html',
method = 'HEAD'
},
{
path = '/admin.html',
method = 'HEAD'
},
{
path = '/admin/cp.html',
method = 'HEAD'
},
{
path = '/cp.html',
method = 'HEAD'
},
{
path = '/adminpanel.php',
method = 'HEAD'
},
{
path = '/moderator.html',
method = 'HEAD'
},
{
path = '/administrator/index.html',
method = 'HEAD'
},
{
path = '/administrator/login.html',
method = 'HEAD'
},
{
path = '/user.html',
method = 'HEAD'
},
{
path = '/administrator/account.html',
method = 'HEAD'
},
{
path = '/administrator.html',
method = 'HEAD'
},
{
path = '/login.html',
method = 'HEAD'
},
{
path = '/modelsearch/login.html',
method = 'HEAD'
},
{
path = '/moderator/login.html',
method = 'HEAD'
},
{
path = '/adminarea/login.html',
method = 'HEAD'
},
{
path = '/panel-administracion/index.html',
method = 'HEAD'
},
{
path = '/panel-administracion/admin.html',
method = 'HEAD'
},
{
path = '/modelsearch/index.html',
method = 'HEAD'
},
{
path = '/modelsearch/admin.html',
method = 'HEAD'
},
{
path = '/admincontrol/login.html',
method = 'HEAD'
},
{
path = '/adm/index.html',
method = 'HEAD'
},
{
path = '/adm.html',
method = 'HEAD'
},
{
path = '/moderator/admin.html',
method = 'HEAD'
},
{
path = '/user.php',
method = 'HEAD'
},
{
path = '/account.html',
method = 'HEAD'
},
{
path = '/controlpanel.html',
method = 'HEAD'
},
{
path = '/admincontrol.html',
method = 'HEAD'
},
{
path = '/panel-administracion/login.php',
method = 'HEAD'
},
{
path = '/wp-login.php',
method = 'HEAD'
},
{
path = '/adminLogin.php',
method = 'HEAD'
},
{
path = '/admin/adminLogin.php',
method = 'HEAD'
},
{
path = '/adminarea/index.php',
method = 'HEAD'
},
{
path = '/adminarea/admin.php',
method = 'HEAD'
},
{
path = '/adminarea/login.php',
method = 'HEAD'
},
{
path = '/panel-administracion/index.php',
method = 'HEAD'
},
{
path = '/panel-administracion/admin.php',
method = 'HEAD'
},
{
path = '/modelsearch/index.php',
method = 'HEAD'
},
{
path = '/modelsearch/admin.php',
method = 'HEAD'
},
{
path = '/admincontrol/login.php',
method = 'HEAD'
},
{
path = '/adm/admloginuser.php',
method = 'HEAD'
},
{
path = '/admloginuser.php',
method = 'HEAD'
},
{
path = '/admin2.php',
method = 'HEAD'
},
{
path = '/admin2/login.php',
method = 'HEAD'
},
{
path = '/admin2/index.php',
method = 'HEAD'
},
{
path = '/adm/index.php',
method = 'HEAD'
},
{
path = '/adm.php',
method = 'HEAD'
},
{
path = '/affiliate.php',
method = 'HEAD'
},
{
path = '/adm_auth.php',
method = 'HEAD'
},
{
path = '/memberadmin.php',
method = 'HEAD'
},
{
path = '/administratorlogin.php',
method = 'HEAD'
},
{
path = '/account.cfm',
method = 'HEAD'
},
{
path = '/admin/account.cfm',
method = 'HEAD'
},
{
path = '/admin/index.cfm',
method = 'HEAD'
},
{
path = '/admin/login.cfm',
method = 'HEAD'
},
{
path = '/admin/admin.cfm',
method = 'HEAD'
},
{
path = '/admin.cfm',
method = 'HEAD'
},
{
path = '/admin/admin_login.cfm',
method = 'HEAD'
},
{
path = '/admin_login.cfm',
method = 'HEAD'
},
{
path = '/adminpanel.cfm',
method = 'HEAD'
},
{
path = '/admin/controlpanel.cfm',
method = 'HEAD'
},
{
path = '/admincontrol.cfm',
method = 'HEAD'
},
{
path = '/panel-administracion/login.cfm',
method = 'HEAD'
},
{
path = '/admin/cp.cfm',
method = 'HEAD'
},
{
path = '/pages/admin/admin-login.cfm',
method = 'HEAD'
},
{
path = '/admincp/index.cfm',
method = 'HEAD'
},
{
path = '/admincp/login.cfm',
method = 'HEAD'
},
{
path = '/admin_area/admin.cfm',
method = 'HEAD'
},
{
path = '/admin_area/login.cfm',
method = 'HEAD'
},
{
path = '/moderator/login.cfm',
method = 'HEAD'
},
{
path = '/administrator/login.cfm',
method = 'HEAD'
},
{
path = '/moderator.cfm',
method = 'HEAD'
},
{
path = '/modelsearch/index.cfm',
method = 'HEAD'
},
{
path = '/panel-administracion/admin.cfm',
method = 'HEAD'
},
{
path = '/adm/admloginuser.cfm',
method = 'HEAD'
},
{
path = '/adm.cfm',
method = 'HEAD'
},
{
path = '/adm_auth.cfm',
method = 'HEAD'
},
{
path = '/administratorlogin.cfm',
method = 'HEAD'
},
{
path = '/webadmin.cfm',
method = 'HEAD'
},
{
path = '/webadmin/index.cfm',
method = 'HEAD'
},
{
path = '/modelsearch/login.cfm',
method = 'HEAD'
},
{
path = '/login.cfm',
method = 'HEAD'
},
{
path = '/administrator.cfm',
method = 'HEAD'
},
{
path = '/administrator/account.cfm',
method = 'HEAD'
},
{
path = '/adminLogin.cfm',
method = 'HEAD'
},
{
path = '/siteadmin/login.cfm',
method = 'HEAD'
},
{
path = '/admin2/index.cfm',
method = 'HEAD'
},
{
path = '/adm/index.cfm',
method = 'HEAD'
},
{
path = '/admin_area/index.cfm',
method = 'HEAD'
},
{
path = '/bb-admin/index.cfm',
method = 'HEAD'
},
{
path = '/bb-admin/login.cfm',
method = 'HEAD'
},
{
path = '/bb-admin/admin.cfm',
method = 'HEAD'
},
{
path = '/siteadmin/index.cfm',
method = 'HEAD'
},
{
path = '/memberadmin.cfm',
method = 'HEAD'
},
{
path = '/admin2/login.cfm',
method = 'HEAD'
},
{
path = '/admloginuser.cfm',
method = 'HEAD'
},
{
path = '/admincontrol/login.cfm',
method = 'HEAD'
},
{
path = '/administrator/index.cfm',
method = 'HEAD'
},
{
path = '/modelsearch/admin.cfm',
method = 'HEAD'
},
{
path = '/panel-administracion/index.cfm',
method = 'HEAD'
},
{
path = '/adminarea/login.cfm',
method = 'HEAD'
},
{
path = '/adminarea/admin.cfm',
method = 'HEAD'
},
{
path = '/adminarea/index.cfm',
method = 'HEAD'
},
{
path = '/admin/adminLogin.cfm',
method = 'HEAD'
},
{
path = '/webadmin/login.cfm',
method = 'HEAD'
},
{
path = '/webadmin/admin.cfm',
method = 'HEAD'
},
{
path = '/user.cfm',
method = 'HEAD'
},
{
path = '/controlpanel.cfm',
method = 'HEAD'
},
{
path = '/moderator/admin.cfm',
method = 'HEAD'
},
{
path = '/cp.cfm',
method = 'HEAD'
},
{
path = '/admin-login.cfm',
method = 'HEAD'
},
{
path = '/admin/admin-login.cfm',
method = 'HEAD'
},
{
path = '/admin/home.cfm',
method = 'HEAD'
},
{
path = '/adm1n/',
method = 'HEAD'
},
{
path = '/4dm1n/',
method = 'HEAD'
},
{
path = '/account.asp',
method = 'HEAD'
},
{
path = '/admin/account.asp',
method = 'HEAD'
},
{
path = '/admin/index.asp',
method = 'HEAD'
},
{
path = '/admin/login.asp',
method = 'HEAD'
},
{
path = '/admin/admin.asp',
method = 'HEAD'
},
{
path = '/admin_area/admin.asp',
method = 'HEAD'
},
{
path = '/admin_area/login.asp',
method = 'HEAD'
},
{
path = '/admin_area/index.asp',
method = 'HEAD'
},
{
path = '/bb-admin/index.asp',
method = 'HEAD'
},
{
path = '/bb-admin/login.asp',
method = 'HEAD'
},
{
path = '/bb-admin/admin.asp',
method = 'HEAD'
},
{
path = '/admin/home.asp',
method = 'HEAD'
},
{
path = '/admin/controlpanel.asp',
method = 'HEAD'
},
{
path = '/admin.asp',
method = 'HEAD'
},
{
path = '/pages/admin/admin-login.asp',
method = 'HEAD'
},
{
path = '/admin/admin-login.asp',
method = 'HEAD'
},
{
path = '/admin-login.asp',
method = 'HEAD'
},
{
path = '/admin/cp.asp',
method = 'HEAD'
},
{
path = '/cp.asp',
method = 'HEAD'
},
{
path = '/administrator/account.asp',
method = 'HEAD'
},
{
path = '/administrator.asp',
method = 'HEAD'
},
{
path = '/login.asp',
method = 'HEAD'
},
{
path = '/modelsearch/login.asp',
method = 'HEAD'
},
{
path = '/moderator.asp',
method = 'HEAD'
},
{
path = '/moderator/login.asp',
method = 'HEAD'
},
{
path = '/administrator/login.asp',
method = 'HEAD'
},
{
path = '/moderator/admin.asp',
method = 'HEAD'
},
{
path = '/controlpanel.asp',
method = 'HEAD'
},
{
path = '/user.asp',
method = 'HEAD'
},
{
path = '/admincp/login.asp',
method = 'HEAD'
},
{
path = '/admincontrol.asp',
method = 'HEAD'
},
{
path = '/adminpanel.asp',
method = 'HEAD'
},
{
path = '/webadmin.asp',
method = 'HEAD'
},
{
path = '/webadmin/index.asp',
method = 'HEAD'
},
{
path = '/webadmin/admin.asp',
method = 'HEAD'
},
{
path = '/webadmin/login.asp',
method = 'HEAD'
},
{
path = '/admin/admin_login.asp',
method = 'HEAD'
},
{
path = '/admin_login.asp',
method = 'HEAD'
},
{
path = '/panel-administracion/login.asp',
method = 'HEAD'
},
{
path = '/adminLogin.asp',
method = 'HEAD'
},
{
path = '/admin/adminLogin.asp',
method = 'HEAD'
},
{
path = '/home.asp',
method = 'HEAD'
},
{
path = '/adminarea/index.asp',
method = 'HEAD'
},
{
path = '/adminarea/admin.asp',
method = 'HEAD'
},
{
path = '/adminarea/login.asp',
method = 'HEAD'
},
{
path = '/panel-administracion/index.asp',
method = 'HEAD'
},
{
path = '/panel-administracion/admin.asp',
method = 'HEAD'
},
{
path = '/modelsearch/index.asp',
method = 'HEAD'
},
{
path = '/modelsearch/admin.asp',
method = 'HEAD'
},
{
path = '/administrator/index.asp',
method = 'HEAD'
},
{
path = '/admincontrol/login.asp',
method = 'HEAD'
},
{
path = '/adm/admloginuser.asp',
