xml/operating_system.xml in recog-intrigue-2.3.7 vs xml/operating_system.xml in recog-intrigue-2.3.14
- old
+ new
@@ -1,11 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
<fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
<!--
Patterns for common names of various operating systems.
-->
+
<!-- Windows begin -->
+
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
<description>Windows Server 2003 and later</description>
<example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
<example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
<example os.product="Windows Server 2012 R2" os.edition="Standard">Windows Server 2012 R2 Standard Evaluation</example>
@@ -21,20 +23,23 @@
<param pos="0" name="os.family" value="Windows"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.edition"/>
<param pos="3" name="os.version"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows 10 Mobile(?:\s([a-z]+))?(?: Edition)?)$">
<description>Windows 10 Mobile</description>
<example os.product="Windows 10 Mobile">Windows 10 Mobile Edition</example>
<example os.product="Windows 10 Mobile" os.edition="Enterprise">Windows 10 Mobile Enterprise Edition</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 10 Mobile"/>
<param pos="1" name="os.edition"/>
<param pos="0" name="os.device" value="Mobile"/>
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10_mobile:-"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:XP|Vista|7|8|8.1|10))(?:\s)?((?:[a-z]+|[a-z]+, )?(?:[a-z]+|[a-z]+\s[a-z]+)?)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
<description>Windows Desktop XP and later</description>
<example os.product="Windows XP" os.edition="Professional">Windows XP Professional</example>
<example os.product="Windows XP" os.edition="Tablet PC">Windows XP Tablet PC Edition</example>
<example os.product="Windows Vista" os.version="SP1">Windows Vista SP1</example>
@@ -48,10 +53,11 @@
<param pos="0" name="os.family" value="Windows"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.edition"/>
<param pos="3" name="os.version"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows 2000(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
<description>Windows 2000</description>
<example os.edition="Professional">Windows 2000 Professional</example>
<example os.edition="Advanced Server">Windows 2000 Advanced Server</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
@@ -59,10 +65,11 @@
<param pos="0" name="os.product" value="Windows 2000"/>
<param pos="1" name="os.edition"/>
<param pos="2" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?)$">
<description>Windows NT</description>
<example os.version="3.51" os.edition="Server">Windows NT 3.51 Server</example>
<example os.edition="Workstation">Windows NT Workstation</example>
<example os.version="4.0" os.edition="Workstation">Windows NT 4.0 Workstation</example>
@@ -72,97 +79,113 @@
<param pos="0" name="os.product" value="NT"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows Phone (\d|\d\.\d)?)$">
<description>Windows Phone 7 and later</description>
<example os.version="7.5">Windows Phone 7.5</example>
<example os.version="8">Windows Phone 8</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows Phone"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.device" value="Mobile"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows\s?(?:95|98|98SE|98 SE|98 Second Edition|ME|Millenium Edition)))$">
<description>Windows 9x</description>
<example os.product="Windows 98 SE">Windows 98 SE</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="1" name="os.product"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.1)$">
<description>Windows version 6.1 (Windows 7 or Windows Server 2008 R2)</description>
<example>Windows 6.1</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 7 or Windows Server 2008 R2"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.2)$">
<description>Windows version 6.2 (Windows 8 or Windows Server 2012)</description>
<example>Windows 6.2</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.3)$">
<description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
<example>Windows 6.3</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 8.1 or Windows Server 2012 R2"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 10.0)$">
<description>Windows version 10.0 (Windows 10 or Windows Server 2016)</description>
<example>Windows 10.0</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows 10 or Windows Server 2016"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows.*)$">
<description>Windows catch-all</description>
<example>Windows for Workgroups 3.11</example>
<example>Microsoft Windows</example>
<param pos="0" name="os.vendor" value="Microsoft"/>
<param pos="0" name="os.family" value="Windows"/>
<param pos="0" name="os.product" value="Windows"/>
<param pos="0" name="os.certainty" value="0.5"/>
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
</fingerprint>
+
<!-- Windows end -->
+
<!-- Liunx begin -->
+
<fingerprint pattern="^(?i:Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?)$">
<description>Alpine Linux</description>
<example os.version="3.4.0">Alpine Linux v3.4.0</example>
<example os.version="2.7.0 rc6">Alpine Linux 2.7.0 rc6</example>
<param pos="0" name="os.vendor" value="Alpine"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<!-- Arch uses rolling releases where the version name just the date of an ISO release. -->
