---HTTP Fingerprint files, compiled by Ron Bowes with a special thanks to...
-- o Kevin Johnson (@secureideas) for the fingerprints that come with Yokoso
-- http://yokoso.inguardians.com
-- o Jason H. (@jhaddix) for helping out with a whole pile of fingerprints he's
-- collected
-- o Bob Dooling
-- o Robert Rowley for the awesome open source cms and README checks
-- http://www.irvineunderground.org
--
-- This file is released under the Nmap license; see:
-- http://nmap.org/book/man-legal.html
--
-- Although this format was originally modeled after the Nikto format, that ended
-- up being too restrictive. The current format is a simple Lua table. There are many
-- advantages to this technique; it's powerful, we don't need to write custom parsing
-- code, anybody who codes in Lua can easily add checks, and we can write converters
-- to read Nikto and other formats if we want to.
--
-- The 'fingerprints' table is the key. It's an array of checks that will be run in the
-- order they're given. Each check consists of a path, zero or more matches, output text,
-- and other optional fields. Here are all the currently defined fields:
--
-- fingerprint.probes
-- A list of one or more probes to send to the server. Each probe is either a table containing
-- the key 'path' (and potentially others), or it's a string indicating the path.
--
-- fingerprint.probes[i].path
-- The URI to check, optionally containing GET arguments. This should start with a '/'
-- and, if it's a directory, end with a '/'.
--
-- fingerprint.probes[i].method [optional; default: 'GET'}}]
-- The HTTP method to use when making requests ('GET'}}, 'POST', 'HEAD', 'PUT', 'DELETE', etc
--
-- fingerprint.ignore_404 [optional; default: false]
-- If set, the automatic checks for 404 and custom 404 pages are disabled for that check.
-- Every page will be included unless fingerprint.matches.dontmatch excludes it.
--
-- fingerprint.severity [optional; default: 1]
-- Give a severity rating, if it's a vulnerability. The scale is:
-- 1 - Info
-- 2 - Low priority
-- 3 - Warning
-- 4 - Critical
--
-- fingerprint.matches
-- An array of tables, each of which contains three fields. These will be checked, starting
-- from the first, until one is matched. If there is no 'match' text, it will fire as long
-- as the result isn't a 404. This match is not case sensitive.
--
-- fingerprint.matches[i].match
-- A string (specifically, a Lua pattern) that has to be found somewhere in the output to
-- count as a match. The string can be in the status line, in a header, or in the body.
-- In addition to matching, this field can contain captures that'll be included in the
-- output. See: http://lua-users.org/wiki/PatternsTutorial
--
-- fingerprint.matches[i].dontmatch
-- A string (specifically, a lua pattern) that cannot be found somewhere in the output.
-- This takes precedence over any text matched in the 'match' field
--
-- fingerprint.matches[i].output
-- The text to output if this match happens. If the 'match' field contains captures, these
-- captures can be used with \1, \2, etc.
--
--
-- If you have any questions, feel free to email nmap-dev@insecure.org or contact Ron Bowes!
--
-- CHANGELOG:
-- Added 120 new signatures taken from exploit-db.com archives from July 2009 to July 2011 [Paulino Calderon]
--
fingerprints = {}
------------------------------------------------
---- GENERAL CHECKS ----
------------------------------------------------
-- These are checks for generic paths, like /wiki, /images, /admin, etc
table.insert(fingerprints, {
category='general',
probes={
{path='/', method='GET'}
},
matches={
{match='Index of .*(Apache.*) Server at', output='Root directory w/ listing on \'\\1\''},
{match='<title>Index of', output='Root directory w/ directory listing'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/blog/', method='HEAD'},
{path='/weblog/', method='HEAD'},
{path='/weblogs/', method='HEAD'},
{path='/wordpress/', method='HEAD'}
},
matches={
{output='Blog'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/wiki/', method='HEAD'},
{path='/mediawiki/', method='HEAD'},
{path='/wiki/Main_Page', method='HEAD'}
},
matches={
{output='Wiki'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/tikiwiki/', method='HEAD'}
},
matches={
{output='Tikiwiki'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-bin/mj_wwwusr', method='HEAD'},
{path='/majordomo/mj_wwwusr', method='HEAD'}
},
matches= {
{match='', output='Majordomo2 Mailing List'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/j2ee/examples/servlets/', method='HEAD'},
{path='/j2ee/examples/jsp/', method='HEAD'}
},
matches= {
{match='', output='Oracle j2ee examples'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/dsc/', method='HEAD'}
},
matches= {
{match='', output='Trend Micro Data Loss Prevention Virtual Appliance'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/reg_1.htm', method='HEAD'}
},
matches= {
{match='', output='Polycom IP phone'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/adr.htm', method='HEAD'},
{path='/line_login.htm?l=1', method='HEAD'},
{path='/tbook.csv', method='HEAD'}
},
matches= {
{match='', output='Snom IP Phone'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/globalSIPsettings.html', method='HEAD'},
{path='/SIPsettingsLine1.html', method='HEAD'}
},
matches= {
{match='', output='Aastra IP Phone'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/websvn/', method='HEAD'}
},
matches= {
{match='', output='WEBSVN Repository'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/repos/', method='GET'},
{path='/repo/', method='GET'},
{path='/svn/', method='GET'},
{path='/cvs/', method='GET'}
},
matches= {
{match='realm=".-Subversion.-"', output='Subversion Repository'},
{match='', output='Possible code repository'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/archiva/index.action', method='GET'},
{path='/index.action', method='GET'}
},
matches= {
{match='.*">Apache Archiva (.-)</a>', output='Apache Archiva version \\1'},
{match='Apache Archiva (%d-%..-)\n', output='Apache Archiva version \\1'},
{match='<title>Apache Archiva \\', output='Apache Archiva'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/login.stm', method='HEAD'}
},
matches= {
{match='', output='Belkin G Wireless Router'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/tools_admin.php', method='HEAD'}
},
matches= {
{match='', output='D-Link DIR-300'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/bsc_lan.php', method='HEAD'}
},
matches= {
{match='', output='D-Link DIR-300, DIR-320, DIR-615 revD'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/Manage.tri', method='HEAD'}
},
matches= {
{match='', output='Linksys WRT54G2'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/logo_t.gif', method='HEAD'}
},
matches= {
{match='IP_SHARER WEB', output='Arris 2307'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='//system.html', method='HEAD'}
},
matches= {
{match='', output='CMNC-200 IP Camera'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/main_configure.cgi', method='HEAD'}
},
matches= {
{match='', output='Intellinet IP Camera'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/OvCgi/Toolbar.exe', method='HEAD'}
},
matches= {
{match='', output='HP OpenView Network Node Manager'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/frontend/x3/', method='HEAD'}
},
matches= {
{match='', output='CPanel'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/awstatstotals/awstatstotals.php', method='HEAD'},
{path='/awstats/awstatstotals.php', method='HEAD'},
{path='/awstatstotals.php', method='HEAD'},
{path='/awstats/index.php', method='HEAD'},
{path='/awstatstotals/index.php', method='HEAD'}
},
matches= {
{match='', output='AWStats Totals'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/egroupware/', method='HEAD'}
},
matches= {
{match='', output='eGroupware'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/calendar/cal_search.php', method='HEAD'},
{path='/cal_search.php', method='HEAD'}
},
matches= {
{match='', output='ExtCalendar'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/a_viewusers.php', method='HEAD'},
{path='/aphpkb/', method='HEAD'}
},
matches= {
{match='', output='Andys PHP Knowledgebase'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/webedition/we/include/we_modules/', method='HEAD'},
{path='/webedition/', method='HEAD'}
},
matches= {
{match='', output='Web Edition'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/Examples/', method='HEAD'}
},
matches= {
{match='', output='Possible documentation files'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/LightNEasy.php?do=login', method='HEAD'}
},
matches= {
{match='', output='LightNEasy'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/channel_detail.php', method='HEAD'}
},
matches= {
{match='', output='DzTube'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-bin/vcs', method='HEAD'}
},
matches= {
{match='', output='Mitel Audio and Web Conferencing (AWC)'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/ocsreports/', method='HEAD'}
},