method = 'HEAD'
},
{
path = '/admloginuser.asp',
method = 'HEAD'
},
{
path = '/admin2.asp',
method = 'HEAD'
},
{
path = '/admin2/login.asp',
method = 'HEAD'
},
{
path = '/admin2/index.asp',
method = 'HEAD'
},
{
path = '/adm/index.asp',
method = 'HEAD'
},
{
path = '/adm.asp',
method = 'HEAD'
},
{
path = '/adm_auth.asp',
method = 'HEAD'
},
{
path = '/memberadmin.asp',
method = 'HEAD'
},
{
path = '/administratorlogin.asp',
method = 'HEAD'
},
{
path = '/siteadmin/login.asp',
method = 'HEAD'
},
{
path = '/siteadmin/index.asp',
method = 'HEAD'
},
{
path = '/account.aspx',
method = 'HEAD'
},
{
path = '/admin/account.aspx',
method = 'HEAD'
},
{
path = '/admin/index.aspx',
method = 'HEAD'
},
{
path = '/admin/login.aspx',
method = 'HEAD'
},
{
path = '/admin/admin.aspx',
method = 'HEAD'
},
{
path = '/admin_area/admin.aspx',
method = 'HEAD'
},
{
path = '/admin_area/login.aspx',
method = 'HEAD'
},
{
path = '/admin_area/index.aspx',
method = 'HEAD'
},
{
path = '/bb-admin/index.aspx',
method = 'HEAD'
},
{
path = '/bb-admin/login.aspx',
method = 'HEAD'
},
{
path = '/bb-admin/admin.aspx',
method = 'HEAD'
},
{
path = '/admin/home.aspx',
method = 'HEAD'
},
{
path = '/admin/controlpanel.aspx',
method = 'HEAD'
},
{
path = '/admin.aspx',
method = 'HEAD'
},
{
path = '/pages/admin/admin-login.aspx',
method = 'HEAD'
},
{
path = '/admin/admin-login.aspx',
method = 'HEAD'
},
{
path = '/admin-login.aspx',
method = 'HEAD'
},
{
path = '/admin/cp.aspx',
method = 'HEAD'
},
{
path = '/cp.aspx',
method = 'HEAD'
},
{
path = '/administrator/account.aspx',
method = 'HEAD'
},
{
path = '/administrator.aspx',
method = 'HEAD'
},
{
path = '/login.aspx',
method = 'HEAD'
},
{
path = '/modelsearch/login.aspx',
method = 'HEAD'
},
{
path = '/moderator.aspx',
method = 'HEAD'
},
{
path = '/moderator/login.aspx',
method = 'HEAD'
},
{
path = '/administrator/login.aspx',
method = 'HEAD'
},
{
path = '/moderator/admin.aspx',
method = 'HEAD'
},
{
path = '/controlpanel.aspx',
method = 'HEAD'
},
{
path = '/user.aspx',
method = 'HEAD'
},
{
path = '/admincp/index.aspx',
method = 'HEAD'
},
{
path = '/admincp/login.aspx',
method = 'HEAD'
},
{
path = '/admincontrol.aspx',
method = 'HEAD'
},
{
path = '/adminpanel.aspx',
method = 'HEAD'
},
{
path = '/webadmin.aspx',
method = 'HEAD'
},
{
path = '/webadmin/index.aspx',
method = 'HEAD'
},
{
path = '/webadmin/admin.aspx',
method = 'HEAD'
},
{
path = '/webadmin/login.aspx',
method = 'HEAD'
},
{
path = '/admin/admin_login.aspx',
method = 'HEAD'
},
{
path = '/admin_login.aspx',
method = 'HEAD'
},
{
path = '/panel-administracion/login.aspx',
method = 'HEAD'
},
{
path = '/adminLogin.aspx',
method = 'HEAD'
},
{
path = '/admin/adminLogin.aspx',
method = 'HEAD'
},
{
path = '/home.aspx',
method = 'HEAD'
},
{
path = '/adminarea/index.aspx',
method = 'HEAD'
},
{
path = '/adminarea/admin.aspx',
method = 'HEAD'
},
{
path = '/adminarea/login.aspx',
method = 'HEAD'
},
{
path = '/panel-administracion/index.aspx',
method = 'HEAD'
},
{
path = '/panel-administracion/admin.aspx',
method = 'HEAD'
},
{
path = '/modelsearch/index.aspx',
method = 'HEAD'
},
{
path = '/modelsearch/admin.aspx',
method = 'HEAD'
},
{
path = '/administrator/index.aspx',
method = 'HEAD'
},
{
path = '/admincontrol/login.aspx',
method = 'HEAD'
},
{
path = '/adm/admloginuser.aspx',
method = 'HEAD'
},
{
path = '/admloginuser.aspx',
method = 'HEAD'
},
{
path = '/admin2.aspx',
method = 'HEAD'
},
{
path = '/admin2/login.aspx',
method = 'HEAD'
},
{
path = '/admin2/index.aspx',
method = 'HEAD'
},
{
path = '/adm/index.aspx',
method = 'HEAD'
},
{
path = '/adm.aspx',
method = 'HEAD'
},
{
path = '/adm_auth.aspx',
method = 'HEAD'
},
{
path = '/memberadmin.aspx',
method = 'HEAD'
},
{
path = '/administratorlogin.aspx',
method = 'HEAD'
},
{
path = '/siteadmin/login.aspx',
method = 'HEAD'
},
{
path = '/siteadmin/index.aspx',
method = 'HEAD'
},
{
path = '/account.jsp',
method = 'HEAD'
},
{
path = '/admin/index.jsp',
method = 'HEAD'
},
{
path = '/admin/login.jsp',
method = 'HEAD'
},
{
path = '/admin/admin.jsp',
method = 'HEAD'
},
{
path = '/admin_area/admin.jsp',
method = 'HEAD'
},
{
path = '/admin_area/login.jsp',
method = 'HEAD'
},
{
path = '/admin_area/index.jsp',
method = 'HEAD'
},
{
path = '/bb-admin/index.jsp',
method = 'HEAD'
},
{
path = '/bb-admin/login.jsp',
method = 'HEAD'
},
{
path = '/bb-admin/admin.jsp',
method = 'HEAD'
},
{
path = '/admin/home.jsp',
method = 'HEAD'
},
{
path = '/admin/controlpanel.jsp',
method = 'HEAD'
},
{
path = '/admin.jsp',
method = 'HEAD'
},
{
path = '/pages/admin/admin-login.jsp',
method = 'HEAD'
},
{
path = '/admin/admin-login.jsp',
method = 'HEAD'
},
{
path = '/admin-login.jsp',
method = 'HEAD'
},
{
path = '/admin/cp.jsp',
method = 'HEAD'
},
{
path = '/cp.jsp',
method = 'HEAD'
},
{
path = '/administrator/account.jsp',
method = 'HEAD'
},
{
path = '/administrator.jsp',
method = 'HEAD'
},
{
path = '/login.jsp',
method = 'HEAD'
},
{
path = '/modelsearch/login.jsp',
method = 'HEAD'
},
{
path = '/moderator.jsp',
method = 'HEAD'
},
{
path = '/moderator/login.jsp',
method = 'HEAD'
},
{
path = '/administrator/login.jsp',
method = 'HEAD'
},
{
path = '/moderator/admin.jsp',
method = 'HEAD'
},
{
path = '/controlpanel.jsp',
method = 'HEAD'
},
{
path = '/user.jsp',
method = 'HEAD'
},
{
path = '/admincp/index.jsp',
method = 'HEAD'
},
{
path = '/admincp/login.jsp',
method = 'HEAD'
},
{
path = '/admincontrol.jsp',
method = 'HEAD'
},
{
path = '/admin/account.jsp',
method = 'HEAD'
},
{
path = '/adminpanel.jsp',
method = 'HEAD'
},
{
path = '/webadmin.jsp',
method = 'HEAD'
},
{
path = '/webadmin/index.jsp',
method = 'HEAD'
},
{
path = '/webadmin/admin.jsp',
method = 'HEAD'
},
{
path = '/webadmin/login.jsp',
method = 'HEAD'
},
{
path = '/admin/admin_login.jsp',
method = 'HEAD'
},
{
path = '/admin_login.jsp',
method = 'HEAD'
},
{
path = '/panel-administracion/login.jsp',
method = 'HEAD'
},
{
path = '/adminLogin.jsp',
method = 'HEAD'
},
{
path = '/admin/adminLogin.jsp',
method = 'HEAD'
},
{
path = '/home.jsp',
method = 'HEAD'
},
{
path = '/adminarea/index.jsp',
method = 'HEAD'
},
{
path = '/adminarea/admin.jsp',
method = 'HEAD'
},
{
path = '/adminarea/login.jsp',
method = 'HEAD'
},
{
path = '/panel-administracion/index.jsp',
method = 'HEAD'
},
{
path = '/panel-administracion/admin.jsp',
method = 'HEAD'
},
{
path = '/modelsearch/index.jsp',
method = 'HEAD'
},
{
path = '/modelsearch/admin.jsp',
method = 'HEAD'
},
{
path = '/administrator/index.jsp',
method = 'HEAD'
},
{
path = '/admincontrol/login.jsp',
method = 'HEAD'
},
{
path = '/adm/admloginuser.jsp',
method = 'HEAD'
},
{
path = '/admloginuser.jsp',
method = 'HEAD'
},
{
path = '/admin2.jsp',
method = 'HEAD'
},
{
path = '/admin2/login.jsp',
method = 'HEAD'
},
{
path = '/admin2/index.jsp',
method = 'HEAD'
},
{
path = '/adm/index.jsp',
method = 'HEAD'
},
{
path = '/adm.jsp',
method = 'HEAD'
},
{
path = '/adm_auth.jsp',
method = 'HEAD'
},
{
path = '/memberadmin.jsp',
method = 'HEAD'
},
{
path = '/administratorlogin.jsp',
method = 'HEAD'
},
{
path = '/siteadmin/login.jsp',
method = 'HEAD'
},
{
path = '/siteadmin/index.jsp',
method = 'HEAD'
},
{
path = '/admin1.php',
method = 'HEAD'
},
{
path = '/administr8.asp',
method = 'HEAD'
},
{
path = '/administr8.php',
method = 'HEAD'
},
{
path = '/administr8.jsp',
method = 'HEAD'
},
{
path = '/administr8.aspx',
method = 'HEAD'
},
{
path = '/administr8.cfm',
method = 'HEAD'
},
{
path = '/administr8/',
method = 'HEAD'
},
{
path = '/administer/',
method = 'HEAD'
},
{
path = '/administracao.php',
method = 'HEAD'
},
{
path = '/administracao.asp',
method = 'HEAD'
},
{
path = '/administracao.aspx',
method = 'HEAD'
},
{
path = '/administracao.cfm',
method = 'HEAD'
},
{
path = '/administracao.jsp',
method = 'HEAD'
},
{
path = '/administracion.php',
method = 'HEAD'
},
{
path = '/administracion.asp',
method = 'HEAD'
},
{
path = '/administracion.aspx',
method = 'HEAD'
},
{
path = '/administracion.jsp',
method = 'HEAD'
},
{
path = '/administracion.cfm',
method = 'HEAD'
},
{
path = '/administrators/',
method = 'HEAD'
},
{
path = '/adminpro/',
method = 'HEAD'
},
{
path = '/admins/',
method = 'HEAD'
},
{
path = '/admins.cfm',
method = 'HEAD'
},
{
path = '/admins.php',
method = 'HEAD'
},
{
path = '/admins.jsp',
method = 'HEAD'
},
{
path = '/admins.asp',
method = 'HEAD'
},
{
path = '/admins.aspx',
method = 'HEAD'
},
{
path = '/maintenance/',
method = 'HEAD'
},
{
path = '/Lotus_Domino_Admin/',