+
<fingerprint pattern="^(?i:Arch Linux\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Arch Linux</description>
<example os.version="2016.04.01">Arch Linux 2016.04.01</example>
<param pos="0" name="os.vendor" value="Arch"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<!-- Red Hat Enterprise Linux derivative -->
+
<fingerprint pattern="^(?i:Amazon Linux(?: AMI)?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Amazon Linux AMI</description>
<example os.version="5.11">Amazon Linux AMI 5.11</example>
<example os.version="6.7">Amazon Linux 6.7</example>
<example os.version="7">Amazon Linux AMI 7</example>
<param pos="0" name="os.vendor" value="Amazon"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux AMI"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<!-- Red Hat Enterprise Linux derivative -->
+
<fingerprint pattern="^(?i:CentOS(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?)(?:\s.*?)?$">
<description>Centos Linux</description>
<example os.version="5.11">Centos Linux 5.11</example>
<example os.version="6.7">CentOS 6.7</example>
<example os.version="7">CentOS 7</example>
@@ -171,10 +194,11 @@
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?)$">
<description>Debian Linux</description>
<example os.version="6.0">Debian 6.0</example>
<example os.version="7">Debian 7 (Wheezy)</example>
<example os.version="8">Debian Linux 8</example>
@@ -183,10 +207,11 @@
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?)$">
<description>Fedora Linux</description>
<example os.version="6">Fedora Core 6</example>
<example os.version="25">Fedora 25</example>
<example os.version="26">Fedora release 26 (Twenty Six)</example>
@@ -194,21 +219,25 @@
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
</fingerprint>
+
<!-- Gentoo currently uses rolling releases with no version, but older versions were typically based on the year of release. -->
+
<fingerprint pattern="^(?i:Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Gentoo Linux</description>
<example>Gentoo Linux</example>
<param pos="0" name="os.vendor" value="Gentoo"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:{os.version}"/>
</fingerprint>
+
<!-- Kali switched to rolling release in January 2016. -->
+
<fingerprint pattern="^(?i:Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?)$">
<description>Kali Linux</description>
<example os.version="1.0.0">Kali Linux 1.0.0</example>
<example os.version="1.1.0a">Kali 1.1.0a</example>
<example os.version="2.0">Kali 2.0</example>
@@ -216,11 +245,13 @@
<param pos="0" name="os.vendor" value="Kali"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<!-- Ubuntu derivative -->
+
<fingerprint pattern="^(?i:Kubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
<description>Kubuntu Linux</description>
<example os.version="12.04.4">Kubuntu 12.04.4 LTS</example>
<example os.version="14.04">Kubuntu Linux 14.04</example>
<example os.version="16.04" os.edition="LTS">Kubuntu 16.04 LTS</example>
@@ -228,31 +259,35 @@
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
</fingerprint>
+
<!-- Red Hat Enterprise Linux derivative -->
+
<fingerprint pattern="^(?i:Oracle(?: Enterprise)? Linux\s?(?:Server\s?)?(\d+?(?:\.\d+?)*?)?)$">
<description>Oracle Enterprise Linux</description>
<example os.version="5.11">Oracle Enterprise Linux 5.11</example>
<example os.version="6.7">Oracle Linux 6.7</example>
<param pos="0" name="os.vendor" value="Oracle"/>
<param pos="0" name="os.family" value="Enterprise Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:linux:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?)$">
<description>OpenSUSE Linux</description>
<example os.version="10.1">OpenSUSE Linux 10.1</example>
<example os.version="13.2">OpenSUSE 13.2</example>
<example os.version="42.1">OpenSUSE Leap 42.1</example>
<param pos="0" name="os.vendor" value="OpenSUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Red Hat|RedHat|Red-Hat|RHEL)(?: Enterprise)?(?: Linux)?(?: [a-z]+)?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Red Hat Enterprise Linux</description>
<example>Red Hat Enterprise Linux AS</example>
<example os.version="5.11">Red Hat Enterprise Linux 5.11</example>
<example os.version="6.7">RedHat 6.7</example>
@@ -262,59 +297,66 @@
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Enterprise Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
</fingerprint>
+
<!-- Red Hat Enterprise Linux derivative -->
+
<fingerprint pattern="^(?i:Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Scientific Linux</description>
<example os.version="5.11">Scientific Linux 5.11</example>
<example os.version="6.7">Scientific 6.7</example>
<example os.version="7">Scientific Linux 7</example>
<param pos="0" name="os.vendor" value="Scientific"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<fingerprint pattern="^(?i:Slackware(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Slackware Linux</description>
<example os.version="14.1">Slackware Linux 14.1</example>
<param pos="0" name="os.vendor" value="Slackware"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
</fingerprint>
+
<fingerprint pattern="^(?i:SUSE(?: SLED)?(?: Linux Enterprise Desktop)?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>SUSE Linux Enterprise Desktop</description>
<example os.version="11">SUSE SLED 11</example>
<example os.version="12">SUSE Linux Enterprise Desktop 12</example>