matches= {
{match='', output='OCS Inventory'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/vbseo.php', method='HEAD'}
},
matches= {
{match='', output='vBSEO'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/forum/', method='HEAD'},
{path='/forums/', method='HEAD'},
{path='/smf/', method='HEAD'},
{path='/phpbb/', method='HEAD'}
},
matches={
{output='Forum'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/manager/', method='HEAD'},
{path='/admin.php', method='HEAD'},
{path='/admin/', method='HEAD'},
{path='/admin/admin/', method='HEAD'},
{path='/administrator/', method='HEAD'},
{path='/moderator/', method='HEAD'},
{path='/webadmin/', method='HEAD'},
{path='/adminarea/', method='HEAD'},
{path='/bb-admin/', method='HEAD'},
{path='/adminLogin/', method='HEAD'},
{path='/admin_area/', method='HEAD'},
{path='/panel-administracion/', method='HEAD'},
{path='/instadmin/', method='HEAD'},
{path='/memberadmin/', method='HEAD'},
{path='/administratorlogin/', method='HEAD'},
{path='/adm/', method='HEAD'},
{path='/admin/account.php', method='HEAD'},
{path='/admin/index.php', method='HEAD'},
{path='/admin/login.php', method='HEAD'},
{path='/admin/admin.php', method='HEAD'},
{path='/joomla/administrator', method='HEAD'},
{path='/login.php', method='HEAD'},
{path='/admin_area/admin.php', method='HEAD'},
{path='/admin_area/login.php', method='HEAD'},
{path='/siteadmin/login.php', method='HEAD'},
{path='/siteadmin/index.php', method='HEAD'},
{path='/siteadmin/login.html', method='HEAD'},
{path='/admin/index.html', method='HEAD'},
{path='/admin/login.html', method='HEAD'},
{path='/admin/admin.html', method='HEAD'},
{path='/admin_area/index.php', method='HEAD'},
{path='/bb-admin/index.php', method='HEAD'},
{path='/bb-admin/login.php', method='HEAD'},
{path='/bb-admin/admin.php', method='HEAD'},
{path='/admin/home.php', method='HEAD'},
{path='/admin_area/login.html', method='HEAD'},
{path='/admin_area/index.html', method='HEAD'},
{path='/admin/controlpanel.php', method='HEAD'},
{path='/admincp/', method='HEAD'},
{path='/admincp/index.asp', method='HEAD'},
{path='/admincp/index.html', method='HEAD'},
{path='/admincp/login.php', method='HEAD'},
{path='/admin/account.html', method='HEAD'},
{path='/adminpanel.html', method='HEAD'},
{path='/webadmin.html', method='HEAD'},
{path='/webadmin/index.html', method='HEAD'},
{path='/webadmin/admin.html', method='HEAD'},
{path='/webadmin/login.html', method='HEAD'},
{path='/admin/admin_login.html', method='HEAD'},
{path='/admin_login.html', method='HEAD'},
{path='/panel-administracion/login.html', method='HEAD'},
{path='/admin/cp.php', method='HEAD'},
{path='/cp.php', method='HEAD'},
{path='/administrator/index.php', method='HEAD'},
{path='/administrator/login.php', method='HEAD'},
{path='/nsw/admin/login.php', method='HEAD'},
{path='/webadmin/login.php', method='HEAD'},
{path='/admin/admin_login.php', method='HEAD'},
{path='/admin_login.php', method='HEAD'},
{path='/administrator/account.php', method='HEAD'},
{path='/administrator.php', method='HEAD'},
{path='/admin_area/admin.html', method='HEAD'},
{path='/pages/admin/admin-login.php', method='HEAD'},
{path='/admin/admin-login.php', method='HEAD'},
{path='/admin-login.php', method='HEAD'},
{path='/bb-admin/index.html', method='HEAD'},
{path='/bb-admin/login.html', method='HEAD'},
{path='/bb-admin/admin.html', method='HEAD'},
{path='/admin/home.html', method='HEAD'},
{path='/modelsearch/login.php', method='HEAD'},
{path='/moderator.php', method='HEAD'},
{path='/moderator/login.php', method='HEAD'},
{path='/moderator/admin.php', method='HEAD'},
{path='/account.php', method='HEAD'},
{path='/pages/admin/admin-login.html', method='HEAD'},
{path='/admin/admin-login.html', method='HEAD'},
{path='/admin-login.html', method='HEAD'},
{path='/controlpanel.php', method='HEAD'},
{path='/admincontrol.php', method='HEAD'},
{path='/admin/adminLogin.html', method='HEAD'},
{path='/adminLogin.html', method='HEAD'},
{path='/home.html', method='HEAD'},
{path='/rcjakar/admin/login.php', method='HEAD'},
{path='/adminarea/index.html', method='HEAD'},
{path='/adminarea/admin.html', method='HEAD'},
{path='/webadmin.php', method='HEAD'},
{path='/webadmin/index.php', method='HEAD'},
{path='/webadmin/admin.php', method='HEAD'},
{path='/admin/controlpanel.html', method='HEAD'},
{path='/admin.html', method='HEAD'},
{path='/admin/cp.html', method='HEAD'},
{path='/cp.html', method='HEAD'},
{path='/adminpanel.php', method='HEAD'},
{path='/moderator.html', method='HEAD'},
{path='/administrator/index.html', method='HEAD'},
{path='/administrator/login.html', method='HEAD'},
{path='/user.html', method='HEAD'},
{path='/administrator/account.html', method='HEAD'},
{path='/administrator.html', method='HEAD'},
{path='/login.html', method='HEAD'},
{path='/modelsearch/login.html', method='HEAD'},
{path='/moderator/login.html', method='HEAD'},
{path='/adminarea/login.html', method='HEAD'},
{path='/panel-administracion/index.html', method='HEAD'},
{path='/panel-administracion/admin.html', method='HEAD'},
{path='/modelsearch/index.html', method='HEAD'},
{path='/modelsearch/admin.html', method='HEAD'},
{path='/admincontrol/login.html', method='HEAD'},
{path='/adm/index.html', method='HEAD'},
{path='/adm.html', method='HEAD'},
{path='/moderator/admin.html', method='HEAD'},
{path='/user.php', method='HEAD'},
{path='/account.html', method='HEAD'},
{path='/controlpanel.html', method='HEAD'},
{path='/admincontrol.html', method='HEAD'},
{path='/panel-administracion/login.php', method='HEAD'},
{path='/wp-login.php', method='HEAD'},
{path='/adminLogin.php', method='HEAD'},
{path='/admin/adminLogin.php', method='HEAD'},
{path='/adminarea/index.php', method='HEAD'},
{path='/adminarea/admin.php', method='HEAD'},
{path='/adminarea/login.php', method='HEAD'},
{path='/panel-administracion/index.php', method='HEAD'},
{path='/panel-administracion/admin.php', method='HEAD'},
{path='/modelsearch/index.php', method='HEAD'},
{path='/modelsearch/admin.php', method='HEAD'},
{path='/admincontrol/login.php', method='HEAD'},
{path='/adm/admloginuser.php', method='HEAD'},
{path='/admloginuser.php', method='HEAD'},
{path='/admin2.php', method='HEAD'},
{path='/admin2/login.php', method='HEAD'},
{path='/admin2/index.php', method='HEAD'},
{path='/adm/index.php', method='HEAD'},
{path='/adm.php', method='HEAD'},
{path='/affiliate.php', method='HEAD'},
{path='/adm_auth.php', method='HEAD'},
{path='/memberadmin.php', method='HEAD'},
{path='/administratorlogin.php', method='HEAD'},
{path='/account.cfm', method='HEAD'},
{path='/admin/account.cfm', method='HEAD'},
{path='/admin/index.cfm', method='HEAD'},
{path='/admin/login.cfm', method='HEAD'},
{path='/admin/admin.cfm', method='HEAD'},
{path='/admin.cfm', method='HEAD'},
{path='/admin/admin_login.cfm', method='HEAD'},
{path='/admin_login.cfm', method='HEAD'},
{path='/adminpanel.cfm', method='HEAD'},
{path='/admin/controlpanel.cfm', method='HEAD'},
{path='/admincontrol.cfm', method='HEAD'},
{path='/panel-administracion/login.cfm', method='HEAD'},
{path='/admin/cp.cfm', method='HEAD'},
{path='/pages/admin/admin-login.cfm', method='HEAD'},
{path='/admincp/index.cfm', method='HEAD'},
{path='/admincp/login.cfm', method='HEAD'},
{path='/admin_area/admin.cfm', method='HEAD'},
{path='/admin_area/login.cfm', method='HEAD'},
{path='/moderator/login.cfm', method='HEAD'},
{path='/administrator/login.cfm', method='HEAD'},
{path='/moderator.cfm', method='HEAD'},
{path='/modelsearch/index.cfm', method='HEAD'},
{path='/panel-administracion/admin.cfm', method='HEAD'},
{path='/adm/admloginuser.cfm', method='HEAD'},
{path='/adm.cfm', method='HEAD'},
{path='/adm_auth.cfm', method='HEAD'},
{path='/administratorlogin.cfm', method='HEAD'},
{path='/webadmin.cfm', method='HEAD'},
{path='/webadmin/index.cfm', method='HEAD'},
{path='/modelsearch/login.cfm', method='HEAD'},
{path='/login.cfm', method='HEAD'},
{path='/administrator.cfm', method='HEAD'},
{path='/administrator/account.cfm', method='HEAD'},
{path='/adminLogin.cfm', method='HEAD'},
{path='/siteadmin/login.cfm', method='HEAD'},
{path='/admin2/index.cfm', method='HEAD'},
{path='/adm/index.cfm', method='HEAD'},
{path='/admin_area/index.cfm', method='HEAD'},
{path='/bb-admin/index.cfm', method='HEAD'},
{path='/bb-admin/login.cfm', method='HEAD'},
{path='/bb-admin/admin.cfm', method='HEAD'},
{path='/siteadmin/index.cfm', method='HEAD'},
{path='/memberadmin.cfm', method='HEAD'},
{path='/admin2/login.cfm', method='HEAD'},
{path='/admloginuser.cfm', method='HEAD'},
{path='/admincontrol/login.cfm', method='HEAD'},
{path='/administrator/index.cfm', method='HEAD'},
{path='/modelsearch/admin.cfm', method='HEAD'},
{path='/panel-administracion/index.cfm', method='HEAD'},
{path='/adminarea/login.cfm', method='HEAD'},
{path='/adminarea/admin.cfm', method='HEAD'},
{path='/adminarea/index.cfm', method='HEAD'},
{path='/admin/adminLogin.cfm', method='HEAD'},
{path='/webadmin/login.cfm', method='HEAD'},
{path='/webadmin/admin.cfm', method='HEAD'},
{path='/user.cfm', method='HEAD'},
{path='/controlpanel.cfm', method='HEAD'},