method = 'HEAD'
},
{
path = '/hpwebjetadmin/',
method = 'HEAD'
},
{
path = '/_admin/',
method = 'HEAD'
},
{
path = '/_administrator/',
method = 'HEAD'
},
{
path = '/_administrador/',
method = 'HEAD'
},
{
path = '/_admins/',
method = 'HEAD'
},
{
path = '/_administrators/',
method = 'HEAD'
},
{
path = '/_administradores/',
method = 'HEAD'
},
{
path = '/_administracion/',
method = 'HEAD'
},
{
path = '/_4dm1n/',
method = 'HEAD'
},
{
path = '/_adm1n/',
method = 'HEAD'
},
{
path = '/_Admin/',
method = 'HEAD'
},
{
path = '/system_administration/',
method = 'HEAD'
},
{
path = '/system-administration/',
method = 'HEAD'
},
{
path = '/system-admin/',
method = 'HEAD'
},
{
path = '/system-admins/',
method = 'HEAD'
},
{
path = '/system-administrators/',
method = 'HEAD'
},
{
path = '/administracion-sistema/',
method = 'HEAD'
},
{
path = '/Administracion/',
method = 'HEAD'
},
{
path = '/Admin/',
method = 'HEAD'
},
{
path = '/Administrator/',
method = 'HEAD'
},
{
path = '/Manager/',
method = 'HEAD'
},
{
path = '/Adm/',
method = 'HEAD'
},
{
path = '/systemadmin/',
method = 'HEAD'
},
{
path = '/AdminLogin.asp',
method = 'HEAD'
},
{
path = '/AdminLogin.php',
method = 'HEAD'
},
{
path = '/AdminLogin.jsp',
method = 'HEAD'
},
{
path = '/AdminLogin.aspx',
method = 'HEAD'
},
{
path = '/AdminLogin.cfm',
method = 'HEAD'
},
{
path = '/admin108/',
method = 'HEAD'
},
{
path = '/pec_admin/',
method = 'HEAD'
},
{
path = '/system/admin/',
method = 'HEAD'
},
{
path = '/plog-admin/',
method = 'HEAD'
},
{
path = '/ESAdmin/',
method = 'HEAD'
},
{
path = '/axis2-admin/',
method = 'HEAD'
},
{
path = '/_sys/',
method = 'HEAD'
},
{
path = '/admin_cp.asp',
method = 'HEAD'
},
{
path = '/sitecore/admin/',
method = 'HEAD'
},
{
path = '/sitecore/login/admin/',
method = 'HEAD'
}
},
matches = {
{
match = 'Index of',
output = 'Possible admin folder w/ directory listing'
},
{
output = 'Possible admin folder'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/backup/',
method = 'GET'
},
{
path = '/backup',
method = 'GET'
},
{
path = '/backup.sql',
method = 'GET'
},
{
path = '/backup.sql.gz',
method = 'GET'
},
{
path = '/backup.sql.bz2',
method = 'GET'
},
{
path = '/backup.zip',
method = 'GET'
},
{
path = '/backups/',
method = 'GET'
},
{
path = '/bak/',
method = 'GET'
},
{
path = '/back/',
method = 'GET'
},
{
path = '/cache/backup/',
method = 'GET'
},
{
path = '/admin/backup/',
method = 'GET'
},
{
path = '/dbbackup.txt',
method = 'GET'
}
},
matches = {
{
match = 'Index of',
output = 'Backup folder w/ directory listing'
},
{
match = '',
output = 'Possible backup'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/b.sql',
method = 'HEAD'
},
{
path = '/db.sql',
method = 'HEAD'
},
{
path = '/ddb.sql',
method = 'HEAD'
},
{
path = '/users.sql',
method = 'HEAD'
},
{
path = '/database.sql',
method = 'HEAD'
},
{
path = '/mysql.sql',
method = 'HEAD'
},
{
path = '/dump.sql',
method = 'HEAD'
},
{
path = '/respaldo.sql',
method = 'HEAD'
},
{
path = '/data.sql',
method = 'HEAD'
},
{
path = '/old.sql',
method = 'HEAD'
},
{
path = '/usuarios.sql',
method = 'HEAD'
},
{
path = '/bdb.sql',
method = 'HEAD'
},
{
path = '/1.sql',
method = 'HEAD'
},
{
path = '/admin/download/backup.sql',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Possible database backup'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/clientaccesspolicy.xml',
method = 'HEAD'
},
},
matches = {
{
output = 'Microsoft Silverlight crossdomain policy'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/atom/',
method = 'HEAD'
},
{
path = '/atom.aspx',
method = 'HEAD'
},
{
path = '/atom.php',
method = 'HEAD'
},
{
path = '/atom.xml',
method = 'HEAD'
},
{
path = '/atom.jsp',
method = 'HEAD'
},
{
path = '/rss/',
method = 'HEAD'
},
{
path = '/rss.aspx',
method = 'HEAD'
},
{
path = '/rss.php',
method = 'HEAD'
},
{
path = '/rss.xml',
method = 'HEAD'
},
{
path = '/rss.jsp',
method = 'HEAD'
}
},
matches = {
{
output = 'RSS or Atom feed'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/etc/passwd',
method = 'GET'
},
{
path = '/boot.ini',
method = 'GET'
}
},
matches = {
{
match = 'root:',
output = 'Webroot appears to be in / (Linux)'
},
{
match = 'boot loader',
output = 'Webroot appears to be in c:\\ (Windows)'
},
{
match = '',
output = 'Webroot might be in root folder'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/example/',
method = 'GET'
},
{
path = '/examples/',
method = 'GET'
},
{
path = '/iissamples/',
method = 'GET'
},
{
path = '/j2eeexamples/',
method = 'GET'
},
{
path = '/j2eeexamplesjsp/',
method = 'GET'
},
{
path = '/sample/',
method = 'GET'
},
{
path = '/ncsample/',
method = 'GET'
},
{
path = '/fpsample/',
method = 'GET'
},
{
path = '/cmsample/',
method = 'GET'
},
{
path = '/samples/',
method = 'GET'
},
{
path = '/mono/1.1/index.aspx',
method = 'GET'
}
},
matches = {
{
match = 'Index of .*(Apache.*) Server at',
output = 'Sample scripts w/ listing on \'\\1\''
},
{
match = 'Index of',
output = 'Sample scripts w/ directory listing'
},
{
match = '',
output = 'Sample scripts'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/login/',
method = 'HEAD'
},
{
path = '/login.htm',
method = 'HEAD'
},
{
path = '/login.jsp',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Login page'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/test.asp',
method = 'HEAD'
},
{
path = '/test.class',
method = 'HEAD'
},
{
path = '/test/',
method = 'HEAD'
},
{
path = '/test.htm',
method = 'HEAD'
},
{
path = '/test.html',
method = 'HEAD'
},
{
path = '/test.php',
method = 'HEAD'
},
{
path = '/test.txt',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Test page'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/webmail/',
method = 'HEAD'
},
{
path = '/mail/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Mail folder'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/log/',
method = 'HEAD'
},
{
path = '/log.htm',
method = 'HEAD'
},
{
path = '/log.php',
method = 'HEAD'
},
{
path = '/log.asp',
method = 'HEAD'
},
{
path = '/log.aspx',
method = 'HEAD'
},
{
path = '/log.jsp',
method = 'HEAD'
},
{
path = '/logs/',
method = 'HEAD'
},
{
path = '/logs.htm',
method = 'HEAD'
},
{
path = '/logs.php',
method = 'HEAD'
},
{
path = '/logs.asp',
method = 'HEAD'
},
{
path = '/logs.aspx',
method = 'HEAD'
},
{
path = '/logs.jsp',
method = 'HEAD'
},
{
path = '/wwwlog/',
method = 'HEAD'
},
{
path = '/wwwlogs/',
method = 'HEAD'
},
{
path = '/mail_log_files/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Logs'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/images/rails.png',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Ruby on Rails'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/mono/',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Mono'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/robots.txt',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Robots file'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/crossdomain.xml',
method = 'HEAD'
},
},
matches = {
{
output = 'Adobe Flash crossdomain policy'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/css/cake.generic.css',
method = 'HEAD'
},
{
path = '/img/cake.icon.gif',
method = 'HEAD'
},
{
path = '/img/cake.icon.png',
method = 'HEAD'
},
{
path = '/js/vendors.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'CakePHP application'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-bin/ffileman.cgi?',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Ffileman Web File Manager'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/fshow.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Horizon Web App'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/admin/upload.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Admin File Upload'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/upload_multiple_js.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'NAS Uploader'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/uploadtester.asp',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Free ASP Upload Shell'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/info.php',
method = 'HEAD'
},
{