<param pos="0" name="os.vendor" value="SUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux Enterprise Desktop"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_desktop:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>SUSE Linux Enterprise Server</description>
<example os.version="11">SUSE SLES 11</example>
<example os.version="12">SUSE Linux Enterprise Server 12</example>
<param pos="0" name="os.vendor" value="SUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>SLES Linux Enterprise Server</description>
<example os.version="11">SLES 11</example>
<example os.version="12">SLES Linux Enterprise Server 12</example>
<param pos="0" name="os.vendor" value="SUSE"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
<description>Ubuntu Linux</description>
<example os.version="12.04.4">Ubuntu 12.04.4 LTS</example>
<example os.version="14.04">Ubuntu Linux 14.04</example>
<example os.version="16.04" os.edition="LTS">Ubuntu 16.04 LTS</example>
@@ -324,11 +366,13 @@
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
</fingerprint>
+
<!-- Ubuntu derivative -->
+
<fingerprint pattern="^(?i:Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
<description>Xubuntu Linux</description>
<example os.version="12.04.4">Xubuntu 12.04.4 LTS</example>
<example os.version="14.04">Xubuntu Linux 14.04</example>
<example os.version="16.04" os.edition="LTS">Xubuntu 16.04 LTS</example>
@@ -336,54 +380,64 @@
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="1" name="os.version"/>
<param pos="2" name="os.edition"/>
</fingerprint>
+
<fingerprint pattern="^(?i:VMWare Photon(?:\/)?(?:\s?Linux)?\s?(?:v)?(\d+?(?:\.\d+?)*?)?)$">
<description>Photon Linux</description>
<example>VMWare Photon Linux</example>
<example os.version="1.0">VMWare Photon 1.0</example>
- <param pos="0" name="os.vendor" value="VMWare"/>
+ <param pos="0" name="os.vendor" value="VMware"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Photon Linux"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:photon_os:{os.version}"/>
</fingerprint>
+
<!-- Vendor-based distribution catch-call -->
+
<fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
<description>Vendor-based Linux catch-all</description>
<example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.certainty" value="0.6"/>
<param pos="1" name="os.vendor"/>
<param pos="2" name="os.version"/>
</fingerprint>
+
<!-- Linux catch-all goes at the bottom-->
+
<fingerprint pattern="^(?i:.*Linux?\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Linux catch-all</description>
<example os.version="2.42.6">Linux 2.42.6</example>
<param pos="0" name="os.vendor" value="Linux"/>
<param pos="0" name="os.family" value="Linux"/>
<param pos="0" name="os.product" value="Linux"/>
<param pos="0" name="os.certainty" value="0.5"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
</fingerprint>
+
<!-- Linux end -->
+
<!-- Mac begin -->
+
<!-- Match Mac OS Classic first due to weak matching on Mac OS X -->
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?))$">
<description>Mac OS 9</description>
<example os.version="9">Mac OS 9</example>
<example os.version="9.0.5">Mac OS 9.0.5</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS"/>
<param pos="0" name="os.product" value="Mac OS"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Mac OS X with version number</description>
<example os.version="10.10.5">Mac OS X 10.10.5</example>
<example os.version="10">Mac OS X 10</example>
<example os.version="10.10">Mac OS 10.10</example>
@@ -391,119 +445,133 @@
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Cheetah)$">
<description>Mac OS X Cheetah</description>
<example os.version="10.0">Mac OS X Cheetah</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.0"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.0"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Puma)$">
<description>Mac OS X Puma</description>
<example os.version="10.1">Mac OS X Puma</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.1"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.1"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Jaguar)$">
<description>Mac OS X Jaguar</description>
<example os.version="10.2">Mac OS X Jaguar</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.2"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.2"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Panther)$">
<description>Mac OS X Panther</description>
<example os.version="10.3">Mac OS X Panther</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.3"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.3"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Tiger)$">
<description>Mac OS X Tiger</description>
<example os.version="10.4">Mac OS X Tiger</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.4"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.4"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Leopard)$">
<description>Mac OS X Leopard</description>
<example os.version="10.5">Mac OS X Leopard</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.5"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Snow Leopard)$">
<description>Mac OS X Snow Leopard</description>
<example os.version="10.6">Mac OS X Snow Leopard</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.6"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Lion)$">
<description>Mac OS X Lion</description>