{path='/moderator/admin.cfm', method='HEAD'},
{path='/cp.cfm', method='HEAD'},
{path='/admin-login.cfm', method='HEAD'},
{path='/admin/admin-login.cfm', method='HEAD'},
{path='/admin/home.cfm', method='HEAD'},
{path='/adm1n/', method='HEAD'},
{path='/4dm1n/', method='HEAD'},
{path='/account.asp', method='HEAD'},
{path='/admin/account.asp', method='HEAD'},
{path='/admin/index.asp', method='HEAD'},
{path='/admin/login.asp', method='HEAD'},
{path='/admin/admin.asp', method='HEAD'},
{path='/admin_area/admin.asp', method='HEAD'},
{path='/admin_area/login.asp', method='HEAD'},
{path='/admin_area/index.asp', method='HEAD'},
{path='/bb-admin/index.asp', method='HEAD'},
{path='/bb-admin/login.asp', method='HEAD'},
{path='/bb-admin/admin.asp', method='HEAD'},
{path='/admin/home.asp', method='HEAD'},
{path='/admin/controlpanel.asp', method='HEAD'},
{path='/admin.asp', method='HEAD'},
{path='/pages/admin/admin-login.asp', method='HEAD'},
{path='/admin/admin-login.asp', method='HEAD'},
{path='/admin-login.asp', method='HEAD'},
{path='/admin/cp.asp', method='HEAD'},
{path='/cp.asp', method='HEAD'},
{path='/administrator/account.asp', method='HEAD'},
{path='/administrator.asp', method='HEAD'},
{path='/login.asp', method='HEAD'},
{path='/modelsearch/login.asp', method='HEAD'},
{path='/moderator.asp', method='HEAD'},
{path='/moderator/login.asp', method='HEAD'},
{path='/administrator/login.asp', method='HEAD'},
{path='/moderator/admin.asp', method='HEAD'},
{path='/controlpanel.asp', method='HEAD'},
{path='/user.asp', method='HEAD'},
{path='/admincp/login.asp', method='HEAD'},
{path='/admincontrol.asp', method='HEAD'},
{path='/adminpanel.asp', method='HEAD'},
{path='/webadmin.asp', method='HEAD'},
{path='/webadmin/index.asp', method='HEAD'},
{path='/webadmin/admin.asp', method='HEAD'},
{path='/webadmin/login.asp', method='HEAD'},
{path='/admin/admin_login.asp', method='HEAD'},
{path='/admin_login.asp', method='HEAD'},
{path='/panel-administracion/login.asp', method='HEAD'},
{path='/adminLogin.asp', method='HEAD'},
{path='/admin/adminLogin.asp', method='HEAD'},
{path='/home.asp', method='HEAD'},
{path='/adminarea/index.asp', method='HEAD'},
{path='/adminarea/admin.asp', method='HEAD'},
{path='/adminarea/login.asp', method='HEAD'},
{path='/panel-administracion/index.asp', method='HEAD'},
{path='/panel-administracion/admin.asp', method='HEAD'},
{path='/modelsearch/index.asp', method='HEAD'},
{path='/modelsearch/admin.asp', method='HEAD'},
{path='/administrator/index.asp', method='HEAD'},
{path='/admincontrol/login.asp', method='HEAD'},
{path='/adm/admloginuser.asp', method='HEAD'},
{path='/admloginuser.asp', method='HEAD'},
{path='/admin2.asp', method='HEAD'},
{path='/admin2/login.asp', method='HEAD'},
{path='/admin2/index.asp', method='HEAD'},
{path='/adm/index.asp', method='HEAD'},
{path='/adm.asp', method='HEAD'},
{path='/adm_auth.asp', method='HEAD'},
{path='/memberadmin.asp', method='HEAD'},
{path='/administratorlogin.asp', method='HEAD'},
{path='/siteadmin/login.asp', method='HEAD'},
{path='/siteadmin/index.asp', method='HEAD'},
{path='/account.aspx', method='HEAD'},
{path='/admin/account.aspx', method='HEAD'},
{path='/admin/index.aspx', method='HEAD'},
{path='/admin/login.aspx', method='HEAD'},
{path='/admin/admin.aspx', method='HEAD'},
{path='/admin_area/admin.aspx', method='HEAD'},
{path='/admin_area/login.aspx', method='HEAD'},
{path='/admin_area/index.aspx', method='HEAD'},
{path='/bb-admin/index.aspx', method='HEAD'},
{path='/bb-admin/login.aspx', method='HEAD'},
{path='/bb-admin/admin.aspx', method='HEAD'},
{path='/admin/home.aspx', method='HEAD'},
{path='/admin/controlpanel.aspx', method='HEAD'},
{path='/admin.aspx', method='HEAD'},
{path='/pages/admin/admin-login.aspx', method='HEAD'},
{path='/admin/admin-login.aspx', method='HEAD'},
{path='/admin-login.aspx', method='HEAD'},
{path='/admin/cp.aspx', method='HEAD'},
{path='/cp.aspx', method='HEAD'},
{path='/administrator/account.aspx', method='HEAD'},
{path='/administrator.aspx', method='HEAD'},
{path='/login.aspx', method='HEAD'},
{path='/modelsearch/login.aspx', method='HEAD'},
{path='/moderator.aspx', method='HEAD'},
{path='/moderator/login.aspx', method='HEAD'},
{path='/administrator/login.aspx', method='HEAD'},
{path='/moderator/admin.aspx', method='HEAD'},
{path='/controlpanel.aspx', method='HEAD'},
{path='/user.aspx', method='HEAD'},
{path='/admincp/index.aspx', method='HEAD'},
{path='/admincp/login.aspx', method='HEAD'},
{path='/admincontrol.aspx', method='HEAD'},
{path='/adminpanel.aspx', method='HEAD'},
{path='/webadmin.aspx', method='HEAD'},
{path='/webadmin/index.aspx', method='HEAD'},
{path='/webadmin/admin.aspx', method='HEAD'},
{path='/webadmin/login.aspx', method='HEAD'},
{path='/admin/admin_login.aspx', method='HEAD'},
{path='/admin_login.aspx', method='HEAD'},
{path='/panel-administracion/login.aspx', method='HEAD'},
{path='/adminLogin.aspx', method='HEAD'},
{path='/admin/adminLogin.aspx', method='HEAD'},
{path='/home.aspx', method='HEAD'},
{path='/adminarea/index.aspx', method='HEAD'},
{path='/adminarea/admin.aspx', method='HEAD'},
{path='/adminarea/login.aspx', method='HEAD'},
{path='/panel-administracion/index.aspx', method='HEAD'},
{path='/panel-administracion/admin.aspx', method='HEAD'},
{path='/modelsearch/index.aspx', method='HEAD'},
{path='/modelsearch/admin.aspx', method='HEAD'},
{path='/administrator/index.aspx', method='HEAD'},
{path='/admincontrol/login.aspx', method='HEAD'},
{path='/adm/admloginuser.aspx', method='HEAD'},
{path='/admloginuser.aspx', method='HEAD'},
{path='/admin2.aspx', method='HEAD'},
{path='/admin2/login.aspx', method='HEAD'},
{path='/admin2/index.aspx', method='HEAD'},
{path='/adm/index.aspx', method='HEAD'},
{path='/adm.aspx', method='HEAD'},
{path='/adm_auth.aspx', method='HEAD'},
{path='/memberadmin.aspx', method='HEAD'},
{path='/administratorlogin.aspx', method='HEAD'},
{path='/siteadmin/login.aspx', method='HEAD'},
{path='/siteadmin/index.aspx', method='HEAD'},
{path='/account.jsp', method='HEAD'},
{path='/admin/index.jsp', method='HEAD'},
{path='/admin/login.jsp', method='HEAD'},
{path='/admin/admin.jsp', method='HEAD'},
{path='/admin_area/admin.jsp', method='HEAD'},
{path='/admin_area/login.jsp', method='HEAD'},
{path='/admin_area/index.jsp', method='HEAD'},
{path='/bb-admin/index.jsp', method='HEAD'},
{path='/bb-admin/login.jsp', method='HEAD'},
{path='/bb-admin/admin.jsp', method='HEAD'},
{path='/admin/home.jsp', method='HEAD'},
{path='/admin/controlpanel.jsp', method='HEAD'},
{path='/admin.jsp', method='HEAD'},
{path='/pages/admin/admin-login.jsp', method='HEAD'},
{path='/admin/admin-login.jsp', method='HEAD'},
{path='/admin-login.jsp', method='HEAD'},
{path='/admin/cp.jsp', method='HEAD'},
{path='/cp.jsp', method='HEAD'},
{path='/administrator/account.jsp', method='HEAD'},
{path='/administrator.jsp', method='HEAD'},
{path='/login.jsp', method='HEAD'},
{path='/modelsearch/login.jsp', method='HEAD'},
{path='/moderator.jsp', method='HEAD'},
{path='/moderator/login.jsp', method='HEAD'},
{path='/administrator/login.jsp', method='HEAD'},
{path='/moderator/admin.jsp', method='HEAD'},
{path='/controlpanel.jsp', method='HEAD'},
{path='/user.jsp', method='HEAD'},
{path='/admincp/index.jsp', method='HEAD'},
{path='/admincp/login.jsp', method='HEAD'},
{path='/admincontrol.jsp', method='HEAD'},
{path='/admin/account.jsp', method='HEAD'},
{path='/adminpanel.jsp', method='HEAD'},
{path='/webadmin.jsp', method='HEAD'},
{path='/webadmin/index.jsp', method='HEAD'},
{path='/webadmin/admin.jsp', method='HEAD'},
{path='/webadmin/login.jsp', method='HEAD'},
{path='/admin/admin_login.jsp', method='HEAD'},
{path='/admin_login.jsp', method='HEAD'},
{path='/panel-administracion/login.jsp', method='HEAD'},
{path='/adminLogin.jsp', method='HEAD'},
{path='/admin/adminLogin.jsp', method='HEAD'},
{path='/home.jsp', method='HEAD'},
{path='/adminarea/index.jsp', method='HEAD'},
{path='/adminarea/admin.jsp', method='HEAD'},
{path='/adminarea/login.jsp', method='HEAD'},
{path='/panel-administracion/index.jsp', method='HEAD'},
{path='/panel-administracion/admin.jsp', method='HEAD'},
{path='/modelsearch/index.jsp', method='HEAD'},
{path='/modelsearch/admin.jsp', method='HEAD'},
{path='/administrator/index.jsp', method='HEAD'},
{path='/admincontrol/login.jsp', method='HEAD'},
{path='/adm/admloginuser.jsp', method='HEAD'},
{path='/admloginuser.jsp', method='HEAD'},
{path='/admin2.jsp', method='HEAD'},
{path='/admin2/login.jsp', method='HEAD'},
{path='/admin2/index.jsp', method='HEAD'},
{path='/adm/index.jsp', method='HEAD'},
{path='/adm.jsp', method='HEAD'},
{path='/adm_auth.jsp', method='HEAD'},
{path='/memberadmin.jsp', method='HEAD'},
{path='/administratorlogin.jsp', method='HEAD'},
{path='/siteadmin/login.jsp', method='HEAD'},
{path='/siteadmin/index.jsp', method='HEAD'},
{path='/admin1.php', method='HEAD'},
{path='/administr8.asp', method='HEAD'},
{path='/administr8.php', method='HEAD'},
{path='/administr8.jsp', method='HEAD'},
{path='/administr8.aspx', method='HEAD'},