path = '/phpinfo.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Possible information file'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/kusabax/manage_page.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Kusabax Image Board'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/plus/lurking.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'phpMyChat Plus'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/adm/barra/assetmanager/assetmanager.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = '360 Web Manager'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/eyeos/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Possible eyeOS installation'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/NETWARE.HTM',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Planet FPS-1101'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/setup.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Linksys Cisco Wag120n or similar'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/debug.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Linksys WRT54G'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/ehcp/?op=applyforftpaccount',
method = 'HEAD'
},
{
path = '/ehcp/?op=applyforaccount',
method = 'HEAD'
},
{
path = '/ehcp/?op=applyfordomainaccount',
method = 'HEAD'
},
{
path = '/vhosts/ehcp/?op=applyforftpaccount',
method = 'HEAD'
},
{
path = '/vhosts/ehcp/?op=applyforaccount',
method = 'HEAD'
},
{
path = '/vhosts/ehcp/?op=applyfordomainaccount',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Easy Hosting Control Panel'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/tools_admin.cgi?',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'D-Link WBR-1310'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/level/15',
method = 'HEAD'
},
{
path = '/exec/show/log/CR',
method = 'HEAD'
},
{
path = '/level/15/exec/-/configure/http',
method = 'HEAD'
},
{
path = '/level/15/exec/-',
method = 'HEAD'
}
},
matches = {
{
match = 'cisco-IOS',
output = 'Cisco 2811'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/appServer/jvmReport.jsf?instanceName=server&pageTitle=JVM%20Report',
method = 'HEAD'
},
{
path = '/common/appServer/jvmReport.jsf?pageTitle=JVM%20Report',
method = 'HEAD'
},
{
path = '/common/appServer/jvmReport.jsf?reportType=summary&instanceName=server',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Oracle GlashFish Server Information'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/console/login/loginForm.jsp',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Oracle WebLogic Server Administration Console'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/login_img.jpg',
method = 'HEAD'
}
},
matches = {
{
match = 'RapidLogic',
output = 'AIRAYA WirelessGRID'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cirronetlogo.gif',
method = 'HEAD'
}
},
matches = {
{
match = 'Cirronet Wavebolt-AP',
output = 'Cirronet Wavebolt'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/browserId/wizardForm.jhtml',
method = 'HEAD'
},
{
path = '/webline/html/forms/callback.jhtml',
method = 'HEAD'
},
{
path = '/webline/html/forms/callbackICM.jhtml',
method = 'HEAD'
},
{
path = '/webline/html/agent/AgentFrame.jhtml',
method = 'HEAD'
},
{
path = '/webline/html/agent/default/badlogin.jhtml',
method = 'HEAD'
},
{
path = '/callme/callForm.jhtml',
method = 'HEAD'
},
{
path = '/webline/html/multichatui/nowDefunctWindow.jhtml',
method = 'HEAD'
},
{
path = '/browserId/wizard.jhtml',
method = 'HEAD'
},
{
path = '/admin/CiscoAdmin.jhtml',
method = 'HEAD'
},
{
path = '/msccallme/mscCallForm.jhtml',
method = 'HEAD'
},
{
path = '/webline/html/admin/wcs/LoginPage.jhtml',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Cisco Collaboration Server'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/restoreinfo.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Sagem router'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/confirminvite.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'phpMyBitTorrent'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/sourcebans/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'SourceBans - Steam server application'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/swfupload/index.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'SWFUpload'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/mymarket/shopping/index.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'MyMarket'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/myshop_start.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'FozzCom shopping'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/piranha/secure/passwd.php3',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'RedHat Piranha Virtual Server'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-bin/ck/mimencode',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'ContentKeeper Web Appliance'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-bin/masterCGI?',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Alcatel-Lucent OmniPCX Enterprise'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/tiny_mce/plugins/filemanager/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Tiny MCE File Upload'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/upload/scp/ajax.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'osTicket / AJAX File Upload'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-mod/view_help.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Barracuda Networks Spam & Virus Firewall'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-mod/index.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Barracuda Web Application Firewall'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-mod/smtp_test.cgi',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Barracuda IM Firewall'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/TopToolArea.html',
method = 'HEAD'
},
{
path = '/switchSystem.html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Alteon OS BBI (Nortell)'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/intruvert/jsp/module/Login.jsp',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'McAfee Network Security Manager'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/ajaxfilemanager/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'AJAX File Manager'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/upload/data/settings.cdb',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'CF Image Hosting DB'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/fm.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Simple File Manager'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/nagios3/cgi-bin/statuswml.cgi',
method = 'HEAD'
},
{
path = '/nagios3/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Nagios3'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/test/logon.html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Jetty'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cal_cat.php',
method = 'HEAD'
},
{
path = '/calendar/cal_cat.php',
method = 'HEAD'
},
{
path = '/cal/cal_cat.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Calendarix'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/private/sdc.tgz',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'IBM Bladecenter Management Logs'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cacti/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Cacti Web Monitoring'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/cgi-bin/awstats.pl',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'AWStats'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/wiki/rankings.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Bit Weaver'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/reqdetails.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'BtiTracker'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/shared/help.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'OpenBiblio/WebBiblio Subject Gateway System'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/seti.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'PHP SETI@home'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/imc/',
method = 'HEAD'
},
{
path = '/imcws/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = '3Com Intelligent Management Center'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/partymgr/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Apache OFBiz'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/Base/upload.php',
method = 'HEAD'
},
{