<example os.version="10.7">Mac OS X Lion</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.7"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.7"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mountain Lion)$">
<description>Mac OS X Mountain Lion</description>
<example os.version="10.8">Mac OS X Mountain Lion</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.8"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.8"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mavericks)$">
<description>Mac OS X Mavericks</description>
<example os.version="10.9">Mac OS X Mavericks</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.9"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.9"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Yosemite)$">
<description>Mac OS X Yosemite</description>
<example os.version="10.10">Mac OS X Yosemite</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.10"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X El Capitan)$">
<description>Mac OS X El Capitan</description>
<example os.version="10.11">Mac OS X El Capitan</example>
<param pos="0" name="os.vendor" value="Apple"/>
<param pos="0" name="os.family" value="Mac OS X"/>
<param pos="0" name="os.product" value="Mac OS X"/>
<param pos="0" name="os.version" value="10.11"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.11"/>
</fingerprint>
+
<!-- This can also match Cisco IOS if the vendor name is not present. -->
+
<fingerprint pattern="^(?i:(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Apple iOS for iPhone and iPad</description>
<example os.version="7.1.2">iOS 7.1.2</example>
<example os.version="8">iOS 8</example>
<example os.version="9.3">Apple iOS 9.3</example>
@@ -512,12 +580,15 @@
<param pos="0" name="os.product" value="iOS"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.device" value="Mobile"/>
<param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:{os.version}"/>
</fingerprint>
+
<!-- Mac end -->
+
<!-- BSD begin -->
+
<fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
<description>Many BSD family OSes</description>
<example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
<example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
<example os.version="7.0" os.product="NetBSD">NetBSD 7.0</example>
@@ -526,31 +597,36 @@
<param pos="1" name="os.vendor"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
+
<!-- BSD end -->
+
<!-- Other Unix-likes begin -->
+
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
<description>OpenSolaris</description>
<example os.version="2009.06">OpenSolaris 2009.06</example>
<param pos="0" name="os.vendor" value="Sun"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?)$">
<description>Solaris 11 and up</description>
<example os.version="11.3">Solaris 11.3</example>
<example os.version="11">Solaris 11</example>
<param pos="0" name="os.vendor" value="Oracle"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?)$">
<description>Solaris 7-10</description>
<example os.version="7">Solaris 7</example>
<example os.version="7.3">Solaris 7.3</example>
<example os.version="10">Solaris 10</example>
@@ -559,29 +635,32 @@
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?)$">
<description>SunOS/Solaris 5.7-5.10</description>
<example os.version="7">SunOS 5.7</example>
<example os.version="10">SunOS 5.10</example>
<param pos="0" name="os.vendor" value="Sun"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?)$">
<description>Oracle/Solaris 5.11 and upwards</description>
<example os.version="11">SunOS 5.11</example>
<param pos="0" name="os.vendor" value="Oracle"/>
<param pos="0" name="os.family" value="Solaris"/>
<param pos="0" name="os.product" value="Solaris"/>
<param pos="1" name="os.version"/>
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?)$">
<description>IBM OSes</description>
<example os.product="AIX">AIX</example>
<example os.product="MVS">IBM MVS</example>
<example os.product="OS/2">IBM OS/2</example>
@@ -593,37 +672,45 @@
<param pos="0" name="os.vendor" value="IBM"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
+
<fingerprint pattern="^(?i:(?:HP\s?)?(Digital UNIX|HP-UX|iLO|OpenVMS|ProLiant|Tru64 UNIX)\s?(\d+?(?:\.\d+?)*?)?)$">
<description>HP OSes</description>
<example os.product="HP-UX">HP-UX</example>
<example os.product="OpenVMS">OpenVMS</example>
<param pos="0" name="os.vendor" value="HP"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
+
<!-- Other Unix-likes end -->
+
<!-- Network equipment begin -->
+
<fingerprint pattern="^(?i:(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+?(?:\.\d+?)*?)?)$">
<description>Juniper</description>
<example>Junos</example>
<example>ScreenOS</example>
<param pos="0" name="os.vendor" value="Juniper"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
+
<!-- This needs to be improved if it's not how one would generally present a Cisco OS version. -->
+
<fingerprint pattern="^(?i:(?:Cisco\s?)?(ASA|Adaptive Security Appliance|IOS|IOS-XE|IOS-XR|NX-OS|PIX-OS|SAN-OS)\s?(?:Version (\S+))?)$">
<description>Cisco</description>
<example>Cisco ASA</example>
<example>Cisco IOS</example>
<param pos="0" name="os.vendor" value="Cisco"/>
<param pos="1" name="os.family"/>
<param pos="1" name="os.product"/>
<param pos="2" name="os.version"/>
</fingerprint>
+
<!-- Network equipment end -->
-</fingerprints>
+
+</fingerprints>
\ No newline at end of file