{path='/administr8.cfm', method='HEAD'},
{path='/administr8/', method='HEAD'},
{path='/administer/', method='HEAD'},
{path='/administracao.php', method='HEAD'},
{path='/administracao.asp', method='HEAD'},
{path='/administracao.aspx', method='HEAD'},
{path='/administracao.cfm', method='HEAD'},
{path='/administracao.jsp', method='HEAD'},
{path='/administracion.php', method='HEAD'},
{path='/administracion.asp', method='HEAD'},
{path='/administracion.aspx', method='HEAD'},
{path='/administracion.jsp', method='HEAD'},
{path='/administracion.cfm', method='HEAD'},
{path='/administrators/', method='HEAD'},
{path='/adminpro/', method='HEAD'},
{path='/admins/', method='HEAD'},
{path='/admins.cfm', method='HEAD'},
{path='/admins.php', method='HEAD'},
{path='/admins.jsp', method='HEAD'},
{path='/admins.asp', method='HEAD'},
{path='/admins.aspx', method='HEAD'},
{path='/maintenance/', method='HEAD'},
{path='/Lotus_Domino_Admin/', method='HEAD'},
{path='/hpwebjetadmin/', method='HEAD'},
{path='/_admin/', method='HEAD'},
{path='/_administrator/', method='HEAD'},
{path='/_administrador/', method='HEAD'},
{path='/_admins/', method='HEAD'},
{path='/_administrators/', method='HEAD'},
{path='/_administradores/', method='HEAD'},
{path='/_administracion/', method='HEAD'},
{path='/_4dm1n/', method='HEAD'},
{path='/_adm1n/', method='HEAD'},
{path='/_Admin/', method='HEAD'},
{path='/system_administration/', method='HEAD'},
{path='/system-administration/', method='HEAD'},
{path='/system-admin/', method='HEAD'},
{path='/system-admins/', method='HEAD'},
{path='/system-administrators/', method='HEAD'},
{path='/administracion-sistema/', method='HEAD'},
{path='/Administracion/', method='HEAD'},
{path='/Admin/', method='HEAD'},
{path='/Administrator/', method='HEAD'},
{path='/Manager/', method='HEAD'},
{path='/Adm/', method='HEAD'},
{path='/systemadmin/', method='HEAD'},
{path='/AdminLogin.asp', method='HEAD'},
{path='/AdminLogin.php', method='HEAD'},
{path='/AdminLogin.jsp', method='HEAD'},
{path='/AdminLogin.aspx', method='HEAD'},
{path='/AdminLogin.cfm', method='HEAD'},
{path='/admin108/', method='HEAD'},
{path='/pec_admin/', method='HEAD'},
{path='/system/admin/', method='HEAD'},
{path='/plog-admin/', method='HEAD'},
{path='/ESAdmin/', method='HEAD'},
{path='/axis2-admin/', method='HEAD'},
{path='/_sys/', method='HEAD'},
{path='/admin_cp.asp', method='HEAD'}
},
matches={
{match='<title>Index of', output='Possible admin folder w/ directory listing'},
{output='Possible admin folder'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/backup/', method='GET'},
{path='/backup', method='GET'},
{path='/backup.sql', method='GET'},
{path='/backup.sql.gz', method='GET'},
{path='/backup.sql.bz2', method='GET'},
{path='/backup.zip', method='GET'},
{path='/backups/', method='GET'},
{path='/bak/', method='GET'},
{path='/back/', method='GET'},
{path='/cache/backup/', method='GET'},
{path='/admin/backup/', method='GET'},
{path='/dbbackup.txt', method='GET'}
},
matches={
{match='<title>Index of', output='Backup folder w/ directory listing'},
{match='', output='Possible backup'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/b.sql', method='HEAD'},
{path='/db.sql', method='HEAD'},
{path='/ddb.sql', method='HEAD'},
{path='/users.sql', method='HEAD'},
{path='/database.sql', method='HEAD'},
{path='/mysql.sql', method='HEAD'},
{path='/dump.sql', method='HEAD'},
{path='/respaldo.sql', method='HEAD'},
{path='/data.sql', method='HEAD'},
{path='/old.sql', method='HEAD'},
{path='/usuarios.sql', method='HEAD'},
{path='/bdb.sql', method='HEAD'},
{path='/1.sql', method='HEAD'},
{path='/admin/download/backup.sql', method='HEAD'}
},
matches={
{match='', output='Possible database backup'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/clientaccesspolicy.xml', method='HEAD'},
},
matches= {
{output='Microsoft Silverlight crossdomain policy'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/atom/', method='HEAD'},
{path='/atom.aspx', method='HEAD'},
{path='/atom.php', method='HEAD'},
{path='/atom.xml', method='HEAD'},
{path='/atom.jsp', method='HEAD'},
{path='/rss/', method='HEAD'},
{path='/rss.aspx', method='HEAD'},
{path='/rss.php', method='HEAD'},
{path='/rss.xml', method='HEAD'},
{path='/rss.jsp', method='HEAD'}
},
matches={
{output='RSS or Atom feed'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/etc/passwd', method='GET'},
{path='/boot.ini', method='GET'}
},
matches={
{match='root:', output='Webroot appears to be in / (Linux)'},
{match='boot loader', output='Webroot appears to be in c:\\ (Windows)'},
{match='', output='Webroot might be in root folder'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/example/', method='GET'},
{path='/examples/', method='GET'},
{path='/iissamples/', method='GET'},
{path='/j2eeexamples/', method='GET'},
{path='/j2eeexamplesjsp/', method='GET'},
{path='/sample/', method='GET'},
{path='/ncsample/', method='GET'},
{path='/fpsample/', method='GET'},
{path='/cmsample/', method='GET'},
{path='/samples/', method='GET'},
{path='/mono/1.1/index.aspx', method='GET'}
},
matches= {
{match='<title>Index of .*(Apache.*) Server at', output='Sample scripts w/ listing on \'\\1\''},
{match='<title>Index of', output='Sample scripts w/ directory listing'},
{match='', output='Sample scripts'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/login/', method='HEAD'},
{path='/login.htm', method='HEAD'},
{path='/login.jsp', method='HEAD'}
},
matches= {
{match='', output='Login page'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/test.asp', method='HEAD'},
{path='/test.class', method='HEAD'},
{path='/test/', method='HEAD'},
{path='/test.htm', method='HEAD'},
{path='/test.html', method='HEAD'},
{path='/test.php', method='HEAD'},
{path='/test.txt', method='HEAD'}
},
matches= {
{match='', output='Test page'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/webmail/', method='HEAD'},
{path='/mail/', method='HEAD'}
},
matches= {
{match='', output='Mail folder'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/log/', method='HEAD'},
{path='/log.htm', method='HEAD'},
{path='/log.php', method='HEAD'},
{path='/log.asp', method='HEAD'},
{path='/log.aspx', method='HEAD'},
{path='/log.jsp', method='HEAD'},
{path='/logs/', method='HEAD'},
{path='/logs.htm', method='HEAD'},
{path='/logs.php', method='HEAD'},
{path='/logs.asp', method='HEAD'},
{path='/logs.aspx', method='HEAD'},
{path='/logs.jsp', method='HEAD'},
{path='/wwwlog/', method='HEAD'},
{path='/wwwlogs/', method='HEAD'},
{path='/mail_log_files/', method='HEAD'}
},
matches= {
{match='', output='Logs'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/images/rails.png', method='HEAD'},
},
matches= {
{match='', output='Ruby on Rails'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/mono/', method='HEAD'},
},
matches= {
{match='', output='Mono'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/robots.txt', method='HEAD'},
},
matches= {
{match='', output='Robots file'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/crossdomain.xml', method='HEAD'},
},
matches= {
{output='Adobe Flash crossdomain policy'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/css/cake.generic.css', method='HEAD'},
{path='/img/cake.icon.gif', method='HEAD'},
{path='/img/cake.icon.png', method='HEAD'},
{path='/js/vendors.php', method='HEAD'}
},
matches= {
{match='', output='CakePHP application'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-bin/ffileman.cgi?', method='HEAD'}
},
matches= {
{match='', output='Ffileman Web File Manager'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/fshow.php', method='HEAD'}
},
matches= {
{match='', output='Horizon Web App'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/admin/upload.php', method='HEAD'}
},
matches= {
{match='', output='Admin File Upload'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/upload_multiple_js.php', method='HEAD'}
},
matches= {
{match='', output='NAS Uploader'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/uploadtester.asp', method='HEAD'}
},
matches= {
{match='', output='Free ASP Upload Shell'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/info.php', method='HEAD'}
},
matches= {
{match='', output='Possible information file'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/kusabax/manage_page.php', method='HEAD'}
},
matches= {
{match='', output='Kusabax Image Board'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/plus/lurking.php', method='HEAD'}
},
matches= {
{match='', output='phpMyChat Plus'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/adm/barra/assetmanager/assetmanager.php', method='HEAD'}
},
matches= {
{match='', output='360 Web Manager'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/eyeos/', method='HEAD'}
},
matches= {
{match='', output='Possible eyeOS installation'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/NETWARE.HTM', method='HEAD'}
},
matches= {
{match='', output='Planet FPS-1101'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/setup.cgi', method='HEAD'}
},
matches= {