path = '/Base/example_1.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'MassMirror Uploader'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/YUI-upload/html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'YUI Images / File Upload'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/tools/filemanager/skins/mobile/admin1.template.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'ispCP Omega'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/Uploadify/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Uploadify'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/syssite/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'ShopEx'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/updown.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'PHP Uploader Downloader'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/modules/docmanager/doctypetemplates/myuploadedfile',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Achievo'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/ReqWebHelp/advanced/workingSet.jsp',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'IBM Rational RequisitePro/ReqWebHelp'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/dhost/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Novell eDirectory'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/engine/api/api.class.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'DatalifeEngine'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/jsft_resource.jsf',
method = 'HEAD'
},
{
path = '/scales_static_resource.jsf',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'JSFTemplating/Mojarra Scales/GlassFish Application Server'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/setup/password_required.html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = '2WIRE GATEWAY'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/zp-core/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Zen Photo'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/amember/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'aMember'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/.hgignore',
method = 'HEAD'
},
{
path = '/.gitignore',
method = 'HEAD'
},
{
path = '/.bzrignore',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Revision control ignore file'
}
}
});
------------------------------------------------
---- SECURITY SOFTWARE ----
------------------------------------------------
-- These checks will find specific installed software. If possible, it will also
-- find versions, etc.
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/CSS/Miniweb.css',
method = 'GET'
}
},
matches = {
{
match = 'ad_header_form_sprachauswahl',
output = 'SCADA Siemens SIMATIC S7'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/S7Web.css',
method = 'GET'
},
{
path = '/Portal0000.htm',
method = 'GET'
}
},
matches = {
{
match = '(.-) | ',
output = 'SCADA Siemens PCS7: \\1'
},
{
match = '',
output = 'SCADA Siemens PCS7'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/arcsight/',
method = 'HEAD'
},
{
path = '/arcsight/images/logo-login-arcsight.gif',
method = 'HEAD'
},
{
path = '/arcsight/images/navbar-icon-logout-on.gif',
method = 'HEAD'
},
{
path = '/images/logo-arcsight.gif',
method = 'HEAD'
},
{
path = '/logger/monitor.ftl',
method = 'HEAD'
},
},
matches = {
{
output = 'Arcsight'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/beef/',
method = 'HEAD'
},
{
path = '/BEEF/',
method = 'HEAD'
},
{
path = '/beef/images/beef.gif',
method = 'HEAD'
}
},
matches = {
{
output = 'BeEF Browser Exploitation Framework'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/gfx/form_top_left_corner.gif',
method = 'HEAD'
},
{
path = '/gfx/logout_24.png',
method = 'HEAD'
},
{
path = '/gfx/new_logo.gif',
method = 'HEAD'
},
{
path = '/javascript/sorttable.js',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Secunia NSI'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/images/btn_help_nml.gif',
method = 'HEAD'
},
{
path = '/images/hdr_icon_homeG.gif',
method = 'HEAD'
},
{
path = '/spControl.php',
method = 'HEAD'
},
{
path = '/images/isslogo.gif',
method = 'HEAD'
},
{
path = '/deploymentmanager/',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'IBM Proventia'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/i18n/EN/css/foundstone.css',
method = 'HEAD'
},
{
path = '/i18n/EN/images/external_nav_square.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Foundstone'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/officescan/console/html/cgi/cgiChkMasterPwd.exe',
method = 'HEAD'
},
{
path = '/officescan/console/html/ClientInstall/officescannt.htm',
method = 'HEAD'
},
{
path = '/officescan/console/html/images/icon_refresh.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Trend Micro OfficeScan Server'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/picts/BC_bwlogorev.gif',
method = 'HEAD'
},
{
path = '/picts/menu_leaf.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'BlueCoat Reporter'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/theme/images/en/login1.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Fortinet VPN/Firewall'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/',
method = 'GET'
},
},
matches = {
{
match = 'id="NessusClient"',
output = 'Nessus'
},
{
match = 'NessusClient.swf',
output = 'Nessus'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/NessusClient.swf',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Nessus'
}
}
});
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/dotDefender/',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'dotDefender Web Application Firewall'
}
}
});
-- http://www.rapid7.com/db/modules/payload/windows/meterpreter/reverse_hop_http
-- "GET /hop.php?/control" will grab all pending messages, but is unreliable if
-- there are no pending messages.
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/hop.php?/12345',
method = 'GET'
},
},
matches = {
{
-- TODO: this only works for Meterpreter payloads. Find a more generic means?
match = 'METERPRETER_TRANSPORT_HTTP',
output = 'Metasploit reverse_hop_http hop point'
},
}
});
-- http://carnal0wnage.attackresearch.com/2015/02/cisco-asa-version-grabber-cve-2014-3398.html
table.insert(fingerprints, {
category = 'security',
probes = {
{
path = '/CSCOSSLC/config-auth',
method = 'GET'
},
},
matches = {
{
match = '([^<]+)',
output = 'Cisco ASA, firmware \\1'
},
}
});
------------------------------------------------
---- MANAGEMENT SOFTWARE ----
------------------------------------------------
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/vmware/',
method = 'HEAD'
},
{
path = '/vmware/imx/vmware_boxes-16x16.png',
method = 'HEAD'
},
{
path = '/ui/',
method = 'HEAD'
},
{
path = '/ui/imx/vmwareLogo-16x16.png',
method = 'HEAD'
},
{
path = '/ui/imx/vmwarePaperBagLogo-16x16.png',
method = 'HEAD'
},
{
path = '/ui/vManage.do',
method = 'HEAD'
},
{
path = '/client/VMware-viclient.exe',
method = 'HEAD'
},
{
path = '/en/welcomeRes.js',
method = 'HEAD'
}
},
matches = {
{
output = 'VMWare'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/citrix/',
method = 'HEAD'
},
{
path = '/Citrix/',
method = 'HEAD'
},
{
path = '/Citrix/MetaFrame/auth/login.aspx',
method = 'HEAD'
},
{
path = '/images/ctxHeader01.jpg',
method = 'HEAD'
},
{
path = '/images/Safeword_Token.jpg',
method = 'HEAD'
},
{
path = '/sw/auth/login.aspx',
method = 'HEAD'
},
{
path = '/vpn/images/AccessGateway.ico',
method = 'HEAD'
},
{
path = '/citrix/AccessPlatform/auth/clientscripts/',
method = 'HEAD'
},
{
path = '/AccessPlatform/auth/clientscripts/',
method = 'HEAD'
},
{
path = '/Citrix//AccessPlatform/auth/clientscripts/cookies.js',
method = 'HEAD'
},
{
path = '/Citrix/AccessPlatform/auth/clientscripts/login.js',
method = 'HEAD'
},
{
path = '/Citrix/PNAgent/config.xml',
method = 'HEAD'
},
},
matches = {
{
output = 'Citrix'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/cgi-bin/image/shikaku2.png',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'TeraStation PRO RAID 0/1/5 Network Attached Storage'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/config/public/usergrp.gif',
method = 'HEAD'
},
{
path = '/pictures/buttons/file_view_mark.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'AXIS StorPoint'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/cpqlogin.htm?RedirectUrl=/&RedirectQueryString=',
method = 'HEAD'
},
{
path = '/hplogo.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'HP System Management Homepage'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/ie_index.htm',