{match='', output='Linksys Cisco Wag120n or similar'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/debug.cgi', method='HEAD'}
},
matches= {
{match='', output='Linksys WRT54G'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/ehcp/?op=applyforftpaccount', method='HEAD'},
{path='/ehcp/?op=applyforaccount', method='HEAD'},
{path='/ehcp/?op=applyfordomainaccount', method='HEAD'},
{path='/vhosts/ehcp/?op=applyforftpaccount', method='HEAD'},
{path='/vhosts/ehcp/?op=applyforaccount', method='HEAD'},
{path='/vhosts/ehcp/?op=applyfordomainaccount', method='HEAD'},
},
matches= {
{match='', output='Easy Hosting Control Panel'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/tools_admin.cgi?', method='HEAD'}
},
matches= {
{match='', output='D-Link WBR-1310'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/level/15', method='HEAD'},
{path='/exec/show/log/CR', method='HEAD'},
{path='/level/15/exec/-/configure/http', method='HEAD'},
{path='/level/15/exec/-', method='HEAD'}
},
matches= {
{match='cisco-IOS', output='Cisco 2811'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/login_img.jpg', method='HEAD'}
},
matches= {
{match='RapidLogic', output='AIRAYA WirelessGRID'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cirronetlogo.gif', method='HEAD'}
},
matches= {
{match='Cirronet Wavebolt-AP', output='Cirronet Wavebolt'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/browserId/wizardForm.jhtml', method='HEAD'},
{path='/webline/html/forms/callback.jhtml', method='HEAD'},
{path='/webline/html/forms/callbackICM.jhtml', method='HEAD'},
{path='/webline/html/agent/AgentFrame.jhtml', method='HEAD'},
{path='/webline/html/agent/default/badlogin.jhtml', method='HEAD'},
{path='/callme/callForm.jhtml', method='HEAD'},
{path='/webline/html/multichatui/nowDefunctWindow.jhtml', method='HEAD'},
{path='/browserId/wizard.jhtml', method='HEAD'},
{path='/admin/CiscoAdmin.jhtml', method='HEAD'},
{path='/msccallme/mscCallForm.jhtml', method='HEAD'},
{path='/webline/html/admin/wcs/LoginPage.jhtml', method='HEAD'}
},
matches= {
{match='', output='Cisco Collaboration Server'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/restoreinfo.cgi', method='HEAD'}
},
matches= {
{match='', output='Sagem router'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/confirminvite.php', method='HEAD'}
},
matches= {
{match='', output='phpMyBitTorrent'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/sourcebans/', method='HEAD'}
},
matches= {
{match='', output='SourceBans - Steam server application'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/swfupload/index.php', method='HEAD'}
},
matches= {
{match='', output='SWFUpload'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/mymarket/shopping/index.php', method='HEAD'}
},
matches= {
{match='', output='MyMarket'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/myshop_start.php', method='HEAD'}
},
matches= {
{match='', output='FozzCom shopping'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/piranha/secure/passwd.php3', method='HEAD'}
},
matches= {
{match='', output='RedHat Piranha Virtual Server'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-bin/ck/mimencode', method='HEAD'}
},
matches= {
{match='', output='ContentKeeper Web Appliance'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-bin/masterCGI?', method='HEAD'}
},
matches= {
{match='', output='Alcatel-Lucent OmniPCX Enterprise'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/tiny_mce/plugins/filemanager/', method='HEAD'}
},
matches= {
{match='', output='Tiny MCE File Upload'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/upload/scp/ajax.php', method='HEAD'}
},
matches= {
{match='', output='osTicket / AJAX File Upload'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-mod/view_help.cgi', method='HEAD'}
},
matches= {
{match='', output='Barracuda Networks Spam & Virus Firewall'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-mod/index.cgi', method='HEAD'}
},
matches= {
{match='', output='Barracuda Web Application Firewall'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-mod/smtp_test.cgi', method='HEAD'}
},
matches= {
{match='', output='Barracuda IM Firewall'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/TopToolArea.html', method='HEAD'},
{path='/switchSystem.html', method='HEAD'}
},
matches= {
{match='', output='Alteon OS BBI (Nortell)'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/intruvert/jsp/module/Login.jsp', method='HEAD'}
},
matches= {
{match='', output='McAfee Network Security Manager'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/ajaxfilemanager/', method='HEAD'}
},
matches= {
{match='', output='AJAX File Manager'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/upload/data/settings.cdb', method='HEAD'}
},
matches= {
{match='', output='CF Image Hosting DB'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/fm.php', method='HEAD'}
},
matches= {
{match='', output='Simple File Manager'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/nagios3/cgi-bin/statuswml.cgi', method='HEAD'},
{path='/nagios3/', method='HEAD'}
},
matches= {
{match='', output='Nagios3'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/test/logon.html', method='HEAD'}
},
matches= {
{match='', output='Jetty'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cal_cat.php', method='HEAD'},
{path='/calendar/cal_cat.php', method='HEAD'},
{path='/cal/cal_cat.php', method='HEAD'}
},
matches= {
{match='', output='Calendarix'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/private/sdc.tgz', method='HEAD'}
},
matches= {
{match='', output='IBM Bladecenter Management Logs'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cacti/', method='HEAD'}
},
matches= {
{match='', output='Cacti Web Monitoring'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/cgi-bin/awstats.pl', method='HEAD'}
},
matches= {
{match='', output='AWStats'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/wiki/rankings.php', method='HEAD'}
},
matches= {
{match='', output='Bit Weaver'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/reqdetails.php', method='HEAD'}
},
matches= {
{match='', output='BtiTracker'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/shared/help.php', method='HEAD'}
},
matches= {
{match='', output='OpenBiblio/WebBiblio Subject Gateway System'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/seti.php', method='HEAD'}
},
matches= {
{match='', output='PHP SETI@home'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/imc/', method='HEAD'},
{path='/imcws/', method='HEAD'}
},
matches= {
{match='', output='3Com Intelligent Management Center'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/partymgr/', method='HEAD'}
},
matches= {
{match='', output='Apache OFBiz'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/Base/upload.php', method='HEAD'},
{path='/Base/example_1.php', method='HEAD'}
},
matches= {
{match='', output='MassMirror Uploader'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/YUI-upload/html', method='HEAD'}
},
matches= {
{match='', output='YUI Images / File Upload'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/tools/filemanager/skins/mobile/admin1.template.php', method='HEAD'}
},
matches= {
{match='', output='ispCP Omega'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/Uploadify/', method='HEAD'}
},
matches= {
{match='', output='Uploadify'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/syssite/', method='HEAD'}
},
matches= {
{match='', output='ShopEx'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/updown.php', method='HEAD'}
},
matches= {
{match='', output='PHP Uploader Downloader'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/modules/docmanager/doctypetemplates/myuploadedfile', method='HEAD'}
},
matches= {
{match='', output='Achievo'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/ReqWebHelp/advanced/workingSet.jsp', method='HEAD'}
},
matches= {
{match='', output='IBM Rational RequisitePro/ReqWebHelp'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/dhost/', method='HEAD'}
},
matches= {
{match='', output='Novell eDirectory'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/engine/api/api.class.php', method='HEAD'}
},
matches= {
{match='', output='DatalifeEngine'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/jsft_resource.jsf', method='HEAD'},
{path='/scales_static_resource.jsf', method='HEAD'}
},
matches= {
{match='', output='JSFTemplating/Mojarra Scales/GlassFish Application Server'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/setup/password_required.html', method='HEAD'}
},
matches= {
{match='', output='2WIRE GATEWAY'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/zp-core/', method='HEAD'}
},
matches= {
{match='', output='Zen Photo'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/amember/', method='HEAD'}
},
matches= {
{match='', output='aMember'}
}
})
------------------------------------------------
---- SECURITY SOFTWARE ----
------------------------------------------------
-- These checks will find specific installed software. If possible, it will also
-- find versions, etc.
table.insert(fingerprints, {
category='security',
probes={
{path='/arcsight/', method='HEAD'},
{path='/arcsight/images/logo-login-arcsight.gif', method='HEAD'},
{path='/arcsight/images/navbar-icon-logout-on.gif', method='HEAD'},
{path='/images/logo-arcsight.gif', method='HEAD'},
{path='/logger/monitor.ftl', method='HEAD'},
},
matches={
{output='Arcsight'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/beef/', method='HEAD'},
{path='/BEEF/', method='HEAD'},
{path='/beef/images/beef.gif', method='HEAD'}
},
matches={
{output='BeEF Browser Exploitation Framework'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/gfx/form_top_left_corner.gif', method='HEAD'},
{path='/gfx/logout_24.png', method='HEAD'},
{path='/gfx/new_logo.gif', method='HEAD'},
{path='/javascript/sorttable.js', method='HEAD'}
},
matches= {
{match='', output='Secunia NSI'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/images/btn_help_nml.gif', method='HEAD'},
{path='/images/hdr_icon_homeG.gif', method='HEAD'},
{path='/spControl.php', method='HEAD'},
{path='/images/isslogo.gif', method='HEAD'},
{path='/deploymentmanager/', method='HEAD'},
},
matches= {
{match='', output='IBM Proventia'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/i18n/EN/css/foundstone.css', method='HEAD'},
{path='/i18n/EN/images/external_nav_square.gif', method='HEAD'},
},
matches= {
{match='', output='Foundstone'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/officescan/console/html/cgi/cgiChkMasterPwd.exe', method='HEAD'},
{path='/officescan/console/html/ClientInstall/officescannt.htm', method='HEAD'},
{path='/officescan/console/html/images/icon_refresh.gif', method='HEAD'},
},
matches= {
{match='', output='Trend Micro OfficeScan Server'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/picts/BC_bwlogorev.gif', method='HEAD'},
{path='/picts/menu_leaf.gif', method='HEAD'},
},
matches= {
{match='', output='BlueCoat Reporter'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/theme/images/en/login1.gif', method='HEAD'},
},
matches={
{match='', output='Fortinet VPN/Firewall'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/', method='GET'},
},
matches={
{match='id="NessusClient"', output='Nessus'},
{match='NessusClient.swf', output='Nessus'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/NessusClient.swf', method='HEAD'},
},
matches={
{match='', output='Nessus'}
}
})
table.insert(fingerprints, {
category='security',
probes={
{path='/dotDefender/', method='HEAD'},
},
matches={
{match='', output='dotDefender Web Application Firewall'}
}
})
------------------------------------------------
---- MANAGEMENT SOFTWARE ----
------------------------------------------------
table.insert(fingerprints, {
category='management',
probes={
{path='/vmware/', method='HEAD'},
{path='/vmware/imx/vmware_boxes-16x16.png', method='HEAD'},
{path='/ui/', method='HEAD'},
{path='/ui/imx/vmwareLogo-16x16.png', method='HEAD'},
{path='/ui/imx/vmwarePaperBagLogo-16x16.png', method='HEAD'},
{path='/ui/vManage.do', method='HEAD'},
{path='/client/VMware-viclient.exe', method='HEAD'},
{path='/en/welcomeRes.js', method='HEAD'}
},
matches={
{output='VMWare'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/citrix/', method='HEAD'},
{path='/Citrix/', method='HEAD'},
{path='/Citrix/MetaFrame/auth/login.aspx', method='HEAD'},
{path='/images/ctxHeader01.jpg', method='HEAD'},
{path='/images/Safeword_Token.jpg', method='HEAD'},
{path='/sw/auth/login.aspx', method='HEAD'},
{path='/vpn/images/AccessGateway.ico', method='HEAD'},
{path='/citrix/AccessPlatform/auth/clientscripts/', method='HEAD'},
{path='/AccessPlatform/auth/clientscripts/', method='HEAD'},
{path='/Citrix//AccessPlatform/auth/clientscripts/cookies.js', method='HEAD'},
{path='/Citrix/AccessPlatform/auth/clientscripts/login.js', method='HEAD'},
{path='/Citrix/PNAgent/config.xml', method='HEAD'},
},
matches={
{output='Citrix'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/cgi-bin/image/shikaku2.png', method='HEAD'},
},
matches= {
{match='', output='TeraStation PRO RAID 0/1/5 Network Attached Storage'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/config/public/usergrp.gif', method='HEAD'},
{path='/pictures/buttons/file_view_mark.gif', method='HEAD'},
},
matches= {
{match='', output='AXIS StorPoint'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/cpqlogin.htm?RedirectUrl=/&RedirectQueryString=', method='HEAD'},
{path='/hplogo.gif', method='HEAD'},
},
matches= {
{match='', output='HP System Management Homepage'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/ie_index.htm', method='HEAD'},
{path='/ilo.gif', method='HEAD'},
},
matches= {
{match='', output='HP Integrated Lights Out'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/images/icon_server_connected.gif', method='HEAD'},
},
matches= {
{match='', output='HP Blade Enclosure'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/mxhtml/images/signin_logo.gif', method='HEAD'},
{path='/mxhtml/images/status_critical_15.gif', method='HEAD'},
{path='/mxportal/home/en_US/servicetools.gif', method='HEAD'},
{path='/mxportal/home/MxPortalFrames.jsp', method='HEAD'},
},
matches= {
{match='', output='HP Insight Manager'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/xymon/menu/menu.css', method='HEAD'},
},
matches= {
{match='', output='Xymon'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/rrc.htm', method='HEAD'},
},
matches= {
{match='', output='Raritan Remote Client'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/manager/html/upload', method='HEAD'},
{path='/manager/html', method='HEAD'}
},
matches= {
{match='', output='Apache Tomcat'}
}
})
table.insert(fingerprints, {
category='general',
probes={
{path='/axis2/axis2-web/HappyAxis.jsp', method='HEAD'},
{path='/axis2/', method='HEAD'},
{path='/happyaxis.jsp', method='HEAD'}
},
matches= {
{match='', output='Apache Axis2'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/web-console/ServerInfo.jsp', method='HEAD'},
{path='/web-console/Invoker', method='HEAD'},
{path='/invoker/', method='HEAD'},
{path='/jmx-console/', method='HEAD'},
{path='/admin-console/', method='HEAD'}
},
matches= {
{match='', output='JBoss Console'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/CFIDE/administrator/enter.cfm', method='HEAD'},
{path='/CFIDE/administrator/entman/index.cfm', method='HEAD'},
{path='/cfide/install.cfm', method='HEAD'},
{path='/CFIDE/administrator/archives/index.cfm', method='HEAD'},
{path='/CFIDE/wizards/common/_logintowizard.cfm', method='HEAD'},
{path='/CFIDE/componentutils/login.cfm', method='HEAD'},
{path='/CFIDE/Administrator/startstop.html', method='HEAD'},
},
matches= {
{match='', output='ColdFusion Admin Console'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/common/help/en/go/login_ts.html', method='HEAD'},
{path='/system/login/', method='HEAD'},
{path='/system/login/reset?next=%2Fsystem%2Flogin&set-lang=en', method='HEAD'},
{path='/common/images/logos/img_logoMain.jpg', method='HEAD'},
},
matches= {
{match='URL=http://www.macromedia.com/go/breeze_login_help_en', output='Adobe Acrobat Connect Pro'},
{match='<title>Connect Pro Central Login', output='Adobe Acrobat Connect Pro'},
{match='Forgot your password?', output='Adobe Acrobat Connect Pro'},
{match='Server: JRun Web Server', output='Adobe Acrobat Connect Pro'},
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/Dashboard/Dashboard.html', method='GET'}
},
matches= {
{match='Server: Kodak-RulesBasedAutomation', output='Prinergy Dashboard Client Login'},
{match='Dashboard', output='Prinergy Dashboard Client Login'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/flexfm/', method='HEAD'}
},
matches= {
{match='', output='Flex File Manager'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/lib/usermanagement/userInfo.php', method='HEAD'}
},
matches= {
{match='', output='Testlink TestManagement'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/security/xamppsecurity.php', method='HEAD'}
},
matches= {
{match='', output='XAMPP'}
}
})
table.insert(fingerprints, {
category='management',
probes={
{path='/dm-albums/dm-albums.php', method='HEAD'}
},
matches= {
{match='', output='DM FileManager'}
}
})
------------------------------------------------
---- PRINTERS, WEBCAMS, PROJECTORS ----
------------------------------------------------
table.insert(fingerprints, {
category='printer',
probes={
{path='/x_logo.gif', method='HEAD'}
},
matches= {
{match='', output='Xerox printer'}
}
})
table.insert(fingerprints, {
category='printer',
probes={
{path='/gif/hp.gif', method='HEAD'},
{path='/gif/hp_invent_logo.gif', method='HEAD'},
{path='/gif/printer.gif', method='HEAD'},
{path='/hp/device/this.LCDispatcher', method='HEAD'},
{path='/hp/device/webAccess/index.htm', method='HEAD'},
{path='/PageSelector.class', method='HEAD'}
},
matches= {
{match='', output='HP Printer'}
}
})
table.insert(fingerprints, {
category='printer',
probes={
{path='/images/lexbold.gif', method='HEAD'},
{path='/images/lexlogo.gif', method='HEAD'},
{path='/images/printer.gif', method='HEAD'},
{path='/printer/image', method='HEAD'}
},
matches= {
{match='', output='Lexmark Printer'}
}
})
table.insert(fingerprints, {
category='printer',
probes={
{path='/images/mute_alloff.gif', method='HEAD'},
{path='/images/pic_bri.gif', method='HEAD'},
},
matches= {
{match='', output='NEC Projector'}
}
})
table.insert(fingerprints, {
category='printer',
probes={
{path='/scanweb/images/scanwebtm.gif', method='HEAD'},
},
matches= {
{match='', output='SCAN Web (Webcam)'}
}
})
table.insert(fingerprints, {
category='printer',