method = 'HEAD'
},
{
path = '/ilo.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'HP Integrated Lights Out'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/images/icon_server_connected.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'HP Blade Enclosure'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/mxhtml/images/signin_logo.gif',
method = 'HEAD'
},
{
path = '/mxhtml/images/status_critical_15.gif',
method = 'HEAD'
},
{
path = '/mxportal/home/en_US/servicetools.gif',
method = 'HEAD'
},
{
path = '/mxportal/home/MxPortalFrames.jsp',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'HP Insight Manager'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/xymon/menu/menu.css',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Xymon'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/rrc.htm',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Raritan Remote Client'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/manager/html/upload',
method = 'HEAD'
},
{
path = '/manager/html',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Apache Tomcat'
}
}
});
table.insert(fingerprints, {
category = 'general',
probes = {
{
path = '/axis2/axis2-web/HappyAxis.jsp',
method = 'HEAD'
},
{
path = '/axis2/',
method = 'HEAD'
},
{
path = '/happyaxis.jsp',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Apache Axis2'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/web-console/ServerInfo.jsp',
method = 'HEAD'
},
{
path = '/web-console/Invoker',
method = 'HEAD'
},
{
path = '/invoker/',
method = 'HEAD'
},
{
path = '/jmx-console/',
method = 'HEAD'
},
{
path = '/admin-console/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'JBoss Console'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/CFIDE/administrator/enter.cfm',
method = 'HEAD'
},
{
path = '/CFIDE/administrator/entman/index.cfm',
method = 'HEAD'
},
{
path = '/cfide/install.cfm',
method = 'HEAD'
},
{
path = '/CFIDE/administrator/archives/index.cfm',
method = 'HEAD'
},
{
path = '/CFIDE/wizards/common/_logintowizard.cfm',
method = 'HEAD'
},
{
path = '/CFIDE/componentutils/login.cfm',
method = 'HEAD'
},
{
path = '/CFIDE/Administrator/startstop.html',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'ColdFusion Admin Console'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/common/help/en/go/login_ts.html',
method = 'HEAD'
},
{
path = '/system/login/',
method = 'HEAD'
},
{
path = '/system/login/reset?next=%2Fsystem%2Flogin&set-lang=en',
method = 'HEAD'
},
{
path = '/common/images/logos/img_logoMain.jpg',
method = 'HEAD'
},
},
matches = {
{
match = 'URL=http://www.macromedia.com/go/breeze_login_help_en',
output = 'Adobe Acrobat Connect Pro'
},
{
match = 'Connect Pro Central Login',
output = 'Adobe Acrobat Connect Pro'
},
{
match = 'Forgot your password?',
output = 'Adobe Acrobat Connect Pro'
},
{
match = 'Server: JRun Web Server',
output = 'Adobe Acrobat Connect Pro'
},
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/Dashboard/Dashboard.html',
method = 'GET'
}
},
matches = {
{
match = 'Server: Kodak-RulesBasedAutomation',
output = 'Prinergy Dashboard Client Login'
},
{
match = 'Dashboard',
output = 'Prinergy Dashboard Client Login'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/flexfm/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Flex File Manager'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/lib/usermanagement/userInfo.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Testlink TestManagement'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/security/xamppsecurity.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'XAMPP'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/lc/system/console',
method = 'HEAD'
},
},
matches = {
{
match = 'OSGi Management Console',
output = 'Adobe LiveCycle Management Console'
}
}
});
table.insert(fingerprints, {
category = 'management',
probes = {
{
path = '/dm-albums/dm-albums.php',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'DM FileManager'
}
}
});
------------------------------------------------
---- PRINTERS, WEBCAMS, PROJECTORS ----
------------------------------------------------
table.insert(fingerprints, {
category = 'printer',
probes = {
{
path = '/x_logo.gif',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Xerox printer'
}
}
});
table.insert(fingerprints, {
category = 'printer',
probes = {
{
path = '/gif/hp.gif',
method = 'HEAD'
},
{
path = '/gif/hp_invent_logo.gif',
method = 'HEAD'
},
{
path = '/gif/printer.gif',
method = 'HEAD'
},
{
path = '/hp/device/this.LCDispatcher',
method = 'HEAD'
},
{
path = '/hp/device/webAccess/index.htm',
method = 'HEAD'
},
{
path = '/PageSelector.class',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'HP Printer'
}
}
});
table.insert(fingerprints, {
category = 'printer',
probes = {
{
path = '/images/lexbold.gif',
method = 'HEAD'
},
{
path = '/images/lexlogo.gif',
method = 'HEAD'
},
{
path = '/images/printer.gif',
method = 'HEAD'
},
{
path = '/printer/image',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Lexmark Printer'
}
}
});
table.insert(fingerprints, {
category = 'printer',
probes = {
{
path = '/images/mute_alloff.gif',
method = 'HEAD'
},
{
path = '/images/pic_bri.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'NEC Projector'
}
}
});
table.insert(fingerprints, {
category = 'printer',
probes = {
{
path = '/scanweb/images/scanwebtm.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'SCAN Web (Webcam)'
}
}
});
table.insert(fingerprints, {
category = 'printer',
probes = {
{
path = '/view/index.shtml',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Axis 212 PTZ Network Camera'
}
}
});
------------------------------------------------
---- DATABASES ----
------------------------------------------------
--phpmyadmin db taken from http://milw0rm.com/exploits/8921
table.insert(fingerprints, {
category = 'database',
probes = {
{
path = '/phpmyadmin/',
method = 'HEAD'
},
{
path = '/phpMyAdmin/',
method = 'HEAD'
},
{
path = '/PHPMyAdmin/',
method = 'HEAD'
},
{
path = '/PMA/',
method = 'HEAD'
},
{
path = '/pma/',
method = 'HEAD'
},
{
path = '/dbadmin/',
method = 'HEAD'
},
{
path = '/myadmin/',
method = 'HEAD'
},
{
path = '/php-my-admin/',
method = 'HEAD'
},
{
path = '/phpMyAdmin2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.2.3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.2.6/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.4/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.5-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.5-rc2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.5/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.5-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.6-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.6-rc2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.6/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.7/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.5.7-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-alpha/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-alpha2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-beta1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-beta2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-rc2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-rc3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-pl2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.0-pl3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.1-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.1-rc2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.1-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.1-pl2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.1-pl3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.2-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.2-beta1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.2-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.3-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.3-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.4-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.4-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.4-pl2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.4-pl3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.4-pl4/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.6.4/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.7.0-beta1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.7.0-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.7.0-pl1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.7.0-pl2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.7.0/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0-beta1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0-rc2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0.1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0.2/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0.3/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.0.4/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.1-rc1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.1/',