probes={
{path='/view/index.shtml', method='HEAD'},
},
matches= {
{match='', output='Axis 212 PTZ Network Camera'}
}
})
------------------------------------------------
---- DATABASES ----
------------------------------------------------
--phpmyadmin db taken from http://milw0rm.com/exploits/8921
table.insert(fingerprints, {
category='database',
probes={
{path='/phpmyadmin/', method='HEAD'},
{path='/phpMyAdmin/', method='HEAD'},
{path='/PHPMyAdmin/', method='HEAD'},
{path='/PMA/', method='HEAD'},
{path='/pma/', method='HEAD'},
{path='/dbadmin/', method='HEAD'},
{path='/myadmin/', method='HEAD'},
{path='/php-my-admin/', method='HEAD'},
{path='/phpMyAdmin2/', method='HEAD'},
{path='/phpMyAdmin-2/', method='HEAD'},
{path='/phpMyAdmin-2.2.3/', method='HEAD'},
{path='/phpMyAdmin-2.2.6/', method='HEAD'},
{path='/phpMyAdmin-2.5.1/', method='HEAD'},
{path='/phpMyAdmin-2.5.4/', method='HEAD'},
{path='/phpMyAdmin-2.5.5-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.5.5-rc2/', method='HEAD'},
{path='/phpMyAdmin-2.5.5/', method='HEAD'},
{path='/phpMyAdmin-2.5.5-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.5.6-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.5.6-rc2/', method='HEAD'},
{path='/phpMyAdmin-2.5.6/', method='HEAD'},
{path='/phpMyAdmin-2.5.7/', method='HEAD'},
{path='/phpMyAdmin-2.5.7-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-alpha/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-alpha2/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-beta1/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-beta2/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-rc2/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-rc3/', method='HEAD'},
{path='/phpMyAdmin-2.6.0/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-pl2/', method='HEAD'},
{path='/phpMyAdmin-2.6.0-pl3/', method='HEAD'},
{path='/phpMyAdmin-2.6.1-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.6.1-rc2/', method='HEAD'},
{path='/phpMyAdmin-2.6.1/', method='HEAD'},
{path='/phpMyAdmin-2.6.1-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.6.1-pl2/', method='HEAD'},
{path='/phpMyAdmin-2.6.1-pl3/', method='HEAD'},
{path='/phpMyAdmin-2.6.2-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.6.2-beta1/', method='HEAD'},
{path='/phpMyAdmin-2.6.2/', method='HEAD'},
{path='/phpMyAdmin-2.6.2-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.6.3/', method='HEAD'},
{path='/phpMyAdmin-2.6.3-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.6.3-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.6.4-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.6.4-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.6.4-pl2/', method='HEAD'},
{path='/phpMyAdmin-2.6.4-pl3/', method='HEAD'},
{path='/phpMyAdmin-2.6.4-pl4/', method='HEAD'},
{path='/phpMyAdmin-2.6.4/', method='HEAD'},
{path='/phpMyAdmin-2.7.0-beta1/', method='HEAD'},
{path='/phpMyAdmin-2.7.0-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.7.0-pl1/', method='HEAD'},
{path='/phpMyAdmin-2.7.0-pl2/', method='HEAD'},
{path='/phpMyAdmin-2.7.0/', method='HEAD'},
{path='/phpMyAdmin-2.8.0-beta1/', method='HEAD'},
{path='/phpMyAdmin-2.8.0-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.8.0-rc2/', method='HEAD'},
{path='/phpMyAdmin-2.8.0/', method='HEAD'},
{path='/phpMyAdmin-2.8.0.1/', method='HEAD'},
{path='/phpMyAdmin-2.8.0.2/', method='HEAD'},
{path='/phpMyAdmin-2.8.0.3/', method='HEAD'},
{path='/phpMyAdmin-2.8.0.4/', method='HEAD'},
{path='/phpMyAdmin-2.8.1-rc1/', method='HEAD'},
{path='/phpMyAdmin-2.8.1/', method='HEAD'},
{path='/phpMyAdmin-2.8.2/', method='HEAD'},
{path='/sqlmanager/', method='HEAD'},
{path='/php-myadmin/', method='HEAD'},
{path='/phpmy-admin/', method='HEAD'},
{path='/mysqladmin/', method='HEAD'},
{path='/mysql-admin/', method='HEAD'},
{path='/websql/', method='HEAD'},
{path='/_phpmyadmin/', method='HEAD'}
},
matches={
{output='phpMyAdmin'}
}
})
table.insert(fingerprints, {
category='database',
probes={
{path='/footer1.gif', method='HEAD'},
},
matches= {
{match='', output='(possible) Oracle Web server'}
}
})
table.insert(fingerprints, {
category='database',
probes={
{path='/homepage.nsf/homePage.gif?OpenImageResource', method='HEAD'},
{path='/icons/ecblank.gif', method='HEAD'},
{path='/852566C90012664F', method='HEAD'},
{path='/admin4.nsf', method='HEAD'},
{path='/admin5.nsf', method='HEAD'},
{path='/admin.nsf', method='HEAD'},
{path='/agentrunner.nsf', method='HEAD'},
{path='/alog.nsf', method='HEAD'},
{path='/a_domlog.nsf', method='HEAD'},
{path='/bookmark.nsf', method='HEAD'},
{path='/busytime.nsf', method='HEAD'},
{path='/catalog.nsf', method='HEAD'},
{path='/certa.nsf', method='HEAD'},
{path='/certlog.nsf', method='HEAD'},
{path='/certsrv.nsf', method='HEAD'},
{path='/chatlog.nsf', method='HEAD'},
{path='/clbusy.nsf', method='HEAD'},
{path='/cldbdir.nsf', method='HEAD'},
{path='/clusta4.nsf', method='HEAD'},
{path='/collect4.nsf', method='HEAD'},
{path='/da.nsf', method='HEAD'},
{path='/dba4.nsf', method='HEAD'},
{path='/dclf.nsf', method='HEAD'},
{path='/DEASAppDesign.nsf', method='HEAD'},
{path='/DEASLog01.nsf', method='HEAD'},
{path='/DEASLog02.nsf', method='HEAD'},
{path='/DEASLog03.nsf', method='HEAD'},
{path='/DEASLog04.nsf', method='HEAD'},
{path='/DEASLog05.nsf', method='HEAD'},
{path='/DEASLog.nsf', method='HEAD'},
{path='/decsadm.nsf', method='HEAD'},
{path='/decslog.nsf', method='HEAD'},
{path='/DEESAdmin.nsf', method='HEAD'},
{path='/dirassist.nsf', method='HEAD'},
{path='/doladmin.nsf', method='HEAD'},
{path='/domadmin.nsf', method='HEAD'},
{path='/domcfg.nsf', method='HEAD'},
{path='/domguide.nsf', method='HEAD'},
{path='/domlog.nsf', method='HEAD'},
{path='/dspug.nsf', method='HEAD'},
{path='/events4.nsf', method='HEAD'},
{path='/events5.nsf', method='HEAD'},
{path='/events.nsf', method='HEAD'},
{path='/event.nsf', method='HEAD'},
{path='/homepage.nsf', method='HEAD'},
{path='/iNotes/Forms5.nsf/$DefaultNav', method='HEAD'},
{path='/jotter.nsf', method='HEAD'},
{path='/leiadm.nsf', method='HEAD'},
{path='/leilog.nsf', method='HEAD'},
{path='/leivlt.nsf', method='HEAD'},
{path='/log4a.nsf', method='HEAD'},
{path='/log.nsf', method='HEAD'},
{path='/l_domlog.nsf', method='HEAD'},
{path='/mab.nsf', method='HEAD'},
{path='/mail10.box', method='HEAD'},
{path='/mail1.box', method='HEAD'},
{path='/mail2.box', method='HEAD'},
{path='/mail3.box', method='HEAD'},
{path='/mail4.box', method='HEAD'},
{path='/mail5.box', method='HEAD'},
{path='/mail6.box', method='HEAD'},
{path='/mail7.box', method='HEAD'},
{path='/mail8.box', method='HEAD'},
{path='/mail9.box', method='HEAD'},
{path='/mail.box', method='HEAD'},
{path='/msdwda.nsf', method='HEAD'},
{path='/mtatbls.nsf', method='HEAD'},
{path='/mtstore.nsf', method='HEAD'},
{path='/names.nsf', method='HEAD'},
{path='/nntppost.nsf', method='HEAD'},
{path='/nntp/nd000001.nsf', method='HEAD'},
{path='/nntp/nd000002.nsf', method='HEAD'},
{path='/nntp/nd000003.nsf', method='HEAD'},
{path='/ntsync45.nsf', method='HEAD'},
{path='/perweb.nsf', method='HEAD'},
{path='/qpadmin.nsf', method='HEAD'},
{path='/quickplace/quickplace/main.nsf', method='HEAD'},
{path='/reports.nsf', method='HEAD'},
{path='/sample/siregw46.nsf', method='HEAD'},
{path='/schema50.nsf', method='HEAD'},
{path='/setupweb.nsf', method='HEAD'},
{path='/setup.nsf', method='HEAD'},
{path='/smbcfg.nsf', method='HEAD'},
{path='/smconf.nsf', method='HEAD'},
{path='/smency.nsf', method='HEAD'},
{path='/smhelp.nsf', method='HEAD'},
{path='/smmsg.nsf', method='HEAD'},
{path='/smquar.nsf', method='HEAD'},
{path='/smsolar.nsf', method='HEAD'},
{path='/smtime.nsf', method='HEAD'},
{path='/smtpibwq.nsf', method='HEAD'},
{path='/smtpobwq.nsf', method='HEAD'},
{path='/smtp.box', method='HEAD'},
{path='/smtp.nsf', method='HEAD'},
{path='/smvlog.nsf', method='HEAD'},
{path='/srvnam.htm', method='HEAD'},
{path='/statmail.nsf', method='HEAD'},
{path='/statrep.nsf', method='HEAD'},
{path='/stauths.nsf', method='HEAD'},
{path='/stautht.nsf', method='HEAD'},
{path='/stconfig.nsf', method='HEAD'},
{path='/stconf.nsf', method='HEAD'},
{path='/stdnaset.nsf', method='HEAD'},
{path='/stdomino.nsf', method='HEAD'},
{path='/stlog.nsf', method='HEAD'},
{path='/streg.nsf', method='HEAD'},
{path='/stsrc.nsf', method='HEAD'},
{path='/userreg.nsf', method='HEAD'},
{path='/vpuserinfo.nsf', method='HEAD'},
{path='/webadmin.nsf', method='HEAD'},
{path='/web.nsf', method='HEAD'},
{path='/.nsf/../winnt/win.ini', method='HEAD'},
{path='/icons/ecblank.gif', method='HEAD'}
},
matches= {
{match='', output='Lotus Domino'}
}
})
------------------------------------------------
---- MICROSOFT ----
------------------------------------------------
table.insert(fingerprints, {
category='microsoft',
probes={
{path='/_layouts/images/helpicon.gif', method='HEAD'},
{path='/Pages/Default.aspx', method='HEAD'},
{path='/PublishingImages/NewsArticleImage.jpg', method='HEAD'},
{path='/_admin/operations.aspx', method='HEAD'},
{path='/_app_bin', method='HEAD'},
{path='/_controltemplates', method='HEAD'},
{path='/_layouts', method='HEAD'},
{path='/_layouts/viewlsts.aspx', method='HEAD'},
{path='/forms/allitems.aspx', method='HEAD'},
{path='/forms/webfldr.aspx', method='HEAD'},
{path='/forms/mod-view.aspx', method='HEAD'},
{path='/forms/my-sub.aspx', method='HEAD'},
{path='/pages/categoryresults.aspx', method='HEAD'},
{path='/categories/viewcategory.aspx', method='HEAD'},
{path='/sitedirectory', method='HEAD'},
{path='/editdocs.aspx', method='HEAD'},
{path='/workflowtasks/allitems.aspx', method='HEAD'},