method = 'HEAD'
},
{
path = '/phpMyAdmin-2.8.2/',
method = 'HEAD'
},
{
path = '/sqlmanager/',
method = 'HEAD'
},
{
path = '/php-myadmin/',
method = 'HEAD'
},
{
path = '/phpmy-admin/',
method = 'HEAD'
},
{
path = '/mysqladmin/',
method = 'HEAD'
},
{
path = '/mysql-admin/',
method = 'HEAD'
},
{
path = '/websql/',
method = 'HEAD'
},
{
path = '/_phpmyadmin/',
method = 'HEAD'
}
},
matches = {
{
output = 'phpMyAdmin'
}
}
});
table.insert(fingerprints, {
category = 'database',
probes = {
{
path = '/footer1.gif',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = '(possible) Oracle Web server'
}
}
});
table.insert(fingerprints, {
category = 'database',
probes = {
{
path = '/homepage.nsf/homePage.gif?OpenImageResource',
method = 'HEAD'
},
{
path = '/icons/ecblank.gif',
method = 'HEAD'
},
{
path = '/852566C90012664F',
method = 'HEAD'
},
{
path = '/admin4.nsf',
method = 'HEAD'
},
{
path = '/admin5.nsf',
method = 'HEAD'
},
{
path = '/admin.nsf',
method = 'HEAD'
},
{
path = '/agentrunner.nsf',
method = 'HEAD'
},
{
path = '/alog.nsf',
method = 'HEAD'
},
{
path = '/a_domlog.nsf',
method = 'HEAD'
},
{
path = '/bookmark.nsf',
method = 'HEAD'
},
{
path = '/busytime.nsf',
method = 'HEAD'
},
{
path = '/catalog.nsf',
method = 'HEAD'
},
{
path = '/certa.nsf',
method = 'HEAD'
},
{
path = '/certlog.nsf',
method = 'HEAD'
},
{
path = '/certsrv.nsf',
method = 'HEAD'
},
{
path = '/chatlog.nsf',
method = 'HEAD'
},
{
path = '/clbusy.nsf',
method = 'HEAD'
},
{
path = '/cldbdir.nsf',
method = 'HEAD'
},
{
path = '/clusta4.nsf',
method = 'HEAD'
},
{
path = '/collect4.nsf',
method = 'HEAD'
},
{
path = '/da.nsf',
method = 'HEAD'
},
{
path = '/dba4.nsf',
method = 'HEAD'
},
{
path = '/dclf.nsf',
method = 'HEAD'
},
{
path = '/DEASAppDesign.nsf',
method = 'HEAD'
},
{
path = '/DEASLog01.nsf',
method = 'HEAD'
},
{
path = '/DEASLog02.nsf',
method = 'HEAD'
},
{
path = '/DEASLog03.nsf',
method = 'HEAD'
},
{
path = '/DEASLog04.nsf',
method = 'HEAD'
},
{
path = '/DEASLog05.nsf',
method = 'HEAD'
},
{
path = '/DEASLog.nsf',
method = 'HEAD'
},
{
path = '/decsadm.nsf',
method = 'HEAD'
},
{
path = '/decslog.nsf',
method = 'HEAD'
},
{
path = '/DEESAdmin.nsf',
method = 'HEAD'
},
{
path = '/dirassist.nsf',
method = 'HEAD'
},
{
path = '/doladmin.nsf',
method = 'HEAD'
},
{
path = '/domadmin.nsf',
method = 'HEAD'
},
{
path = '/domcfg.nsf',
method = 'HEAD'
},
{
path = '/domguide.nsf',
method = 'HEAD'
},
{
path = '/domlog.nsf',
method = 'HEAD'
},
{
path = '/dspug.nsf',
method = 'HEAD'
},
{
path = '/events4.nsf',
method = 'HEAD'
},
{
path = '/events5.nsf',
method = 'HEAD'
},
{
path = '/events.nsf',
method = 'HEAD'
},
{
path = '/event.nsf',
method = 'HEAD'
},
{
path = '/homepage.nsf',
method = 'HEAD'
},
{
path = '/iNotes/Forms5.nsf/$DefaultNav',
method = 'HEAD'
},
{
path = '/jotter.nsf',
method = 'HEAD'
},
{
path = '/leiadm.nsf',
method = 'HEAD'
},
{
path = '/leilog.nsf',
method = 'HEAD'
},
{
path = '/leivlt.nsf',
method = 'HEAD'
},
{
path = '/log4a.nsf',
method = 'HEAD'
},
{
path = '/log.nsf',
method = 'HEAD'
},
{
path = '/l_domlog.nsf',
method = 'HEAD'
},
{
path = '/mab.nsf',
method = 'HEAD'
},
{
path = '/mail10.box',
method = 'HEAD'
},
{
path = '/mail1.box',
method = 'HEAD'
},
{
path = '/mail2.box',
method = 'HEAD'
},
{
path = '/mail3.box',
method = 'HEAD'
},
{
path = '/mail4.box',
method = 'HEAD'
},
{
path = '/mail5.box',
method = 'HEAD'
},
{
path = '/mail6.box',
method = 'HEAD'
},
{
path = '/mail7.box',
method = 'HEAD'
},
{
path = '/mail8.box',
method = 'HEAD'
},
{
path = '/mail9.box',
method = 'HEAD'
},
{
path = '/mail.box',
method = 'HEAD'
},
{
path = '/msdwda.nsf',
method = 'HEAD'
},
{
path = '/mtatbls.nsf',
method = 'HEAD'
},
{
path = '/mtstore.nsf',
method = 'HEAD'
},
{
path = '/names.nsf',
method = 'HEAD'
},
{
path = '/nntppost.nsf',
method = 'HEAD'
},
{
path = '/nntp/nd000001.nsf',
method = 'HEAD'
},
{
path = '/nntp/nd000002.nsf',
method = 'HEAD'
},
{
path = '/nntp/nd000003.nsf',
method = 'HEAD'
},
{
path = '/ntsync45.nsf',
method = 'HEAD'
},
{
path = '/perweb.nsf',
method = 'HEAD'
},
{
path = '/qpadmin.nsf',
method = 'HEAD'
},
{
path = '/quickplace/quickplace/main.nsf',
method = 'HEAD'
},
{
path = '/reports.nsf',
method = 'HEAD'
},
{
path = '/sample/siregw46.nsf',
method = 'HEAD'
},
{
path = '/schema50.nsf',
method = 'HEAD'
},
{
path = '/setupweb.nsf',
method = 'HEAD'
},
{
path = '/setup.nsf',
method = 'HEAD'
},
{
path = '/smbcfg.nsf',
method = 'HEAD'
},
{
path = '/smconf.nsf',
method = 'HEAD'
},
{
path = '/smency.nsf',
method = 'HEAD'
},
{
path = '/smhelp.nsf',
method = 'HEAD'
},
{
path = '/smmsg.nsf',
method = 'HEAD'
},
{
path = '/smquar.nsf',
method = 'HEAD'
},
{
path = '/smsolar.nsf',
method = 'HEAD'
},
{
path = '/smtime.nsf',
method = 'HEAD'
},
{
path = '/smtpibwq.nsf',
method = 'HEAD'
},
{
path = '/smtpobwq.nsf',
method = 'HEAD'
},
{
path = '/smtp.box',
method = 'HEAD'
},
{
path = '/smtp.nsf',
method = 'HEAD'
},
{
path = '/smvlog.nsf',
method = 'HEAD'
},
{
path = '/srvnam.htm',
method = 'HEAD'
},
{
path = '/statmail.nsf',
method = 'HEAD'
},
{
path = '/statrep.nsf',
method = 'HEAD'
},
{
path = '/stauths.nsf',
method = 'HEAD'
},
{
path = '/stautht.nsf',
method = 'HEAD'
},
{
path = '/stconfig.nsf',
method = 'HEAD'
},
{
path = '/stconf.nsf',
method = 'HEAD'
},
{
path = '/stdnaset.nsf',
method = 'HEAD'
},
{
path = '/stdomino.nsf',
method = 'HEAD'
},
{
path = '/stlog.nsf',
method = 'HEAD'
},
{
path = '/streg.nsf',
method = 'HEAD'
},
{
path = '/stsrc.nsf',
method = 'HEAD'
},
{
path = '/userreg.nsf',
method = 'HEAD'
},
{
path = '/vpuserinfo.nsf',
method = 'HEAD'
},
{
path = '/webadmin.nsf',
method = 'HEAD'
},
{
path = '/web.nsf',
method = 'HEAD'
},
{
path = '/.nsf/../winnt/win.ini',
method = 'HEAD'
},
{
path = '/icons/ecblank.gif',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Lotus Domino'
}
}
});
------------------------------------------------
---- MICROSOFT ----
------------------------------------------------
table.insert(fingerprints, {
category = 'microsoft',
probes = {
{
path = '/_layouts/images/helpicon.gif',
method = 'HEAD'
},
{
path = '/Pages/Default.aspx',
method = 'HEAD'
},
{
path = '/PublishingImages/NewsArticleImage.jpg',
method = 'HEAD'
},
{
path = '/_admin/operations.aspx',
method = 'HEAD'
},
{
path = '/_app_bin',
method = 'HEAD'
},
{
path = '/_controltemplates',
method = 'HEAD'
},
{
path = '/_layouts',
method = 'HEAD'
},
{
path = '/_layouts/viewlsts.aspx',
method = 'HEAD'
},
{
path = '/forms/allitems.aspx',
method = 'HEAD'
},
{
path = '/forms/webfldr.aspx',
method = 'HEAD'
},
{
path = '/forms/mod-view.aspx',
method = 'HEAD'
},
{
path = '/forms/my-sub.aspx',
method = 'HEAD'
},
{
path = '/pages/categoryresults.aspx',
method = 'HEAD'
},
{
path = '/categories/viewcategory.aspx',
method = 'HEAD'
},
{
path = '/sitedirectory',
method = 'HEAD'
},
{
path = '/editdocs.aspx',
method = 'HEAD'
},
{
path = '/workflowtasks/allitems.aspx',
method = 'HEAD'
},
{
path = '/lists/tasks/',
method = 'HEAD'
},
{
path = '/categories/allcategories.aspx',
method = 'HEAD'
},
{
path = '/categories/SOMEOTHERDIR/allcategories.aspx',
method = 'HEAD'
},
{
path = '/mycategories.aspx',
method = 'HEAD'
},
{
path = '/lists/',
method = 'HEAD'
},
{
path = '/lists/allitems.aspx',
method = 'HEAD'
},
{
path = '/lists/default.aspx',
method = 'HEAD'
},
{
path = '/lists/allposts.aspx',
method = 'HEAD'
},
{
path = '/lists/archive.aspx',
method = 'HEAD'
},
{
path = '/lists/byauthor.aspx',
method = 'HEAD'
},
{
path = '/lists/calendar.aspx',
method = 'HEAD'
},
{
path = '/lists/mod-view.aspx',
method = 'HEAD'
},
{
path = '/lists/myposts.aspx',
method = 'HEAD'
},
{
path = '/lists/my-sub.aspx',
method = 'HEAD'
},
{