{path='/lists/tasks/', method='HEAD'},
{path='/categories/allcategories.aspx', method='HEAD'},
{path='/categories/SOMEOTHERDIR/allcategories.aspx', method='HEAD'},
{path='/mycategories.aspx', method='HEAD'},
{path='/lists/', method='HEAD'},
{path='/lists/allitems.aspx', method='HEAD'},
{path='/lists/default.aspx', method='HEAD'},
{path='/lists/allposts.aspx', method='HEAD'},
{path='/lists/archive.aspx', method='HEAD'},
{path='/lists/byauthor.aspx', method='HEAD'},
{path='/lists/calendar.aspx', method='HEAD'},
{path='/lists/mod-view.aspx', method='HEAD'},
{path='/lists/myposts.aspx', method='HEAD'},
{path='/lists/my-sub.aspx', method='HEAD'},
{path='/lists/allcomments.aspx', method='HEAD'},
{path='/lists/mycomments.aspx', method='HEAD'},
{path='/_layouts/userdisp.aspx', method='HEAD'},
{path='/_layouts/help.aspx', method='HEAD'},
{path='/_layouts/download.aspx', method='HEAD'}
},
matches= {
{match='', output='MS Sharepoint'}
}
})
table.insert(fingerprints, {
category='microsoft',
probes={
{path='/projectserver/Home/HomePage.asp', method='HEAD'},
{path='/projectserver/images/branding.gif', method='HEAD'},
{path='/projectserver/images/pgHome.gif', method='HEAD'},
{path='/projectserver/images/pgTask.gif', method='HEAD'},
{path='/projectserver/Tasks/Taskspage.asp', method='HEAD'},
},
matches= {
{match='', output='MS Project Server'}
}
})
table.insert(fingerprints, {
category='microsoft',
probes={
{path='/exchweb/bin/auth/owalogon.asp', method='HEAD'},
{path='/images/outlook.jpg', method='HEAD'},
{path='/owa/8.1.375.2/themes/base/lgntopl.gif', method='HEAD'},
{path='/owa/', method='HEAD'},
},
matches= {
{match='', output='Outlook Web Access'}
}
})
table.insert(fingerprints, {
category='microsoft',
probes={
{path='/tsweb/', method='HEAD'},
},
matches= {
{match='', output='Remote Desktop Web Connection'}
}
})
table.insert(fingerprints, {
category='microsoft',
probes={
{path='/reportserver/', method='HEAD'}
},
matches= {
{match='', output='Microsoft SQL Report Service'}
}
})
------------------------------------------------
---- NETWORK EQUIPMENT ----
------------------------------------------------
-- Routers, switches, etc
table.insert(fingerprints, {
category='network',
probes={
{path='/', method='GET'},
},
matches= {
{match='realm="WRT54G"', output='Linksys WRT54g Wireless Router'}
}
})
table.insert(fingerprints, {
category='network',
probes={
{path='/HW_logo.html', method='HEAD'},
},
matches= {
{match='', output='Huawei HG 530'}
}
})
table.insert(fingerprints, {
category='network',
probes={
{path='/icons/icon_set_up_2701XX_01.gif', method='HEAD'},
{path='/icons/icon_homeportal_2701XX.gif', method='HEAD'},
{path='/es/images/nav_sl_home_network_01.gif', method='HEAD'},
{path='/en/images/nav_sl_home_network_01.gif', method='HEAD'}
},
matches= {
{match='', output='2WIRE 2701HG'}
}
})
table.insert(fingerprints, {
category='network',
probes={
{path='/images/stxx__xl.gif', method='HEAD'},
{path='/images/bbc__xl.gif', method='HEAD'}
},
matches= {
{match='', output='Thomson TG585'}
}
})
------------------------------------------------
---- ATTACKS ----
------------------------------------------------
-- These will search for and possibly exploit vulnerabilities.
table.insert(fingerprints, {
category='attacks',
probes={
{path='/sdk/../../../../../../../etc/vmware/hostd/vmInventory.xml', method='GET'},
{path='/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml', method='GET'}
},
matches={
{match='', output='Path traversal in VMWare (CVE-2009-3733)'},
{match='', output='Possible path traversal in VMWare (CVE-2009-3733)'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/../../../../../../../../../../etc/passwd', method='GET'},
{path='/../../../../../../../../../../boot.ini', method='GET'}
},
matches={
{match='root:', output='Simple path traversal in URI (Linux)'},
{match='boot loader', output='Simple path traversal in URI (Windows)'},
{match='', output='Possible path traversal in URI'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/.htaccess', method='GET'},
{path='/.htpasswd', method='GET'}
},
matches={
-- We look for a '200 OK' message on this one, because most Apache servers return an access denied
{match='200 OK', output='Incorrect permissions on .htaccess or .htpasswd files'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/_vti_bin/', method='GET'},
{path='/_vti_cnf/', method='GET'},
{path='/_vti_log/', method='GET'},
{path='/_vti_pvt/', method='GET'},
{path='/_vti_txt/', method='GET'},
{path='/_vti_bin/_vti_aut/author.dll'},
{path='/_vti_bin/_vti_aut/author.exe'},
{path='/_vti_bin/_vti_aut/dvwssr.dll'},
{path='/_vti_bin/_vti_adm/admin.dll'},
{path='/_vti_bin/_vti_adm/admin.exe'},
{path='/_vti_bin/fpcount.exe?Page=default.asp|Image=3'},
{path='/_vti_bin/shtml.dll'},
{path='/_vti_bin/shtml.exe'},
{path='/_vti_pvt/_x_todo.htm'},
{path='/_vti_pvt/_x_todoh.htm'},
{path='/_vti_pvt/access.cnf'},
{path='/_vti_pvt/administrator.pwd'},
{path='/_vti_pvt/administrators.pwd'},
{path='/_vti_pvt/authors.pwd'},
{path='/_vti_pvt/bots.cnf'},
{path='/_vti_pvt/botinfs.cnf'},
{path='/_vti_pvt/deptodoc.btr'},
{path='/_vti_pvt/doctodep.btr'},
{path='/_vti_pvt/frontpg.lck'},
{path='/_vti_pvt/linkinfo.cnf'},
{path='/_vti_pvt/service.cnf'},
{path='/_vti_pvt/service.grp'},
{path='/_vti_pvt/service.lck'},
{path='/_vti_pvt/service.pwd'},
{path='/_vti_pvt/Service.stp'},
{path='/_vti_pvt/services.cnf'},
{path='/_vti_pvt/services.org'},
{path='/_vti_pvt/structure.cnf'},
{path='/_vti_pvt/svcacl.cnf'},
{path='/_vti_pvt/users.pwd'},
{path='/_vti_pvt/uniqueperm.cnf'},
{path='/_vti_pvt/writeto.cnf'},
},
matches= {
{match='200', output='Frontpage file or folder'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/.svn/', method='GET'},
{path='/.svn/text-base/.htaccess.svn-base', method='GET'},
{path='/.svn/text-base/.htpasswd.svn-base', method='GET'},
{path='/.svn/text-base/Web.config.svn-base', method='GET'}
},
matches= {
{match='200', output='Subversion folder'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/.git/HEAD', method='GET'},
},
matches= {
{match='ref: refs', output='Git folder'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/.hg/requires', method='GET'},
},
matches= {
{match='revlogv1', output='Mercurial folder'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/.bzr/README', method='GET'},
},
matches= {
{match='This is a Bazaar', output='Bazaar folder'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/downloadFile.php', method='GET'},
{path='/BackupConfig.php', method='GET'}
},
matches={
{output='NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\boot.ini', method='GET'},
{path='/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\MDC\\Tomcat\\webapps\\triveni\\WEB-INF\\classes\\schedule.properties', method='GET'},
{path='/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\lib\\classpath\\com\\cisco\\nm\\cmf\\dbservice2\\DBServer.properties', method='GET'},
{path='/cwhp/auditLog.do?file=..\\..\\..\\..\\..\\..\\..\\Program%20Files\\CSCOpx\\log\\dbpwdChange.log', method='GET'}
},
matches={
{match='boot loader', output='CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'},
{match='', output='Possible CiscoWorks (CuOM 8.0 and 8.5) Directory traversal (CVE-2011-0966) (Windows)'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/var/mobile/Library/AddressBook/AddressBook.sqlitedb', method='HEAD'}
},
matches={
{match='', output='Possible iPhone/iPod/iPad generic file sharing app Directory Traversal (iOS)'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/Info.live.htm', method='GET'}
},
matches={
{match='200', output='Possible DD-WRT router Information Disclosure (OSVDB 70230)'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config', method='GET'}
},
matches={
{match='200', output='Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )'}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00', method='GET'}
},
matches={
{match='200', output='OrangeHRM 2.6.3 Local File Inclusion '}
}
})
table.insert(fingerprints, {
category='attacks',
probes={
{path='/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234', method='GET'}
},
matches={
{match='200', output='TikiWiki < 1.9.9 Directory Traversal Vulnerability'}
}
})
------------------------------------------------
---- Open Source CMS checks ----
------------------------------------------------
-- Broad wordpress version identification
table.insert(fingerprints, {
category='cms',
probes={
{path='/wp-login.php'},
{path='/wordpress/wp-login.php'},
{path='/blog/wp-login.php'},
{path='/administrator/wp-login.php'},
{path='/weblog/wp-login.php'}
},
matches={
{match='ver=20080708', output='WordPress 2.6.x found'},
{match='ver=20081210', output='WordPress 2.7.x found'},
{match='ver=20090514', output='WordPress 2.8.x found'},
{match='ver=20091217', output='WordPress 2.9.x found'},
{match='ver=20100601', output='WordPress 3.0.x found'},
{output='Wordpress login page.'}
}
})
-- ZenCart version detection
table.insert(fingerprints, {
category='cms',
probes={
{path='/docs/'},
{path='/store/docs/'},
{path='/zencart/docs/'},
{path='/cart/docs/'}
},
matches={
{match='.*">Changelog for v(%d-%..-) %(changed files%)', output='ZenCart, version \\1'}
}
})
-- Broad phpBB versions
table.insert(fingerprints, {
category='cms',
probes={
{path='/docs/CHANGELOG.html'},
{path='/forum/docs/CHANGELOG.html'},
{path='/forums/docs/CHANGELOG.html'},
{path='/board/docs/CHANGELOG.html'},
{path='/boards/docs/CHANGELOG.html'}
},
matches={
{match='Changes since (%d-%..-)', output='phpBB version slightly newer than \\1'},
{match='