path = '/lists/allcomments.aspx',
method = 'HEAD'
},
{
path = '/lists/mycomments.aspx',
method = 'HEAD'
},
{
path = '/_layouts/userdisp.aspx',
method = 'HEAD'
},
{
path = '/_layouts/help.aspx',
method = 'HEAD'
},
{
path = '/_layouts/download.aspx',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'MS Sharepoint'
}
}
});
table.insert(fingerprints, {
category = 'microsoft',
probes = {
{
path = '/projectserver/Home/HomePage.asp',
method = 'HEAD'
},
{
path = '/projectserver/images/branding.gif',
method = 'HEAD'
},
{
path = '/projectserver/images/pgHome.gif',
method = 'HEAD'
},
{
path = '/projectserver/images/pgTask.gif',
method = 'HEAD'
},
{
path = '/projectserver/Tasks/Taskspage.asp',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'MS Project Server'
}
}
});
table.insert(fingerprints, {
category = 'microsoft',
probes = {
{
path = '/exchweb/bin/auth/owalogon.asp',
method = 'HEAD'
},
{
path = '/images/outlook.jpg',
method = 'HEAD'
},
{
path = '/owa/8.1.375.2/themes/base/lgntopl.gif',
method = 'HEAD'
},
{
path = '/owa/',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Outlook Web Access'
}
}
});
table.insert(fingerprints, {
category = 'microsoft',
probes = {
{
path = '/tsweb/',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Remote Desktop Web Connection'
}
}
});
table.insert(fingerprints, {
category = 'microsoft',
probes = {
{
path = '/reportserver/',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Microsoft SQL Report Service'
}
}
});
------------------------------------------------
---- NETWORK EQUIPMENT ----
------------------------------------------------
-- Routers, switches, etc
table.insert(fingerprints, {
category = 'network',
probes = {
{
path = '/',
method = 'GET'
},
},
matches = {
{
match = 'realm="WRT54G"',
output = 'Linksys WRT54g Wireless Router'
}
}
});
table.insert(fingerprints, {
category = 'network',
probes = {
{
path = '/HW_logo.html',
method = 'HEAD'
},
},
matches = {
{
match = '',
output = 'Huawei HG 530'
}
}
});
table.insert(fingerprints, {
category = 'network',
probes = {
{
path = '/icons/icon_set_up_2701XX_01.gif',
method = 'HEAD'
},
{
path = '/icons/icon_homeportal_2701XX.gif',
method = 'HEAD'
},
{
path = '/es/images/nav_sl_home_network_01.gif',
method = 'HEAD'
},
{
path = '/en/images/nav_sl_home_network_01.gif',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = '2WIRE 2701HG'
}
}
});
table.insert(fingerprints, {
category = 'network',
probes = {
{
path = '/images/stxx__xl.gif',
method = 'HEAD'
},
{
path = '/images/bbc__xl.gif',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Thomson TG585'
}
}
});
------------------------------------------------
---- ATTACKS ----
------------------------------------------------
-- These will search for and possibly exploit vulnerabilities.
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/sdk/../../../../../../../etc/vmware/hostd/vmInventory.xml',
method = 'GET',
nopipeline = true
},
{
path = '/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml',
method = 'GET',
nopipeline = true
}
},
matches = {
{
match = '',
output = 'Path traversal in VMWare (CVE-2009-3733)'
},
{
match = '',
output = 'Possible path traversal in VMWare (CVE-2009-3733)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/../../../../../../../../../../etc/passwd',
method = 'GET',
nopipeline = true
},
{
path = '/../../../../../../../../../../boot.ini',
method = 'GET',
nopipeline = true
}
},
matches = {
{
match = 'root:',
output = 'Simple path traversal in URI (Linux)'
},
{
match = 'boot loader',
output = 'Simple path traversal in URI (Windows)'
},
{
match = '',
output = 'Possible path traversal in URI'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.htaccess',
method = 'GET'
},
{
path = '/.htpasswd',
method = 'GET'
}
},
matches = {
-- We look for a '200 OK' message on this one, because most Apache servers return an access denied
{
match = '200 OK',
output = 'Incorrect permissions on .htaccess or .htpasswd files'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/_vti_bin/',
method = 'GET'
},
{
path = '/_vti_cnf/',
method = 'GET'
},
{
path = '/_vti_log/',
method = 'GET'
},
{
path = '/_vti_pvt/',
method = 'GET'
},
{
path = '/_vti_txt/',
method = 'GET'
},
{
path = '/postinfo.html'
},
{
path = '/_vti_bin/_vti_aut/author.dll'
},
{
path = '/_vti_bin/_vti_aut/author.exe'
},
{
path = '/_vti_bin/_vti_aut/dvwssr.dll'
},
{
path = '/_vti_bin/_vti_adm/admin.dll'
},
{
path = '/_vti_bin/_vti_adm/admin.exe'
},
{
path = '/_vti_bin/fpcount.exe?Page=default.asp|Image=3'
},
{
path = '/_vti_bin/shtml.dll'
},
{
path = '/_vti_bin/shtml.exe'
},
{
path = '/_vti_pvt/_x_todo.htm'
},
{
path = '/_vti_pvt/_x_todoh.htm'
},
{
path = '/_vti_pvt/access.cnf'
},
{
path = '/_vti_pvt/administrator.pwd'
},
{
path = '/_vti_pvt/administrators.pwd'
},
{
path = '/_vti_pvt/authors.pwd'
},
{
path = '/_vti_pvt/bots.cnf'
},
{
path = '/_vti_pvt/botinfs.cnf'
},
{
path = '/_vti_pvt/deptodoc.btr'
},
{
path = '/_vti_pvt/doctodep.btr'
},
{
path = '/_vti_pvt/frontpg.lck'
},
{
path = '/_vti_pvt/linkinfo.cnf'
},
{
path = '/_vti_pvt/service.cnf'
},
{
path = '/_vti_pvt/service.grp'
},
{
path = '/_vti_pvt/service.lck'
},
{
path = '/_vti_pvt/service.pwd'
},
{
path = '/_vti_pvt/Service.stp'
},
{
path = '/_vti_pvt/services.cnf'
},
{
path = '/_vti_pvt/services.org'
},
{
path = '/_vti_pvt/structure.cnf'
},
{
path = '/_vti_pvt/svcacl.cnf'
},
{
path = '/_vti_pvt/users.pwd'
},
{
path = '/_vti_pvt/uniqueperm.cnf'
},
{
path = '/_vti_pvt/writeto.cnf'
},
},
matches = {
{
match = '200',
output = 'Frontpage file or folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.svn/',
method = 'GET'
},
{
path = '/.svn/text-base/.htaccess.svn-base',
method = 'GET'
},
{
path = '/.svn/text-base/.htpasswd.svn-base',
method = 'GET'
},
{
path = '/.svn/text-base/Web.config.svn-base',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'Subversion folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.git/HEAD',
method = 'GET'
},
},
matches = {
{
match = 'ref: refs',
output = 'Git folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.hg/requires',
method = 'GET'
},
},
matches = {
{
match = 'revlogv1',
output = 'Mercurial folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/.bzr/README',
method = 'GET'
},
},
matches = {
{
match = 'This is a Bazaar',
output = 'Bazaar folder'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/downloadFile.php',
method = 'GET'
},
{
path = '/BackupConfig.php',
method = 'GET'
}
},
matches = {
{
output = 'NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\boot.ini',
method = 'GET'
},
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\MDC\\Tomcat\\webapps\\triveni\\WEB-INF\\classes\\schedule.properties',
method = 'GET'
},
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\lib\\classpath\\com\\cisco\\nm\\cmf\\dbservice2\\DBServer.properties',
method = 'GET'
},
{
path = '/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\log\\dbpwdChange.log',
method = 'GET'
}
},
matches = {
{
match = 'boot loader',
output = 'CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'
},
{
match = '',
output = 'Possible CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb',
method = 'HEAD'
}
},
matches = {
{
match = '',
output = 'Possible iPhone/iPod/iPad generic file sharing app Directory Traversal (iOS)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/Info.live.htm',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'Possible DD-WRT router Information Disclosure (OSVDB 70230)'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'OrangeHRM 2.6.3 Local File Inclusion '
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234',
method = 'GET'
}
},
matches = {
{
match = '200',
output = 'TikiWiki < 1.9.9 Directory Traversal Vulnerability'
}
}
});
table.insert(fingerprints, {
category = 'attacks',
probes = {
{
path = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20',
method = 'GET'
}
},
matches = {
{
match = '2.0.11Changelog for v(%d-%..-) %(changed files%)',
output = 'ZenCart, version \\1'
}
}
});
-- Broad phpBB versions
table.insert(fingerprints, {
category = 'cms',
probes = {
{
path = '/docs/CHANGELOG.html'
},
{
path = '/forum/docs/CHANGELOG.html'
},
{
path = '/forums/docs/CHANGELOG.html'
},
{
path = '/board/docs/CHANGELOG.html'
},
{
path = '/boards/docs/CHANGELOG.html'
}
},
matches = {
{
match = 'Changes since (%d-%..-)',
output = 'phpBB version slightly newer than \\1'
},
{
match = '